Sample_312da8ff46

by malwarelabrobot on April 16th, 2015 in Malware Descriptions.

mzpefinder_pcap_file.YR (Lavasoft MAS)
Behaviour: Malware


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 312da8ff462c164a84db9ea68b755201
SHA1: a0ff26f290e1dce1678c88d1db4521ac91548fdd
SHA256: b5aa9e3790221b41c7cb2d135bdd3055d12790ff21c3e16538f0127c5eb636ec
SSDeep: 12288:S0aLly7YQfYoyDqohgXHLhVTLvhl6LKdE7vV6:S0aLUccyDqoSrhhJl6WdQV6
Size: 445136 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: Bandoo Media Inc
Created at: 2010-04-10 15:19:23
Analyzed on: Windows7Ada SP1 64-bit


Summary:

Malware. Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.

Payload

No specific payload has been found.

Process activity

The Malware creates the following process(es):

FreeVideoConverter.exe:2188
%original file name%.exe:2364
SearchquMediaBar.exe:2768
regsvr32.exe:2616
regsvr32.exe:2620
regsvr32.exe:1144
regsvr32.exe:892
regsvr32.exe:2996
regsvr32.exe:1568
regsvr32.exe:296
regsvr32.exe:1564
SetupDataMngr_Searchqu.exe:2272
rundll32.exe:1160
rundll32.exe:2348
rundll32.exe:956
rundll32.exe:2036
rundll32.exe:1292
rundll32.exe:2188
rundll32.exe:1900
Brand.tmp:2492
Brand.exe:300
RUNDLL32.EXE:2320

The Malware injects its code into the following process(es):

DATAMN~1.EXE:3036

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process FreeVideoConverter.exe:2188 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\FreeVideoConverter\update.dat (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\FreeVideoConverter\config.ini (48 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\FreeVideoConverter\Config.ini (2443 bytes)
C:\Windows\win.ini (316 bytes)

The process %original file name%.exe:2364 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SetupDataMngr_Searchqu.exe (31881 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscE9F1.tmp\nsc14E8.tmp\SetupDataMngr_Searchqu.exe (539488 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscE9F1.tmp\license.txt (11 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscE9F1.tmp\nsDialogs.dll (21 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscE9F1.tmp\System.dll (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu.ini (693 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscE9F1.tmp\modern-header.bmp (2104 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscE9F1.tmp\inetc.dll (48 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscE9F1.tmp\nsc14E8.tmp\Brand.exe (477104 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscE9F1.tmp (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscE9F1.tmp\UAC.dll (29 bytes)
C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk (1 bytes)
%Program Files% (x86)\Free Video Converter\ftalk.ico (3143 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscE9F1.tmp\Helper.dll (24555 bytes)

The process SearchquMediaBar.exe:2768 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames.css (7 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.png (867 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-volume-3.png (793 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameList.xsl (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_15.png (344 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\about.xml (5 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.png (297 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\searchqutoolbar\setupCfg.xml (509 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png (451 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-main.png (4 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\orange.gif (153 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png (313 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\manager.css (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\reload.png (889 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout.css (696 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\add.png (653 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png (203 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\divider.png (134 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\rss-feed.png (498 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\radiobeta.js (9 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\popupWeather.html (784 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_twitter.png (797 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\yellow.gif (153 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-download.png (692 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\throbber.gif (825 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\template.xml (804 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphredna.png (3 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\initHTML.html (481 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\dtxpaneltransparent.xul (653 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-found.png (677 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\highlight_yellow.png (293 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_06.png (316 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsschannelback.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\radiobeta-playing.gif (854 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options.png (493 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\menu_bg-basic.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\rss-folder-rename.png (621 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\bandoocode.js (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\skin-lichen.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\windowmediator.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\blank.gif (55 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png (336 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gif (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png (205 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\pixsy.png (690 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.png (235 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\icons\na-s.png (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-previous-over.png (440 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\scroll-topwin.png (951 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_13.png (277 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\shopping.png (784 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ca.png (763 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\initHTML.html (481 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\ico-shield.png (740 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\grey.gif (152 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\ttlbar-right.png (286 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\options\options-search.png (4 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png (832 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\external.js (23424 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.png (274 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\movetarget.png (491 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\toolbar.xul (23424 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\btn-widgets.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo.png (4 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png (5 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png (211 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.png (191 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\search-go.png (824 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\found.png (886 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css (9 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-btn-pause.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\search-over.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\add.png (637 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\star_x_grey.png (328 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluelite.gif (153 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyA3FE.tmp\UAC.dll (804 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\rss-delete.png (511 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\blank.gif (55 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\music-note.png (775 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\track.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\gametype.xsl (683 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\popupRSS.html (4 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.png (294 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio.png (323 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\imesh.css (8 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\widgets-square-16px.png (3 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiA3ED.tmp (67478 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\siteinfo.png (792 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\orange.gif (153 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\css\slider.css (540 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search-over.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-eq-buffer.gif (755 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_12.png (173 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\tab-off-l.png (205 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\preferences.xml (663 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radiobeta-playing.gif (854 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\btnleft-vista.png (293 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\searchqutoolbar\setupCfg.xml (509 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\gamecategory.xsl (706 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-subscribe.png (2 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-buffering.gif (642 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-eq-bg.png (691 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif (755 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\wmpstreamer.html (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_08.png (328 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\slider.css (540 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png (444 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\menuseparatorback.gif (165 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-back.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\graphred3_5.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png (532 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\arrow-up.gif (46 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data\search\engines.xml (5 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png (270 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\menul-bgover.png (168 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\manifest.xml (9 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\searchbox-pnlbtm.png (532 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\toolbarsplitter.png (763 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\imap.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-volume-2.png (721 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\collapse.png (248 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.png (296 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\btnleft-down-vista.png (294 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\edit-back.png (205 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif (49 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png (146 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\scrollt-disable.png (832 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\IdtTransparency3.6.xpt (159 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\icon_youtube.png (544 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_14.png (270 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupGames.html (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-next-over.png (442 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.png (189 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\arrow-dn.gif (46 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\protect-id.png (737 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\bg-btnover-start.png (335 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_14.png (270 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-news24.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_youtube.png (544 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-widgets.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyA3FE.tmp\nsisFirewall.dll (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\add.png (637 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ebay.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\icon-Info.png (218 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyA3FE.tmp\nsProcess.dll (8 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif (184 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_03.png (218 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dtxlogo.png (867 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png (263 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\button-splitter-down-vista.png (245 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\highlight_lime.png (284 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.xml (804 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png (191 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome.manifest (231 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\weather.png (3 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gif (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\highlight_blue.png (293 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder.png (630 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_07.png (254 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png (457 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\searchqutoolbar-manifest.xml (9 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slider.png (329 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-options-design.png (704 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\logo-separator.png (566 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htm (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\bg-pnl520x390.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\maps.bmp (678 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-orange.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\collapsed_button.gif (184 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gif (46 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\bg-btn-end.png (296 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gamecategory.xsl (706 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\facebook.png (235 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.png (284 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\ico-check.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-eq-on.gif (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-previous.png (476 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\games.xsl (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\external.js (23424 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\partner.coupons.xml (37 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous.png (476 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\neterror.xhtml (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\widgets.png (447 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radiobeta-buffering.gif (642 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\ico-tags.png (209 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif (46 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyA3FE.tmp\CountryLocaleXML.xml (86 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\zoom.png (732 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_02.png (248 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png (92 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\template.html (5 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-grey.png (3 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\grey.gif (152 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\news.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-options-on.png (485 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_06.png (316 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png (240 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png (643 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluesky.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png (163 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\css\popupGames.css (7 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png (663 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\graphred4.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\graphred4_5.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\btn_slider.png (763 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\toolbarsplitter.gif (763 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\relatedlinks.png (691 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search-go.png (824 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\scrollb.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\as_guid.dat (38 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\icons\na-t.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\btnright-down-vista.png (274 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\search.xsl (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\ca.png (763 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\btn-close-greyover.png (444 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\arrow-right.gif (136 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\proxy.html (354 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\RSSLogo.png (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_16.png (278 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-next.png (471 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\popupGames.html (10 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.png (326 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\arrow-right-disabled.gif (46 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\dtx.css (784 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png (248 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyA3FE.tmp\xml.dll (812 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\ico-news24.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_20.png (287 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png (431 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png (2 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.png (209 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ico-shield.png (740 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js (784 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\nsnAC97.tmp (60949 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\maps.bmp (678 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-mdl-over.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\over-blue.png (163 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\yahoo.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\vmnrsswin.xml (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\move.gif (58 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyA3FE.tmp\ioSpecial.ini (26 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.png (293 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\icon_games.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_10.png (250 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio.png (323 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\ttlbar-left.png (266 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\radiobeta.ico (1552 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\bluesky.gif (153 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\graphred2.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-play-left.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\widgets-square-16px.png (690 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\ico-playstation-down.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\modules\datastore.jsm (3 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparent.xul (653 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png (266 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\ico-download.png (692 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\ico-play.png (248 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\win-btm-left.png (204 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\bullet-orange.gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\rss-collapse.png (187 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\btn-search.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\btn-close-grey.png (263 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gif (136 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0_5.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\skin-orange.png (3 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.png (205 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\bg.gif (8 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-reload.png (384 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\menuseparatorback.gif (165 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-try-left.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\menuitemleft-vista.png (293 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\dtx.css (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\vmn.png (3 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\preferences.xml (663 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\searchqutoolbar\geoip.xml (417 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\searchbar\searchbar-background-left.png (286 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\downloadcom.png (972 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\email.png (3 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\emailnotifierproviders.xml (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-delete.png (511 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\throbber.gif (825 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-lichen.png (3 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\edit-back-hot.png (209 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss.png (772 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png (179 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png (205 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\zoom.png (732 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png (152 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png (701 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\technorati.png (493 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\vmncode.js (6 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn_settings.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\yahoosearch.png (7 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png (649 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-feed.png (498 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.png (193 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\protect-id.png (737 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\btn-wide-close-over.png (873 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\track.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\video.bmp (678 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rss.png (816 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\youtube.png (608 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\rss.png (772 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\dtxlogo.png (867 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png (263 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\toolbarsplitter.gif (763 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\tab-on-r.png (278 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\btn_settings.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-eq-off.png (824 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png (155 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_18.png (312 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png (857 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_03.png (218 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\gamethumb-on.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\transparent.gif (49 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\search_button_png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\toolbar.htm (802 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\btn-widgets-over.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\rss.png (816 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify-save.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\btn-widgets-over.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\relatedlinks.png (691 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gif (854 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\dtxwin.xul (387 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\close-normal.png (585 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\skin-grey.png (3 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.png (191 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\resize-box.gif (92 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\dialog.css (3 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-search.png (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\loadingMid.gif (7 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png (969 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\view-thumb-over.png (380 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-right.png (114 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_over_png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png (367 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\volumeslider.html (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyA3FE.tmp\InetLoad.dll (804 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png (496 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\rsstabdivider.gif (85 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\logo.png (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\btnright-vista.png (297 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lichen.gif (153 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\expand.png (287 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\mailcom.png (3 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\uninstall.exe (2365 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\games.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\toolbar.xml (1568 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\modifyhot.png (149 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.png (248 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\scroll-bg-206.png (663 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css (8 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png (205 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\ebay.png (3 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\music-note.png (775 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.png (2 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_15.png (344 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\btn-wide-close.png (857 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\settings.png (902 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\bandoo.css (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\dictionary.png (746 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\rssback.gif (469 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-shop.png (233 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\found.png (886 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\panel-botm-noscroll.png (448 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency3.6.dll (2392 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\images.png (660 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\components\windowmediator.js (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png (691 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rssback.gif (469 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin.xul (657 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\box-check.png (174 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-volume-0.png (614 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\btn-close-greyover.png (444 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\win-left.png (114 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\hotmail.png (2 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_games.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\throbber.gif (825 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js (2 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\images.png (660 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-right.png (235 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\comcast.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\graphred0_5.png (3 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.png (55 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\logo-about.png (3 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\remove.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png (188 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back.png (205 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-try-left-over.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3_5.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\options\options-main.png (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\menuitemleft-down-vista.png (270 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png (160 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\scrollt-down.png (864 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify.png (708 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\bg-btnover-mdl_ff.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\icons\na.png (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\babylon_logo.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\highlight.png (795 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\bg-btn-divider.png (205 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\over-orange.png (169 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\music.png (570 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-left.png (114 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\button-splitter-vista.png (248 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\weather.png (3 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rename.gif (223 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\checkmark.png (293 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png (3 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png (204 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\icon-download.png (251 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-addtoolbar-left.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\arrow-up.gif (46 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\rss-folder-remove.png (540 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\wikipedia.png (586 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\geoip[1].xml (86 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\skin.xml (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\graphred0.png (3 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif (181 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png (431 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\highlight_magenta.png (286 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\ico-calendar.png (566 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png (279 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png (169 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\ico-dollar.png (3 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-over.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png (864 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin.xml (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\icon_seperator_png (153 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred5.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\options\options-weather.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\popupWeather.css (7 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png (283 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radiobeta-connecting.gif (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_20.png (287 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png (485 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\skin-yellow.png (3 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\games.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\move.gif (58 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\neterror.xhtml (344 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\scroll-bg.png (663 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email_on.png (3 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\bg-btnover-mdl.png (193 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\gameList.xsl (7 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\transparent_1px.gif (45 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_16.png (278 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\graphred5.png (3 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\translate.png (633 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-search-pnlbtm.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-left.png (236 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_02.png (248 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\remove.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\menu_separator_white.png (2 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt.png (893 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\searchqutoolbar\geoip.xml (417 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\RSSLogo.png (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\scroll.png (455 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-normal.png (585 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png (643 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\arrowr-bluew5.png (205 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\wikipedia.png (586 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\modify.png (708 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xul (307 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white.png (2 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.css (6 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png (824 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\scrollt.png (893 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png (614 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png (168 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\widgets-square-16px.png (3 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.html (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\arrow-sml-drop.png (188 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\TRUSTe_about.png (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-options-design-on.png (701 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\searchbar\searchbar-background-middle.png (152 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Add.png (228 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\scrollb-down.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-btn-play.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png (663 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-btn-pause-on.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-eq-warning.png (969 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\news.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\graphred1.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\IdtTransparency.xpt (156 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-separator.png (566 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\engines.xml (5 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupRSS.html (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\gamethumb2-over.png (574 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_11.png (284 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\nsDragAndDrop.js (784 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\managerpanel.html (10 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-yellow.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\css\manager.css (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\icon_twitter.png (797 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\searchbar\searchbar-background-right.png (288 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\ico-joystick24.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\settings.png (902 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\shopping.png (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radiobeta-stopped.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png (793 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\emailnotifierproviders.xml (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\dtxprefwin.xul (307 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\bg.gif (8 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-collapse.png (187 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.htm (802 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\scrollt-over.png (892 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png (440 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-right-over.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\icon-shop.png (233 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\view-thumb-on.png (402 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\imap.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png (683 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_seperator_png (153 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\babylon_logo.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\menuitemback-down-vista.png (186 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\throbber.gif (825 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\menuitemright-vista.png (297 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-play.png (248 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-mdl.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-close-greyover.png (457 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\pixsy.png (690 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png (336 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\radiobeta-buffering.gif (642 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta.ico (1552 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png (312 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-rename.png (621 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\css\panels.css (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\templateFF.html (6 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\text-ellipsis.xml (423 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\ico-playstation.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\win-right.png (114 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\menul-bgon.png (179 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\default.png (867 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\rss-subscribe.png (2 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif (769 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\volumeslider.html (4 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\toolbarsplitter.png (763 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.html (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\search.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_07.png (254 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\bluelite.gif (153 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.xul (23424 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css (7 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-stopped.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_09.png (288 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\btnback-vista.png (191 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\menuitemright-down-vista.png (235 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\translate.png (633 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\vmncode.js (6 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png (460 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\win-btm-mdl.png (118 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\btn-search-over.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_10.png (250 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\bg-aboutbox.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\options-weather.png (2 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\about.xml (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\ico-radio.png (879 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\modules\nsDragAndDrop.js (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_09.png (288 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png (7 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-download.png (251 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next.png (471 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\main.html (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\logo-separator.png (566 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\searchqutoolbar\guid.dat (38 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\siteinfo.png (792 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_12.png (173 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\install.rdf (681 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slideron.png (386 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png (442 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-tags.png (209 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\ico-playstation-over.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\pop.png (3 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-expand.png (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\facebook.png (235 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.png (293 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\btn-search.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\throbber.gif (825 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-drag.png (486 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluesky.gif (153 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_04.png (293 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gif (46 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\proxy.html (354 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\scrollbar-handle.png (155 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_radio_png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png (286 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\chevron.png (175 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-connecting.gif (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.png (245 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\main.html (2 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\slideron.png (386 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.png (186 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\icon-Add.png (228 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\neterror.xhtml (344 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\loadingMid.gif (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-volume-1.png (668 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\neterror.xhtml (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png (683 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\template.xml (33 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_11.png (284 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif (46 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\css\popupWidgets.css (9 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.png (5 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-radio.png (879 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\ico-check.png (2 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll (15536 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png (788 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\imesh.css (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\slider.png (329 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupHTML.html (802 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency3.5.dll (2392 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\graphred3.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radiobeta.ico (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_13.png (277 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\gameData.js (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\btn-widgets.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings-over.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\arrow-sml.png (211 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\bg-btn-start.png (326 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2_5.png (3 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png (668 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\icons\cond999.png (3 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-about.png (3 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-left.png (286 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\bandoocode.js (784 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml (7 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png (2 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\aol.png (3 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png (532 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\datastore.jsm (3 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png (951 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yahoosearch.png (7 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png (3 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\bg-btn-mdl_ff.png (203 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\scrollbar-track.png (92 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\scripts\defscript.js (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\transparent_1px.gif (45 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\gmail.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\IdtTransparency3.5.xpt (159 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\text-ellipsis.xml (423 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.png (297 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\tab-off-r.png (312 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png (873 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\view-detailed-on.png (496 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.png (335 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\rsschannelback.png (3 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png (118 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency.dll (2392 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png (690 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\graphredna.png (3 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xul (407 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yellow.gif (153 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\downloadcom.png (972 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\mail.png (543 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\bg-btnover.png (179 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\skin-bluesky.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\graphred1_5.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\chevron.png (175 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\radiobeta.js (9 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gametype.xsl (683 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search-over.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\arrow-dn.gif (46 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmncode.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\icon_radio_png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\rename.gif (223 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\icon-play.png (290 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_19.png (299 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\menuitemback-vista.png (191 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\btn-close-grey.png (263 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.png (284 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll (3312 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gif (642 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\pop.png (3 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\logo-separator.png (566 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\scroll-right.png (235 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html (784 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.png (286 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-close-grey.png (283 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\vmn.css (8 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.html (5 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets.png (447 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameData.js (784 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png (607 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\manifest.xml (9 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets-over.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png (4 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.png (293 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2.png (3 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\win-btm-right-resize.png (214 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png (653 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lock.png (300 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight.png (795 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png (704 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\mailcom.png (3 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.png (283 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\dtxpanel.xul (535 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-play-left-over.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\nsdAC58.tmp (60949 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png (179 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\partner.coupons.xml (37 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\footer.htm (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\ttlbar-mdl.png (146 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\radiobeta-stopped.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1_5.png (3 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png (5 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png (444 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-btn-play-on.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsstabdivider.gif (85 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\scroll-left.png (236 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\logo-over.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\scrollb-over.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png (3 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-drag.png (486 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png (574 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\options\options-widgets.png (3 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\scroll.png (455 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\star_x_orange.png (367 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\gmail.png (3 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\music.png (570 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\icons\icons.xml (7 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\templateFF.html (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\widgets-square-24px.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\aol.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\email_on.png (3 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-hot.png (579 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\rss-found.png (677 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\checkmark.png (293 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\vmncode.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\highlight_cyan.png (283 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\searchqutoolbar-oldToolbarGuid.xml (69 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png (892 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\games.xsl (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.gif (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-eq-busy.gif (769 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png (167 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png (649 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\dtxpanelwin.xul (407 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\rss-expand.png (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\expanded_button.gif (181 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\hotmail.png (2 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluelite.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\win-btm-right.png (205 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-remove.png (540 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lichen.gif (153 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\technorati.png (493 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\btn-settings.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\expand.png (287 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\graphred2_5.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_18.png (312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\dtxtransparentwin.xul (657 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png (328 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\popupWidgets.html (14 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png (205 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png (313 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png (566 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\bg-pnl.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\yahoo.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\managerpanel.html (10 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.css (5 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dictionary.png (746 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\searchqutoolbar\guid.dat (38 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_08.png (328 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\ico-check.png (248 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\search.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png (205 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data\search\search.xsl (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\modify.png (708 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\menu_separator_bar.png (2 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.css (8 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png (380 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\comcast.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-options.png (493 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\view-detailed-over.png (451 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\search_button_over_png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-back.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-playing.gif (854 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\bg-btnover-divider.png (240 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxwin.xul (387 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_amazon.gif (976 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\btnback-down-vista.png (191 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modifyhot.png (149 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_21.png (300 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\tab-on-l.png (167 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\close-hot.png (579 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-volume-mute.png (788 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\modify.png (708 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xul (535 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png (278 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\skin-bluelite.png (3 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search.png (3 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png (279 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\css\dialog.css (3 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png (448 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\css\popupAbout.css (696 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta.ico (1552 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\collapse.png (248 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png (460 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\loadingMid.gif (7 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png (532 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-moredetails.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\rss-reload.png (384 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\web.png (3 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\btn-settings-over.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\template.xml (33 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_21.png (300 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\lock.png (300 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\rss-folder.png (630 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\resize-box.gif (92 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Info.png (218 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4_5.png (3 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\throbber.gif (825 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.png (293 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\reload.png (889 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\menuitem-splitter.png (55 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\lastsearch-thumb-back.gif (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\bg-btnover-end.png (284 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\video.bmp (678 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\web.png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png (607 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\popupHTML.html (802 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png (402 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-addtoolbar-right.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\divider.png (134 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\options\options-weather.gif (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\bg-btn-mdl.png (189 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gif (46 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\css\popupRSS.css (6 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-play.png (290 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\icon_amazon.gif (976 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png (721 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\rsstopback.gif (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn_slider.png (763 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\youtube.png (608 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png (174 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\modify-save.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\scrollb-disable.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_04.png (293 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png (214 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmnrsswin.xml (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\radiobeta-connecting.gif (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyA3FE.tmp\System.dll (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_19.png (299 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\movetarget.png (491 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-right.png (288 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rsstopback.gif (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png (160 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\mail.png (543 bytes)

