Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

Another computer, more malware to conquer!


Recommended Posts

Hi all,

 

I wasn't expecting to be back so soon :lol: 

 

I picked up a Windows 7 disk and got my old computer up and running again. The first thing I did was download MalwareBytes and run a full scan. It was looking good with only 10 items found. When it got to the last few folders, it found another 500+ items.

 

Here's the log:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.14.08

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Administrator :: WIN-HT6TJ7B4HIO [administrator]

3/14/2014 10:34:42 PM
mbam-log-2014-03-14 (22-34-42).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 949177
Time elapsed: 2 hour(s), 33 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 37
C:\Program Files (x86)\Searchqu Toolbar (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\components (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64 (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr\1.bin (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr\1.bin\chrome (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.

Files Detected: 498
C:\Backup\Louise\AppData\Roaming\Microsoft\Windows Security\Windows Security.exe (Trojan.MSIL) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
C:\Users\Louise\Downloads\l337install.zip (Trojan.FakeFirefox) -> Quarantined and deleted successfully.
C:\Users\Louise\Downloads\pzn-nsft.zip (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\Installer\{c84ae635-a1ef-971d-16a2-75ec31b3ab3b}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Windows\Installer\{c84ae635-a1ef-971d-16a2-75ec31b3ab3b}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{c84ae635-a1ef-971d-16a2-75ec31b3ab3b}\U\80000000.@ (Rootkit.0Access.64) -> Quarantined and deleted successfully.
C:\Windows\Installer\{c84ae635-a1ef-971d-16a2-75ec31b3ab3b}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{c84ae635-a1ef-971d-16a2-75ec31b3ab3b}\U\80000064.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Users\Louise\AppData\Roaming\WinSec.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\sysid.ini (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\uninstall.exe (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngr.dll (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\DnsBHO.dll (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\IEBHO.dll (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\chrome.manifest (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\chrome.manifest.alt (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\install.rdf (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\install.rdf.alt (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.dll (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF10.dll (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF11.dll (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF4.dll (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF5.dll (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF6.dll (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF7.dll (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF8.dll (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF9.dll (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\DataMngr.js (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\DnsBHO.js (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\Error404BHO.js (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\NewTabBHO.js (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\overlay.js (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\overlay.xul (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\RelatedSearch.js (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\SearchBHO.js (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\SessionRestore.js (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\SettingManager.js (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\Settings.xml (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\Settings.xml.alt (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\as_guid.dat (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\manifest.xml (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\uninstall.exe (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\neterror.xhtml (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\partner.coupons.xml (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\preferences.xml (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\radiobeta.js (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\template.xml (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.htm (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.xul (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmncode.js (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmnrsswin.xml (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\engines.xml (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\search.xsl (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\about.xml (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xul (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparent.xul (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xul (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xul (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin.xul (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxwin.xul (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\emailnotifierproviders.xml (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\external.js (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\neterror.xhtml (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\vmncode.js (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.html (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\datastore.jsm (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\nsDragAndDrop.js (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\babylon_logo.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluelite.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluesky.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search-over.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings-over.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets-over.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn_settings.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ca.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dictionary.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\divider.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\downloadcom.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dtxlogo.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ebay.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email_on.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\facebook.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\games.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0_5.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1_5.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2_5.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3_5.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4_5.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred5.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphredna.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\grey.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ico-shield.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_amazon.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_games.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_radio_png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_seperator_png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_twitter.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_youtube.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\images.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\imesh.css (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lichen.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-about.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-over.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-separator.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\mail.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\maps.bmp (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\menuseparatorback.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify-save.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modifyhot.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\music.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\news.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\orange.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\pixsy.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\protect-id.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta.ico (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\relatedlinks.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-collapse.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-delete.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-expand.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-feed.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-remove.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-rename.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-found.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-reload.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-subscribe.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rssback.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rsstopback.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search-over.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_over_png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\settings.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\shopping.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\siteinfo.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluelite.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluesky.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-grey.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-lichen.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-orange.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-yellow.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin.xml (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\technorati.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\throbber.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\toolbarsplitter.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\translate.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\video.bmp (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.css (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\weather.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\web.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\widgets-square-16px.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\wikipedia.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yahoosearch.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yellow.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\youtube.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\zoom.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\add.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\aol.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\blank.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn_slider.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\checkmark.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\chevron.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\collapse.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\comcast.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\dtx.css (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\expand.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\found.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\gmail.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\hotmail.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\ico-check.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\imap.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lock.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\logo-separator.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\mailcom.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\modify.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\move.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\movetarget.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\pop.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-buffering.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-connecting.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-playing.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-stopped.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta.ico (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\reload.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\remove.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rename.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\resize-box.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rss.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsschannelback.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\RSSLogo.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsstabdivider.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-left.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-right.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search-go.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\text-ellipsis.xml (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\throbber.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\toolbarsplitter.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\transparent_1px.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\yahoo.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htm (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gamecategory.xsl (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameData.js (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameList.xsl (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\games.xsl (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gametype.xsl (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\initHTML.html (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupGames.html (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupHTML.html (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupRSS.html (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.html (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\scroll.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.css (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout.css (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames.css (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.css (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\main.html (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\dialog.css (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\bg.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-left.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-right.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-back.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-drag.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-download.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-news24.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-play.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-tags.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Add.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-download.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Info.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-play.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-shop.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\managerpanel.html (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\volumeslider.html (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\manager.css (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\slider.css (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-radio.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\music-note.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slider.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slideron.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\track.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_02.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_03.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_04.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_06.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_07.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_08.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_09.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_10.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_11.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_12.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_13.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_14.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_15.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_16.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_18.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_19.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_20.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_21.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-hot.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-normal.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\loadingMid.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\proxy.html (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.html (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.xml (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\templateFF.html (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\throbber.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-main.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-search.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.gif (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-widgets.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-left.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-right.png (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\components\windowmediator.js (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngrUI.exe (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\DnsBHO.dll (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll (PUP.Optional.Searchqu) -> Quarantined and deleted successfully.

