| |
| |||||||
Log-Analyse und Auswertung: Windows 7 Starter: BKA-Trojaner, abgesicherter Modus funktioniertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
07.09.2014, 12:55
| #1 |
| |  Windows 7 Starter: BKA-Trojaner, abgesicherter Modus funktioniert Hallo Leute, ich hab mir einen BKA-Trojaner eingefangen, welcher den Bildschirm sperrt und die Cam aktiviert. Der abgesicherte Modus funktioniert aber und ich konnte die Logfiles erstellen, wie in der Anleitung beschrieben. Es ist ein privater Rechner. Die Logfiles sind zu groß, um sie hier mit dem #-Symbol zu posten. Sagt mir einfach, ob ich sie als Anhang ranhängen soll. P.S.Der Defogger hat keine Funde gehabt. Danke schon mal, Gruß Flip |
|
07.09.2014, 13:00
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows 7 Starter: BKA-Trojaner, abgesicherter Modus funktioniert Hi und
__________________ Logs bitte nicht anhängen, notfalls splitten und über mehrere Postings verteilt posten  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
09.09.2014, 09:48
| #3 |
| | Windows 7 Starter: BKA-Trojaner, abgesicherter Modus funktioniert Okay, dann kommt jetzt der 1. Log, welchen ich am Anfang über Malware gemacht hab:
__________________Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 06.09.2014 Scan Time: 11:51:43 Logfile: Log 06.09.2014.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.09.06.01 Rootkit Database: v2014.08.21.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x86 File System: NTFS User: PK Scan Type: Threat Scan Result: Completed Objects Scanned: 289122 Time Elapsed: 43 min, 30 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 3 PUP.Optional.OutBrowse, C:\Users\PK\Downloads\avira-antivir-personal---free-antivirus.exe, 2056, , [65041bcf64171e184b9ed3e4976a06fa] PUP.Optional.OutBrowse.A, C:\Users\PK\AppData\Local\Temp\riw.exe, 2076, , [7cedab3f0f6c91a588806e7430d4ff01] PUP.Optional.SearchHijacker.A, C:\Users\PK\AppData\Local\Temp\91409995879\0_Offer_1.exe, 2500, , [8edb2ebc0d6e56e0ae1403a9e71a9a66] Modules: 0 (No malicious items detected) Registry Keys: 78 PUP.Optional.OutBrowse.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{03771AEF-400D-4A13-B712-25878EC4A3F5}, , [7cedab3f0f6c91a588806e7430d4ff01], PUP.Optional.OutBrowse.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, , [7cedab3f0f6c91a588806e7430d4ff01], PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{AD25754E-D76C-42B3-A335-2F81478B722F}, , [2d3ceffb621977bf082df725759034cc], PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}, , [2d3ceffb621977bf082df725759034cc], PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\CLASSES\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}, , [d594e406a8d3d85e072eb864bf4645bb], PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{09C554C3-109B-483C-A06B-F14172F1A947}, , [d594e406a8d3d85e072eb864bf4645bb], PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A9379648-F6EB-4F65-A624-1C10411A15D0}, , [d594e406a8d3d85e072eb864bf4645bb], PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}, , [d594e406a8d3d85e072eb864bf4645bb], PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\CLASSES\facemoods.facemoodsHlpr.1, , [d594e406a8d3d85e072eb864bf4645bb], PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\CLASSES\facemoods.facemoodsHlpr, , [d594e406a8d3d85e072eb864bf4645bb], PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{64182481-4F71-486B-A045-B233BD0DA8FC}, , [d594e406a8d3d85e072eb864bf4645bb], PUP.Optional.FaceMoods.A, HKU\S-1-5-21-1224680110-414488466-2068196550-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{64182481-4F71-486B-A045-B233BD0DA8FC}, , [d594e406a8d3d85e072eb864bf4645bb], PUP.Optional.FaceMoods.A, HKU\S-1-5-21-1224680110-414488466-2068196550-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{64182481-4F71-486B-A045-B233BD0DA8FC}, , [d594e406a8d3d85e072eb864bf4645bb], PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\CLASSES\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}, , [d594e406a8d3d85e072eb864bf4645bb], PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\CLASSES\escort.escrtBtn.1, , [d594e406a8d3d85e072eb864bf4645bb], PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\CLASSES\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}\INPROCSERVER32, , [d594e406a8d3d85e072eb864bf4645bb], PUP.Optional.Outbrowse, HKLM\SOFTWARE\CLASSES\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}, , [98d1509a3744ef47bd725e5b32d0e31d], PUP.Optional.SearchQu, HKLM\SOFTWARE\CLASSES\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}, , [8ddc0ddd0d6efe38bb5bc3c0fc068c74], PUP.Optional.SearchQu, HKLM\SOFTWARE\CLASSES\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}\INPROCSERVER32, , [8ddc0ddd0d6efe38bb5bc3c0fc068c74], PUP.Optional.SearchQu, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{99079A25-328F-4BD4-BE04-00955ACAA0A7}, , [8ddc0ddd0d6efe38bb5bc3c0fc068c74], PUP.Optional.SearchQu, HKU\S-1-5-21-1224680110-414488466-2068196550-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{99079A25-328F-4BD4-BE04-00955ACAA0A7}, , [8ddc0ddd0d6efe38bb5bc3c0fc068c74], PUP.Optional.SearchQu, HKU\S-1-5-21-1224680110-414488466-2068196550-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{99079A25-328F-4BD4-BE04-00955ACAA0A7}, , [8ddc0ddd0d6efe38bb5bc3c0fc068c74], PUP.Optional.SearchQu, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{99079A25-328F-4BD4-BE04-00955ACAA0A7}, , [8ddc0ddd0d6efe38bb5bc3c0fc068c74], PUP.Optional.Bandoo.A, HKLM\SOFTWARE\CLASSES\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}, , [b7b28d5d05763cfa894f219424de3cc4], PUP.Optional.Bandoo.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}, , [b7b28d5d05763cfa894f219424de3cc4], PUP.Optional.Bandoo.A, HKLM\SOFTWARE\CLASSES\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}\INPROCSERVER32, , [b7b28d5d05763cfa894f219424de3cc4], PUP.Optional.Bandoo.A, HKLM\SOFTWARE\CLASSES\BrowserConnection.Loader.1, , [b7b28d5d05763cfa894f219424de3cc4], PUP.Optional.Bandoo.A, HKLM\SOFTWARE\CLASSES\BrowserConnection.Loader, , [b7b28d5d05763cfa894f219424de3cc4], PUP.Optional.Bandoo.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{9D717F81-9148-4F12-8568-69135F087DB0}, , [b7b28d5d05763cfa894f219424de3cc4], PUP.Optional.Bandoo.A, HKU\S-1-5-21-1224680110-414488466-2068196550-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{9D717F81-9148-4F12-8568-69135F087DB0}, , [b7b28d5d05763cfa894f219424de3cc4], PUP.Optional.Bandoo.A, HKU\S-1-5-21-1224680110-414488466-2068196550-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{9D717F81-9148-4F12-8568-69135F087DB0}, , [b7b28d5d05763cfa894f219424de3cc4], PUP.Optional.Datamngr.A, HKLM\SOFTWARE\CLASSES\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}, , [dc8d6a80601b7cba7d17a70f56acb947], PUP.Optional.Datamngr.A, HKLM\SOFTWARE\CLASSES\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}, , [dc8d6a80601b7cba7d17a70f56acb947], PUP.Optional.Datamngr.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}, , [dc8d6a80601b7cba7d17a70f56acb947], PUP.Optional.Datamngr.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}, , [dc8d6a80601b7cba7d17a70f56acb947], PUP.Optional.Datamngr.A, HKLM\SOFTWARE\CLASSES\SearchQUIEHelper.DNSGuard, , [dc8d6a80601b7cba7d17a70f56acb947], PUP.Optional.Datamngr.A, HKLM\SOFTWARE\CLASSES\SearchQUIEHelper.DNSGuard.1, , [dc8d6a80601b7cba7d17a70f56acb947], PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\CLASSES\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}, , [da8f2fbb81faca6c24502a55847e56aa], PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\CLASSES\facemoods.dskBnd.1, , [da8f2fbb81faca6c24502a55847e56aa], PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\CLASSES\facemoods.dskBnd, , [da8f2fbb81faca6c24502a55847e56aa], PUP.Optional.FaceMoods.A, HKU\S-1-5-21-1224680110-414488466-2068196550-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}, , [da8f2fbb81faca6c24502a55847e56aa], PUP.Optional.FaceMoods.A, HKU\S-1-5-21-1224680110-414488466-2068196550-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}, , [da8f2fbb81faca6c24502a55847e56aa], PUP.Optional.FaceMoods.A, HKU\S-1-5-21-1224680110-414488466-2068196550-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0D7562AE-8EF6-416d-A838-AB665251703A}, , [6108d61464177fb7db9a6817d42eeb15], PUP.Optional.Bandoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\iLivid, , [1e4b8367c8b342f417f4a276837e728e], PUP.Optional.DataMangr.A, HKLM\SOFTWARE\DataMngr, , [c6a338b2a9d279bdf26ce1284ab9738d], PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\facemoods.com, , [1f4a01e9adce84b2aef7ce4a1fe4ea16], PUP.Optional.RocketTab.A, HKLM\SOFTWARE\RocketTab, , [9ecb6e7c06758bab8423747f46bc0ef2], PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\webssearchesSoftware, , [35347971314a4aec516071a84cb7d62a], PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\CLASSES\facemoods.xtrnl, , [4d1c9654e29949edbee5b761cf34728e], PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\CLASSES\facemoods.xtrnl.1, , [fe6b55959fdc61d5287ba078d3304cb4], PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\ihflimipbcaljfnojhhknppphnnciiif, , [7aef30bae09bbd79554fec2c42c17e82], PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [3732d1197efd39fd9897113763a1bf41], PUP.Optional.VOPackage, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPACKAGE, , [3c2de109f18a87afe41f7d810af858a8], PUP.Optional.DataMngr.A, HKU\S-1-5-21-1224680110-414488466-2068196550-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr, , [05643dad3447c47221449d9fb252758b], PUP.Optional.DataMngr.A, HKU\S-1-5-21-1224680110-414488466-2068196550-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, , [59107575bcbf36007de7b88418ec649c], PUP.Optional.FaceMoods.A, HKU\S-1-5-21-1224680110-414488466-2068196550-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\facemoods.com, , [8bde05e5ea918ea8911507117a8932ce], PUP.Optional.Qone8, HKU\S-1-5-21-1224680110-414488466-2068196550-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [c2a705e50279082e33fb2c1c57ad956b], PUP.Optional.Softonic.A, HKU\S-1-5-21-1224680110-414488466-2068196550-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, , [2049faf03348af87341874a12bd8ec14], PUP.Optional.Searchqu, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Searchqu Toolbar, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, HKLM\SOFTWARE\CLASSES\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, HKLM\SOFTWARE\CLASSES\TYPELIB\{841D5A49-E48D-413c-9C28-EB3D9081D705}, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, HKLM\SOFTWARE\CLASSES\INTERFACE\{44B619BC-3D2B-4990-AA4F-9AA366921792}, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, HKLM\SOFTWARE\CLASSES\DnsBHO.BHO.1, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, HKLM\SOFTWARE\CLASSES\DnsBHO.BHO, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\CLASSES\CLSID\{AD20D01C-C939-4dd2-8C55-56935A48987E}, , [07625e8c027964d2b2954987758d7c84], PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\CLASSES\facemoodsApp.appCore.1, , [07625e8c027964d2b2954987758d7c84], PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\CLASSES\facemoodsApp.appCore, , [07625e8c027964d2b2954987758d7c84], PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\CLASSES\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}, , [07625e8c027964d2b2954987758d7c84], PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{B12E99ED-69BD-437C-86BE-C862B9E5444D}, , [07625e8c027964d2b2954987758d7c84], PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}, , [07625e8c027964d2b2954987758d7c84], PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\facemoods, , [07625e8c027964d2b2954987758d7c84], PUP.Optional.QuickStores.