The process regsvr32.exe:2616 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files% (x86)\Searchqu Toolbar\Datamngr\x64\DnsBHO.dll (315 bytes)

The process regsvr32.exe:2620 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files% (x86)\Searchqu Toolbar\Datamngr\IEBHO.dll (49 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\datamngr.dll (49 bytes)

The process regsvr32.exe:1144 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files% (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll (146 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll (49 bytes)

The process regsvr32.exe:892 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files% (x86)\Searchqu Toolbar\Datamngr\DnsBHO.dll (270 bytes)

The process regsvr32.exe:2996 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files% (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll (90 bytes)

The process regsvr32.exe:1568 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files% (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll (106 bytes)

The process regsvr32.exe:296 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files% (x86)\Free Video Converter\swscale-0.dll (135 bytes)
%Program Files% (x86)\Free Video Converter\SDL.dll (258 bytes)
%Program Files% (x86)\Free Video Converter\avutil-50.dll (73 bytes)
%Program Files% (x86)\Free Video Converter\VideoCoderX.ocx (450 bytes)
%Program Files% (x86)\Free Video Converter\avcodec-52.dll (727 bytes)
%Program Files% (x86)\Free Video Converter\avformat-52.dll (745 bytes)

The process regsvr32.exe:1564 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\LocalLow\searchqutoolbar\dtx.ini (15 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll (90 bytes)

The process SetupDataMngr_Searchqu.exe:2272 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files% (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\new-tab.html (3 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\SettingManager.js (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyA145.tmp (1271 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\chrome.manifest (968 bytes)
%Program Files% (x86)\Mozilla Firefox\searchplugins\Search_Results.xml (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\ChromeExtension\config\skin\images\fav_amazon.png (653 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_fantastigames.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\DnsBHO.dll (2861 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\Settings.xml.alt (817 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\DataMngrUI.exe (15058 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss96C3.tmp\Timeout.dll (36 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF14.dll (7479 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\ChromeExtension\OurLocalPage.html (94 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF15.dll (5873 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\ChromeExtension\config\skin\css\new-tab.css (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsx9CAD.tmp (3479 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF9.dll (6898 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\content\RelatedSearch.js (3 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\datamngr.dll (11518 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF12.dll (8439 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll (9605 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF7.dll (5873 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll (5873 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssA1C6.tmp (3765 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\BrowserConnection.dll (1070 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\NewTabBHO.js (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\IEBHO.dll (9901 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF15.dll (9385 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss96C3.tmp (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss96C3.tmp\GetVersion.dll (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlp.xpt (989 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\Settings.xml (914 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\lib\analytics.js (378 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_youtube.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyAF52.tmp (1597 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsdAF72.tmp (1583 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\content (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF4.dll (9483 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsy9ED2.tmp (1319 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyAFA3.tmp (1585 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt (989 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\content\NewTabBHO.js (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\ChromeExtension\lib\analytics.js (378 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\content\overlay.js (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\ChromeExtension\lib\localStorage.js (520 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\IDR_WEBSTORE_ICON.png (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM (4 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_ebay.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\RelatedSearch.js (3 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF6.dll (5873 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\chrome.manifest (968 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiA1D7.tmp (3783 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF5.dll (8054 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll (601 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_facebook.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiAF41.tmp (1559 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\content\SettingManager.js (4 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\css\new-tab.css (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\ChromeExtension\config\skin\images (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsnA1A6.tmp (3756 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\SearchquMediaBar.exe (11047 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsnA155.tmp (3810 bytes)
%Program Files% (x86)\Searchqu Toolbar\sysid.ini (21 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF5.dll (5873 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\lib\preferences.js (766 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\OurLocalPage.html (94 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\ChromeExtension\config\skin\images\fav_fantastigames.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF13.dll (8691 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\SR\Search_Results.xml.alt (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\ChromeExtension\config\skin\images\IDR_WEBSTORE_ICON.png (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} (65 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss96C3.tmp\System.dll (23 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\lib\default-config - Copy.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\SR\SRAssetsHelper.dll (12225 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\ChromeExtension\lib (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\ChromeExtension\config\skin\images\fav_youtube.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss96C3.tmp\FindProcDLL.dll (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\x64\DataMngr.dll (20750 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\ChromeExtension\config\skin\images\imesh_logo_128.png__ (19 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll (15799 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\ChromeExtension\lib\default-config - Copy.js (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\lib\constant.js (192 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF11.dll (5873 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\ChromeExtension\config\skin\new-tab.html (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\content\DnsBHO.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\ChromeExtension\config\skin\images\fav_ftalk.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\ChromeExtension\manifest.json (660 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\x64\IEBHO.dll (11778 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\SR\Settings.xml.alt (421 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\imesh_logo_128.png (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\x64\DnsBHO.dll (2918 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF12.dll (5873 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF10.dll (8080 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\overlay.js (2 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\installhelper.dll (10177 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\content\DataMngr.js (19 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyA196.tmp (3774 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF13.dll (5873 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} (65 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF14.dll (5873 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\lib\jquery.js (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components (4 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\lib\localStorage.js (520 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\content\SearchBHO.js (11 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\install.rdf.alt (732 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\DnsBHO.dll (1425 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SRAssetsHelper.dll (7433 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF8.dll (8728 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\x64\DataMngrUI.exe (22894 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\chrome.manifest.alt (116 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\lib\new-tab.js (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyA0F6.tmp (1271 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\lib\default-config.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn9D0C.tmp (3663 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\ChromeExtension\config\skin\images\fav_ebay.png (1 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\install.rdf (753 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\IEBHO.dll (7726 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\content\RequestPreserver.js (4 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\x64\datamngrUI.exe (16158 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\ChromeExtension\config\skin\images\fav_facebook.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\installhelper.dll (10226 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\SearchBHO.js (11 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss96C3.tmp\nsis7z.dll (4159 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\ChromeExtension\lib\default-config.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF6.dll (8578 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\ChromeExtension\lib\new-tab.js (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\ChromeExtension (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\ChromeExtension\lib\constant.js (192 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\DataMngr.js (19 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF7.dll (7525 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssAF82.tmp (1563 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\Error404BHO.js (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\SR\chrome.manifest.alt (116 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsnAFB3.tmp (1565 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\x64\BrowserConnection.dll (663 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssA175.tmp (3702 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\ChromeExtension\lib\preferences.js (766 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\overlay.xul (195 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssAFD3.tmp (1611 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF9.dll (5873 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssAF30.tmp (1575 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\content\Error404BHO.js (5 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\DnsBHO.js (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiAFE4.tmp (1605 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\RequestPreserver.js (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\x64 (4 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\x64\DnsBHO.dll (1425 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF11.dll (8700 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsnB004.tmp (1458 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\chrome.manifest.alt (116 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\DataMngr.dll (13407 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF4.dll (5873 bytes)
%Program Files% (x86)\Searchqu Toolbar\uninstall.exe (1617 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF10.dll (5873 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\InstallHelper.dll (16101 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\manifest.json (637 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\ChromeExtension\lib\jquery.js (93 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_ftalk.png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss96C3.tmp\nsRandom.dll (503 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\content\overlay.xul (195 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF3.dll (7509 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssA0D5.tmp (1319 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\files.7z (134885 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\SR\install.rdf.alt (731 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\SR (4 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_amazon.png (653 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\imesh_logo_128.png__ (19 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\ChromeExtension\config\skin\images\imesh_logo_128.png (23 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe (13122 bytes)
%Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF8.dll (5873 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\searchplugins\Search_Results.xml (2 bytes)

The process rundll32.exe:1160 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Preferences (8 bytes)

The process rundll32.exe:2348 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\prefs.js (163 bytes)

The process rundll32.exe:2036 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files% (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe (49 bytes)

The process rundll32.exe:1292 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\prefs.js (163 bytes)

The process rundll32.exe:2188 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Web Data (1520 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal (6322 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Preferences (5 bytes)
C:\ProgramData\boost_interprocess\EC3CA8390C77D001\{1832B446-3F6D-4880-99C1-0B3B26170D94} (12 bytes)

The process rundll32.exe:1900 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Preferences (8 bytes)