(end)

 

Link to post
Share on other sites

I thought I would mention this before-hand.. I've already removed a program called uTorrent and PowerISO. I believe those were the programs that my son was using to download games.. I'm not sure if any files remain on my computer. I apologize ahead of time if anything shows up. Let me know, and I will be more than happy to remove it before continuing.

Link to post
Share on other sites

Hi Chris,

well the vast majority of these found items is not dangerous. But in between them there are also a few files that are real malware. So we definitively should have a closer look:

Please download Farbar Recovery Scan Tool and save it to your Desktop.

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.
Link to post
Share on other sites

Hey Aharonov,

 

I don't know if this will matter or not..but I'm working on getting SysPrep to run correctly right now as well. I'm stuck at trying to run the OOBE, and I keep getting installation errors.

 

Here is the FRST.txt Log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Administrator (administrator) on WIN-HT6TJ7B4HIO on 15-03-2014 15:55:34
Running from C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2LS0C9W2
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe
(Acer Group) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Symantec Corporation) C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\18.0.0.128\InstStub.exe
(Microsoft Corporation) C:\Windows\system32\sysprep\sysprep.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Farbar) C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2LS0C9W2\FRST64[1].exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [identityCardFUB] - C:\Windows\oem\IdentityCard\FUB.exe [227872 2009-10-08] ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Tcpip\Parameters: [DhcpNameServer] 24.116.0.53 24.116.2.50

==================== Services (Whitelisted) =================

R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe [126904 2010-05-22] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [416768 2009-06-10] (Realtek Semiconductor Corporation                           )

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-15 15:55 - 2014-03-15 15:55 - 00000000 ____D () C:\FRST
2014-03-14 22:33 - 2014-03-14 22:33 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Malwarebytes
2014-03-14 22:32 - 2014-03-14 22:32 - 00001112 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-14 22:32 - 2014-03-14 22:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-14 22:32 - 2014-03-14 22:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-14 22:32 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-14 22:17 - 2014-03-14 22:01 - 00002504 _____ () C:\Users\Administrator\Desktop\setuperr.log
2014-03-14 22:09 - 2014-03-14 22:47 - 00007600 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2014-03-14 17:12 - 2014-03-14 17:12 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Best Buy pc app
2014-03-14 17:05 - 2014-03-14 17:05 - 00000383 _____ () C:\Windows\DirectX.log
2014-03-14 17:02 - 2014-03-14 22:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Deployment
2014-03-14 17:02 - 2014-03-14 17:02 - 00000398 _____ () C:\Users\Administrator\Desktop\pc app.appref-ms
2014-03-14 17:02 - 2014-03-14 17:02 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy
2014-03-14 17:02 - 2014-03-14 17:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\PackageAware
2014-03-14 17:02 - 2014-03-14 17:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apps\2.0
2014-03-14 17:00 - 2014-03-14 17:00 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Mozilla
2014-03-14 16:44 - 2014-03-15 15:19 - 00059740 _____ () C:\Windows\WindowsUpdate.log