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}, , [abbe7872fa8152e472957f7791737789], PUP.Optional.QuickStores.A, HKLM\SOFTWARE\CLASSES\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}, , [abbe7872fa8152e472957f7791737789], PUP.Optional.QuickStores.A, HKU\S-1-5-21-1224680110-414488466-2068196550-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}, , [abbe7872fa8152e472957f7791737789], PUP.Optional.QuickStores.A, HKU\S-1-5-21-1224680110-414488466-2068196550-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}, , [abbe7872fa8152e472957f7791737789], PUP.Optional.SnipSmart.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{68261aaa-dc9f-4c2b-a168-c323e304c3a2}, , [244537b3403be254e6ef9e58d43008f8], PUP.Optional.SnipSmart.A, HKLM\SOFTWARE\CLASSES\CLSID\{68261AAA-DC9F-4C2B-A168-C323E304C3A2}, , [244537b3403be254e6ef9e58d43008f8], PUP.Optional.SnipSmart.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{0c8e7de5-d3f4-4ff0-be7d-2547ff22a3bb}, , [244537b3403be254e6ef9e58d43008f8], Registry Values: 8 PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|facemoods, "C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I, , [2d3ceffb621977bf082df725759034cc] PUP.Optional.SearchQu, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{99079A25-328F-4BD4-BE04-00955ACAA0A7}, Searchqu Toolbar, , [8ddc0ddd0d6efe38bb5bc3c0fc068c74] PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}, facemoods Toolbar, , [da8f2fbb81faca6c24502a55847e56aa] PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}, , [9ecb62883d3ee74f254fc8b71ce6916f], PUP.Optional.SearchQu, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{99079a25-328f-4bd4-be04-00955acaa0a7}, , [1653d119f289bb7b799d4340d82a54ac], PUP.Optional.Datamngr.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|DATAMNGR, C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE, , [79f01bcf780349ed763289b0b252926e] PUP.Optional.VOPackage, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPACKAGE|UninstallString, "C:\Users\PK\AppData\Roaming\VOPackage\uninstall.exe", , [3c2de109f18a87afe41f7d810af858a8] PUP.Optional.QuickStores.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}, QuickStores-Toolbar, , [abbe7872fa8152e472957f7791737789] Registry Data: 10 PUP.Optional.Datamngr.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll , Good: (), Bad: (C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll),,[dc8d6a80601b7cba7d17a70f56acb947] PUP.Optional.Searchqu, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll , Good: (), Bad: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll),,[1c4d2cbe6813f1453ee35d6c22e08878] PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1409995921&from=obw&uid=TOSHIBAXMK2555GSX_99G6FHPMSXX99G6FHPMS, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1409995921&from=obw&uid=TOSHIBAXMK2555GSX_99G6FHPMSXX99G6FHPMS),,[9dcc21c99ae137ff5ae446a030d48c74] PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1409995921&from=obw&uid=TOSHIBAXMK2555GSX_99G6FHPMSXX99G6FHPMS&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://istart.webssearches.com/web/?type=ds&ts=1409995921&from=obw&uid=TOSHIBAXMK2555GSX_99G6FHPMSXX99G6FHPMS&q={searchTerms}),,[d891b03a9ae1063062d36284ce36e21e] PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1409995921&from=obw&uid=TOSHIBAXMK2555GSX_99G6FHPMSXX99G6FHPMS, Good: (www.google.com), Bad: (hxxp://istart.webssearches.com/?type=hp&ts=1409995921&from=obw&uid=TOSHIBAXMK2555GSX_99G6FHPMSXX99G6FHPMS),,[c4a57d6d9ddedd59ce65479f27dd3bc5] PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1409995921&from=obw&uid=TOSHIBAXMK2555GSX_99G6FHPMSXX99G6FHPMS, Good: (www.google.com), Bad: (hxxp://istart.webssearches.com/?type=hp&ts=1409995921&from=obw&uid=TOSHIBAXMK2555GSX_99G6FHPMSXX99G6FHPMS),,[c0a9da10136847ef9b9ca73f8480fa06] PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://start.facemoods.com/?a=fmtgl&s={searchTerms}&f=4, Good: (www.google.com), Bad: (hxxp://start.facemoods.com/?a=fmtgl&s={searchTerms}&f=4),,[09602fbb69126ec82600af42e81c5ba5] PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[6aff93575922b68071f3fbf51ee6ea16] PUP.Optional.WebsSearches.A, HKU\S-1-5-21-1224680110-414488466-2068196550-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1409995921&from=obw&uid=TOSHIBAXMK2555GSX_99G6FHPMSXX99G6FHPMS, Good: (www.google.com), Bad: (hxxp://istart.webssearches.com/?type=hp&ts=1409995921&from=obw&uid=TOSHIBAXMK2555GSX_99G6FHPMSXX99G6FHPMS),,[2643a04a5f1cc47247f17f67b0546a96] PUP.Optional.WebsSearches.A, HKU\S-1-5-21-1224680110-414488466-2068196550-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1409995921&from=obw&uid=TOSHIBAXMK2555GSX_99G6FHPMSXX99G6FHPMS, Good: (www.google.com), Bad: (hxxp://istart.webssearches.com/?type=hp&ts=1409995921&from=obw&uid=TOSHIBAXMK2555GSX_99G6FHPMSXX99G6FHPMS),,[d29711d92952023440f4e105ce36956b] Folders: 56 PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\components, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.RegCleanerPro.A, C:\Users\PK\AppData\Roaming\Systweak\RegClean Pro, , [d59409e1bac1de581874468327db7b85], PUP.Optional.RegCleanerPro.A, C:\Users\PK\AppData\Roaming\Systweak\RegClean Pro\Version 6.1, , [d59409e1bac1de581874468327db7b85], PUP.Optional.WeatherAlerts, C:\Users\PK\AppData\Local\Local_Weather_LLC, , [86e3b43646358caac072bc0f27db7f81], PUP.Optional.WeatherAlerts, C:\Users\PK\AppData\Local\Local_Weather_LLC\WeatherAlerts.exe_Url_lpxcdqh5mvo1zobcieahzf5jvluf304k, , [86e3b43646358caac072bc0f27db7f81], PUP.Optional.WeatherAlerts, C:\Users\PK\AppData\Local\Local_Weather_LLC\WeatherAlerts.exe_Url_lpxcdqh5mvo1zobcieahzf5jvluf304k\1.4.0.0, , [86e3b43646358caac072bc0f27db7f81], PUP.Optional.WeatherAlerts, C:\Users\PK\AppData\Local\WeatherAlerts, , [6bfe509ac0bbe84e54dfeae12dd51ce4], PUP.Optional.RocketTab.A, C:\Program Files\RocketTab, , [aabf04e699e2e650d090eae355adee12], PUP.Optional.RocketTab.A, C:\Program Files\RocketTab\Resources, , [aabf04e699e2e650d090eae355adee12], PUP.Optional.Datamngr.A, C:\Users\PK\AppData\LocalLow\DataMngr, , [0b5e0cded6a591a589ef00cfb052758b], PUP.Optional.WebsSearches.A, C:\Users\PK\AppData\Roaming\webssearches, , [086135b5413aaf87f0cce3ec5aa8b749], PUP.Optional.FaceMoods.A, C:\Users\PK\AppData\LocalLow\facemoods.com, , [a4c5f1f94536d1654bf9b0208979d927], PUP.Optional.FaceMoods.A, C:\Users\PK\AppData\LocalLow\facemoods.com\facemoods, , [a4c5f1f94536d1654bf9b0208979d927], PUP.Optional.FaceMoods.A, C:\Program Files\facemoods.com, , [07625e8c027964d2b2954987758d7c84], PUP.Optional.FaceMoods.A, C:\Program Files\facemoods.com\facemoods, , [07625e8c027964d2b2954987758d7c84], PUP.Optional.FaceMoods.A, C:\Program Files\facemoods.com\facemoods\1.4.17.11, , [07625e8c027964d2b2954987758d7c84], PUP.Optional.FaceMoods.A, C:\Program Files\facemoods.com\facemoods\1.4.17.11\bh, , [07625e8c027964d2b2954987758d7c84], PUP.Optional.SearchQu.A, C:\Users\PK\AppData\LocalLow\searchquband, , [cd9c995184f795a101fe5d7ddb2708f8], PUP.Optional.SearchQu.A, C:\Users\PK\AppData\LocalLow\searchqutoolbar, , [12578e5c2b50ad89ba46cd0e7c86d12f], PUP.Optional.SearchQu.A, C:\Users\PK\AppData\LocalLow\searchqutoolbar\weather, , [12578e5c2b50ad89ba46cd0e7c86d12f], PUP.Optional.SystemSpeedup, C:\Users\PK\AppData\Roaming\Systweak\ssd, , [43268d5df28985b1d01c855c7989d52b], PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced System Protector, , [71f8b6345922e35370655b93f210cf31], PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced System Protector\2.1.1000.13491, , [71f8b6345922e35370655b93f210cf31], PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced System Protector\signatures, , [71f8b6345922e35370655b93f210cf31], PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced System Protector\updates, , [71f8b6345922e35370655b93f210cf31], PUP.Optional.AdvancedSystemProtector.A, C:\Users\PK\AppData\Roaming\Systweak\Advanced System Protector, , [93d6da1081fa6ccab322b43ab949d32d], PUP.Optional.AdvancedSystemProtector.A, C:\Users\PK\AppData\Roaming\Systweak\Advanced System Protector\2.1.1000.13491, , [93d6da1081fa6ccab322b43ab949d32d], Files: 539 PUP.Optional.OutBrowse, C:\Users\PK\Downloads\avira-antivir-personal---free-antivirus.exe, , [65041bcf64171e184b9ed3e4976a06fa], PUP.Optional.OutBrowse.A, C:\Users\PK\AppData\Local\Temp\riw.exe, , [7cedab3f0f6c91a588806e7430d4ff01], PUP.Optional.SearchHijacker.A, C:\Users\PK\AppData\Local\Temp\91409995879\0_Offer_1.exe, , [8edb2ebc0d6e56e0ae1403a9e71a9a66], PUP.Optional.FaceMoods.A, C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe, , [2d3ceffb621977bf082df725759034cc], PUP.Optional.FaceMoods.A, C:\Program Files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll, , [d594e406a8d3d85e072eb864bf4645bb], PUP.Optional.SearchQu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll, , [8ddc0ddd0d6efe38bb5bc3c0fc068c74], PUP.Optional.Bandoo.A, C:\Program Files\Searchqu Toolbar\Datamngr\BrowserConnection.dll, , [b7b28d5d05763cfa894f219424de3cc4], PUP.Optional.Datamngr.A, C:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll, , [dc8d6a80601b7cba7d17a70f56acb947], PUP.Optional.FaceMoods.A, C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll, , [da8f2fbb81faca6c24502a55847e56aa], PUP.Optional.Bandoo, C:\Program Files\iLivid\uninstall.exe, , [1e4b8367c8b342f417f4a276837e728e], PUP.Optional.FaceMoods.A, C:\Users\PK\AppData\Local\Temp\Toolbar_Toggle.exe, , [ff6a22c86f0c072f67ce9a82a263867a], Trojan.Agent.ED, C:\Users\PK\AppData\Local\Temp\lwllwr9f.cpp, , [d792feec80fbe353d43f4b1402ff19e7], Trojan.Agent.ED, C:\Users\PK\AppData\Local\Temp\~tmf5240855099299820595.dll, , [0960c02ab5c6fc3a3ed55a050ef3b050], PUP.Optional.OutBrowse, C:\Users\PK\AppData\Local\Temp\nsjA1AC.tmp\cvf.dll, , [75f4dd0da1da68cec52409aece33f40c], Trojan.Agent.ED, C:\Users\PK\AppData\Local\Temp\Low\jysu.dll, , [6801ce1c1b605cda0b0870ef54addf21], Trojan.Agent.ED, C:\Users\PK\AppData\Local\Temp\Low\rl14rh.cpp, , [aebb39b19ae161d539da223d0df453ad], PUP.Optional.VOPackage.A, C:\Users\PK\AppData\Local\Temp\91409995879\1_Offer_101.exe, , [6aff4c9e156696a0d73c4c07fe02e818], PUP.Optional.BPlug, C:\Users\PK\AppData\Local\Temp\91409995879\1_Offer_14.exe, , [e8818169344755e1cfa6ceea946d16ea], PUP.Optional.WeatherAlerts.A, C:\Users\PK\AppData\Local\Temp\91409995879\1_Offer_300.exe, , [0f5aca2097e450e61cd9f2280bfa639d], PUP.Optional.Babylon, C:\Users\PK\AppData\Local\Temp\91409995879\1_Offer_301.exe, , [1f4a1dcd79024cea4c41832e966b42be], PUP.Optional.OpenCandy, C:\Users\PK\AppData\Local\Temp\OpenCandy\OCSetupHlp.dll, , [22479e4c46358caa5f5c5fb6d92c8d73], PUP.Optional.RocketTab.A, C:\Windows\Tasks\RocketTab Update Task.job, , [baafad3d314a73c36644e11243bf01ff], PUP.Optional.RocketTab.A, C:\Windows\Tasks\RocketTab.job, , [145526c495e6ab8b367406ed38cac63a], PUP.Optional.VOPackage, C:\Users\PK\Desktop\Configure VO Package.lnk, , [3e2b00ea22592a0c28bfd027a95908f8], PUP.Optional.VOPackage.A, C:\Users\PK\AppData\Roaming\VOPackage\VOsrv.exe, , [2c3d4f9bf289bf77711e50b6f80b1ae6], PUP.Optional.FaceMoods.A, C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml, , [d495cc1e63186acc526844c30300de22], PUP.Optional.VOPackage.A, C:\Users\PK\AppData\Roaming\VOPackage\VOPackage.exe, , [f3765991dd9e999dd878c54a4fb4fa06], PUP.Optional.Searchqu.A, C:\Users\PK\AppData\Local\Temp\searchqutoolbar-manifest.xml, , [581113d7bbc070c6fef50438e51f728e], PUP.Optional.Searchqu.A, C:\Users\PK\AppData\Local\Temp\SetupDataMngr_Searchqu.exe, , [e287c5250a7166d01cd881bb52b210f0], PUP.Optional.Datamngr.A, C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe, , [79f01bcf780349ed763289b0b252926e], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\sysid.ini, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\uninstall.exe, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\datamngr.dll, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\DnsBHO.dll, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\as_guid.dat, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\manifest.xml, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\uninstall.exe, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\neterror.xhtml, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\partner.coupons.xml, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\preferences.xml, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\radiobeta.js, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\template.xml, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.htm, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.xul, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmncode.js, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmnrsswin.xml, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\engines.xml, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\search.xsl, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\about.xml, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xul, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparent.xul, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xul, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xul, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin.xul, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxwin.xul, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\emailnotifierproviders.xml, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\external.js, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\neterror.xhtml, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\vmncode.js, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.html, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\datastore.jsm, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\nsDragAndDrop.js, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\babylon_logo.