The process Brand.tmp:2492 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free Video Converter.lnk (1 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-T4KIL.tmp (708 bytes)
%Program Files% (x86)\Free Video Converter\unins000.exe (724 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-G1RGA.tmp (640 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-K0I2S.tmp (764 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-A8H5R.tmp (898 bytes)
%Program Files% (x86)\Free Video Converter\lang\is-63KUK.tmp (3 bytes)
%Program Files% (x86)\Free Video Converter\lang\is-415LU.tmp (4 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-FJ6L5.tmp (791 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-0L4BO.tmp (974 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-4F63V.tmp (649 bytes)
%Program Files% (x86)\Free Video Converter\lang\is-T6VEU.tmp (2 bytes)
%Program Files% (x86)\Free Video Converter\is-I452F.tmp (6420 bytes)
%Program Files% (x86)\Free Video Converter\lang\is-OGUB9.tmp (2 bytes)
%Program Files% (x86)\Free Video Converter\is-H2A97.tmp (7 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-8MTQ0.tmp (995 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-PPTMS.tmp (1 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-6A8RO.tmp (1 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-ARQM3.tmp (995 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-7PK98.tmp (611 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-I36SN.tmp (928 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-JFD21.tmp (574 bytes)
%Program Files% (x86)\Free Video Converter\lang\is-HGTB2.tmp (5 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-A38CB.tmp (506 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-N76RL.tmp (3 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-J1RKC.tmp (142 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-OK4Q2.tmp (268 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-OC1EQ.tmp (1 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-6DM8A.tmp (761 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-1LOUN.tmp (594 bytes)
%Program Files% (x86)\Free Video Converter\is-QT5P0.tmp (2321 bytes)
%Program Files% (x86)\Free Video Converter\is-NJBJU.tmp (601 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-T7JNO.tmp (458 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-BBK04.tmp (1 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-H7900.tmp (156 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-IDRS9.tmp (739 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-ML1QT.tmp (915 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-R632S.tmp (1 bytes)
%Program Files% (x86)\Free Video Converter\lang\is-QA1TE.tmp (4 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-0UPNU.tmp (734 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-0R8U8.tmp (377 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-EGTVN.tmp (1 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-9NP6C.tmp (323 bytes)
%Program Files% (x86)\Free Video Converter\is-2UM0G.tmp (1281 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-4OQ3F.tmp (801 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-032O5.tmp (1 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-M64O7.tmp (670 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-T31KG.tmp (856 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-P26P4.tmp (1 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-MER7L.tmp (211 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-2NJB6.tmp (677 bytes)
%Program Files% (x86)\Free Video Converter\lang\is-V5H30.tmp (4 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-SPN7O.tmp (167 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-HTHT8.tmp (413 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-PAOU3.tmp (203 bytes)
%Program Files% (x86)\Free Video Converter\lang\is-5JU4S.tmp (2 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-OCKR4.tmp (816 bytes)
%Program Files% (x86)\Free Video Converter\is-U1R4Q.tmp (5 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-14B97.tmp (1 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-0P2BJ.tmp (564 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-IRONF.tmp (583 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-6BP8J.tmp (713 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-56UHM.tmp (639 bytes)
%Program Files% (x86)\Free Video Converter\lang\is-JUPEK.tmp (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-PTO5R.tmp\_isetup\_setup64.tmp (6 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Converter\Uninstall Free Video Converter.lnk (1 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-KFF9V.tmp (691 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-E60ED.tmp (198 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-T950P.tmp (447 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-QTC63.tmp (761 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-5ND1U.tmp (660 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-V0Q2F.tmp (484 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-25JQS.tmp (745 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-QC09L.tmp (544 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-IK522.tmp (885 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-CBD03.tmp (747 bytes)
%Program Files% (x86)\Free Video Converter\lang\is-8BN8F.tmp (3 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-USG7R.tmp (784 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-O1MAK.tmp (457 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-753L7.tmp (702 bytes)
%Program Files% (x86)\Free Video Converter\is-T3E69.tmp (45940 bytes)
%Program Files% (x86)\Free Video Converter\lang\is-NM8C0.tmp (4 bytes)
%Program Files% (x86)\Free Video Converter\is-EP5IS.tmp (9605 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-GDN8A.tmp (700 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-UCVBC.tmp (617 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-7S4FR.tmp (643 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-VFN9B.tmp (918 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-29LR1.tmp (247 bytes)
%Program Files% (x86)\Free Video Converter\lang\is-4N9SD.tmp (4 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-G316F.tmp (739 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-DK47R.tmp (729 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-G5RT7.tmp (880 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-O2CRJ.tmp (1 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-IS0Q3.tmp (745 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-SA1R1.tmp (1 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-0LG7I.tmp (1 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-5K9PK.tmp (324 bytes)
%Program Files% (x86)\Free Video Converter\lang\is-0NHG6.tmp (4 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-8MS6G.tmp (723 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-V9KUK.tmp (583 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-QT2P3.tmp (1 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-J0B5K.tmp (1 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-7211C.tmp (781 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-5DA4O.tmp (1 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-P1TR4.tmp (1 bytes)
%Program Files% (x86)\Free Video Converter\lang\is-FD5TR.tmp (2 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Converter\Free Video Converter.lnk (1 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-6G8DD.tmp (724 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-4HB2S.tmp (1 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-JFTMH.tmp (644 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-0POUN.tmp (620 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-KV293.tmp (782 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-DKFHH.tmp (749 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-6CNKI.tmp (785 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-3P428.tmp (674 bytes)
%Program Files% (x86)\Free Video Converter\is-D1AAU.tmp (6841 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-S93O7.tmp (780 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-9FK34.tmp (685 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-1P7PD.tmp (172 bytes)
%Program Files% (x86)\Free Video Converter\lang\is-KKHPS.tmp (2 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-I8V2H.tmp (720 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-L3RF8.tmp (503 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-PMN3R.tmp (140 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-3OP5I.tmp (813 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-9N44V.tmp (889 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-L3OP8.tmp (759 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-32C52.tmp (789 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-QFD61.tmp (804 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-MGDO8.tmp (409 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-2P59L.tmp (747 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-EVPPL.tmp (359 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-PTO5R.tmp\_isetup\_shfoldr.dll (47 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-VA130.tmp (1 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-6724C.tmp (423 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-K97E0.tmp (499 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-90OHK.tmp (797 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-3KQ39.tmp (723 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-BKGTH.tmp (655 bytes)
%Program Files% (x86)\Free Video Converter\lang\is-KJUGQ.tmp (2 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-FP94U.tmp (754 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-05LVR.tmp (592 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-CHBF1.tmp (1 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-C3HR9.tmp (827 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-122HR.tmp (823 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-GP066.tmp (613 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-6R5IC.tmp (781 bytes)
%Program Files% (x86)\Free Video Converter\lang\is-H8C84.tmp (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-PTO5R.tmp\isxdl.dll (727 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-N117Q.tmp (721 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-FSFM1.tmp (563 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-AG89Q.tmp (566 bytes)
%Program Files% (x86)\Free Video Converter\lang\is-45QTT.tmp (2 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-02JGH.tmp (647 bytes)
%Program Files% (x86)\Free Video Converter\is-I1DUL.tmp (9 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-TQ8GP.tmp (714 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-7UVMK.tmp (276 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-IT68J.tmp (551 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-BHSCR.tmp (139 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-RODQG.tmp (648 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-E5P8F.tmp (628 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-N5U0G.tmp (745 bytes)
%Program Files% (x86)\Free Video Converter\lang\is-QSL0C.tmp (2 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-URRMQ.tmp (181 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-0ASAS.tmp (476 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-T8PUN.tmp (706 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-JKPOT.tmp (211 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-Q4T6L.tmp (530 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-IABTL.tmp (833 bytes)
%Program Files% (x86)\Free Video Converter\is-MV9RI.tmp (24 bytes)
%Program Files% (x86)\Free Video Converter\lang\is-S2UJ0.tmp (2 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-EG000.tmp (884 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-UELJU.tmp (646 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-9LDDO.tmp (1 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-ED70G.tmp (590 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-E8ANF.tmp (883 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-ELPRK.tmp (754 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-DE9E2.tmp (957 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-0SU5U.tmp (762 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-7INR2.tmp (648 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-8364B.tmp (249 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-R50F5.tmp (258 bytes)
%Program Files% (x86)\Free Video Converter\lang\is-EJACU.tmp (2 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-QHE9K.tmp (159 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-ROT3U.tmp (781 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-A5JIE.tmp (538 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-GCB0H.tmp (944 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-UD7GN.tmp (755 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-TIK2B.tmp (314 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-PTO5R.tmp\_isetup\_RegDLL.tmp (4 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-I2O6M.tmp (253 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-ODV0B.tmp (157 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-OF3K7.tmp (854 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-H15TC.tmp (1 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-L0PE9.tmp (839 bytes)
%Program Files% (x86)\Free Video Converter\lang\is-0DREU.tmp (5 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-4N21Q.tmp (1 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-1MF3M.tmp (839 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-E2GQP.tmp (956 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-V7MUM.tmp (138 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-DDOMU.tmp (264 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-KF4I1.tmp (318 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-K4R12.tmp (572 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-IG5P9.tmp (642 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-DQND7.tmp (1 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-JTL06.tmp (528 bytes)
%Program Files% (x86)\Free Video Converter\lang\is-Q0C0J.tmp (2 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-S7O30.tmp (797 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-HR8HE.tmp (391 bytes)
%Program Files% (x86)\Free Video Converter\lang\is-AOALO.tmp (4 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-QBEFE.tmp (448 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-USNDT.tmp (1 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-GRNG1.tmp (914 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-BFARG.tmp (730 bytes)
%Program Files% (x86)\Free Video Converter\lang\is-LSLFU.tmp (2 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-IBODV.tmp (256 bytes)
%Program Files% (x86)\Free Video Converter\lang\is-547UP.tmp (2 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-QJGO8.tmp (846 bytes)
C:\Users\"%CurrentUserName%"\Desktop\Free Video Converter.lnk (1 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-BHKHI.tmp (569 bytes)
%Program Files% (x86)\Free Video Converter\lang\is-CJK25.tmp (2 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-K0CC4.tmp (632 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-G7RKC.tmp (649 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-9JVT0.tmp (1 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-FGH7B.tmp (590 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-I0B77.tmp (618 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-KHJMR.tmp (728 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-T6T91.tmp (133 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-9SNR5.tmp (180 bytes)
%Program Files% (x86)\Free Video Converter\lang\is-PL9J8.tmp (2 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-0C69U.tmp (1 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-7IBVN.tmp (547 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-I910L.tmp (185 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-0903R.tmp (394 bytes)
%Program Files% (x86)\Free Video Converter\is-GDUQL.tmp (673 bytes)
%Program Files% (x86)\Free Video Converter\lang\is-KR1DD.tmp (4 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-TJ3ON.tmp (761 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-0LQE5.tmp (10 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-RCG15.tmp (431 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-6JR7M.tmp (512 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-9LV6V.tmp (838 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-N4R71.tmp (662 bytes)
%Program Files% (x86)\Free Video Converter\lang\is-6B9B0.tmp (4 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-U1SQ4.tmp (1 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-0EU4N.tmp (359 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-V6S9P.tmp (866 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-3PCFO.tmp (664 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-D39GF.tmp (1 bytes)
%Program Files% (x86)\Free Video Converter\is-17P7I.tmp (24 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\FreeVideoConverter\config.ini (62 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-KS005.tmp (482 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-T9FPT.tmp (704 bytes)
%Program Files% (x86)\Free Video Converter\lang\is-R7048.tmp (2 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-HC8OC.tmp (933 bytes)
%Program Files% (x86)\Free Video Converter\lang\is-1HMIJ.tmp (4 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-AO7CC.tmp (662 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-KG6FL.tmp (590 bytes)
%Program Files% (x86)\Free Video Converter\FreeVideoConverter.exe (901 bytes)
%Program Files% (x86)\Free Video Converter\lang\is-TLSDD.tmp (4 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-SU8E4.tmp (446 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-57H8B.tmp (1 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-57QOM.tmp (825 bytes)
%Program Files% (x86)\Free Video Converter\lang\is-S8B86.tmp (2 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-RQD8F.tmp (1 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-1739R.tmp (990 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-UKE7Q.tmp (705 bytes)
%Program Files% (x86)\Free Video Converter\unins000.dat (9740 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-QOHUT.tmp (676 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-3NP6K.tmp (413 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-V3OM2.tmp (726 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-4VSAH.tmp (949 bytes)
%Program Files% (x86)\Free Video Converter\lang\is-F00GM.tmp (2 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-7EMUB.tmp (662 bytes)
%Program Files% (x86)\Free Video Converter\is-G8P0R.tmp (5441 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-NHMVF.tmp (1 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-UE82B.tmp (1 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-H26MB.tmp (649 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-GUU7N.tmp (514 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-U58ML.tmp (1 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-E01C9.tmp (599 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-B8L6K.tmp (982 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-SQQ3U.tmp (663 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-A8RE0.tmp (962 bytes)
%Program Files% (x86)\Free Video Converter\lang\flags\is-6M6JT.tmp (197 bytes)

The process Brand.exe:300 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-U4RUS.tmp\Brand.tmp (1423 bytes)

The process RUNDLL32.EXE:2320 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SRAssetsHelper.dll (49 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\prefs.js (652 bytes)

Registry activity

The process FreeVideoConverter.exe:2188 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FreeVideoConverter_RASMANCS]
"ConsoleTracingMask" = "4294901760"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FreeVideoConverter_RASAPI32]
"FileDirectory" = "%windir%\tracing"
"MaxFileSize" = "1048576"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FreeVideoConverter_RASMANCS]
"FileDirectory" = "%windir%\tracing"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FreeVideoConverter_RASAPI32]
"EnableFileTracing" = "0"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FreeVideoConverter_RASMANCS]
"EnableConsoleTracing" = "0"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FreeVideoConverter_RASAPI32]
"FileTracingMask" = "4294901760"
"ConsoleTracingMask" = "4294901760"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FreeVideoConverter_RASMANCS]
"FileTracingMask" = "4294901760"
"EnableFileTracing" = "0"
"MaxFileSize" = "1048576"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FreeVideoConverter_RASAPI32]
"EnableConsoleTracing" = "0"

The process DATAMN~1.EXE:3036 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\DataMngr\Files\SelectedSearch]
"Path" = ""

[HKCU\Software\DataMngr\Chrome\Preferences\NewTab]
"Name" = "Chrome New Tab"

[HKCU\Software\DataMngr\IEBHO]
"newTab" = "0"

[HKCU\Software\DataMngr\Files\SelectedSearch]
"MatchPattern" = "user_pref\(browser\.search\.selectedEngine, ([^]*)\);"

[HKCU\Software\DataMngr\IEBHO]
"DNSError" = "1"

[HKCU\Software\DataMngr\IEBHO\Components]
"{FEFD3AF5-A346-4451-AA23-A3AD54915515}" = ""

[HKCU\Software\DataMngr\Files\UrlbarSearch]
"DefaultValue" = "user_pref(keyword.URL, $(Value));"

[HKCU\Software\DataMngr\Files\Homepage]
"MatchPattern" = "user_pref\(browser\.startup\.homepage, ([^]*)\);"

[HKCU\Software\DataMngr\Chrome\DS]
"Path" = "%Program Files% (x86)\Google\Chrome\User Data\Default\Web Data"

[HKCU\Software\DataMngr\Files\SelectedSearch]
"Value" = "Search Results"

[HKCU\Software\DataMngr\IEBHO]
"AddressBar" = "1"

[HKCU\Software\DataMngr\Files\SelectedSearch]
"AltMatchPattern" = "user_pref\(browser\.search\.defaultenginename, ([^]*)\);"

[HKCU\Software\DataMngr\List\Item3]
"Value" = "1"

[HKCU\Software\DataMngr\Chrome\Preferences\StartPages]
"ID" = "crsp"

[HKCU\Software\DataMngr\Chrome\DS]
"ID" = "crb"

[HKCU\Software\DataMngr\List\Item2]
"Flag" = "259"

[HKCU\Software\DataMngr\Chrome\Preferences\Homepage]
"Flag" = "257"

[HKCU\Software\DataMngr\List\Item3]
"Flag" = "55"

[HKCU\Software\DataMngr\Chrome\FF]
"Flag" = "3"

[HKCU\Software\DataMngr\List\Item2]
"ID" = "hmp"

[HKCU\Software\DataMngr\Files\SelectedSearch]
"Flag" = "68"

[HKCU\Software\DataMngr\Chrome\DS]
"Flag" = "1"

[HKCU\Software\DataMngr]
"StatsUrl" = "dm.mlstat.com/statistics/dm/wg.php"

[HKCU\Software\DataMngr\List\Item1\Protected1]
"Flag" = "1"

[HKCU\Software\DataMngr\Files\Homepage]
"Path" = ""

[HKCU\Software\DataMngr\IEBHO\RelatedSearch]
"Enabled" = "0"

[HKCU\Software\DataMngr\Chrome\FF]
"Path" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions.sqlite"

[HKCU\Software\DataMngr\Chrome\Preferences]
"Path" = "%Program Files% (x86)\Google\Chrome\User Data\Default\Preferences"

[HKCU\Software\DataMngr\Chrome\Preferences\NewTab]
"Path" = "extensions.chrome_url_overrides.newtab"

[HKCU\Software\DataMngr\IEBHO\Components]
"{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}" = ""

[HKCU\Software\DataMngr]
"Version" = "4.1.0.3114"

[HKCU\Software\DataMngr\List\Item1]
"Window" = "#32770"

[HKCU\Software\DataMngr\Files\SelectedSearch]
"Name" = "FFDefaultScope"

[HKCU\Software\DataMngr\Files\Homepage]
"Value" = "http://www.searchnu.com/414"

[HKCU\Software\DataMngr\List\Item1]
"key" = "Software\Microsoft\Internet Explorer\SearchScopes"

[HKCU\Software\DataMngr\List\Item3]
"Name" = "FrameAuto"