==================== One Month Modified Files and Folders =======

2014-03-15 15:55 - 2014-03-15 15:55 - 00000000 ____D () C:\FRST
2014-03-15 15:35 - 2009-07-13 21:46 - 00005730 _____ () C:\Windows\DtcInstall.log
2014-03-15 15:23 - 2009-07-13 22:13 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-15 15:23 - 2009-07-13 21:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-15 15:23 - 2009-07-13 21:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-15 15:19 - 2014-03-14 16:44 - 00059740 _____ () C:\Windows\WindowsUpdate.log
2014-03-15 15:16 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-15 15:16 - 2009-07-13 21:51 - 00026434 _____ () C:\Windows\setupact.log
2014-03-15 15:15 - 2007-07-11 18:49 - 00000000 ____D () C:\Windows\Panther
2014-03-15 01:46 - 2012-06-26 00:19 - 00199724 _____ () C:\Windows\PFRO.log
2014-03-15 01:25 - 2012-06-08 22:19 - 00000000 ____D () C:\Program Files (x86)\FunWebProducts
2014-03-15 01:25 - 2011-10-15 10:05 - 00000000 ____D () C:\Program Files (x86)\Inbox Toolbar
2014-03-14 22:47 - 2014-03-14 22:09 - 00007600 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2014-03-14 22:33 - 2014-03-14 22:33 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Malwarebytes
2014-03-14 22:32 - 2014-03-14 22:32 - 00001112 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-14 22:32 - 2014-03-14 22:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-14 22:32 - 2014-03-14 22:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-14 22:29 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-03-14 22:02 - 2014-03-14 17:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Deployment
2014-03-14 22:01 - 2014-03-14 22:17 - 00002504 _____ () C:\Users\Administrator\Desktop\setuperr.log
2014-03-14 18:00 - 2011-02-23 02:37 - 00011971 _____ () C:\Windows\patch.log
2014-03-14 17:20 - 2010-11-10 12:40 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-03-14 17:18 - 2011-02-22 06:51 - 00000000 ___HD () C:\OEM
2014-03-14 17:12 - 2014-03-14 17:12 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Best Buy pc app
2014-03-14 17:09 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Help
2014-03-14 17:05 - 2014-03-14 17:05 - 00000383 _____ () C:\Windows\DirectX.log
2014-03-14 17:04 - 2011-01-31 04:01 - 00000413 _____ () C:\Windows\system32\oem_Get_OS_Language.log
2014-03-14 17:03 - 2011-01-31 04:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-03-14 17:02 - 2014-03-14 17:02 - 00000398 _____ () C:\Users\Administrator\Desktop\pc app.appref-ms
2014-03-14 17:02 - 2014-03-14 17:02 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy
2014-03-14 17:02 - 2014-03-14 17:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\PackageAware
2014-03-14 17:02 - 2014-03-14 17:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apps\2.0
2014-03-14 17:02 - 2011-01-31 03:59 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-14 17:02 - 2011-01-31 03:59 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-14 17:02 - 2011-01-31 03:59 - 00000000 ____D () C:\ProgramData\Best Buy pc app
2014-03-14 17:01 - 2012-09-03 14:58 - 00505128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2014-03-14 17:01 - 2012-09-03 14:58 - 00353576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-03-14 17:01 - 2011-01-31 03:58 - 00029480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll
2014-03-14 17:00 - 2014-03-14 17:00 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Mozilla
2014-03-14 16:56 - 2010-11-10 12:39 - 00002035 _____ () C:\RHDSetup.log
2014-03-14 16:44 - 2009-10-05 13:30 - 00000000 ____D () C:\Windows\DeployWinRE2
2014-03-14 16:42 - 2011-05-01 22:07 - 00000000 __SHD () C:\Recovery
2014-03-14 16:42 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-03-14 16:42 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Recovery