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluelite.gif, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluesky.gif, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search-over.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings-over.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets-over.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ca.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dictionary.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\divider.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\downloadcom.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dtxlogo.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ebay.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email_on.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\facebook.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\games.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1_5.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2_5.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3_5.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4_5.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred5.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphredna.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\grey.gif, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ico-shield.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_amazon.gif, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_games.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_radio_png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_seperator_png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_twitter.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_youtube.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\images.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\imesh.css, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lichen.gif, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-over.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-separator.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\mail.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\maps.bmp, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\menuseparatorback.gif, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify-save.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modifyhot.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\music.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\news.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\orange.gif, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\protect-id.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gif, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gif, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gif, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta.ico, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\relatedlinks.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-collapse.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-delete.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn_settings.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0_5.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-about.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\pixsy.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rsstopback.gif, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-lichen.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-expand.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-feed.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-remove.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-rename.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-found.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-reload.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-subscribe.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rssback.gif, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search-over.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_over_png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\settings.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\shopping.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\siteinfo.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluelite.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluesky.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-grey.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-orange.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-yellow.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin.xml, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\technorati.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\throbber.gif, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\toolbarsplitter.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\translate.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\video.bmp, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.css, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\weather.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\web.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\widgets-square-16px.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\wikipedia.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yahoosearch.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yellow.gif, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\youtube.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\zoom.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\add.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\aol.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gif, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gif, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gif, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gif, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\blank.gif, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn_slider.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\checkmark.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\chevron.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\collapse.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\comcast.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\dtx.css, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\expand.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\found.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\gmail.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\hotmail.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\ico-check.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\imap.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gif, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lock.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\logo-separator.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\mailcom.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\modify.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\move.gif, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\movetarget.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\pop.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-buffering.gif, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-connecting.gif, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-playing.gif, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-stopped.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta.ico, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\reload.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\remove.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rename.gif, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\resize-box.gif, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rss.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsschannelback.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\RSSLogo.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsstabdivider.gif, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-left.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-right.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search-go.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\text-ellipsis.xml, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\throbber.gif, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\toolbarsplitter.gif, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\transparent_1px.gif, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\yahoo.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htm, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gamecategory.xsl, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameData.js, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameList.xsl, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\games.xsl, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gametype.xsl, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\initHTML.html, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupGames.html, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupHTML.html, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupRSS.html, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.html, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\scroll.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.css, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout.css, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames.css, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.css, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\main.html, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\dialog.css, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\bg.gif, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-left.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-right.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-back.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-drag.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-download.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-news24.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-play.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Add.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-download.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Info.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-play.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-shop.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-tags.