[HKCU\Software\DataMngr\Files\Homepage]
"ID" = "ffhmp"

[HKCU\Software\DataMngr\List\Item1]
"ID" = "ieb"
"Flag" = "3"

[HKCU\Software\DataMngr\List\Item1\Protected1]
"ProtectedId" = "A3 3F 29 69 E0 07 AE 43 AB C9 B5 75 93 28 E5 09"

[HKCU\Software\DataMngr\List\Item1\Protected3]
"ProtectedId" = "7E 15 A1 99 02 9B F5 40 9B 2D 98 DA 65 8D AB 15"

[HKCU\Software\DataMngr]
"OldVersion" = ""

[HKCU\Software\DataMngr\Chrome\Preferences\StartPages]
"Path" = "session.urls_to_restore_on_startup"

[HKCU\Software\DataMngr\List\Item4]
"Name" = "FrameAuto"

[HKCU\Software\DataMngr\Files\Homepage]
"Flag" = "259"

[HKCU\Software\DataMngr\List\Item4]
"Value" = "1"

[HKCU\Software\DataMngr]
"ShortDllPath" = "C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll"
"UpdateSite" = "dm.mlstat.com/update/dm/wg.php"
"DLLPath" = "%Program Files% (x86)\Searchqu Toolbar\Datamngr\datamngr.dll"
"UpdateTime" = "Type: REG_QWORD, Length: 8"

[HKCU\Software\DataMngr\Chrome\Preferences\NewTab]
"ID" = "crnt"

[HKCU\Software\DataMngr\List\Item2]
"Value" = "http://www.searchnu.com/414"

[HKCU\Software\DataMngr\IEBHO]
"404Url" = "http://www.searchqu.com/web?src=404&appid=0&systemid=414&q="

[HKCU\Software\DataMngr\Files\SelectedSearch]
"ID" = "ffb"

[HKCU\Software\DataMngr\Files\ChromeHomepage]
"MatchPattern" = """homepage"": ""([^""]*)""

[HKCU\Software\DataMngr]
"Path" = "%Program Files% (x86)\Searchqu Toolbar\Datamngr"

[HKCU\Software\DataMngr\List\Item1\Protected1]
"Value" = "4294967295"

[HKCU\Software\DataMngr\Chrome\FF]
"ID" = "{1FD91A9C-410C-4090-BBCC-55D3450EF433}"

[HKCU\Software\DataMngr\Chrome\Preferences\Homepage]
"Path" = "homepage"

[HKCU\Software\DataMngr\List\Item3]
"key" = "SOFTWARE\Microsoft\Internet Explorer\Main"

[HKCU\Software\DataMngr\Files\ChromeHomepage]
"Value" = "http://www.searchnu.com/414"

[HKCU\Software\DataMngr\Chrome\Preferences\NewTab]
"Flag" = "3"

[HKCU\Software\DataMngr\Chrome\DS]
"Journal" = "%Program Files% (x86)\Google\Chrome\User Data\Default\Web Data-journal"

[HKCU\Software\DataMngr\Chrome\Preferences\Homepage]
"Value" = "http://www.searchnu.com/414"

[HKCU\Software\DataMngr\Files\ChromeHomepage]
"Flag" = "307"

[HKCU\Software\DataMngr]
"ShortDllPath64" = "C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll"

[HKCU\Software\DataMngr\Files\UrlbarSearch]
"Value" = "http://dts.search-results.com/sr?src=ffb&appid=0&systemid=414&sr=0&q="

[HKCU\Software\DataMngr\Chrome\Preferences\StartPages]
"Flag" = "259"

[HKCU\Software\DataMngr\Files\ChromeHomepage]
"Name" = "Chrome Homepage"

[HKCU\Software\DataMngr]
"sysid" = "414"

[HKCU\Software\DataMngr\Files\Homepage]
"DefaultValue" = "user_pref(browser.startup.homepage, $(Value));"

[HKCU\Software\DataMngr\Files\ChromeHomepage]
"InsertPattern" = "^\{(.*)\}$"

[HKCU\Software\DataMngr\List\Item2]
"Name" = "Start Page"

[HKCU\Software\DataMngr\Chrome\Preferences\Homepage]
"Backup" = "backup.homepage"

[HKCU\Software\DataMngr\List\Item4]
"Flag" = "55"

[HKCU\Software\DataMngr\Chrome\Preferences\NewTab]
"Value" = "chrome-extension://bmapjpndbiamjgnblnlpghpbjccijkbc/config/skin/new-tab.html"

[HKCU\Software\DataMngr\Files\SelectedSearch]
"DefaultValue" = "user_pref(browser.search.selectedEngine, $(Value));"

[HKCU\Software\DataMngr\List\Item2]
"key" = "SOFTWARE\Microsoft\Internet Explorer\Main"
"Window" = "#32770"

[HKCU\Software\DataMngr]
"Folder" = "%Program Files% (x86)\Searchqu Toolbar"

[HKCU\Software\DataMngr\Files\UrlbarSearch]
"MatchPattern" = "user_pref\(keyword\.url, ([^]*)\);"
"Name" = "FFUrlbar search"

[HKCU\Software\DataMngr\IEBHO]
"NEWTABURL" = "http://www.searchnu.com/414"

[HKCU\Software\DataMngr\Chrome\Preferences\StartPages]
"Name" = "Chrome Start Page"

[HKCU\Software\DataMngr\Toolbar]
"Flag" = "1"

[HKCU\Software\DataMngr\Files\UrlbarSearch]
"Path" = ""

[HKCU\Software\DataMngr\Chrome\Preferences\StartPages]
"Value" = "http://www.searchnu.com/414"

[HKCU\Software\DataMngr\Chrome\FF]
"Value" = "0"

[HKCU\Software\DataMngr\Files\ChromeHomepage]
"Path" = "%Program Files% (x86)\Google\Chrome\User Data\Default\Preferences"
"DefaultValue" = """homepage"": """"

[HKCU\Software\DataMngr\Chrome\DS]
"Value" = "Search Results"

[HKCU\Software\DataMngr\IEBHO\RelatedSearch]
"URL" = "http://dts.search-results.com/related.html"

[HKCU\Software\DataMngr\Files\UrlbarSearch]
"ID" = "ffb"

[HKCU\Software\DataMngr\List\Item1\Protected2]
"ProtectedId" = "ED 7A 33 5D BC 05 E8 4E 87 85 0C 11 3F 07 2E BD"

[HKCU\Software\DataMngr\IEBHO]
"DNSUrl" = "http://www.searchqu.com/web?src=derr&appid=0&systemid=414&q="
"404Error" = "1"

[HKCU\Software\DataMngr\Chrome\Preferences\StartPages]
"Backup" = "backup.session.urls_to_restore_on_startup"

[HKCU\Software\DataMngr]
"UIPath" = "%Program Files% (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe"

[HKCU\Software\DataMngr\Files\ChromeHomepage]
"ID" = "crhp"

[HKCU\Software\DataMngr\IEBHO]
"SearchUrl" = "http://dts.search-results.com/sr?src=ieb&appid=0&systemid=414&q="

[HKCU\Software\DataMngr\Chrome\Preferences\Homepage]
"ID" = "crhp"

[HKCU\Software\DataMngr\List\Item1]
"Value" = "{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}"

[HKCU\Software\DataMngr\List\Item4]
"key" = "SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main"

[HKCU\Software\DataMngr\Chrome\FF]
"Journal" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions.sqlite-journal"

[HKCU\Software\DataMngr\Files\Homepage]
"Name" = "FFStart Page"

[HKCU\Software\DataMngr\List\Item1]
"Name" = "DefaultScope"

[HKCU\Software\DataMngr\Chrome\Preferences\Homepage]
"Name" = "Chrome Homepage"

[HKCU\Software\DataMngr\Files\UrlbarSearch]
"Flag" = "259"

The process %original file name%.exe:2364 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "2D 85 33 3A 90 73 D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadNetworkName" = "Network 4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 48 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionReason" = "1"

"WpadDecisionTime" = "08 B8 25 62 0D 77 D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached]
"{17FE9752-0B5A-4665-84CD-569794602F5C} {7F9185B0-CB92-43C5-80A9-92277A4F7B54} 0xFFFF" = "01 00 00 00 00 00 00 00 EC 16 EC 67 0D 77 D0 01"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process SearchquMediaBar.exe:2768 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "08 B8 25 62 0D 77 D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1FD9C4D4-E715-4ABE-B167-3F1AECDAAA4F}]
"AppName" = "dtUser.exe"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}]
"Policy" = "3"
"AppName" = "uninstall.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1FD9C4D4-E715-4ABE-B167-3F1AECDAAA4F}]
"AppPath" = "C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1FD9C4D4-E715-4ABE-B167-3F1AECDAAA4F}]
"Policy" = "3"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}]
"AppPath" = "C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 49 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyA3FE.tmp\UAC.dll,"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"ITBarLayout"

The Malware disables automatic startup of the application by deleting the following autorun value:

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"NSIS.Library.RegTool.v1"

"NSIS.Library.RegTool.v3"

"NSIS.Library.RegTool.v2"

"NSIS.Library.RegTool.v5"

"NSIS.Library.RegTool.v4"

The process regsvr32.exe:2616 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCR\DnsBHO.BHO]
"(Default)" = "BHO Class"

[HKCR\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}\InprocServer32]
"(Default)" = "C:\PROGRA~2\SEARCH~1\Datamngr\x64\DnsBHO.dll"

[HKCR\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}\ProgID]
"(Default)" = "DnsBHO.BHO.1"

[HKCR\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}\1.0\0\win64]
"(Default)" = "C:\PROGRA~2\SEARCH~1\Datamngr\x64\DnsBHO.dll"

[HKLM\SOFTWARE\DataMngr\IEBHO\Components]
"{FEFD3AF5-A346-4451-AA23-A3AD54915515}" = ""

[HKCR\DnsBHO.BHO\CurVer]
"(Default)" = "DnsBHO.BHO.1"

[HKCR\DnsBHO.BHO\CLSID]
"(Default)" = "{FEFD3AF5-A346-4451-AA23-A3AD54915515}"

[HKCR\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}]
"(Default)" = "BHO Class"

[HKCR\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}]
"(Default)" = "DnsBHO"

[HKCR\AppID\DnsBHO.DLL]
"AppID" = "{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}"

[HKCR\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}\VersionIndependentProgID]
"(Default)" = "DnsBHO.BHO"

[HKCR\DnsBHO.BHO.1\CLSID]
"(Default)" = "{FEFD3AF5-A346-4451-AA23-A3AD54915515}"

[HKCR\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}\TypeLib]
"(Default)" = "{841D5A49-E48D-413c-9C28-EB3D9081D705}"

[HKCR\DnsBHO.BHO.1]
"(Default)" = "BHO Class"

[HKCR\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}\InprocServer32]
"ThreadingModel" = "Apartment"

The process regsvr32.exe:2620 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCR\SearchQUIEHelper.DNSGuard\CLSID]
"(Default)" = "{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}"

[HKCR\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0]
"(Default)" = "SearchQUIEBHO 1.0 Type Library"

[HKCR\Wow6432Node\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}\InprocServer32]
"(Default)" = "C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll"

[HKCR\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\0\win32]
"(Default)" = "C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll"

[HKCR\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}]
"(Default)" = "IDNSGuard"

[HKCR\Wow6432Node\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ProgID]
"(Default)" = "SearchQUIEHelper.UrlHelper.1"

[HKCR\Wow6432Node\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\HELPDIR]
"(Default)" = "C:\PROGRA~2\SEARCH~1\Datamngr"

[HKCR\Wow6432Node\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\InprocServer32]
"(Default)" = "C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll"

[HKCR\Wow6432Node\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}]
"(Default)" = "IDNSGuard"

[HKCR\Wow6432Node\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}]
"(Default)" = "UrlHelper Class"

[HKCR\Wow6432Node\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Wow6432Node\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}\TypeLib]
"(Default)" = "{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}"

[HKCR\SearchQUIEHelper.DNSGuard.1]
"(Default)" = "UrlHelper Class"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\IEBHO\Components]
"{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}" = ""

[HKCR\Wow6432Node\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}]
"(Default)" = "ErrorFilter Class"

[HKCR\SearchQUIEHelper.DNSGuard.1\CLSID]
"(Default)" = "{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}"

[HKCR\Wow6432Node\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\VersionIndependentProgID]
"(Default)" = "SearchQUIEHelper.UrlHelper"

[HKCR\Wow6432Node\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}\TypeLib]
"(Default)" = "{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}"

[HKCR\SearchQUIEHelper.DNSGuard]
"(Default)" = "UrlHelper Class"

[HKCR\SearchQUIEHelper.DNSGuard\CurVer]
"(Default)" = "SearchQUIEHelper.UrlHelper.1"

[HKCR\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}\TypeLib]
"Version" = "1.0"

The Malware deletes the following registry key(s):

[HKCR\Wow6432Node\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}\Programmable]
[HKCR\Wow6432Node\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\InprocServer32]
[HKCR\Wow6432Node\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ProgID]
[HKCR\Wow6432Node\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}]
[HKCR\Wow6432Node\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}\InprocServer32]
[HKCR\Wow6432Node\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\VersionIndependentProgID]
[HKCR\Wow6432Node\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\Programmable]
[HKCR\Wow6432Node\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}]

The process regsvr32.exe:1144 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCR\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ProgID]
"(Default)" = "SearchQUIEHelper.UrlHelper.1"

[HKCR\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\VersionIndependentProgID]
"(Default)" = "SearchQUIEHelper.UrlHelper"

[HKCR\SearchQUIEHelper.DNSGuard.1\CLSID]
"(Default)" = "{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}"

[HKCR\SearchQUIEHelper.DNSGuard\CLSID]
"(Default)" = "{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}"

[HKCR\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}]
"(Default)" = "ErrorFilter Class"

[HKCR\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\0\win64]
"(Default)" = "C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll"

[HKCR\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\SearchQUIEHelper.DNSGuard.1]
"(Default)" = "UrlHelper Class"

[HKCR\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}]
"(Default)" = "UrlHelper Class"

[HKCR\SearchQUIEHelper.DNSGuard\CurVer]
"(Default)" = "SearchQUIEHelper.UrlHelper.1"

[HKCR\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\InprocServer32]
"(Default)" = "C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll"

[HKLM\SOFTWARE\DataMngr\IEBHO\Components]
"{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}" = ""

[HKCR\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\SearchQUIEHelper.DNSGuard]
"(Default)" = "UrlHelper Class"

[HKCR\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}\InprocServer32]
"(Default)" = "C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll"

The Malware deletes the following registry key(s):

[HKCR\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\InprocServer32]
[HKCR\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}\InprocServer32]
[HKCR\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\VersionIndependentProgID]
[HKCR\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}]
[HKCR\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}\Programmable]
[HKCR\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}]
[HKCR\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\Programmable]
[HKCR\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ProgID]

The process regsvr32.exe:892 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCR\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}\1.0\0\win32]
"(Default)" = "C:\PROGRA~2\SEARCH~1\Datamngr\DnsBHO.dll"

[HKCR\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}\1.0]
"(Default)" = "SearchQUIEBHO 1.0 Type Library"

[HKCR\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}]
"(Default)" = "DnsBHO"

[HKCR\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}\InprocServer32]
"(Default)" = "C:\PROGRA~2\SEARCH~1\Datamngr\DnsBHO.dll"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\IEBHO\Components]
"{FEFD3AF5-A346-4451-AA23-A3AD54915515}" = ""

[HKCR\DnsBHO.BHO.1]
"(Default)" = "BHO Class"

[HKCR\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}\TypeLib]
"(Default)" = "{841D5A49-E48D-413C-9C28-EB3D9081D705}"

[HKCR\DnsBHO.BHO]
"(Default)" = "BHO Class"

[HKCR\Wow6432Node\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}\TypeLib]
"Version" = "1.0"

[HKCR\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\DnsBHO.BHO\CLSID]
"(Default)" = "{FEFD3AF5-A346-4451-AA23-A3AD54915515}"

[HKCR\Wow6432Node\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}\VersionIndependentProgID]
"(Default)" = "DnsBHO.BHO"

[HKCR\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}]
"(Default)" = "IDnsErrorHandler"