ZeroAccess:
C:\Windows\Installer\{c84ae635-a1ef-971d-16a2-75ec31b3ab3b}
C:\Windows\Installer\{c84ae635-a1ef-971d-16a2-75ec31b3ab3b}\@
C:\Windows\Installer\{c84ae635-a1ef-971d-16a2-75ec31b3ab3b}\U\00000004.@
C:\Windows\Installer\{c84ae635-a1ef-971d-16a2-75ec31b3ab3b}\L\00000004.@
C:\Windows\Installer\{c84ae635-a1ef-971d-16a2-75ec31b3ab3b}\L\201d3dde

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

ZeroAccess:
C:\Users\Louise\AppData\Local\{c84ae635-a1ef-971d-16a2-75ec31b3ab3b}

Files to move or delete:
====================
C:\Users\Louise\AppData\Roaming\RSBuddy Login.ini
C:\Users\Louise\jagex_cl_runescape_LIVE.dat

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-03-14 18:03

==================== End Of Log =========================

Link to post
Share on other sites

And here is the Additional.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Administrator at 2014-03-15 15:56:16
Running from C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2LS0C9W2
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Norton Internet Security (Disabled - Up to date) {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Up to date) {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security (Disabled) {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

==================== Installed Programs ======================

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.1.82.76 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Best Buy pc app (HKCU\...\48e4cff94f039634) (Version: 3.1.1.0 - Best Buy)
Best Buy pc app (Version: 3.1.1.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.1.1.0 - Best Buy) Hidden
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2931.50 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.2931.50 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Gateway InfoCentre (HKLM-x32\...\Gateway InfoCentre) (Version: 3.02.3000 - Gateway Incorporated)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3015 - Gateway Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.03.3003 - Gateway Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.1.0825.2010 - Gateway Incorporated)
Gateway Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Gateway Incorporated)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Gateway Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Nero 9 Essentials (HKLM-x32\...\{47bd9548-9d52-4ec6-930f-df573e36962b}) (Version:  - Nero AG)
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.13.100 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.12.100 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.4.37.100 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.12.100 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.37.100 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.27.100 - Nero AG) Hidden
Nero StartSmart OEM (x32 Version: 9.4.10.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.37.100 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 18.0.0.128 - Symantec Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5898 - Realtek Semiconductor Corp.)
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.02.3005 - Gateway Incorporated)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

15-03-2014 08:21:19 MBAM Scan

==================== Hosts content: ==========================

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {A87DFF10-C54B-474A-8182-FA424AFA1D92} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Gateway\Gateway Recovery Management\NotificationCenter\Notification.exe [2010-08-18] (Acer)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{F7171E66-01DE-4581-83CF-A29CCEA56026}.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3412091256-1999745169-456823300-1000Core.job => C:\Users\Louise\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3412091256-1999745169-456823300-1000UA.job => C:\Users\Louise\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe