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\managerpanel.html, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\volumeslider.html, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\manager.css, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\slider.css, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-radio.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\music-note.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slider.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slideron.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\track.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_07.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_02.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_03.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_04.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_06.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_08.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_09.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_10.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_11.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_12.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_13.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_14.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_15.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_16.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_18.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_19.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_20.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_21.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-hot.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-normal.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\loadingMid.gif, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\proxy.html, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.html, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.xml, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\templateFF.html, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\throbber.gif, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-main.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-search.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.gif, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-widgets.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-left.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-right.png, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.Searchqu, C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\components\windowmediator.js, , [1c4d2cbe6813f1453ee35d6c22e08878], PUP.Optional.WeatherAlerts, C:\Users\PK\AppData\Local\Local_Weather_LLC\WeatherAlerts.exe_Url_lpxcdqh5mvo1zobcieahzf5jvluf304k\1.4.0.0\user.config, , [86e3b43646358caac072bc0f27db7f81], PUP.Optional.WeatherAlerts, C:\Users\PK\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe, , [6bfe509ac0bbe84e54dfeae12dd51ce4], PUP.Optional.WeatherAlerts, C:\Users\PK\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe.config, , [6bfe509ac0bbe84e54dfeae12dd51ce4], PUP.Optional.WeatherAlerts, C:\Users\PK\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp0.dat, , [6bfe509ac0bbe84e54dfeae12dd51ce4], PUP.Optional.WeatherAlerts, C:\Users\PK\AppData\Local\WeatherAlerts\DesktopWeatherAlertsBrowser.exe, , [6bfe509ac0bbe84e54dfeae12dd51ce4], PUP.Optional.WeatherAlerts, C:\Users\PK\AppData\Local\WeatherAlerts\DesktopWeatherAlertsBrowser.exe.config, , [6bfe509ac0bbe84e54dfeae12dd51ce4], PUP.Optional.WeatherAlerts, C:\Users\PK\AppData\Local\WeatherAlerts\DesktopWeatherAlertsuninstall.exe, , [6bfe509ac0bbe84e54dfeae12dd51ce4], PUP.Optional.WeatherAlerts, C:\Users\PK\AppData\Local\WeatherAlerts\ICSharpCode.SharpZipLib.dll, , [6bfe509ac0bbe84e54dfeae12dd51ce4], PUP.Optional.WeatherAlerts, C:\Users\PK\AppData\Local\WeatherAlerts\mod.DesktopWeatherAlertsApp0.dat, , [6bfe509ac0bbe84e54dfeae12dd51ce4], PUP.Optional.WeatherAlerts, C:\Users\PK\AppData\Local\WeatherAlerts\uninstall.exe, , [6bfe509ac0bbe84e54dfeae12dd51ce4], PUP.Optional.WeatherAlerts, C:\Users\PK\AppData\Local\WeatherAlerts\WAUpdater.exe, , [6bfe509ac0bbe84e54dfeae12dd51ce4], PUP.Optional.WeatherAlerts, C:\Users\PK\AppData\Local\WeatherAlerts\WAUpdater.exe.config, , [6bfe509ac0bbe84e54dfeae12dd51ce4], PUP.Optional.WeatherAlerts, C:\Users\PK\AppData\Local\WeatherAlerts\WeatherAlerts.exe, , [6bfe509ac0bbe84e54dfeae12dd51ce4], PUP.Optional.WeatherAlerts, C:\Users\PK\AppData\Local\WeatherAlerts\WeatherAlerts.exe.config, , [6bfe509ac0bbe84e54dfeae12dd51ce4], PUP.Optional.RocketTab.A, C:\Program Files\RocketTab\Client.exe, , [aabf04e699e2e650d090eae355adee12], PUP.Optional.RocketTab.A, C:\Program Files\RocketTab\config.dat, , [aabf04e699e2e650d090eae355adee12], PUP.Optional.RocketTab.A, C:\Program Files\RocketTab\makecert.exe, , [aabf04e699e2e650d090eae355adee12], PUP.Optional.RocketTab.A, C:\Program Files\RocketTab\TrustedRoot.cer, , [aabf04e699e2e650d090eae355adee12], PUP.Optional.RocketTab.A, C:\Program Files\RocketTab\uninstall.exe, , [aabf04e699e2e650d090eae355adee12], PUP.Optional.RocketTab.A, C:\Program Files\RocketTab\Resources\certutil.exe, , [aabf04e699e2e650d090eae355adee12], PUP.Optional.RocketTab.A, C:\Program Files\RocketTab\Resources\libnspr4.dll, , [aabf04e699e2e650d090eae355adee12], PUP.Optional.RocketTab.A, C:\Program Files\RocketTab\Resources\libplc4.dll, , [aabf04e699e2e650d090eae355adee12], PUP.Optional.RocketTab.A, C:\Program Files\RocketTab\Resources\libplds4.dll, , [aabf04e699e2e650d090eae355adee12], PUP.Optional.RocketTab.A, C:\Program Files\RocketTab\Resources\nss3.dll, , [aabf04e699e2e650d090eae355adee12], PUP.Optional.RocketTab.A, C:\Program Files\RocketTab\Resources\smime3.dll, , [aabf04e699e2e650d090eae355adee12], PUP.Optional.RocketTab.A, C:\Program Files\RocketTab\Resources\softokn3.dll, , [aabf04e699e2e650d090eae355adee12], PUP.Optional.Datamngr.A, C:\Users\PK\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}, , [0b5e0cded6a591a589ef00cfb052758b], PUP.Optional.WebsSearches.A, C:\Users\PK\AppData\Roaming\webssearches\MessageBox.xml, , [086135b5413aaf87f0cce3ec5aa8b749], PUP.Optional.WebsSearches.A, C:\Users\PK\AppData\Roaming\webssearches\uninstallDlg2.xml, , [086135b5413aaf87f0cce3ec5aa8b749], PUP.Optional.WebsSearches.A, C:\Users\PK\AppData\Roaming\webssearches\UninstallManager.exe, , [086135b5413aaf87f0cce3ec5aa8b749], PUP.Optional.FaceMoods.A, C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoods.crx, , [07625e8c027964d2b2954987758d7c84], PUP.Optional.FaceMoods.A, C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoods.png, , [07625e8c027964d2b2954987758d7c84], PUP.Optional.FaceMoods.A, C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodsApp.dll, , [07625e8c027964d2b2954987758d7c84], PUP.Optional.FaceMoods.A, C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodsEng.dll, , [07625e8c027964d2b2954987758d7c84], PUP.Optional.FaceMoods.A, C:\Program Files\facemoods.com\facemoods\1.4.17.11\uninstall.exe, , [07625e8c027964d2b2954987758d7c84], PUP.Optional.SearchQu.A, C:\Users\PK\AppData\LocalLow\searchqutoolbar\dtx.ini, , [12578e5c2b50ad89ba46cd0e7c86d12f], PUP.Optional.SearchQu.A, C:\Users\PK\AppData\LocalLow\searchqutoolbar\geodata.xml, , [12578e5c2b50ad89ba46cd0e7c86d12f], PUP.Optional.SearchQu.A, C:\Users\PK\AppData\LocalLow\searchqutoolbar\geoip.xml, , [12578e5c2b50ad89ba46cd0e7c86d12f], PUP.Optional.SearchQu.A, C:\Users\PK\AppData\LocalLow\searchqutoolbar\guid.dat, , [12578e5c2b50ad89ba46cd0e7c86d12f], PUP.Optional.SearchQu.A, C:\Users\PK\AppData\LocalLow\searchqutoolbar\log.txt, , [12578e5c2b50ad89ba46cd0e7c86d12f], PUP.Optional.SearchQu.A, C:\Users\PK\AppData\LocalLow\searchqutoolbar\preferences.dat, , [12578e5c2b50ad89ba46cd0e7c86d12f], PUP.Optional.SearchQu.A, C:\Users\PK\AppData\LocalLow\searchqutoolbar\stats.dat, , [12578e5c2b50ad89ba46cd0e7c86d12f], PUP.Optional.SearchQu.A, C:\Users\PK\AppData\LocalLow\searchqutoolbar\uninstallIE.dat, , [12578e5c2b50ad89ba46cd0e7c86d12f], PUP.Optional.SearchQu.A, C:\Users\PK\AppData\LocalLow\searchqutoolbar\version.xml, , [12578e5c2b50ad89ba46cd0e7c86d12f], PUP.Optional.SearchQu.A, C:\Users\PK\AppData\LocalLow\searchqutoolbar\weatherbutton_prefs.xml, , [12578e5c2b50ad89ba46cd0e7c86d12f], PUP.Optional.SearchQu.A, C:\Users\PK\AppData\LocalLow\searchqutoolbar\weather\19b4beeefe65860aff32fba675029a4c, , [12578e5c2b50ad89ba46cd0e7c86d12f], PUP.Optional.SearchQu.A, C:\Users\PK\AppData\LocalLow\searchqutoolbar\weather\9fcceabd22c19b42e094a595383be4c7, , [12578e5c2b50ad89ba46cd0e7c86d12f], PUP.Optional.SearchQu.A, C:\Users\PK\AppData\LocalLow\searchqutoolbar\weather\forecasts_cache.xml, , [12578e5c2b50ad89ba46cd0e7c86d12f], PUP.Optional.SearchQu.A, C:\Users\PK\AppData\LocalLow\searchqutoolbar\weather\observations_cache.xml, , [12578e5c2b50ad89ba46cd0e7c86d12f], PUP.Optional.SystemSpeedup, C:\Users\PK\AppData\Roaming\Systweak\ssd\SSDPTstub.exe, , [43268d5df28985b1d01c855c7989d52b], PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced System Protector\AddonSafelist, , [71f8b6345922e35370655b93f210cf31], PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced System Protector\log.xslt, , [71f8b6345922e35370655b93f210cf31], PUP.Optional.AdvancedSystemProtector.A, c:\ProgramData\Systweak\Advanced System Protector\signatures\1835completedatabase.db, , [71f8b6345922e35370655b93f210cf31], PUP.Optional.AdvancedSystemProtector.A, C:\Users\PK\AppData\Roaming\Systweak\Advanced System Protector\QDetail.db, , [93d6da1081fa6ccab322b43ab949d32d], PUP.Optional.AdvancedSystemProtector.A, C:\Users\PK\AppData\Roaming\Systweak\Advanced System Protector\Settings.db, , [93d6da1081fa6ccab322b43ab949d32d], PUP.Optional.AdvancedSystemProtector.A, C:\Users\PK\AppData\Roaming\Systweak\Advanced System Protector\Update.ini, , [93d6da1081fa6ccab322b43ab949d32d], PUP.Optional.AdvancedSystemProtector.A, C:\Users\PK\AppData\Roaming\Systweak\Advanced System Protector\2.1.1000.13491\ASPLog.txt, , [93d6da1081fa6ccab322b43ab949d32d], PUP.Optional.SnipSmart.A, C:\Program Files\snipsmart\snipsmartbho.dll, , [244537b3403be254e6ef9e58d43008f8], Physical Sectors: 0 (No malicious items detected) (end) Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:48 on 06/09/2014 (PK)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-06 15:04:51
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.FG00 232,89GB
Running: 3nboi4by.exe; Driver: C:\Users\PK\AppData\Local\Temp\pgldapoc.sys
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!ZwRollbackEnlistment + 1401 828439A9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 828634D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- User code sections - GMER 2.1 ----
.text C:\Windows\Explorer.EXE[1656] SHELL32.dll!SHCreateDefaultExtractIcon + 736B 75B73454 4 Bytes [80, 1B, 6A, 00]
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- EOF - GMER 2.1 ----
|
|
09.09.2014, 09:53
| #4 |
| | Windows 7 Starter: BKA-Trojaner, abgesicherter Modus funktioniert Der Log des FRST: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-09-2014
Ran by PK (administrator) on PK-PC on 06-09-2014 13:43:38
Running from C:\Users\PK\Desktop
Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Safe Mode (with Networking)
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(McAfee, Inc.) C:\Program Files\McAfee\MPF\MpfSrv.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\mcmscsvc.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [1130504 2009-06-02] (Dritek System Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7600672 2009-07-06] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [707104 2009-08-06] (Acer Incorporated)
HKLM\...\Run: [EgisTecLiveUpdate] => C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-08-06] (Egis Technology Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-28] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1537320 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [mcagent_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [1218008 2009-10-29] (McAfee, Inc.)