[HKCR\Wow6432Node\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}\TypeLib]
"(Default)" = "{841D5A49-E48D-413C-9C28-EB3D9081D705}"

[HKCR\Wow6432Node\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}\TypeLib]
"(Default)" = "{841D5A49-E48D-413c-9C28-EB3D9081D705}"

[HKCR\Wow6432Node\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}]
"(Default)" = "IDnsErrorHandler"

[HKCR\AppID\DnsBHO.DLL]
"AppID" = "{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}"

[HKCR\Wow6432Node\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}]
"(Default)" = "BHO Class"

[HKCR\Wow6432Node\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}\ProgID]
"(Default)" = "DnsBHO.BHO.1"

[HKCR\DnsBHO.BHO\CurVer]
"(Default)" = "DnsBHO.BHO.1"

[HKCR\Wow6432Node\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\DnsBHO.BHO.1\CLSID]
"(Default)" = "{FEFD3AF5-A346-4451-AA23-A3AD54915515}"

[HKCR\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}\1.0\HELPDIR]
"(Default)" = "C:\PROGRA~2\SEARCH~1\Datamngr"

The process regsvr32.exe:2996 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCR\BrowserConnection.Loader.1]
"(Default)" = "DataMngr"

[HKCR\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}\1.0]
"(Default)" = "BrowserConnection 1.0 Type Library"

[HKCR\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\Wow6432Node\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\InprocServer32]
"(Default)" = "C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL"

[HKCR\Wow6432Node\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ProgID]
"(Default)" = "BrowserConnection.Loader.1"

[HKCR\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}\1.0\HELPDIR]
"(Default)" = "C:\PROGRA~2\SEARCH~1\Datamngr"

[HKCR\BrowserConnection.Loader]
"(Default)" = "DataMngr"

[HKCR\BrowserConnection.Loader\CLSID]
"(Default)" = "{9D717F81-9148-4f12-8568-69135F087DB0}"

[HKCR\BrowserConnection.Loader.1\CLSID]
"(Default)" = "{9D717F81-9148-4f12-8568-69135F087DB0}"

[HKCR\Wow6432Node\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}]
"(Default)" = "DataMngr"

[HKCR\Wow6432Node\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\VersionIndependentProgID]
"(Default)" = "BrowserConnection.Loader"

[HKCR\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}\1.0\0\win32]
"(Default)" = "C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL"

[HKCR\Wow6432Node\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Wow6432Node\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\TypeLib]
"(Default)" = "{5B4144E1-B61D-495a-9A50-CD1A95D86D15}"

[HKCR\AppID\BrowserConnection.DLL]
"AppID" = "{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}"

[HKCR\BrowserConnection.Loader\CurVer]
"(Default)" = "BrowserConnection.Loader.1"

[HKCR\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}]
"(Default)" = "BrowserConnection"

The process regsvr32.exe:1568 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCR\BrowserConnection.Loader.1]
"(Default)" = "DataMngr"

[HKCR\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\TypeLib]
"(Default)" = "{5B4144E1-B61D-495a-9A50-CD1A95D86D15}"

[HKCR\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\VersionIndependentProgID]
"(Default)" = "BrowserConnection.Loader"

[HKCR\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\InprocServer32]
"(Default)" = "C:\PROGRA~2\SEARCH~1\Datamngr\x64\BROWSE~1.DLL"

[HKCR\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}\1.0\0\win64]
"(Default)" = "C:\PROGRA~2\SEARCH~1\Datamngr\x64\BROWSE~1.DLL"

[HKCR\BrowserConnection.Loader]
"(Default)" = "DataMngr"

[HKCR\BrowserConnection.Loader\CLSID]
"(Default)" = "{9D717F81-9148-4f12-8568-69135F087DB0}"

[HKCR\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\BrowserConnection.Loader.1\CLSID]
"(Default)" = "{9D717F81-9148-4f12-8568-69135F087DB0}"

[HKCR\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}]
"(Default)" = "DataMngr"

[HKCR\AppID\BrowserConnection.DLL]
"AppID" = "{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}"

[HKCR\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ProgID]
"(Default)" = "BrowserConnection.Loader.1"

[HKCR\BrowserConnection.Loader\CurVer]
"(Default)" = "BrowserConnection.Loader.1"

[HKCR\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}]
"(Default)" = "BrowserConnection"

The process regsvr32.exe:296 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCR\TypeLib\{5E4808EE-1902-4F77-AB2E-6B0256CBBACE}\1.0\0\win32]
"(Default)" = "%Program Files% (x86)\Free Video Converter\VideoCoderX.ocx"

[HKCR\Wow6432Node\Interface\{BEF2B5BE-0309-4A25-8A15-E03B0F7E2D20}]
"(Default)" = "_DVideoCoderX"

[HKCR\Wow6432Node\CLSID\{0E8454F2-3644-483F-999E-C096A5F791BA}\InprocServer32]
"(Default)" = "C:\PROGRA~2\FREEVI~1\VIDEOC~1.OCX"

[HKCR\Wow6432Node\Interface\{785D6664-1398-4E4F-ACBD-E18946ED3CFD}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{785D6664-1398-4E4F-ACBD-E18946ED3CFD}\TypeLib]
"(Default)" = "{5E4808EE-1902-4F77-AB2E-6B0256CBBACE}"

[HKCR\Interface\{785D6664-1398-4E4F-ACBD-E18946ED3CFD}]
"(Default)" = "_DVideoCoderXEvents"

[HKCR\Wow6432Node\CLSID\{0E8454F2-3644-483F-999E-C096A5F791BA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Wow6432Node\CLSID\{0E8454F2-3644-483F-999E-C096A5F791BA}\ToolboxBitmap32]
"(Default)" = "C:\PROGRA~2\FREEVI~1\VIDEOC~1.OCX, 1"

[HKCR\Wow6432Node\CLSID\{0E8454F2-3644-483F-999E-C096A5F791BA}\MiscStatus\1]
"(Default)" = "132497"

[HKCR\Wow6432Node\Interface\{BEF2B5BE-0309-4A25-8A15-E03B0F7E2D20}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\Interface\{785D6664-1398-4E4F-ACBD-E18946ED3CFD}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\Interface\{BEF2B5BE-0309-4A25-8A15-E03B0F7E2D20}\TypeLib]
"(Default)" = "{5E4808EE-1902-4F77-AB2E-6B0256CBBACE}"

[HKCR\TypeLib\{5E4808EE-1902-4F77-AB2E-6B0256CBBACE}\1.0\HELPDIR]
"(Default)" = ""

[HKCR\Wow6432Node\CLSID\{1628FAFE-8E21-46A0-8742-2E0ADEB84AA7}\InprocServer32]
"(Default)" = "C:\PROGRA~2\FREEVI~1\VIDEOC~1.OCX"

[HKCR\VIDEOCODERX.VideoCoderXCtrl.1]
"(Default)" = "VideoCoderX Control"

[HKCR\VIDEOCODERX.VideoCoderXCtrl.1\CLSID]
"(Default)" = "{0E8454F2-3644-483F-999E-C096A5F791BA}"

[HKCR\Interface\{BEF2B5BE-0309-4A25-8A15-E03B0F7E2D20}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\CLSID\{1628FAFE-8E21-46A0-8742-2E0ADEB84AA7}]
"(Default)" = "VideoCoderX Property Page"

[HKCR\Wow6432Node\CLSID\{0E8454F2-3644-483F-999E-C096A5F791BA}\TypeLib]
"(Default)" = "{5E4808EE-1902-4F77-AB2E-6B0256CBBACE}"

[HKCR\Interface\{BEF2B5BE-0309-4A25-8A15-E03B0F7E2D20}]
"(Default)" = "_DVideoCoderX"

[HKCR\Interface\{BEF2B5BE-0309-4A25-8A15-E03B0F7E2D20}\TypeLib]
"(Default)" = "{5E4808EE-1902-4F77-AB2E-6B0256CBBACE}"

[HKCR\Wow6432Node\Interface\{785D6664-1398-4E4F-ACBD-E18946ED3CFD}\TypeLib]
"(Default)" = "{5E4808EE-1902-4F77-AB2E-6B0256CBBACE}"

[HKCR\Wow6432Node\CLSID\{0E8454F2-3644-483F-999E-C096A5F791BA}]
"(Default)" = "VideoCoderX Control"

[HKCR\Wow6432Node\CLSID\{0E8454F2-3644-483F-999E-C096A5F791BA}\ProgID]
"(Default)" = "VIDEOCODERX.VideoCoderXCtrl.1"

[HKCR\Wow6432Node\CLSID\{0E8454F2-3644-483F-999E-C096A5F791BA}\MiscStatus]
"(Default)" = "0"

[HKCR\Wow6432Node\CLSID\{0E8454F2-3644-483F-999E-C096A5F791BA}\Control]
"(Default)" = ""

[HKCR\TypeLib\{5E4808EE-1902-4F77-AB2E-6B0256CBBACE}\1.0]
"(Default)" = "Module de contrôle ActiveX VideoCoderX"

[HKCR\TypeLib\{5E4808EE-1902-4F77-AB2E-6B0256CBBACE}\1.0\FLAGS]
"(Default)" = "2"

[HKCR\Wow6432Node\Interface\{785D6664-1398-4E4F-ACBD-E18946ED3CFD}]
"(Default)" = "_DVideoCoderXEvents"

[HKCR\Interface\{785D6664-1398-4E4F-ACBD-E18946ED3CFD}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\Interface\{BEF2B5BE-0309-4A25-8A15-E03B0F7E2D20}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\Interface\{785D6664-1398-4E4F-ACBD-E18946ED3CFD}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\CLSID\{0E8454F2-3644-483F-999E-C096A5F791BA}\Version]
"(Default)" = "1.0"

[HKCR\Interface\{BEF2B5BE-0309-4A25-8A15-E03B0F7E2D20}\TypeLib]
"Version" = "1.0"

The process regsvr32.exe:1564 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{99079a25-328f-4bd4-be04-00955acaa0a7}" = "Searchqu Toolbar"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
"(Default)" = "Searchqu Toolbar"

[HKCR\Wow6432Node\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}]
"(Default)" = "Searchqu Toolbar"

[HKCR\Wow6432Node\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\InprocServer32]
"(Default)" = "C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll"
"ThreadingModel" = "Apartment"

The process SetupDataMngr_Searchqu.exe:2272 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Files\Homepage]
"ID" = "ffhmp"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Files\SelectedSearch]
"Name" = "FFDefaultScope"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar]
"Path" = "%Program Files% (x86)\Searchqu Toolbar"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\List\Item2]
"Flag" = "259"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}]
"DisplayName" = "Search Results"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}]
"DisplayName" = "Search Results"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\List\Item2]
"Value" = "http://www.searchnu.com/414"

[HKLM\SOFTWARE\Wow6432Node\Datamngr]
"Version" = "4.1.0.3114"

[HKCU\Software\Microsoft\Internet Explorer\TabbedBrowsing]
"ShowTabsWelcome" = "0"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Chrome\Preferences\StartPages]
"ID" = "crsp"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Files\ChromeHomepage]
"DefaultValue" = """homepage"": """"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}]
"SuggestionsURL_JSON" = "http://www.searchqu.com/suggest.php?src=ieb&appid=0&systemid=414&qu={searchTerms}&ft=json"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Files\ChromeHomepage]
"Flag" = "307"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Chrome\FF]
"Flag" = "3"

[HKCU\Software\Microsoft\Internet Explorer\TabbedBrowsing]
"OpenInForeground" = "0"

[HKLM\SOFTWARE\Wow6432Node\Datamngr]
"StatsUrl" = "dm.mlstat.com/statistics/dm/wg.php"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs" = "1"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Files\UrlbarSearch]
"Flag" = "259"

[HKCU\Software\Microsoft\Internet Explorer\Main]
"Start Page" = "http://www.searchnu.com/414"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 4A 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\IEBHO]
"NEWTABURL" = "http://www.searchnu.com/414"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Files\SelectedSearch]
"Path" = ""

[HKLM\SOFTWARE\Wow6432Node\DataMngr\IEBHO]
"AddressBar" = "1"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Files\UrlbarSearch]
"Path" = ""

[HKLM\SOFTWARE\Wow6432Node\DataMngr\List\Item1]
"Flag" = "3"
"ID" = "ieb"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Files\SelectedSearch]
"Value" = "Search Results"

[HKLM\SOFTWARE\Wow6432Node\Datamngr]
"OldVersion" = ""

[HKLM\SOFTWARE\Wow6432Node\DataMngr\IEBHO]
"404Url" = "http://www.searchqu.com/web?src=404&appid=0&systemid=414&q="

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Chrome\Preferences]
"Path" = "%Program Files% (x86)\Google\Chrome\User Data\Default\Preferences"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\IEBHO]
"DNSError" = "1"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}]
"ShowSearchSuggestions" = "1"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\List\Item2]
"Window" = "#32770"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"10" = "10"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Chrome\Preferences\StartPages]
"Name" = "Chrome Start Page"
"Flag" = "259"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Files\SelectedSearch]
"Flag" = "68"
"MatchPattern" = "user_pref\(browser\.search\.selectedEngine, ([^]*)\);"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\List\Item1\Protected1]
"Flag" = "1"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Files\ChromeHomepage]
"InsertPattern" = "^\{(.*)\}$"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\List\Item3]
"Flag" = "55"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Chrome\DS]
"Value" = "Search Results"
"ID" = "crb"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Chrome\Preferences\NewTab]
"Flag" = "3"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar]
"Comments" = "Copyright (c) 2012"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs" = "C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Chrome\Preferences\Homepage]
"Path" = "homepage"

[HKCU\Software\Microsoft\Internet Explorer\TabbedBrowsing]
"NewTabPageShowActivities" = "1"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs" = "C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar]
"NoRepair" = "1"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\IEBHO]
"404Error" = "1"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}]
"SuggestionsURL_JSON" = "http://www.searchqu.com/suggest.php?src=ieb&appid=0&systemid=414&qu={searchTerms}&ft=json"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Chrome\Preferences\StartPages]
"Path" = "session.urls_to_restore_on_startup"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}]
"ShowSearchSuggestions" = "1"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\IEBHO]
"DNSUrl" = "http://www.searchqu.com/web?src=derr&appid=0&systemid=414&q="

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}]
"Deleted" = "0"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN]
"FrameAuto" = "1"

[HKCU\Software\Microsoft\Internet Explorer\TabbedBrowsing]
"NewTabPageShow" = "1"

[HKLM\SOFTWARE\Wow6432Node\Datamngr]
"UIPath" = "%Program Files% (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Chrome\Preferences\Homepage]
"Backup" = "backup.homepage"

[HKCU\Software\Microsoft\Internet Explorer\TabbedBrowsing]
"WarnOnClose" = "1"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Chrome\Preferences\StartPages]
"Value" = "http://www.searchnu.com/414"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]
"FrameAuto" = "1"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}]
"URL" = "http://dts.search-results.com/sr?src=ieb&appid=0&systemid=414&sr=0&q={searchTerms}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Chrome\DS]
"Journal" = "%Program Files% (x86)\Google\Chrome\User Data\Default\Web Data-journal"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"10" = "10"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar]
"VersionMajor" = "4"

[HKLM\SOFTWARE\Wow6432Node\Datamngr]
"Path" = "%Program Files% (x86)\Searchqu Toolbar\Datamngr"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Chrome\Preferences\Homepage]
"Flag" = "257"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\List\Item1\Protected3]
"ProtectedId" = "7E 15 A1 99 02 9B F5 40 9B 2D 98 DA 65 8D AB 15"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar]
"NoModify" = "1"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Chrome\DS]
"Path" = "%Program Files% (x86)\Google\Chrome\User Data\Default\Web Data"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\List\Item4]
"Name" = "FrameAuto"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

[HKLM\SOFTWARE\Wow6432Node\Datamngr]
"ShortDllPath64" = "C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar]
"VersionMinor" = "1"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Chrome\Preferences\StartPages]
"Backup" = "backup.session.urls_to_restore_on_startup"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}]
"URL" = "http://dts.search-results.com/sr?src=ieb&appid=0&systemid=414&sr=0&q={searchTerms}"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Chrome\FF]
"Path" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions.sqlite"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Chrome\DS]
"Flag" = "1"