==================== Loaded Modules (whitelisted) =============

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:02CC0035
AlternateDataStreams: C:\ProgramData\Temp:0410A323
AlternateDataStreams: C:\ProgramData\Temp:041C0562
AlternateDataStreams: C:\ProgramData\Temp:04EAB86F
AlternateDataStreams: C:\ProgramData\Temp:0B352B60
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
AlternateDataStreams: C:\ProgramData\Temp:0ED1C542
AlternateDataStreams: C:\ProgramData\Temp:10CB85CA
AlternateDataStreams: C:\ProgramData\Temp:1234ADAE
AlternateDataStreams: C:\ProgramData\Temp:14B2E0BD
AlternateDataStreams: C:\ProgramData\Temp:159A493A
AlternateDataStreams: C:\ProgramData\Temp:17EB5BAE
AlternateDataStreams: C:\ProgramData\Temp:19474103
AlternateDataStreams: C:\ProgramData\Temp:1A3E8375
AlternateDataStreams: C:\ProgramData\Temp:1B389835
AlternateDataStreams: C:\ProgramData\Temp:1D6B18F1
AlternateDataStreams: C:\ProgramData\Temp:1DB77A89
AlternateDataStreams: C:\ProgramData\Temp:1E942FB9
AlternateDataStreams: C:\ProgramData\Temp:206470A5
AlternateDataStreams: C:\ProgramData\Temp:2216A431
AlternateDataStreams: C:\ProgramData\Temp:244E4E3A
AlternateDataStreams: C:\ProgramData\Temp:24C072FF
AlternateDataStreams: C:\ProgramData\Temp:2652902F
AlternateDataStreams: C:\ProgramData\Temp:2AE74FF9
AlternateDataStreams: C:\ProgramData\Temp:2B856118
AlternateDataStreams: C:\ProgramData\Temp:2B9555D8
AlternateDataStreams: C:\ProgramData\Temp:2C84CA43
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:2D2461E7
AlternateDataStreams: C:\ProgramData\Temp:2E636DD9
AlternateDataStreams: C:\ProgramData\Temp:32289BE8
AlternateDataStreams: C:\ProgramData\Temp:3241739E
AlternateDataStreams: C:\ProgramData\Temp:366EFA1A
AlternateDataStreams: C:\ProgramData\Temp:398EFF0F
AlternateDataStreams: C:\ProgramData\Temp:3A0561F3
AlternateDataStreams: C:\ProgramData\Temp:3AEF46F0
AlternateDataStreams: C:\ProgramData\Temp:3C4BD225
AlternateDataStreams: C:\ProgramData\Temp:3DB6F365
AlternateDataStreams: C:\ProgramData\Temp:3EC5BC08
AlternateDataStreams: C:\ProgramData\Temp:401CAF8F
AlternateDataStreams: C:\ProgramData\Temp:40640B7D
AlternateDataStreams: C:\ProgramData\Temp:43F5FA9D
AlternateDataStreams: C:\ProgramData\Temp:45912F61
AlternateDataStreams: C:\ProgramData\Temp:46283136
AlternateDataStreams: C:\ProgramData\Temp:4673E9EA
AlternateDataStreams: C:\ProgramData\Temp:491270B8
AlternateDataStreams: C:\ProgramData\Temp:4A5CFD3B
AlternateDataStreams: C:\ProgramData\Temp:4B6A9FDA
AlternateDataStreams: C:\ProgramData\Temp:4EA7C5C4
AlternateDataStreams: C:\ProgramData\Temp:4EFA2FC7
AlternateDataStreams: C:\ProgramData\Temp:512E1728
AlternateDataStreams: C:\ProgramData\Temp:54403233
AlternateDataStreams: C:\ProgramData\Temp:5539129F
AlternateDataStreams: C:\ProgramData\Temp:55BB2521
AlternateDataStreams: C:\ProgramData\Temp:56FBA78D
AlternateDataStreams: C:\ProgramData\Temp:592D7272
AlternateDataStreams: C:\ProgramData\Temp:5A9F1AE5
AlternateDataStreams: C:\ProgramData\Temp:5D351BC6
AlternateDataStreams: C:\ProgramData\Temp:5E73E1C2
AlternateDataStreams: C:\ProgramData\Temp:65B8AF94
AlternateDataStreams: C:\ProgramData\Temp:65C4D44A
AlternateDataStreams: C:\ProgramData\Temp:6C5F503C
AlternateDataStreams: C:\ProgramData\Temp:6CF828C2
AlternateDataStreams: C:\ProgramData\Temp:6EE8565A