HKLM\...\Run: [Ocs_SM] => C:\Users\PK\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2009-12-26] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [246504 2010-01-11] (Sun Microsystems, Inc.)
HKLM\...\Run: [VirtualCloneDrive] => C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [85160 2009-06-17] (Elaborate Bytes AG)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [facemoods] => C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe [362200 2011-09-05] (facemoods.com)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [160840 2012-02-09] (Geek Software GmbH)
HKLM\...\Run: [DATAMNGR] => C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe [1694608 2012-03-12] (Bandoo Media, inc)
HKLM\...\Run: [RocketTab] => C:\Program Files\RocketTab\Client.exe [1420512 2014-09-06] ()
HKLM\...\Run: [RocketTab Update Task] => C:\Program Files\RocketTab\uninstall.exe [3875552 2014-09-06] ()
HKLM\...\Run: [Advanced System Protector_startup] => C:\Program Files\Advanced System Protector\AdvancedSystemProtector.exe [6616432 2014-04-08] (Systweak)
HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-20] (Microsoft Corporation)
HKU\S-1-5-21-1224680110-414488466-2068196550-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-08-14] (Google Inc.)
HKU\S-1-5-21-1224680110-414488466-2068196550-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20587680 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-1224680110-414488466-2068196550-1000\...\Run: [Overwolf] => C:\Program Files\Overwolf\Overwolf.exe [35256 2013-08-22] (Overwolf)
HKU\S-1-5-21-1224680110-414488466-2068196550-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe [839560 2013-12-29] (Adobe Systems Incorporated)
HKU\S-1-5-21-1224680110-414488466-2068196550-1000\...\MountPoints2: {94bd6c10-1d6f-11e3-8149-0026222b318d} - D:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1224680110-414488466-2068196550-1000\...\MountPoints2: {ba82a9b7-e109-11df-aa6d-0026222b318d} - E:\ICM_ML.exe
HKU\S-1-5-21-1224680110-414488466-2068196550-1000\...\MountPoints2: {e116aa43-58a2-11e0-96a5-0026222b318d} - D:\ICM_ML.exe
HKU\S-1-5-21-1224680110-414488466-2068196550-1000\...\MountPoints2: {f8f306df-f944-11df-b01f-0026222b318d} - E:\SETUP.EXE
AppInit_DLLs: C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll => C:\Program Files\Searchqu Toolbar\Datamngr\datamngr.dll [1236368 2012-03-12] (Bandoo Media, inc)
AppInit_DLLs: C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll => C:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll [1233816 2012-03-12] (Bandoo Media, inc)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Think Green Weather.lnk
ShortcutTarget: Think Green Weather.lnk -> C:\Program Files\Stardock\DesktopGadgets\Think Green Weather\Think Green Weather.exe ()
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Think Green Weather.lnk
ShortcutTarget: Think Green Weather.lnk -> C:\Program Files\Stardock\DesktopGadgets\Think Green Weather\Think Green Weather.exe ()
Startup: C:\Users\PK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk
ShortcutTarget: DesktopWeatherAlerts.lnk -> C:\Users\PK\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe ()
Startup: C:\Users\PK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\PK\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\PK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f9rwllwl.lnk
ShortcutTarget: f9rwllwl.lnk -> C:\Users\PK\AppData\Local\Temp\lwllwr9f.cpp ()
Startup: C:\Users\PK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\PK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\PK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\PK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk
ShortcutTarget: Weather Alerts.lnk -> C:\Users\PK\AppData\Local\WeatherAlerts\WeatherAlerts.exe (Local Weather LLC)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PK\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PK\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PK\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:49688;https=127.0.0.1:49688
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1409995921&from=obw&uid=TOSHIBAXMK2555GSX_99G6FHPMSXX99G6FHPMS
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1409995921&from=obw&uid=TOSHIBAXMK2555GSX_99G6FHPMSXX99G6FHPMS
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1409995921&from=obw&uid=TOSHIBAXMK2555GSX_99G6FHPMSXX99G6FHPMS&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1409995921&from=obw&uid=TOSHIBAXMK2555GSX_99G6FHPMSXX99G6FHPMS
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1409995921&from=obw&uid=TOSHIBAXMK2555GSX_99G6FHPMSXX99G6FHPMS
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1409995921&from=obw&uid=TOSHIBAXMK2555GSX_99G6FHPMSXX99G6FHPMS&q={searchTerms}
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM - (No Name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No File
URLSearchHook: HKLM - softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
URLSearchHook: HKCU - softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1409995921&from=obw&uid=TOSHIBAXMK2555GSX_99G6FHPMSXX99G6FHPMS
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1409995921&from=obw&uid=TOSHIBAXMK2555GSX_99G6FHPMSXX99G6FHPMS&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1409995921&from=obw&uid=TOSHIBAXMK2555GSX_99G6FHPMSXX99G6FHPMS&q={searchTerms}
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=287&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=287&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=aaf92575-fc54-4a92-bdb1-70354bfb6f33&pid=icqt
SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = hxxp://start.facemoods.com/?a=fmtgl&s={searchTerms}&f=4
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1409995921&from=obw&uid=TOSHIBAXMK2555GSX_99G6FHPMSXX99G6FHPMS&q={searchTerms}
SearchScopes: HKCU - {42125D5A-4177-45D6-88B1-B459D3616C2D} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=aaf92575-fc54-4a92-bdb1-70354bfb6f33&pid=icqt&mode=bounce
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE359DE362
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D696537&st={searchTerms}&clid=aaf92575-fc54-4a92-bdb1-70354bfb6f33&pid=icqt
SearchScopes: HKCU - {93EDE70E-E596-4D82-AEA1-090779357B9E} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=aaf92575-fc54-4a92-bdb1-70354bfb6f33&pid=icqt&mode=bounce
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=287&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - {A5279A47-F04C-4AF4-BCFF-5612B2016ABE} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=aaf92575-fc54-4a92-bdb1-70354bfb6f33&pid=icqt&mode=bounce
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
SearchScopes: HKCU - {D08929AB-A3D7-4C49-B93E-F5CDB0CD9EAB} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=aaf92575-fc54-4a92-bdb1-70354bfb6f33&pid=icqt&mode=bounce
SearchScopes: HKCU - {E27C9975-41AE-469E-A213-8DBFBD2C3ED6} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=aaf92575-fc54-4a92-bdb1-70354bfb6f33&pid=icqt&mode=bounce
SearchScopes: HKCU - {E4AB253A-D234-49DF-A0E5-6E98D04053D7} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=aaf92575-fc54-4a92-bdb1-70354bfb6f33&pid=icqt&mode=bounce
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: QuickStores-Toolbar -> {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\Program Files\McAfee\MSK\mskapbho.dll ()
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: CescrtHlpr Object -> {64182481-4F71-486b-A045-B233BD0DA8FC} -> C:\Program Files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO)
BHO: snipsmart -> {68261aaa-dc9f-4c2b-a168-c323e304c3a2} -> C:\Program Files\snipsmart\snipsmartbho.dll (snipsmart)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Searchqu Toolbar -> {99079a25-328f-4bd4-be04-00955acaa0a7} -> C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
BHO: DataMngr -> {9D717F81-9148-4f12-8568-69135F087DB0} -> C:\Program Files\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: softonic-de3 Toolbar -> {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} -> C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: kikin Plugin -> {E601996F-E400-41CA-804B-CD6373A7EEE2} -> C:\Program Files\kikin\ie_kikin.dll (kikin)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
Toolbar: HKLM - QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com)
Toolbar: HKLM - Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - softonic-de3 Toolbar - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @mcafee.com/SAFFPlugin -> C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2009-08-14]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2013-11-23]
CHR HKLM\...\Chrome\Extension: [ihflimipbcaljfnojhhknppphnnciiif] - C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoods.crx [2011-09-05]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [36936 2014-09-03] (Just Develop It)
S2 Brother XP spl Service; C:\Windows\system32\brsvc01a.exe [57344 2004-06-14] (brother Industries Ltd)
S2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [727584 2009-08-06] (Acer Incorporated)
S2 Greg_Service; C:\Program Files\Acer\Registration\GregHSRW.exe [1150496 2009-06-04] (Acer Incorporated)
S2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [103112 2013-10-02] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\McAfee\MSC\mcmscsvc.exe [865832 2009-10-29] (McAfee, Inc.)
S2 McNASvc; c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe [2482848 2009-07-07] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [365072 2009-10-28] (McAfee, Inc.)
S2 McProxy; c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe [359952 2009-07-08] (McAfee, Inc.)
S2 McShield; C:\Program Files\McAfee\VirusScan\Mcshield.exe [144704 2009-11-04] (McAfee, Inc.)
S3 McSysmon; C:\Program Files\McAfee\VirusScan\mcsysmon.exe [606736 2009-11-04] (McAfee, Inc.)
R2 MpfService; C:\Program Files\McAfee\MPF\MPFSrv.exe [895696 2009-10-27] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\McAfee\MSK\MskSrver.exe [26640 2009-10-02] (McAfee, Inc.)
S2 MWLService; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-06] (Egis Technology Inc.)
S3 OverwolfUpdaterService; C:\Program Files\Overwolf\OverwolfUpdater.exe [18360 2013-08-22] (Overwolf Ltd)
S2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated) [File not signed]
S2 SearchAnonymizer; C:\Users\PK\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [40960 2009-12-26] () [File not signed]
S2 Update snipsmart; C:\Program Files\snipsmart\updatesnipsmart.exe [323312 2014-09-06] ()
S2 Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [240160 2009-07-04] (Acer)
S2 UpdaterSvcsnipsmart; C:\Program Files\snipsmart\updater.exe [135920 2014-09-06] ()
S2 VOsrv; C:\Users\PK\AppData\Roaming\VOPackage\VOsrv.exe [353792 2014-02-25] () [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [26024 2009-12-18] (Elaborate Bytes AG)
S3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [79816 2009-11-04] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [35272 2009-11-04] (McAfee, Inc.)