[HKCU\Software\Microsoft\Internet Explorer\TabbedBrowsing]
"QuickTabsThreshold" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Internet Explorer\TabbedBrowsing]
"Enabled" = "1"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\List\Item2]
"key" = "SOFTWARE\Microsoft\Internet Explorer\Main"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\List\Item1\Protected2]
"ProtectedId" = "ED 7A 33 5D BC 05 E8 4E 87 85 0C 11 3F 07 2E BD"

[HKCU\Software\Microsoft\Internet Explorer\TabbedBrowsing]
"ShortcutBehavior" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "08 B8 25 62 0D 77 D0 01"

[HKCU\Software\Microsoft\Internet Explorer\TabbedBrowsing]
"UseHomepageForNewTab" = "1"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Files\ChromeHomepage]
"Value" = "http://www.searchnu.com/414"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\List\Item3]
"Name" = "FrameAuto"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\IEBHO]
"SearchUrl" = "http://dts.search-results.com/sr?src=ieb&appid=0&systemid=414&q="

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Files\UrlbarSearch]
"ID" = "ffb"

[HKLM\SOFTWARE\Wow6432Node\Datamngr]
"sysid" = "414"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Files\Homepage]
"Name" = "FFStart Page"
"DefaultValue" = "user_pref(browser.startup.homepage, $(Value));"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\List\Item1\Protected1]
"Value" = "4294967295"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar]
"Contact" = "Bandoo Media, Inc"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\List\Item3]
"Value" = "1"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\List\Item1\Protected1]
"ProtectedId" = "A3 3F 29 69 E0 07 AE 43 AB C9 B5 75 93 28 E5 09"

[HKLM\SOFTWARE\Wow6432Node\Datamngr]
"UpdateSite" = "dm.mlstat.com/update/dm/wg.php"

[HKCU\Software\Microsoft\Internet Explorer\TabbedBrowsing]
"Groups" = "1"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}]
"SuggestionsURL_JSON" = "http://www.searchqu.com/suggest.php?src=ieb&appid=0&systemid=414&qu={searchTerms}&ft=json"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\List\Item2]
"Name" = "Start Page"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Files\Homepage]
"Path" = ""

[HKCU\Software\Microsoft\Internet Explorer\TabbedBrowsing]
"OpenAllHomePages" = "1"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Chrome\Preferences\Homepage]
"ID" = "crhp"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar]
"UninstallString" = "%Program Files% (x86)\Searchqu Toolbar\uninstall.exe"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Files\ChromeHomepage]
"Name" = "Chrome Homepage"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}]
"Deleted" = "0"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Files\ChromeHomepage]
"MatchPattern" = """homepage"": ""([^""]*)""

[HKLM\SOFTWARE\Wow6432Node\DataMngr\IEBHO]
"newTab" = "0"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar]
"RunDName" = "%Program Files% (x86)\Searchqu Toolbar\Datamngr\installhelper.dll"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\List\Item4]
"key" = "SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main"

[HKLM\SOFTWARE\Wow6432Node\Datamngr]
"DLLPath" = "%Program Files% (x86)\Searchqu Toolbar\Datamngr\datamngr.dll"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope" = "{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\List\Item4]
"Value" = "1"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Files\UrlbarSearch]
"Name" = "FFUrlbar search"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\List\Item1]
"Value" = "{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Files\UrlbarSearch]
"MatchPattern" = "user_pref\(keyword\.url, ([^]*)\);"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Files\ChromeHomepage]
"Path" = "%Program Files% (x86)\Google\Chrome\User Data\Default\Preferences"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Files\Homepage]
"MatchPattern" = "user_pref\(browser\.startup\.homepage, ([^]*)\);"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope" = "{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Files\UrlbarSearch]
"Value" = "http://dts.search-results.com/sr?src=ffb&appid=0&systemid=414&sr=0&q="
"DefaultValue" = "user_pref(keyword.URL, $(Value));"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Chrome\Preferences\Homepage]
"Value" = "http://www.searchnu.com/414"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}]
"URL" = "http://dts.search-results.com/sr?src=ieb&appid=0&systemid=414&sr=0&q={searchTerms}"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Files\SelectedSearch]
"ID" = "ffb"
"AltMatchPattern" = "user_pref\(browser\.search\.defaultenginename, ([^]*)\);"
"DefaultValue" = "user_pref(browser.search.selectedEngine, $(Value));"

[HKCU\Software\Microsoft\Internet Explorer\TabbedBrowsing]
"NewTabPageShowClosedTabs" = "1"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Chrome\Preferences\NewTab]
"Name" = "Chrome New Tab"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\List\Item4]
"Flag" = "55"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar]
"Publisher" = "Bandoo Media Inc"

[HKLM\SOFTWARE\Wow6432Node\SearchquMediabarTb]
"Folder" = "%Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}]
"DisplayName" = "Search Results"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar]
"DisplayVersion" = "4.1.0.3114"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Toolbar]
"Flag" = "1"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}]
"ShowSearchSuggestions" = "1"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Chrome\FF]
"Journal" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions.sqlite-journal"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Chrome\Preferences\Homepage]
"Name" = "Chrome Homepage"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\List\Item1]
"Name" = "DefaultScope"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Chrome\Preferences\NewTab]
"Path" = "extensions.chrome_url_overrides.newtab"
"ID" = "crnt"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar]
"DisplayName" = "Searchqu Toolbar"

[HKLM\SOFTWARE\Wow6432Node\Datamngr]
"ShortDllPath" = "C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Files\Homepage]
"Value" = "http://www.searchnu.com/414"
"Flag" = "259"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope" = "{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Files\ChromeHomepage]
"ID" = "crhp"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Chrome\FF]
"ID" = "{1FD91A9C-410C-4090-BBCC-55D3450EF433}"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\List\Item1]
"Window" = "#32770"
"key" = "Software\Microsoft\Internet Explorer\SearchScopes"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\IEBHO\RelatedSearch]
"Enabled" = "0"

[HKCU\Software\Microsoft\Internet Explorer\TabbedBrowsing]
"PopupsUseNewWindow" = "1"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\List\Item2]
"ID" = "hmp"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\IEBHO\RelatedSearch]
"URL" = "http://dts.search-results.com/related.html"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs" = "1"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Chrome\FF]
"Value" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKLM\SOFTWARE\Wow6432Node\Datamngr]
"Folder" = "%Program Files% (x86)\Searchqu Toolbar"

[HKLM\SOFTWARE\Wow6432Node\DataMngr\List\Item3]
"key" = "SOFTWARE\Microsoft\Internet Explorer\Main"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar]
"DisplayIcon" = "%Program Files% (x86)\Searchqu Toolbar\uninstall.exe"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}]
"Deleted" = "0"

To automatically run itself each time Windows is booted, the Malware adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DATAMNGR" = "C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following registry key(s):

[HKCU\Software\Microsoft\Internet Explorer\User Preferences]

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The Malware disables automatic startup of the application by deleting the following autorun value:

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"removeSearchqudatamngr"

"removeSearchqutoolbar"

The process rundll32.exe:1160 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Wow6432Node\DataMngr\Chrome\Preferences\NewTab]
"Value" = "chrome-extension://bmapjpndbiamjgnblnlpghpbjccijkbc/config/skin/new-tab.html"

The process rundll32.exe:956 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Internet Explorer\Approved Extensions]
"{9D717F81-9148-4F12-8568-69135F087DB0}" = "51 66 7A 6C 4C 1D 3B 1B 91 63 6B 81 77 C2 7F 02"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4f12-8568-69135F087DB0},]
"Flags" = "1024"

The process Brand.tmp:2492 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Free Video Converter_is1]
"URLUpdateInfo" = "http://www.koyotesoft.com/indexEn.html"
"DisplayVersion" = "3.1.0.0"
"Inno Setup: Icon Group" = "Free Video Converter"
"InstallLocation" = "%Program Files% (x86)\Free Video Converter\"
"Inno Setup: User" = "%CurrentUserName%"
"Publisher" = "Koyote Soft"
"Inno Setup: App Path" = "%Program Files% (x86)\Free Video Converter"
"NoRepair" = "1"
"Inno Setup: Setup Version" = "5.3.9 (a)"
"NoModify" = "1"
"InstallDate" = "20150415"
"URLInfoAbout" = "http://www.koyotesoft.com/indexEn.html"
"HelpLink" = "http://www.koyotesoft.com/indexEn.html"
"DisplayName" = "Free Video Converter V 3.1"
"MinorVersion" = "1"
"Inno Setup: Language" = "en"
"QuietUninstallString" = "%Program Files% (x86)\Free Video Converter\unins000.exe /SILENT"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs\%Program Files% (x86)\Free Video Converter]
"VideoCoderX.ocx" = "1"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Free Video Converter_is1]
"EstimatedSize" = "11004"
"Inno Setup: Deselected Tasks" = ""
"UninstallString" = "%Program Files% (x86)\Free Video Converter\unins000.exe"
"Inno Setup: Selected Tasks" = "desktopicon,quicklaunchicon"
"MajorVersion" = "3"

Dropped PE files

MD5 File path
f4e7ca5d8ef1160491c3a6c7c6955875 c:\Program Files (x86)\Free Video Converter\AxInterop.VideoCoderXLib.dll
f8b91b40d1a3a570e7b8e1552f9e07ff c:\Program Files (x86)\Free Video Converter\FreeVideoConverter.exe
f18055ac422627e9d7101ec8fb79c874 c:\Program Files (x86)\Free Video Converter\Interop.VideoCoderXLib.dll
5961b2225ff850315b610396a1448d9f c:\Program Files (x86)\Free Video Converter\MediaInfo.dll
755242aa2daa6ad888e94b21dcaf0449 c:\Program Files (x86)\Free Video Converter\SDL.dll
fec0325854885371241099ecb0ee3b5a c:\Program Files (x86)\Free Video Converter\VideoCoderX.ocx
85f8e770a2dc927ee58a8483d5d56ebb c:\Program Files (x86)\Free Video Converter\avcodec-52.dll
4c0c59c7d664eda60a87f78ad1b8582d c:\Program Files (x86)\Free Video Converter\avformat-52.dll
3551606496d0a16934f23891f65f4eeb c:\Program Files (x86)\Free Video Converter\avutil-50.dll
cb09a8183cfa927ef4f43a346f09c1c4 c:\Program Files (x86)\Free Video Converter\swscale-0.dll
506a84f73ada9b021bf3ffaf3e930ce1 c:\Program Files (x86)\Free Video Converter\unins000.exe
e3abc47a65196757fa54d027f9977c89 c:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll
876d94bdf0943a4042e5226b7eb70894 c:\Program Files (x86)\Searchqu Toolbar\Datamngr\DnsBHO.dll
3309125f94707c83172bcd1dba237114 c:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF10.dll
0970118a25eabeaacbf0ab650b09a847 c:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF11.dll
3dd72273e3fa71dfbace311212f2dfbb c:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF12.dll
c2cea26dcf5b44a825275da7c65f7ed7 c:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF13.dll
1e3b11a1bd479cfae069a5c45f6638ee c:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF14.dll
d4e2a1cb709c9b83539360cb1d856c07 c:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF15.dll
8e38d2f3a6a4dc96d50f879eee2d4211 c:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll
aba210539acf4921857b49273b73062f c:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF4.dll
0ebd40d137ff1b9f7143a7fa184706b3 c:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF5.dll
8814abac6761239325feab257afee3e6 c:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF6.dll
4086b52fc8fcf04b1daa180aefd4db5d c:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF7.dll
f287f9dc46306a7747f27740f46d355b c:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF8.dll
032589d283661285b8934fd98f8b6f9a c:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF9.dll
683f04dcc2f8a299732c1e532b4f1c33 c:\Program Files (x86)\Searchqu Toolbar\Datamngr\IEBHO.dll
d1c94dad812c9f79be069a86efd315ae c:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe
39ecb144372b2ed7b1b91a1e63d3f275 c:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll
ad14e447f7ced4ca987b91b379eaf952 c:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll
455e0c19d7e9c6179a08a6468e6d9c80 c:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\uninstall.exe
701de10a1390d1d67b3432491867b2b1 c:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngr.dll
1b34bb332729a9b288da14ce5ea5149f c:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe
46baa11b87c127ad9386d91e844c7351 c:\Program Files (x86)\Searchqu Toolbar\Datamngr\installhelper.dll
9ddd6db2fbfada3fdf1e970f6c3dc8a0 c:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll
6e378fe605de0b7a8fccdea513a9be83 c:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\DnsBHO.dll
5695cbef416e0ad63473dc98a7ad4ac7 c:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll
0788795b2d82690a19691655faef7570 c:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll
63b9a42697750e181d1b61d7f8325b69 c:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngrUI.exe
98766930e54872e6b7b6b2f815ca0bea c:\Program Files (x86)\Searchqu Toolbar\uninstall.exe
4d2c465509d6db187d0677a5d55a5218 c:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\FreeVideoConverterSetup-r0-n-bi[1].exe
72412b526bcc716382e62b7939dcfd8f c:\Users\"%CurrentUserName%"\AppData\Local\Temp\SRAssetsHelper.dll
2ab28e5fd0525dbccb392036af3ed9aa c:\Users\"%CurrentUserName%"\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
46baa11b87c127ad9386d91e844c7351 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\installhelper.dll
0d422e0c03a7d9428c6c02175d7dc9f8 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyA3FE.tmp\UAC.dll
9232d0e2a87b415869b128b2e7dc7953 c:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency.dll
761c53e00e6c1b64ec628be0f63fc86d c:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency3.5.dll
e9fcb8fcf9fe1c27f7eece9afe944fb8 c:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency3.6.dll

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name: Bandoo Media Inc
Product Name: Free Video Converter
Product Version: 1.0.0.123850
Legal Copyright: Copyright (c) 2011
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 1.0.0.0
File Description: Free Video Converter Install
Comments:
Language: Language Neutral

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 25152 25600 4.45121 1a752074fcd11165f6f148ea63ebe068
.rdata 32768 6346 6656 3.38143 7eb0899a4b6211f8bc545228417d92ad
.data 40960 419452 512 0.94179 b0b1d7c362f8cc76541b7fce5014e602
.ndata 462848 1576960 0 0 d41d8cd98f00b204e9800998ecf8427e
.rsrc 2039808 20336 20480 2.73437 7abd630dadec4b26d8e0f65988d8a905