AlternateDataStreams: C:\ProgramData\Temp:6EFFF8B9
AlternateDataStreams: C:\ProgramData\Temp:72A1B66A
AlternateDataStreams: C:\ProgramData\Temp:79875988
AlternateDataStreams: C:\ProgramData\Temp:7BFFC6A9
AlternateDataStreams: C:\ProgramData\Temp:7DC5D762
AlternateDataStreams: C:\ProgramData\Temp:834DD57E
AlternateDataStreams: C:\ProgramData\Temp:852F2262
AlternateDataStreams: C:\ProgramData\Temp:869C6B4A
AlternateDataStreams: C:\ProgramData\Temp:89C6F032
AlternateDataStreams: C:\ProgramData\Temp:8AE92FD3
AlternateDataStreams: C:\ProgramData\Temp:8B4B9596
AlternateDataStreams: C:\ProgramData\Temp:8E5EA40F
AlternateDataStreams: C:\ProgramData\Temp:902C848D
AlternateDataStreams: C:\ProgramData\Temp:90D89144
AlternateDataStreams: C:\ProgramData\Temp:961B84C5
AlternateDataStreams: C:\ProgramData\Temp:9F3CEEE6
AlternateDataStreams: C:\ProgramData\Temp:A2FF62A6
AlternateDataStreams: C:\ProgramData\Temp:A6F30843
AlternateDataStreams: C:\ProgramData\Temp:A819A132
AlternateDataStreams: C:\ProgramData\Temp:A900C3A3
AlternateDataStreams: C:\ProgramData\Temp:A9056F42
AlternateDataStreams: C:\ProgramData\Temp:A9223B61
AlternateDataStreams: C:\ProgramData\Temp:AD179392
AlternateDataStreams: C:\ProgramData\Temp:AFC732F7
AlternateDataStreams: C:\ProgramData\Temp:B190BE3A
AlternateDataStreams: C:\ProgramData\Temp:B2112128
AlternateDataStreams: C:\ProgramData\Temp:B2735F9E
AlternateDataStreams: C:\ProgramData\Temp:B3A5945E
AlternateDataStreams: C:\ProgramData\Temp:BD0A043E
AlternateDataStreams: C:\ProgramData\Temp:BE6B5FC3
AlternateDataStreams: C:\ProgramData\Temp:BE6DC701
AlternateDataStreams: C:\ProgramData\Temp:C0893153
AlternateDataStreams: C:\ProgramData\Temp:C0A9B815
AlternateDataStreams: C:\ProgramData\Temp:C0BCE04B
AlternateDataStreams: C:\ProgramData\Temp:C2F24DB5
AlternateDataStreams: C:\ProgramData\Temp:C370B84F
AlternateDataStreams: C:\ProgramData\Temp:C43C957E
AlternateDataStreams: C:\ProgramData\Temp:C82CA1C0
AlternateDataStreams: C:\ProgramData\Temp:CAC06C34
AlternateDataStreams: C:\ProgramData\Temp:CB5AA1E6
AlternateDataStreams: C:\ProgramData\Temp:D31BE97C
AlternateDataStreams: C:\ProgramData\Temp:DC7EDF41
AlternateDataStreams: C:\ProgramData\Temp:DD0005C2
AlternateDataStreams: C:\ProgramData\Temp:E402E439
AlternateDataStreams: C:\ProgramData\Temp:E4EE99EF
AlternateDataStreams: C:\ProgramData\Temp:E517FE76
AlternateDataStreams: C:\ProgramData\Temp:E5B07840
AlternateDataStreams: C:\ProgramData\Temp:E87AB4E3
AlternateDataStreams: C:\ProgramData\Temp:E894A3ED
AlternateDataStreams: C:\ProgramData\Temp:EA10407C
AlternateDataStreams: C:\ProgramData\Temp:ECF3C50F
AlternateDataStreams: C:\ProgramData\Temp:EDDBC69E
AlternateDataStreams: C:\ProgramData\Temp:EE9C3FED
AlternateDataStreams: C:\ProgramData\Temp:EF0BD3A1
AlternateDataStreams: C:\ProgramData\Temp:F13867C6
AlternateDataStreams: C:\ProgramData\Temp:F2E92DCD
AlternateDataStreams: C:\ProgramData\Temp:F3A185AE
AlternateDataStreams: C:\ProgramData\Temp:F52DB269
AlternateDataStreams: C:\ProgramData\Temp:F5B51004
AlternateDataStreams: C:\ProgramData\Temp:F5E4BCD5
AlternateDataStreams: C:\ProgramData\Temp:F610C203
AlternateDataStreams: C:\ProgramData\Temp:F7F4DC88
AlternateDataStreams: C:\ProgramData\Temp:FB4262DE
AlternateDataStreams: C:\ProgramData\Temp:FB6A21E3