S1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [214664 2009-11-04] (McAfee, Inc.)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34248 2009-11-04] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2009-11-04] (McAfee, Inc.)
R1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [130424 2009-04-09] (McAfee, Inc.)
S1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [18992 2009-06-02] (Egis Technology Inc.)
S1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2009-06-02] (Egis Technology Inc.)
S1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [60976 2009-06-02] (Egis Technology Inc.)
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-06 13:43 - 2014-09-06 13:44 - 00025455 _____ () C:\Users\PK\Desktop\FRST.txt
2014-09-06 13:43 - 2014-09-06 13:43 - 00000000 ____D () C:\FRST
2014-09-06 13:34 - 2014-09-06 13:34 - 01096704 _____ (Farbar) C:\Users\PK\Desktop\FRST.exe
2014-09-06 13:12 - 2014-09-06 13:28 - 00008212 _____ () C:\Windows\mfebcdata
2014-09-06 12:59 - 2014-09-06 12:59 - 00001919 _____ () C:\Users\PK\Desktop\Sync Folder.lnk
2014-09-06 12:48 - 2014-09-06 12:49 - 00000466 _____ () C:\Users\PK\Desktop\defogger_disable.log
2014-09-06 12:48 - 2014-09-06 12:48 - 00000000 _____ () C:\Users\PK\defogger_reenable
2014-09-06 12:45 - 2014-09-06 12:45 - 00050477 _____ () C:\Users\PK\Desktop\Defogger.exe
2014-09-06 12:29 - 2014-09-06 12:29 - 00000000 ____D () C:\OETemp
2014-09-06 12:26 - 2014-09-06 12:55 - 00000000 ____D () C:\Program Files\snipsmart
2014-09-06 12:26 - 2014-09-06 12:26 - 00001163 _____ () C:\Users\Public\Desktop\Advanced System Protector.lnk
2014-09-06 12:26 - 2014-09-06 12:26 - 00000000 ____D () C:\ProgramData\Systweak
2014-09-06 12:26 - 2014-09-06 12:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
2014-09-06 12:26 - 2014-09-06 12:26 - 00000000 ____D () C:\Program Files\Advanced System Protector
2014-09-06 12:26 - 2012-07-25 12:03 - 00017136 _____ () C:\Windows\system32\sasnative32.exe
2014-09-06 12:25 - 2014-09-06 12:25 - 00001049 _____ () C:\Users\PK\Desktop\MyPC Backup.lnk
2014-09-06 12:25 - 2014-09-06 12:25 - 00000262 _____ () C:\Windows\Tasks\LaunchSignup.job
2014-09-06 12:24 - 2014-09-06 12:26 - 00000000 ____D () C:\Users\PK\AppData\Roaming\Systweak
2014-09-06 12:24 - 2014-09-06 12:25 - 00000000 ____D () C:\Users\PK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-09-06 12:24 - 2014-09-06 12:25 - 00000000 ____D () C:\Program Files\MyPC Backup
2014-09-06 12:24 - 2013-08-22 18:36 - 00018776 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot.exe
2014-09-06 12:23 - 2014-09-06 12:23 - 00001012 _____ () C:\Users\Public\Desktop\RegClean Pro.lnk
2014-09-06 12:23 - 2014-09-06 12:23 - 00000000 ____D () C:\Users\PK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-09-06 12:23 - 2014-09-06 12:23 - 00000000 ____D () C:\Users\PK\AppData\Local\Local_Weather_LLC
2014-09-06 12:23 - 2014-09-06 12:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
2014-09-06 12:23 - 2014-09-06 12:23 - 00000000 ____D () C:\Program Files\RegClean Pro
2014-09-06 12:22 - 2014-09-06 13:00 - 00000000 ____D () C:\Users\PK\AppData\Local\WeatherAlerts
2014-09-06 12:21 - 2014-09-06 12:21 - 00001808 _____ () C:\Users\PK\Desktop\Configure VO Package.lnk
2014-09-06 12:21 - 2014-09-06 12:21 - 00000000 ____D () C:\Users\PK\AppData\Roaming\VOPackage
2014-09-06 11:58 - 2014-09-06 12:29 - 00000666 _____ () C:\Windows\Tasks\RocketTab Update Task.job
2014-09-06 11:58 - 2014-09-06 12:29 - 00000400 _____ () C:\Windows\Tasks\RocketTab.job
2014-09-06 11:58 - 2014-09-06 11:58 - 00000000 ____D () C:\Program Files\RocketTab
2014-09-06 11:51 - 2014-09-06 11:51 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-06 11:50 - 2014-09-06 11:50 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-06 11:50 - 2014-09-06 11:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-09-06 11:50 - 2014-09-06 11:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-06 11:50 - 2014-09-06 11:50 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-09-06 11:50 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-06 11:50 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-06 11:50 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-06 11:49 - 2014-09-06 11:49 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\PK\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-06 11:39 - 2014-09-06 11:40 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-06 11:39 - 2014-09-06 11:39 - 04755928 _____ (AVG Technologies) C:\Users\PK\Desktop\avg_avct_stb_all_2014_4744_cm10.exe
2014-09-06 11:39 - 2014-09-06 11:39 - 00000000 ____D () C:\Users\PK\AppData\Local\MFAData
2014-09-06 11:39 - 2014-09-06 11:39 - 00000000 ____D () C:\Users\PK\AppData\Local\Avg2014
2014-09-06 11:31 - 2014-09-06 11:31 - 00569808 _____ () C:\Users\PK\Downloads\avira-antivir-personal---free-antivirus.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-06 13:44 - 2014-09-06 13:43 - 00025455 _____ () C:\Users\PK\Desktop\FRST.txt
2014-09-06 13:43 - 2014-09-06 13:43 - 00000000 ____D () C:\FRST
2014-09-06 13:41 - 2009-08-14 10:37 - 01498742 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-06 13:34 - 2014-09-06 13:34 - 01096704 _____ (Farbar) C:\Users\PK\Desktop\FRST.exe
2014-09-06 13:30 - 2009-08-14 11:21 - 00022045 _____ () C:\Windows\system32\Config.MPF
2014-09-06 13:28 - 2014-09-06 13:12 - 00008212 _____ () C:\Windows\mfebcdata
2014-09-06 13:28 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-06 13:28 - 2009-07-14 06:39 - 00151131 _____ () C:\Windows\setupact.log
2014-09-06 13:12 - 2012-03-21 17:06 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cd077420b7ca2f.job
2014-09-06 13:00 - 2014-09-06 12:22 - 00000000 ____D () C:\Users\PK\AppData\Local\WeatherAlerts
2014-09-06 12:59 - 2014-09-06 12:59 - 00001919 _____ () C:\Users\PK\Desktop\Sync Folder.lnk
2014-09-06 12:59 - 2014-01-28 13:49 - 00000000 _____ () C:\ProgramData\f9rwllwl.odd
2014-09-06 12:55 - 2014-09-06 12:26 - 00000000 ____D () C:\Program Files\snipsmart
2014-09-06 12:49 - 2014-09-06 12:48 - 00000466 _____ () C:\Users\PK\Desktop\defogger_disable.log
2014-09-06 12:48 - 2014-09-06 12:48 - 00000000 _____ () C:\Users\PK\defogger_reenable
2014-09-06 12:48 - 2009-12-21 16:20 - 00000000 ____D () C:\Users\PK
2014-09-06 12:45 - 2014-09-06 12:45 - 00050477 _____ () C:\Users\PK\Desktop\Defogger.exe
2014-09-06 12:29 - 2014-09-06 12:29 - 00000000 ____D () C:\OETemp
2014-09-06 12:29 - 2014-09-06 11:58 - 00000666 _____ () C:\Windows\Tasks\RocketTab Update Task.job
2014-09-06 12:29 - 2014-09-06 11:58 - 00000400 _____ () C:\Windows\Tasks\RocketTab.job
2014-09-06 12:26 - 2014-09-06 12:26 - 00001163 _____ () C:\Users\Public\Desktop\Advanced System Protector.lnk
2014-09-06 12:26 - 2014-09-06 12:26 - 00000000 ____D () C:\ProgramData\Systweak
2014-09-06 12:26 - 2014-09-06 12:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
2014-09-06 12:26 - 2014-09-06 12:26 - 00000000 ____D () C:\Program Files\Advanced System Protector
2014-09-06 12:26 - 2014-09-06 12:24 - 00000000 ____D () C:\Users\PK\AppData\Roaming\Systweak
2014-09-06 12:25 - 2014-09-06 12:25 - 00001049 _____ () C:\Users\PK\Desktop\MyPC Backup.lnk
2014-09-06 12:25 - 2014-09-06 12:25 - 00000262 _____ () C:\Windows\Tasks\LaunchSignup.job
2014-09-06 12:25 - 2014-09-06 12:24 - 00000000 ____D () C:\Users\PK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-09-06 12:25 - 2014-09-06 12:24 - 00000000 ____D () C:\Program Files\MyPC Backup
2014-09-06 12:23 - 2014-09-06 12:23 - 00001012 _____ () C:\Users\Public\Desktop\RegClean Pro.lnk
2014-09-06 12:23 - 2014-09-06 12:23 - 00000000 ____D () C:\Users\PK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-09-06 12:23 - 2014-09-06 12:23 - 00000000 ____D () C:\Users\PK\AppData\Local\Local_Weather_LLC
2014-09-06 12:23 - 2014-09-06 12:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
2014-09-06 12:23 - 2014-09-06 12:23 - 00000000 ____D () C:\Program Files\RegClean Pro
2014-09-06 12:21 - 2014-09-06 12:21 - 00001808 _____ () C:\Users\PK\Desktop\Configure VO Package.lnk
2014-09-06 12:21 - 2014-09-06 12:21 - 00000000 ____D () C:\Users\PK\AppData\Roaming\VOPackage
2014-09-06 11:58 - 2014-09-06 11:58 - 00000000 ____D () C:\Program Files\RocketTab
2014-09-06 11:51 - 2014-09-06 11:51 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-06 11:50 - 2014-09-06 11:50 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-06 11:50 - 2014-09-06 11:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-09-06 11:50 - 2014-09-06 11:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-06 11:50 - 2014-09-06 11:50 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-09-06 11:49 - 2014-09-06 11:49 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\PK\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-06 11:40 - 2014-09-06 11:39 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-06 11:39 - 2014-09-06 11:39 - 04755928 _____ (AVG Technologies) C:\Users\PK\Desktop\avg_avct_stb_all_2014_4744_cm10.exe
2014-09-06 11:39 - 2014-09-06 11:39 - 00000000 ____D () C:\Users\PK\AppData\Local\MFAData
2014-09-06 11:39 - 2014-09-06 11:39 - 00000000 ____D () C:\Users\PK\AppData\Local\Avg2014
2014-09-06 11:32 - 2011-02-24 21:15 - 00002003 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-09-06 11:32 - 2009-12-21 16:22 - 00001625 _____ () C:\Users\PK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-06 11:31 - 2014-09-06 11:31 - 00569808 _____ () C:\Users\PK\Downloads\avira-antivir-personal---free-antivirus.exe
Files to move or delete:
====================
C:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll
C:\ProgramData\f9rwllwl.odd
C:\Users\PK\ICQ_Status_Checker_1.6_Setup.exe
C:\Users\PK\install_icq65.exe
C:\Users\PK\msgr10de.exe
C:\Users\PK\Multi-ICQ_1.2_Setup.exe
C:\Users\PK\winmail.dat
Some content of TEMP:
====================
C:\Users\PK\AppData\Local\Temp\BackupSetup.exe
C:\Users\PK\AppData\Local\Temp\FileSystemView.dll
C:\Users\PK\AppData\Local\Temp\installhelper.dll
C:\Users\PK\AppData\Local\Temp\msg1B62.exe
C:\Users\PK\AppData\Local\Temp\msg3510.exe
C:\Users\PK\AppData\Local\Temp\msgCE3E.exe
C:\Users\PK\AppData\Local\Temp\pdf24-creator-update.exe
C:\Users\PK\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\PK\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
C:\Users\PK\AppData\Local\Temp\SkypeSetup.exe
C:\Users\PK\AppData\Local\Temp\SkypeSetupFull(6.1.73.129)(Trackable457)trackable.exe
C:\Users\PK\AppData\Local\Temp\softonic-de3.exe
C:\Users\PK\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\PK\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\PK\AppData\Local\Temp\System.Data.SQLite36561.dll
C:\Users\PK\AppData\Local\Temp\System.Data.SQLite51352.dll
C:\Users\PK\AppData\Local\Temp\Toolbar_Toggle.exe
C:\Users\PK\AppData\Local\Temp\wlsetup-cvr.exe
C:\Users\PK\AppData\Local\Temp\~tmf5240855099299820595.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2013-11-23 16:05
==================== End Of Log ============================
--- --- --- Und zu guter Letzt der Log des Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-09-2014
Ran by PK at 2014-09-06 13:45:35
Running from C:\Users\PK\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: McAfee VirusScan (Enabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall (Enabled) {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
Acer Crystal Eye webcam Ver:1.1.81.402 (HKLM\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.81.402 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3002 - Acer Incorporated)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3003 - Acer Incorporated)
Acer GameZone Console (HKLM\...\{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1) (Version: 5.1.0.2 - Oberon Media, Inc.)