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL IP
hxxp://download.koyotesoft.com/Stubs/FreeVideoConverter/001/FreeVideoConverter_stub.exe 94.31.0.25
hxxp://download.koyotesoft.com/SearchSuite/002/SetupDataMngr_Searchqu.exe 94.31.0.25
hxxp://www.mlstat.com/statistics/koyote/install.php?systemid=414&os=6.1&is64=1&ver=1.0.0.123850&type=New&appid=0&userHome=Yes&userToolbar=Yes 94.31.0.52
hxxp://search.vmn.net/newtab/geoip.php 69.50.138.116
hxxp://dm.mlstat.com/statistics/dm/install.php 94.31.0.53
hxxp://www.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New 94.31.0.55
hxxp://www.koyotesoft.com/styles/default/main.css 94.31.0.55
hxxp://www.koyotesoft.com/styles/default/inner.css 94.31.0.55
hxxp://pagead.l.doubleclick.net/pagead/conversion.js
hxxp://s7.addthis.com.cdn.cloudflare.net/js/250/addthis_widget.js 104.16.24.194
hxxp://www.koyotesoft.com/styles/default/product-info.css 94.31.0.55
hxxp://www.koyotesoft.com/js/default/main.js 94.31.0.55
hxxp://www.koyotesoft.com/styles/default/free-audio-video-software-home.gif 94.31.0.55
hxxp://www.koyotesoft.com/styles/default/small-box-free-mp3-wma-converter.png 94.31.0.55
hxxp://www.koyotesoft.com/styles/default/small-box-free-easy-cd-dvd-burner.png 94.31.0.55
hxxp://www-google-analytics.l.google.com/ga.js
hxxp://www.koyotesoft.com/styles/default/background.gif 94.31.0.55
hxxp://www.searchnu.com/sac.php?id=0&dlanc=1 94.31.0.60
hxxp://platform-eb.twitter.com/widgets.js
hxxp://www.koyotesoft.com/styles/default/thumbsup.gif 94.31.0.55
hxxp://www.koyotesoft.com/styles/default/top-header.jpg 94.31.0.55
hxxp://pagead.l.doubleclick.net/pagead/conversion/960689598/?random=1429055268169&cv=7&fst=1429055268169&num=1&fmt=3&label=39a2CIrd2gkQvuuLygM&bg=ffffff&hl=en&guid=ON&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://www.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1
hxxp://www.koyotesoft.com/styles/default/sprites.gif 94.31.0.55
hxxp://plus.l.google.com/js/plusone.js
hxxp://pagead.l.doubleclick.net/pagead/conversion/1050435832/?random=1429055268248&cv=7&fst=1429055268169&num=5&fmt=3&value=0&label=cHYlCKLXwwUQ-MHx9AM&bg=ffffff&hl=en&guid=ON&eid=317150502&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://www.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1
hxxp://pagead.l.doubleclick.net/pagead/viewthroughconversion/1006373716/?random=1429055268177&cv=7&fst=1429055268169&num=2&fmt=1&label=RZXuCLy__AcQ1Jbw3wM&guid=ON&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://www.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1
hxxp://pagead.l.doubleclick.net/pagead/viewthroughconversion/960689598/?random=1684655829&cv=7&fst=1429055268169&num=1&fmt=3&label=39a2CIrd2gkQvuuLygM&bg=ffffff&hl=en&guid=ON&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://www.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&convclickts=0&ocp_id=JKctVb72C4P-8QPuuIFI
hxxp://pagead.l.doubleclick.net/pagead/viewthroughconversion/1058190622/?random=1429055268192&cv=7&fst=1429055268169&num=3&fmt=1&label=CtURCILbwwUQnurK-AM&guid=ON&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://www.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1
hxxp://pagead.l.doubleclick.net/pagead/viewthroughconversion/955861747/?random=1429055268244&cv=7&fst=1429055268169&num=4&fmt=1&label=XPluCIWZjgYQ85XlxwM&guid=ON&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://www.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1
hxxp://e3821.dspe1.akamaiedge.net/en_US/all.js
hxxp://pagead.l.doubleclick.net/pagead/conversion/1050435832/?random=1429055268248&cv=7&fst=1429055268169&num=5&fmt=4&adtest=on&value=0&label=cHYlCKLXwwUQ-MHx9AM&bg=ffffff&hl=en&guid=ON&eid=317150502&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://www.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1
hxxp://pagead.l.doubleclick.net/pagead/viewthroughconversion/1050435832/?random=693854266&cv=7&fst=1429055268169&num=5&fmt=3&value=0&label=cHYlCKLXwwUQ-MHx9AM&bg=ffffff&hl=en&guid=ON&eid=317150502&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://www.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&convclickts=0&ocp_id=JKctVaGwEIyx8wOmpoCoAw
hxxp://pagead.l.doubleclick.net/pagead/viewthroughconversion/1050435832/?random=1644799996&cv=7&fst=1429055268169&num=5&fmt=3&adtest=on&value=0&label=cHYlCKLXwwUQ-MHx9AM&bg=ffffff&hl=en&guid=ON&eid=317150502&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://www.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&convclickts=0&ocp_id=JKctVevvEYL-8AOkyoHoBw
hxxp://pagead.l.doubleclick.net/pagead/viewthroughconversion/1070618923/?random=1429055268353&cv=7&fst=1429055268169&num=6&fmt=1&label=a1scCPGJggcQq7LB_gM&guid=ON&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://www.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1
hxxp://pagead.l.doubleclick.net/pagead/conversion/992395230/?random=1429055268394&cv=7&fst=1429055268169&num=7&fmt=3&value=0&label=GI3TCMK0ywQQ3v-a2QM&bg=ffffff&hl=en&guid=ON&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://www.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1
hxxp://www.google.com/ads/conversion/1050435832/?random=693854266&cv=7&fst=1429055268169&num=5&fmt=3&value=0&label=cHYlCKLXwwUQ-MHx9AM&bg=ffffff&hl=en&guid=ON&eid=317150502&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://www.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&cdct=2&convclickts=0&ocp_id=JKctVaGwEIyx8wOmpoCoAw&random=1053631945 173.194.113.210
hxxp://www.google.com/ads/conversion/960689598/?random=1684655829&cv=7&fst=1429055268169&num=1&fmt=3&label=39a2CIrd2gkQvuuLygM&bg=ffffff&hl=en&guid=ON&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://www.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&cdct=2&convclickts=0&ocp_id=JKctVb72C4P-8QPuuIFI&random=533510730 173.194.113.210
hxxp://www.google.com/ads/user-lists/955861747/?label=XPluCIWZjgYQ85XlxwM&fmt=1&num=4&cv=7&frm=0&url=http://www.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&random=1818266846 173.194.113.210
hxxp://www.google.com/ads/user-lists/1058190622/?label=CtURCILbwwUQnurK-AM&fmt=1&num=3&cv=7&frm=0&url=http://www.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&random=1164428424 173.194.113.210
hxxp://www.google.com/ads/user-lists/1006373716/?label=RZXuCLy__AcQ1Jbw3wM&fmt=1&num=2&cv=7&frm=0&url=http://www.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&random=2748859103 173.194.113.210
hxxp://pagead.l.doubleclick.net/pagead/viewthroughconversion/992395230/?random=1820824389&cv=7&fst=1429055268169&num=7&fmt=3&value=0&label=GI3TCMK0ywQQ3v-a2QM&bg=ffffff&hl=en&guid=ON&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://www.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&convclickts=0&ocp_id=JKctVdScGYSL8wPWlYCYDw
hxxp://www.google.com/ads/conversion/1050435832/?random=1644799996&cv=7&fst=1429055268169&num=5&fmt=3&adtest=on&value=0&label=cHYlCKLXwwUQ-MHx9AM&bg=ffffff&hl=en&guid=ON&eid=317150502&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://www.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&cdct=2&convclickts=0&ocp_id=JKctVevvEYL-8AOkyoHoBw&random=1106911834 173.194.113.210
hxxp://www.google.com/ads/user-lists/1070618923/?label=a1scCPGJggcQq7LB_gM&fmt=1&num=6&cv=7&frm=0&url=http://www.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&random=1797623072 173.194.113.210
hxxp://www.google.com/ads/conversion/992395230/?random=1820824389&cv=7&fst=1429055268169&num=7&fmt=3&value=0&label=GI3TCMK0ywQQ3v-a2QM&bg=ffffff&hl=en&guid=ON&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://www.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&cdct=2&convclickts=0&ocp_id=JKctVdScGYSL8wPWlYCYDw&random=553525008 173.194.113.210
hxxp://s7.addthis.com.cdn.cloudflare.net/static/sh.0a1bbbc8.html 104.16.24.194
hxxp://platform-eb.twitter.com/widgets/tweet_button.3a4bde0b5804628844cfe7c865ab1925.en.html
hxxp://www.google.com.ua/ads/conversion/1050435832/?random=693854266&cv=7&fst=1429055268169&num=5&fmt=3&value=0&label=cHYlCKLXwwUQ-MHx9AM&bg=ffffff&hl=en&guid=ON&eid=317150502&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://www.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&cdct=2&convclickts=0&ocp_id=JKctVaGwEIyx8wOmpoCoAw&random=1053631945&ipr=y 173.194.113.207
hxxp://www.google.com.ua/ads/user-lists/1006373716/?label=RZXuCLy__AcQ1Jbw3wM&fmt=1&num=2&cv=7&frm=0&url=http://www.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&random=2748859103&ipr=y 173.194.113.207
hxxp://www.google.com.ua/ads/user-lists/955861747/?label=XPluCIWZjgYQ85XlxwM&fmt=1&num=4&cv=7&frm=0&url=http://www.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&random=1818266846&ipr=y 173.194.113.207
hxxp://www.google.com.ua/ads/user-lists/1058190622/?label=CtURCILbwwUQnurK-AM&fmt=1&num=3&cv=7&frm=0&url=http://www.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&random=1164428424&ipr=y 173.194.113.207
hxxp://www.google.com.ua/ads/conversion/1050435832/?random=1644799996&cv=7&fst=1429055268169&num=5&fmt=3&adtest=on&value=0&label=cHYlCKLXwwUQ-MHx9AM&bg=ffffff&hl=en&guid=ON&eid=317150502&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://www.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&cdct=2&convclickts=0&ocp_id=JKctVevvEYL-8AOkyoHoBw&random=1106911834&ipr=y 173.194.113.207
hxxp://www.google.com.ua/ads/conversion/960689598/?random=1684655829&cv=7&fst=1429055268169&num=1&fmt=3&label=39a2CIrd2gkQvuuLygM&bg=ffffff&hl=en&guid=ON&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://www.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&cdct=2&convclickts=0&ocp_id=JKctVb72C4P-8QPuuIFI&random=533510730&ipr=y 173.194.113.207
hxxp://s7.addthis.com.cdn.cloudflare.net/static/menu.de4757db7c1fd78e7562.js 104.16.24.194
hxxp://s7.addthis.com.cdn.cloudflare.net/static/hi-res-css.bae0b8460868cf3675a8.js 104.16.24.194
hxxp://www.google.com.ua/ads/user-lists/1070618923/?label=a1scCPGJggcQq7LB_gM&fmt=1&num=6&cv=7&frm=0&url=http://www.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&random=1797623072&ipr=y 173.194.113.207
hxxp://s7.addthis.com.cdn.cloudflare.net/static/counter.971cced8b482342dda43.js 104.16.24.194
hxxp://www.google.com.ua/ads/conversion/992395230/?random=1820824389&cv=7&fst=1429055268169&num=7&fmt=3&value=0&label=GI3TCMK0ywQQ3v-a2QM&bg=ffffff&hl=en&guid=ON&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://www.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&cdct=2&convclickts=0&ocp_id=JKctVdScGYSL8wPWlYCYDw&random=553525008&ipr=y 173.194.113.207
hxxp://s7.addthis.com.cdn.cloudflare.net/js/300/addthis_widget.js 104.16.24.194
hxxp://platform-eb.twitter.com/widgets/hub.5e35c44edb867aec88b804135e0a46c4.html
hxxp://a749.dsw4.akamai.net/connect/xd_arbiter/6Dg4oLkBbYq.js?version=41
hxxp://cdn.syndication.twitter.com.tw.map.fastly.net/widgets/tweetbutton/count.json?url=http://www.koyotesoft.com&callback=__twttr.receiveCount 199.96.57.8
hxxp://s7.addthis.com.cdn.cloudflare.net/url/shares.json?url=http://www.koyotesoft.com&callback=_ate.cbs.sc_httpwwwkoyotesoftcom0 104.16.24.194
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?3cac9b9bb275f6a9
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?a4214b151cedb05d
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?8c90aedf65e77ddc
hxxp://www-google-analytics.l.google.com/r/__utm.gif?utmwv=5.6.4&utms=1&utmn=272591294&utmhn=www.koyotesoft.com&utmcs=utf-8&utmsr=1716x901&utmvp=1716x804&utmsc=24-bit&utmul=en-us&utmje=1&utmfl=-&utmdt=Thank you for installing our software&utmhid=1773240410&utmr=-&utmp=sysid%5B410%5D/install&utmht=1429055269103&utmac=UA-24880798-2&utmcc=__utma=76211983.1903611302.1429055269.1429055269.1429055269.1;+__utmz=76211983.1429055269.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmjid=1171696188&utmredir=1&utmmt=1&utmu=vACAAAAAAAAAAAAAAAAAAAAE~
hxxp://www-google-analytics.l.google.com/r/__utm.gif?utmwv=5.6.4&utms=2&utmn=84600210&utmhn=www.koyotesoft.com&utmcs=utf-8&utmsr=1716x901&utmvp=1716x804&utmsc=24-bit&utmul=en-us&utmje=1&utmfl=-&utmdt=Thank you for installing our software&utmhid=1773240410&utmr=-&utmp=Thank-You/view/sysid%5B410%5D/appid%5B0%5D/lng%5Ben%5D&utmht=1429055269115&utmac=UA-24880798-1&utmcc=__utma=76211983.1903611302.1429055269.1429055269.1429055269.1;+__utmz=76211983.1429055269.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmjid=468005008&utmredir=1&utmmt=1&utmu=vACAAAAAAAAAAAAAAAAAAAAE~
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?8eb48351c39e83b7
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?0ac1263c79154a8f
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?9e6b604af514559e
hxxp://m.addthisedge.com.cdn.cloudflare.net/live/red_lojson/300lo.json?zq29za&colc=1429055269069&si=552da724463b29c7&uid=552da72489ec3891&pub=ytdcs&rev=v1.1.2-wp&jsl=8352&ln=en&pc=men&vpc=&dp=www.koyotesoft.com&fp=thankyou.php&aa=0&of=0&uf=1&pd=0&irt=0&ct=1&tct=0&abt=0&lt=544&cdn=0&lnlc=US&whcs=1&tl=c=135,m=430,i=469,xm=991,xp=993&pi=1&&rb=0&gen=1000&gen=100&callback=_ate.track.hsr&uvs=552da72496aa85e6000&chr=utf-8&md=0&vcl=0 104.16.23.235
hxxp://a1294.w20.akamai.net/b?c1=7&c2=2000001&c3=1&rn=1owhpjj&c7=http://www.koyotesoft.com/thankyou.php&c8=Thank you for installing our software&cv=1.7
hxxp://m.addthisedge.com.cdn.cloudflare.net/live/t00/mu.gif?a=sc&r=1&err=1 104.16.23.235
hxxp://e6845.ce.akamaiedge.net/crls/secureca.crl
hxxp://cs9.wac.phicdn.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8=
hxxp://cs9.wac.phicdn.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEApfEU0DWxeRF9Lv1AOMPzs=
hxxp://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl 64.18.20.10
hxxp://cs9.wac.phicdn.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY+sl+j4yzQuAcL2oQno5fCgQUUWj/kK8CB3U8zNllZGKiErhZcjsCEAsUX59vUz7Ns8XhbIWWoEQ=
hxxp://cs9.wac.phicdn.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTtSK3dy3sA4g6EKqm0CfGsMDTPlgQUUOpzidsp+xCPnuUBINTeeZlIg/cCEAVZCGVlwVI+JFPBNWH01oo=
hxxp://e8218.ce.akamaiedge.net/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6dg==
hxxp://gs1.wac.v2cdn.net/baltimoreroot/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfACBAcnpGo=
hxxp://plus.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAhFdyHYrCjz
hxxp://www-google-analytics.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAhFdyHYrCjz
hxxp://plus.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCFFvJnCnmRtw
hxxp://a1158.b.akamai.net/MFUwUzBRME8wTTAJBgUrDgMCGgUABBS856ddZAq5lE7vDJmoUDW1u98SMAQU3WyAfLq1MhelhEFA8NIEZhMvqZACFGozgiJkrf5JafrJHx/pwJ6+De+O
hxxp://plus.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCGtwRpJBuewH
hxxp://www.koyotesoft.com/images/favicon.ico 94.31.0.55
hxxp://star.c10r.facebook.com/plugins/like.php?action=like&app_id=172525162793917&channel=http://static.ak.facebook.com/connect/xd_arbiter/6Dg4oLkBbYq.js?version=41#cb=f186b86fb4b33a2&domain=www.koyotesoft.com&origin=http%3A%2F%2Fwww.koyotesoft.com%2Ff205eaefed1fbcc&relation=parent.parent&container_width=0&font=arial&href=http://www.koyotesoft.com/&layout=button_count&locale=en_US&ref=.VS2nJFEkyzs.like&sdk=joey&send=false&show_faces=false&width=90
hxxp://www.public-trust.com/CRL/Omniroot2025.crl 64.18.20.10
hxxp://gs1.wac.v2cdn.net/PublicSureServerSV.crl
hxxp://www.koyotesoft.com/update/UpdateFVC.txt 94.31.0.55
hxxp://www.koyotesoft.com/appli/Setup_FreeVideoConverter.exe 94.31.0.55
hxxp://a1158.b.akamai.net/cdn/r/0/FreeVideoConverterSetup-r0-n-bi.exe
hxxp://a1363.dscg.akamai.net/pki/crl/products/microsoftrootcert.crl
hxxp://a1363.dscg.akamai.net/pki/crl/products/WinPCA.crl
hxxp://a1363.dscg.akamai.net/pki/crl/products/MicrosoftTimeStampPCA.crl
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9+WQCtWAQU1A1lP3q9NMb+R+dMDcC98t4Vq3ECECVRccvD8Qb29B4D63fPT+k=
hxxp://a749.dsw4.akamai.net/pki/crl/products/MicCodSigPCA_08-31-2010.crl
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD/yl6nWPkczAQUe1tFz6/Oy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS+zcBkvzl4=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9+WQCtWAQU1A1lP3q9NMb+R+dMDcC98t4Vq3ECEHrQLbdeduqNjPSk0cJZEik=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9+WQCtWAQU1A1lP3q9NMb+R+dMDcC98t4Vq3ECECweDf1SB/y6YiX2rmFYcGg=
hxxp://connect.facebook.net/en_US/all.js 23.209.239.139
hxxp://s7.addthis.com/static/sh.0a1bbbc8.html 104.16.24.194
hxxp://crl.omniroot.com/PublicSureServerSV.crl 93.184.220.20
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAhFdyHYrCjz 216.58.209.174
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?3cac9b9bb275f6a9 87.245.216.25
hxxp://vassg141.ocsp.omniroot.com/MFUwUzBRME8wTTAJBgUrDgMCGgUABBS856ddZAq5lE7vDJmoUDW1u98SMAQU3WyAfLq1MhelhEFA8NIEZhMvqZACFGozgiJkrf5JafrJHx/pwJ6+De+O 87.245.216.35
hxxp://www.googleadservices.com/pagead/conversion/1050435832/?random=1429055268248&cv=7&fst=1429055268169&num=5&fmt=3&value=0&label=cHYlCKLXwwUQ-MHx9AM&bg=ffffff&hl=en&guid=ON&eid=317150502&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://www.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1 216.58.209.162
hxxp://platform.twitter.com/widgets/hub.5e35c44edb867aec88b804135e0a46c4.html 199.96.57.6
hxxp://www.google-analytics.com/ga.js 216.58.209.174
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?0ac1263c79154a8f 87.245.216.25
hxxp://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9+WQCtWAQU1A1lP3q9NMb+R+dMDcC98t4Vq3ECECVRccvD8Qb29B4D63fPT+k= 23.51.123.27
hxxp://s7.addthis.com/static/menu.de4757db7c1fd78e7562.js 104.16.24.194
hxxp://www.google-analytics.com/r/__utm.gif?utmwv=5.6.4&utms=2&utmn=84600210&utmhn=www.koyotesoft.com&utmcs=utf-8&utmsr=1716x901&utmvp=1716x804&utmsc=24-bit&utmul=en-us&utmje=1&utmfl=-&utmdt=Thank you for installing our software&utmhid=1773240410&utmr=-&utmp=Thank-You/view/sysid%5B410%5D/appid%5B0%5D/lng%5Ben%5D&utmht=1429055269115&utmac=UA-24880798-1&utmcc=__utma=76211983.1903611302.1429055269.1429055269.1429055269.1;+__utmz=76211983.1429055269.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmjid=468005008&utmredir=1&utmmt=1&utmu=vACAAAAAAAAAAAAAAAAAAAAE~ 216.58.209.174
hxxp://s7.addthis.com/js/300/addthis_widget.js 104.16.24.194
hxxp://googleads.g.doubleclick.net/pagead/viewthroughconversion/960689598/?random=1684655829&cv=7&fst=1429055268169&num=1&fmt=3&label=39a2CIrd2gkQvuuLygM&bg=ffffff&hl=en&guid=ON&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://www.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&convclickts=0&ocp_id=JKctVb72C4P-8QPuuIFI 216.58.209.162
hxxp://platform.twitter.com/widgets.js 199.96.57.6
hxxp://b.scorecardresearch.com/b?c1=7&c2=2000001&c3=1&rn=1owhpjj&c7=http://www.koyotesoft.com/thankyou.php&c8=Thank you for installing our software&cv=1.7 87.245.216.16
hxxp://www.googleadservices.com/pagead/conversion/960689598/?random=1429055268169&cv=7&fst=1429055268169&num=1&fmt=3&label=39a2CIrd2gkQvuuLygM&bg=ffffff&hl=en&guid=ON&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://www.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1 216.58.209.162
hxxp://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY+sl+j4yzQuAcL2oQno5fCgQUUWj/kK8CB3U8zNllZGKiErhZcjsCEAsUX59vUz7Ns8XhbIWWoEQ= 93.184.220.29
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?8c90aedf65e77ddc 87.245.216.25
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCFFvJnCnmRtw 216.58.209.174
hxxp://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8= 93.184.220.29
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8= 23.51.123.27
hxxp://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEApfEU0DWxeRF9Lv1AOMPzs= 93.184.220.29
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?9e6b604af514559e 87.245.216.25
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?a4214b151cedb05d 87.245.216.25
hxxp://googleads.g.doubleclick.net/pagead/viewthroughconversion/955861747/?random=1429055268244&cv=7&fst=1429055268169&num=4&fmt=1&label=XPluCIWZjgYQ85XlxwM&guid=ON&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://www.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1 216.58.209.162
hxxp://googleads.g.doubleclick.net/pagead/viewthroughconversion/1050435832/?random=693854266&cv=7&fst=1429055268169&num=5&fmt=3&value=0&label=cHYlCKLXwwUQ-MHx9AM&bg=ffffff&hl=en&guid=ON&eid=317150502&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://www.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&convclickts=0&ocp_id=JKctVaGwEIyx8wOmpoCoAw 216.58.209.162
hxxp://googleads.g.doubleclick.net/pagead/viewthroughconversion/1070618923/?random=1429055268353&cv=7&fst=1429055268169&num=6&fmt=1&label=a1scCPGJggcQq7LB_gM&guid=ON&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://www.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1 216.58.209.162
hxxp://download.cdn.koyotesoft.com/cdn/r/0/FreeVideoConverterSetup-r0-n-bi.exe 87.245.216.35
hxxp://s7.addthis.com/static/counter.971cced8b482342dda43.js 104.16.24.194
hxxp://ocsp.omniroot.com/baltimoreroot/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfACBAcnpGo= 93.184.220.20
hxxp://googleads.g.doubleclick.net/pagead/viewthroughconversion/1050435832/?random=1644799996&cv=7&fst=1429055268169&num=5&fmt=3&adtest=on&value=0&label=cHYlCKLXwwUQ-MHx9AM&bg=ffffff&hl=en&guid=ON&eid=317150502&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://www.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&convclickts=0&ocp_id=JKctVevvEYL-8AOkyoHoBw 216.58.209.162
hxxp://cdn.syndication.twitter.com/widgets/tweetbutton/count.json?url=http://www.koyotesoft.com&callback=__twttr.receiveCount 199.96.57.8
hxxp://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9+WQCtWAQU1A1lP3q9NMb+R+dMDcC98t4Vq3ECEHrQLbdeduqNjPSk0cJZEik= 23.51.123.27
hxxp://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl 87.245.216.57
hxxp://www.facebook.com/plugins/like.php?action=like&app_id=172525162793917&channel=http://static.ak.facebook.com/connect/xd_arbiter/6Dg4oLkBbYq.js?version=41#cb=f186b86fb4b33a2&domain=www.koyotesoft.com&origin=http%3A%2F%2Fwww.koyotesoft.com%2Ff205eaefed1fbcc&relation=parent.parent&container_width=0&font=arial&href=http://www.koyotesoft.com/&layout=button_count&locale=en_US&ref=.VS2nJFEkyzs.like&sdk=joey&send=false&show_faces=false&width=90 31.13.93.3
hxxp://s7.addthis.com/js/250/addthis_widget.js 104.16.24.194
hxxp://apis.google.com/js/plusone.js 216.58.209.206
hxxp://crl.geotrust.com/crls/secureca.crl 23.51.117.163
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= 23.51.123.27
hxxp://m.addthisedge.com/live/t00/mu.gif?a=sc&r=1&err=1 104.16.23.235
hxxp://www.googleadservices.com/pagead/conversion/992395230/?random=1429055268394&cv=7&fst=1429055268169&num=7&fmt=3&value=0&label=GI3TCMK0ywQQ3v-a2QM&bg=ffffff&hl=en&guid=ON&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://www.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1 216.58.209.162
hxxp://www.searchqu.com/sac.php?id=0&dlanc=1 94.31.0.60
hxxp://googleads.g.doubleclick.net/pagead/viewthroughconversion/992395230/?random=1820824389&cv=7&fst=1429055268169&num=7&fmt=3&value=0&label=GI3TCMK0ywQQ3v-a2QM&bg=ffffff&hl=en&guid=ON&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://www.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&convclickts=0&ocp_id=JKctVdScGYSL8wPWlYCYDw 216.58.209.162
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCGtwRpJBuewH 216.58.209.174
hxxp://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9+WQCtWAQU1A1lP3q9NMb+R+dMDcC98t4Vq3ECECweDf1SB/y6YiX2rmFYcGg= 23.51.123.27
hxxp://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTtSK3dy3sA4g6EKqm0CfGsMDTPlgQUUOpzidsp+xCPnuUBINTeeZlIg/cCEAVZCGVlwVI+JFPBNWH01oo= 93.184.220.29
hxxp://www.googleadservices.com/pagead/conversion/1050435832/?random=1429055268248&cv=7&fst=1429055268169&num=5&fmt=4&adtest=on&value=0&label=cHYlCKLXwwUQ-MHx9AM&bg=ffffff&hl=en&guid=ON&eid=317150502&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://www.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1 216.58.209.162
hxxp://m.addthis.com/live/red_lojson/300lo.json?zq29za&colc=1429055269069&si=552da724463b29c7&uid=552da72489ec3891&pub=ytdcs&rev=v1.1.2-wp&jsl=8352&ln=en&pc=men&vpc=&dp=www.koyotesoft.com&fp=thankyou.php&aa=0&of=0&uf=1&pd=0&irt=0&ct=1&tct=0&abt=0&lt=544&cdn=0&lnlc=US&whcs=1&tl=c=135,m=430,i=469,xm=991,xp=993&pi=1&&rb=0&gen=1000&gen=100&callback=_ate.track.hsr&uvs=552da72496aa85e6000&chr=utf-8&md=0&vcl=0 104.16.25.235
hxxp://googleads.g.doubleclick.net/pagead/viewthroughconversion/1058190622/?random=1429055268192&cv=7&fst=1429055268169&num=3&fmt=1&label=CtURCILbwwUQnurK-AM&guid=ON&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://www.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1 216.58.209.162
hxxp://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl 87.245.216.57
hxxp://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl 87.245.216.57
hxxp://cdp1.public-trust.com/CRL/Omniroot2025.crl 64.18.20.10
hxxp://platform.twitter.com/widgets/tweet_button.3a4bde0b5804628844cfe7c865ab1925.en.html 199.96.57.6
hxxp://www.googleadservices.com/pagead/conversion.js 216.58.209.162
hxxp://api-public.addthis.com/url/shares.json?url=http://www.koyotesoft.com&callback=_ate.cbs.sc_httpwwwkoyotesoftcom0 104.16.26.194
hxxp://crl.microsoft.com/pki/crl/products/WinPCA.crl 87.245.216.57
hxxp://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD/yl6nWPkczAQUe1tFz6/Oy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS+zcBkvzl4= 23.51.123.27
hxxp://s7.addthis.com/static/hi-res-css.bae0b8460868cf3675a8.js 104.16.24.194
hxxp://googleads.g.doubleclick.net/pagead/viewthroughconversion/1006373716/?random=1429055268177&cv=7&fst=1429055268169&num=2&fmt=1&label=RZXuCLy__AcQ1Jbw3wM&guid=ON&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://www.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1 216.58.209.162
hxxp://www.google-analytics.com/r/__utm.gif?utmwv=5.6.4&utms=1&utmn=272591294&utmhn=www.koyotesoft.com&utmcs=utf-8&utmsr=1716x901&utmvp=1716x804&utmsc=24-bit&utmul=en-us&utmje=1&utmfl=-&utmdt=Thank you for installing our software&utmhid=1773240410&utmr=-&utmp=sysid%5B410%5D/install&utmht=1429055269103&utmac=UA-24880798-2&utmcc=__utma=76211983.1903611302.1429055269.1429055269.1429055269.1;+__utmz=76211983.1429055269.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmjid=1171696188&utmredir=1&utmmt=1&utmu=vACAAAAAAAAAAAAAAAAAAAAE~ 216.58.209.174
hxxp://g.symcd.com/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6dg== 23.51.123.27
hxxp://static.ak.facebook.com/connect/xd_arbiter/6Dg4oLkBbYq.js?version=41 87.245.216.59
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?8eb48351c39e83b7 87.245.216.25
s-static.ak.facebook.com 23.209.226.110
fbstatic-a.akamaihd.net 87.245.216.24
oauth.googleusercontent.com 216.58.209.193
ssl.gstatic.com 216.58.209.195
fonts.gstatic.com 216.58.209.195
syndication.twitter.com 199.16.156.241
accounts.google.com 216.58.209.173