==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Best Buy pc app => C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms

==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/15/2014 03:35:06 PM) (Source: MSDTC Client) (User: )
Description: Cleanup0x80100101

System errors:
=============

Microsoft Office Sessions:
=========================
Error: (03/15/2014 03:35:06 PM) (Source: MSDTC Client)(User: )
Description: Cleanup0x80100101

==================== Memory info ===========================

Percentage of memory in use: 29%
Total physical RAM: 6109.18 MB
Available physical RAM: 4289.86 MB
Total Pagefile: 12216.5 MB
Available Pagefile: 10620.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:916.91 GB) (Free:742.13 GB) NTFS
Drive d: (GSP1RMCHPXFREO_EN_DVD) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 71B49C11)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=917 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

Ok. Let's continue:

Please download Combofix (by sUBs) and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).

    Please copy and paste the contents of this file into your next post.

Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.

(You can find more detailed instructions in this guide on using Combofix.)

Link to post
Share on other sites

Here is the log:

 

ComboFix 14-03-13.01 - Chris 03/15/2014  17:54:27.1.2 - x64

Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.6109.4273 [GMT -7:00]
Running from: c:\users\Chris\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\FunWebProducts
c:\program files (x86)\MyWebSearch
c:\program files (x86)\MyWebSearch\bar\1.bin\CHROME.MANIFEST
c:\program files (x86)\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
c:\program files (x86)\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files (x86)\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files (x86)\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files (x86)\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files (x86)\MyWebSearch\bar\1.bin\INSTALL.RDF
c:\program files (x86)\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files (x86)\MyWebSearch\bar\Game\CHESS.F3S
c:\program files (x86)\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files (x86)\MyWebSearch\bar\gen1\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\icons\CM.ICO
c:\program files (x86)\MyWebSearch\bar\icons\MFC.ICO
c:\program files (x86)\MyWebSearch\bar\icons\PSS.ICO
c:\program files (x86)\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files (x86)\MyWebSearch\bar\icons\WB.ICO
c:\program files (x86)\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files (x86)\MyWebSearch\bar\IE9Mesg\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\jsifb\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Message\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files (x86)\MyWebSearch\bar\Overlay\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Settings\s_pid.dat
c:\program files (x86)\MyWebSearch\bar\wbnotify\COMMON.F3S
c:\users\Louise\AppData\Roaming\dclogs
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{c84ae635-a1ef-971d-16a2-75ec31b3ab3b}
c:\windows\Installer\{c84ae635-a1ef-971d-16a2-75ec31b3ab3b}\@
c:\windows\Installer\{c84ae635-a1ef-971d-16a2-75ec31b3ab3b}\L\00000004.@
c:\windows\Installer\{c84ae635-a1ef-971d-16a2-75ec31b3ab3b}\L\201d3dde
c:\windows\Installer\{c84ae635-a1ef-971d-16a2-75ec31b3ab3b}\U\00000004.@
c:\windows\wininit.ini
c:\windows\XSxS
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-16 to 2014-03-16  )))))))))))))))))))))))))))))))
.
.
2014-03-16 01:00 . 2014-03-16 01:00 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2014-03-15 23:18 . 2014-03-15 23:18 -------- d-----w- c:\users\Chris
2014-03-15 22:55 . 2014-03-15 22:56 -------- d-----w- C:\FRST
2014-03-15 05:33 . 2014-03-15 05:33 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2014-03-15 05:32 . 2014-03-15 05:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-03-15 05:32 . 2014-03-15 05:32 -------- d-----w- c:\programdata\Malwarebytes
2014-03-15 05:32 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-15 05:32 . 2014-03-15 05:32 -------- d-----w- c:\users\Administrator\AppData\Local\Programs
2014-03-15 00:12 . 2014-03-15 00:12 -------- d-----w- c:\users\Administrator\AppData\Local\Best Buy pc app
2014-03-15 00:02 . 2014-03-15 05:02 -------- d-----w- c:\users\Administrator\AppData\Local\Deployment
2014-03-15 00:02 . 2014-03-15 00:02 -------- d-----w- c:\users\Administrator\AppData\Local\Apps
2014-03-15 00:02 . 2014-03-15 00:02 -------- d-----w- c:\users\Administrator\AppData\Local\PackageAware
2014-03-14 23:46 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{345845AF-0DC8-4908-9508-50D41BE47A49}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-15 00:01 . 2012-09-03 21:58 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll
2014-03-15 00:01 . 2012-09-03 21:58 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll
2014-03-15 00:01 . 2011-01-31 10:58 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"IdentityCardFUB"="c:\windows\oem\IdentityCard\FUB.exe" [2009-10-08 227872]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe "c:\programdata\Best Buy pc app\Best Buy pc app.application" [2010-10-26 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8187B.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe [x]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [x]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 23:23 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 20:28]
.
2014-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 04:59]
.
2014-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 04:59]
.
2013-09-08 c:\windows\Tasks\ROC_JAN2013_TB_rmv.job
- c:\program files (x86)\AVG Secure Search\PostInstall\ROC.exe [2013-01-24 00:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 24.116.0.53 24.116.2.50
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.0.0.128\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-15  18:02:49
ComboFix-quarantined-files.txt  2014-03-16 01:02
.
Pre-Run: 797,747,331,072 bytes free
Post-Run: 797,716,619,264 bytes free
.
- - End Of File - - 72EC4C91DC5565D9E10ACEC4719ECF4A
Link to post
Share on other sites

Ok. How is your computer running? Do any problems or strange symptoms exist?