Acer Registration (HKLM\...\Acer Registration) (Version: 1.02.3004 - Acer Incorporated)
Acer ScreenSaver (HKLM\...\Acer Screensaver) (Version: 1.0.3.0303 - Acer)
Acer Updater (HKLM\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3014 - Acer Incorporated)
Acer VCM (HKLM\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3000 - Acer Incorporated)
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Advanced System Protector (HKLM\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1) (Version: 2.1.1000.13491 - Systweak Software) <==== ATTENTION
Alice Greenfingers (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version: - Oberon Media)
Amazonia (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version: - Oberon Media)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.10 - Atheros Communications Inc.)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version: - )
Big Fish Games: Game Manager (HKLM\...\BFGC) (Version: 3.0.1.60 - )
Brother MFL-Pro Suite MFC-5890CN (HKLM\...\{20E970DF-A7B2-4345-9DEB-72213A29645E}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Chicken Invaders 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version: - Oberon Media)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dairy Dash (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version: - Oberon Media)
DesktopWeatherAlerts (HKCU\...\DesktopWeatherAlerts) (Version: 1.0.29.0 - Local Weather LLC)
Drawn®: Der Turm ™ (HKLM\...\BFG-Drawn - Der Turm) (Version: - )
Dream Day First Home (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media)
Dropbox (HKCU\...\Dropbox) (Version: 1.2.52 - Dropbox, Inc.)
eBay Worldwide (HKLM\...\{AAF89271-2594-468D-B578-96B2E30C41C4}) (Version: 2.1.0703 - OEM)
Empire of the Gods (HKLM\...\BFG-Empire of the Gods) (Version: - )
eSobi v2 (HKLM\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (Version: 2.0.4.000274 - esobi Inc.) Hidden
Facemoods Toolbar (HKLM\...\facemoods) (Version: - ) <==== ATTENTION
Farm Frenzy 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version: - Oberon Media)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
Granny In Paradise (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version: - Oberon Media)
Grim Facade: Das Mysterium von Venedig (HKLM\...\BFG-Grim Facade - Das Mysterium von Venedig) (Version: - )
Heroes of Hellas (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media)
Heroes of Hellas 2: Olympia (HKLM\...\BFG-Heroes of Hellas 2 - Olympia) (Version: - )
ICQ7M (HKLM\...\{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}) (Version: 7.8 - ICQ)
Identity Card (HKLM\...\Identity Card) (Version: 1.00.3001 - Acer Incorporated)
iLivid (HKLM\...\iLivid) (Version: 1.92 - Bandoo Media Inc) <==== ATTENTION
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java Auto Updater (Version: 2.0.1.2 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 18 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216018FF}) (Version: 6.0.180 - Sun Microsystems, Inc.)
Jet Set Go (HKLM\...\BFG-Jet Set Go) (Version: - )
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
kikin plugin 2.5 (HKLM\...\{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}) (Version: 2.5 - kikin)
Launch Manager (HKLM\...\LManager) (Version: 2.1.03.w7 - Acer Inc.)
Luxor (HKLM\...\BFG-Luxor) (Version: - )
Mahjongg: Ancient Egypt (HKLM\...\BFG-Mahjongg - Ancient Egypt) (Version: - )
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee SecurityCenter (HKLM\...\MSC) (Version: - McAfee, Inc.)
Merriam Websters Spell Jam (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version: - Oberon Media)
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (HKLM\...\{90120000-00B2-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Language Pack 2007 - German/Deutsch (HKLM\...\OMUI.de-de) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office O MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office SharePoint Designer MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office X MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Works (HKLM\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
Multi-ICQ 1.4 (HKLM\...\{5AD05333-600A-4CD8-88C6-BF22A3BE9767}_is1) (Version: - murb.com)
MyPC Backup (HKLM\...\MyPC Backup) (Version: - JDi Backup Ltd) <==== ATTENTION
MyWinLocker (HKLM\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.72.0 - Egis Technology Inc.)
OpenOffice.org 3.2 (HKLM\...\{192A107E-C6B9-41B9-BDBF-38E3AA226054}) (Version: 3.2.9483 - OpenOffice.org)
Opera 12.11 (HKLM\...\Opera 12.11.1661) (Version: 12.11.1661 - Opera Software ASA)
Overwolf (HKLM\...\{48615A7B-F026-4F62-A3F1-49001B8E21CB}) (Version: 0.44.256 - Overwolf)
PaperPort Image Printer (HKLM\...\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}) (Version: 1.00.0000 - Nuance Communications, Inc.)
PDF24 Creator 4.4.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
QuickStores-Toolbar 1.2.0 (HKLM\...\QuickStores-Toolbar_is1) (Version: 1.2.0 - AB-Tools.com) <==== ATTENTION
RAR File Open Knife - Free Opener (HKLM\...\RAR File Open Knife - Free Opener) (Version: 1.00 - Philipp Winterberg)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5888 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30094 - Realtek Semiconductor Corp.)
RegClean Pro (HKLM\...\RegClean Pro_is1) (Version: 6.21 - Systweak Inc) <==== ATTENTION
Roads of Rome (HKLM\...\BFG-Roads of Rome) (Version: - )
RocketTab (HKLM\...\RocketTab) (Version: - RocketTab)
SAMSUNG Mobile Modem V2 Software (HKLM\...\SAMSUNG Mobile Modem V2) (Version: - )
Sandra Fleming Chronicles: Crystal Skulls (HKLM\...\BFG-Sandra Fleming Chronicles - Crystal Skulls) (Version: - )
SearchAnonymizer (HKLM\...\SearchAnonymizer) (Version: 1.0.1 (de) - )
Searchqu Toolbar (HKLM\...\Searchqu Toolbar) (Version: 3.0.0.122375 - Bandoo Media Inc) <==== ATTENTION
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
snipsmart (HKLM\...\snipsmart) (Version: 2014.09.06.092635 - snipsmart)
softonic-de3 Toolbar (HKLM\...\softonic-de3 Toolbar) (Version: - ) <==== ATTENTION
Star Defender 4 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114803710}) (Version: - Oberon Media)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.0 - Synaptics Incorporated)
TeamSpeak 2 RC2 (HKLM\...\Teamspeak 2 RC2_is1) (Version: 2.0.32.60 - Dominating Bytes Design)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.12 - TeamSpeak Systems GmbH)
Timeless: Die vergessene Stadt (HKLM\...\BFG-Timeless - Die vergessene Stadt) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{620E77C0-CDFE-4C14-AAEB-830ABB65864C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{620E77C0-CDFE-4C14-AAEB-830ABB65864C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{525A4A44-8940-40AD-ABA0-14501199D2F0}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{8153EC80-C988-4336-8DAF-6D99C0D26E0C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{8153EC80-C988-4336-8DAF-6D99C0D26E0C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768024) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F5F9C863-59A7-40CA-8D86-E27D6B1D2617}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
VLC media player 2.0.1 (HKLM\...\VLC media player) (Version: 2.0.1 - VideoLAN)
VO Package (HKLM\...\VOPackage) (Version: 1.0.0.0 - ) <==== ATTENTION
Welcome Center (HKLM\...\Acer Welcome Center) (Version: 1.00.3005 - Acer Incorporated)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1224680110-414488466-2068196550-1000_Classes\CLSID\{6d05bf60-3eaf-4a97-87c5-10cce505435b}\localserver32 -> C:\Users\PK\AppData\Local\Temp\{9c0ba3c1-2b67-45eb-bf69-bed9658d28d2}\IDriver.NonElevated.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-1224680110-414488466-2068196550-1000_Classes\CLSID\{79E8FD71-F54B-42d4-A4F5-E7565DB58441}\localserver32 -> C:\Program Files\kikin\KikinBroker.exe (kikin)
CustomCLSID: HKU\S-1-5-21-1224680110-414488466-2068196550-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PK\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1224680110-414488466-2068196550-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PK\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1224680110-414488466-2068196550-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PK\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1224680110-414488466-2068196550-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PK\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
==================== Restore Points =========================
20-03-2013 12:40:15 Windows 7 Service Pack 1
22-07-2013 11:35:04 Geplanter Prüfpunkt
23-11-2013 17:50:21 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0FE45701-9E78-4B43-BC08-8AA4EF73C75A} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2009-07-09] (Acer)
Task: {55F1A1B7-F118-4552-AEA3-A303F0E8BEDF} - System32\Tasks\McQcTask => c:\Program Files\McAfee\MQC\QcConsol.exe [2009-09-25] (McAfee, Inc.)