Please download the ESET Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.

    Note: This scan might take a long time! Please be patient.

  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

    Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!
Link to post
Share on other sites

It's running fine at the moment.

 

Here is the log:

 

ESETSmartInstaller@High as downloader log:

all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=fdd2eff1dc6d0e418a5a2d3192f8c987
# engine=17468
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-03-16 09:23:46
# local_time=2014-03-16 02:23:46 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=1279 16777215 0 0 0 0 0 0
# compatibility_mode=3589 16777214 60 64 95632965 157511611 0 0
# compatibility_mode=5893 16776573 100 94 77838 146548476 0 0
# scanned=694934
# found=11
# cleaned=0
# scan_time=10478
sh=A0CAA80116C414C48EC40C6E2FA4CD7D78DFF1AD ft=0 fh=0000000000000000 vn="a variant of MSIL/TrojanDropper.Agent.KB trojan" ac=I fn="C:\Backup\Louise\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000b1a"
sh=7FBD0962BC6F8780A41C41652117A8AA6693A96E ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="C:\Backup\Louise\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4YRQ51A1\shadowcraft-2[1].htm"
sh=F4D2D8A4798018BA54A22F13C65B8E4229D4A03E ft=0 fh=0000000000000000 vn="Win32/DomaIQ.E potentially unwanted application" ac=I fn="C:\Backup\Louise\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\130909171351423.rsc_tmp"
sh=9B8C633A10417757469388830CFA3700BF8391D1 ft=0 fh=0000000000000000 vn="a variant of Java/Obfuscated.AllatoriDemo.B potentially unsafe application" ac=I fn="C:\Backup\Louise\AppData\Roaming\EpicBot\Cache\update.jar"
sh=AC2EC6544DBD953FBF7F13C7F0C2B12E2B847DF6 ft=1 fh=80c515dd57445045 vn="MSIL/DownVision.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\DownVision\update.exe"
sh=B81BAAC9D35824000ADB556418067A9220C40F01 ft=1 fh=23a12d968d390125 vn="probably a variant of Win32/Toolbar.Visicom.C potentially unwanted application" ac=I fn="C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\dtUser.exe"
sh=50F7BC095D56F8DE85C3654F53E7A5039DDFDC6E ft=1 fh=22ba93820351546e vn="a variant of Win32/Toolbar.Visicom.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimband.dll"
sh=3D30770CA02B988D17FB6B86DD02DDDF078CC9D0 ft=1 fh=454e4fee16bd7532 vn="a variant of Win32/Toolbar.Visicom.B potentially unwanted application" ac=I fn="C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll"
sh=5AE09DF85A30864BBE5F3E6D782358C8F95CDB95 ft=1 fh=a6fc020f2a9ed637 vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39impipe.exe"
sh=46C1319EE38510C365A4226621DE30BDF7E462FF ft=1 fh=662930a683ab766b vn="Win64/Conedex.C trojan" ac=I fn="C:\Qoobox\Quarantine\C\Windows\Installer\{c84ae635-a1ef-971d-16a2-75ec31b3ab3b}\U\00000004.@.vir"
sh=6A4567E1F624236A0F0F616F914EABBBE96F9474 ft=0 fh=0000000000000000 vn="probably a variant of MSIL/PSW.OnLineGames.QG trojan" ac=I fn="C:\Users\Louise\Downloads\IDB-3.4.1.rar"
Link to post
Share on other sites

All right!


Please download this attached fixlist.txt and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • I don't need the log.

 

 

 

 

That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Rename Combofix.exe in Uninstall.exe and execute it with a double click. (Beware that file extensions might be hidden. So don't add a double extension Uninstall.exe.exe.)
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

 

 

 

 

Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefor it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:


Adobe Flash Player 10 ActiveX
Adobe Reader 9.1 MUI
Download and install Service Pack 1 for Windows 7.
Internet Explorer Version 8




Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

Link to post
Share on other sites

I finished everything you suggested. Computer seems to be running fine. Only other issue I have is with Windows.. The default administrator account opens on start-up and Sysprep pops up. When I try to run it, it says there was an error when trying to run SysPrep.

 

I don't know if that's something you would know about, or could help with. If not, it's fine.  :) 

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.