Task: {780F9D1B-0B65-4AA9-8B0D-7765F4CA589E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-30] (Google Inc.)
Task: {79E42477-55A1-4855-80C6-176300A2F328} - System32\Tasks\GoogleUpdateTaskMachineCore1cd077420b7ca2f => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-30] (Google Inc.)
Task: {7DEF51B8-51CB-468B-8F90-2AE6CFF442AC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-30] (Google Inc.)
Task: {8B6B52AC-2C02-4160-BC15-2D71F5D86F00} - System32\Tasks\McDefragTask => c:\Program Files\McAfee\MQC\QcConsol.exe [2009-09-25] (McAfee, Inc.)
Task: {8F657FA4-182A-4F1E-A0D9-CB26965ED205} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-07] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cd077420b7ca2f.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\LaunchSignup.job => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: C:\Windows\Tasks\McDefragTask.job => C:\Windows\system32\defrag.exe
Task: C:\Windows\Tasks\McQcTask.job => c:\PROGRA~1\mcafee\mqc\QcConsol.exe
Task: C:\Windows\Tasks\RocketTab Update Task.job => C:\Program Files\RocketTab\uninstall.exe
Task: C:\Windows\Tasks\RocketTab.job => C:\Program Files\RocketTab\Client.exe
==================== Loaded Modules (whitelisted) =============
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:0B9176C0
AlternateDataStreams: C:\ProgramData\TEMP:3B07E6F4
AlternateDataStreams: C:\ProgramData\TEMP:72A1B66A
AlternateDataStreams: C:\ProgramData\TEMP:905BCB57
AlternateDataStreams: C:\ProgramData\TEMP:99AC3203
AlternateDataStreams: C:\ProgramData\TEMP:AB689DEA
AlternateDataStreams: C:\ProgramData\TEMP:D4BB0AD6
AlternateDataStreams: C:\ProgramData\TEMP:D4D38596
AlternateDataStreams: C:\ProgramData\TEMP:EDD903C5
AlternateDataStreams: C:\ProgramData\TEMP:F84B8DB5
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/06/2014 01:28:51 PM) (Source: Microsoft-Windows-CertificateServicesClient) (EventID: 1003) (User: NT-AUTORITÄT)
Description: Zertifikatdienstclient: Die Anbieter konnten nicht als Antwort auf Ereignis 256 aufgerufen werden. Fehlercode 2147942419.
Error: (09/06/2014 01:28:51 PM) (Source: Microsoft-Windows-CertificateServicesClient) (EventID: 1001) (User: NT-AUTORITÄT)
Description: Zertifikatdienstclient: der Anbieter pautoenr.dll konnte nicht geladen werden. Fehlercode 19.
Error: (09/06/2014 01:28:42 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/09/06 13:28:42.940]: [00002316]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.2.20]
Error: (09/06/2014 01:24:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FRST.exe, Version: 3.7.1.0, Zeitstempel: 0x540a0ba4
Name des fehlerhaften Moduls: FRST.exe, Version: 3.7.1.0, Zeitstempel: 0x540a0ba4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002d0e8
ID des fehlerhaften Prozesses: 0x774
Startzeit der fehlerhaften Anwendung: 0xFRST.exe0
Pfad der fehlerhaften Anwendung: FRST.exe1
Pfad des fehlerhaften Moduls: FRST.exe2
Berichtskennung: FRST.exe3
Error: (09/06/2014 00:57:37 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/09/06 12:57:37.142]: [00002228]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.2.20]
Error: (09/06/2014 00:56:27 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/09/06 12:56:27.628]: [00002228]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.2.20]
Error: (09/06/2014 11:40:19 AM) (Source: MsiInstaller) (EventID: 11719) (User: PK-PC)
Description: SA_Error1709: StandardAction(0xC00706AD): Produkt: AVG 2014 -- Error 1719. SA_Error1719: StandardAction(0xC00706B7): Auf den Windows Installer-Dienst konnte nicht zugegriffen werden. Möglicherweise führen Sie Windows im abgesicherten Modus aus, oder Windows Installer wurde nicht korrekt installiert. Wenden Sie sich an den Support, um Unterstützung zu erhalten.
Error: (01/28/2014 02:45:30 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/01/28 13:45:30.218]: [00002376]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.2.20]
Error: (01/28/2014 02:44:20 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/01/28 13:44:20.268]: [00002376]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.2.20]
Error: (01/28/2014 02:39:54 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2014/01/28 13:39:54.040]: [00002284]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.2.20]
System errors:
=============
Error: (09/06/2014 01:33:49 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084McNASvc{24F616A1-B755-4053-8018-C3425DC8B68A}
Error: (09/06/2014 01:30:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (09/06/2014 01:30:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (09/06/2014 01:30:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (09/06/2014 01:30:40 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
Error: (09/06/2014 01:30:39 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (09/06/2014 01:30:37 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (09/06/2014 01:30:31 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (09/06/2014 01:30:03 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
Modulpfad: C:\Windows\System32\bcmihvsrv.dll
Fehlercode: 21
Error: (09/06/2014 01:29:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz
Percentage of memory in use: 37%
Total physical RAM: 1013.95 MB
Available physical RAM: 629.15 MB
Total Pagefile: 2037.95 MB
Available Pagefile: 1632.17 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.84 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:220.78 GB) (Free:158.1 GB) NTFS
Drive d: () (Fixed) (Total:14.9 GB) (Free:14.9 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: B4EF9DE8)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=220.8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 692B85D9)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=0C)
==================== End Of Log ============================
|
|
09.09.2014, 13:11
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7 Starter: BKA-Trojaner, abgesicherter Modus funktioniert Boah, dein Rechner ist ja komplett voll mit Junkware!  Machen wir aber erstmal die Sperre weg mit nem Fix, prüfe nach diesem ob Windows wieder normal startet: Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Startup: C:\Users\PK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f9rwllwl.lnk
ShortcutTarget: f9rwllwl.lnk -> C:\Users\PK\AppData\Local\Temp\lwllwr9f.cpp ()
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:49688;https=127.0.0.1:49688
C:\Users\PK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f9rwllwl.lnk
C:\Users\PK\AppData\Local\Temp\lwllwr9f.cpp
C:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll
C:\ProgramData\f9rwllwl.odd
C:\Users\PK\ICQ_Status_Checker_1.6_Setup.exe
C:\Users\PK\install_icq65.exe
C:\Users\PK\msgr10de.exe
C:\Users\PK\Multi-ICQ_1.2_Setup.exe
C:\Users\PK\winmail.dat
EmptyTemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
12.09.2014, 10:37
| #6 |
| | Windows 7 Starter: BKA-Trojaner, abgesicherter Modus funktioniert Hiho, ja der war lange ohne richtigen Virenschutz und is schon ewig in Benutzung. Ich hab die Schritte durchgeführt und hier ist der Log: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 06-09-2014
Ran by PK at 2014-09-12 12:10:43 Run:1
Running from C:\Users\PK\Desktop
Boot Mode: Safe Mode (with Networking)
==============================================
Content of fixlist:
*****************
Startup: C:\Users\PK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f9rwllwl.lnk
ShortcutTarget: f9rwllwl.lnk -> C:\Users\PK\AppData\Local\Temp\lwllwr9f.cpp ()
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:49688;https=127.0.0.1:49688
C:\Users\PK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f9rwllwl.lnk
C:\Users\PK\AppData\Local\Temp\lwllwr9f.cpp
C:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll
C:\ProgramData\f9rwllwl.odd
C:\Users\PK\ICQ_Status_Checker_1.6_Setup.exe
C:\Users\PK\install_icq65.exe
C:\Users\PK\msgr10de.exe
C:\Users\PK\Multi-ICQ_1.2_Setup.exe
C:\Users\PK\winmail.dat
EmptyTemp:
*****************
C:\Users\PK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f9rwllwl.lnk => Moved successfully.
C:\Users\PK\AppData\Local\Temp\lwllwr9f.cpp => Moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
"C:\Users\PK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f9rwllwl.lnk" => File/Directory not found.
"C:\Users\PK\AppData\Local\Temp\lwllwr9f.cpp" => File/Directory not found.
C:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll => Moved successfully.
C:\ProgramData\f9rwllwl.odd => Moved successfully.
C:\Users\PK\ICQ_Status_Checker_1.6_Setup.exe => Moved successfully.
C:\Users\PK\install_icq65.exe => Moved successfully.
C:\Users\PK\msgr10de.exe => Moved successfully.
C:\Users\PK\Multi-ICQ_1.2_Setup.exe => Moved successfully.
C:\Users\PK\winmail.dat => Moved successfully.
EmptyTemp: => Removed 4.5 GB temporary data.
Gruß Flip |
|
12.09.2014, 10:51
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7 Starter: BKA-Trojaner, abgesicherter Modus funktioniert Adware/Junkware/Toolbars entfernen (alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen aus den Desktop!) 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.09.2014, 11:00
| #8 |
| | Windows 7 Starter: BKA-Trojaner, abgesicherter Modus funktioniert Soll ich das jetzt im abgesicherten Modus oder auf dem normalen Desktop machen? Oder isses egal? Gruß |
|
15.09.2014, 11:20
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7 Starter: BKA-Trojaner, abgesicherter Modus funktioniert Der normale Modus geht doch oder nicht  Wenn der geht und es nicht anders vereinbart wurde ist der normale Modus zu benutzen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.09.2014, 12:46
| #10 |
| | Windows 7 Starter: BKA-Trojaner, abgesicherter Modus funktioniert Okay dann werd ich ab jetzt den benutzen |
|
Linear-Darstellung