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

SURICATA UDPv4 invalid checksum
SURICATA IPv4 invalid checksum
ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected
ET TROJAN VMProtect Packed Binary Inbound via HTTP - Likely Hostile
ET TROJAN Suspicious User-Agent (NSIS_DOWNLOAD)
ET POLICY User-Agent (NSIS_Inetc (Mozilla)) - Sometimes used by hostile installers

Traffic

GET /ads/conversion/1050435832/?random=1644799996&cv=7&fst=1429055268169&num=5&fmt=3&adtest=on&value=0&label=cHYlCKLXwwUQ-MHx9AM&bg=ffffff&hl=en&guid=ON&eid=317150502&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&cdct=2&convclickts=0&ocp_id=JKctVevvEYL-8AOkyoHoBw&random=1106911834 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Cookie: NID=67=tACTmxJZuQBCoaBTncvhIAUD4cmxVyWHHn36O7o00UcFdLAdd5eLP3n3BPq_mzmehpSBYrOWYKsj3MrQESLBCMdQXw2xML6zZg3qisLaobo6HxP4k_TCeJW2HZEUvIrs
DNT: 1
Connection: Keep-Alive
Host: VVV.google.com


HTTP/1.1 302 Found
Location: hXXp://VVV.google.com.ua/ads/conversion/1050435832/?random=1644799996&cv=7&fst=1429055268169&num=5&fmt=3&adtest=on&value=0&label=cHYlCKLXwwUQ-MHx9AM&bg=ffffff&hl=en&guid=ON&eid=317150502&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&cdct=2&convclickts=0&ocp_id=JKctVevvEYL-8AOkyoHoBw&random=1106911834&ipr=y
Cache-Control: private, max-age=43200
Date: Tue, 14 Apr 2015 23:47:48 GMT
Expires: Tue, 14 Apr 2015 23:47:48 GMT
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: adclick_server
Content-Length: 834
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.5
<HTML><HEAD><meta http-equiv="content-type" content="te
xt/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HE
AD><BODY>.<H1>302 Moved</H1>.The document has mov
ed.<A HREF="hXXp://VVV.google.com.ua/ads/conversion/1050435832/?ran
dom=1644799996&cv=7&fst=1429055268169&num=5&fmt=3&
adtest=on&value=0&label=cHYlCKLXwwUQ-MHx9AM&bg=ffffff&
hl=en&guid=ON&eid=317150502&u_h=901&u_w=1716&u_ah=
857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true
&u_nplug=0&u_nmime=0&frm=0&url=http://VVV.koyotesoft
.com/thankyou.php?soft=11&systemid=414&appid=0&type=Ne
w&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&am
p;cdct=2&convclickts=0&ocp_id=JKctVevvEYL-8AOkyoHoBw&rando
m=1106911834&ipr=y">here</A>...</BODY></HTML>
....
<<< skipped >>>


GET /PublicSureServerSV.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.omniroot.com


HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=864000
Content-Type: application/x-pkcs7-crl
Date: Tue, 14 Apr 2015 23:47:52 GMT
Etag: "2b0023-48144-3c8fdc0"
Expires: Fri, 24 Apr 2015 23:47:52 GMT
Last-Modified: Tue, 14 Apr 2015 22:47:27 GMT
Server: ECS (frf/87C8)
X-Cache: HIT
X-Cnection: close
Content-Length: 295236
0...?0...&...0...*.H........0F1.0...U....Cybertrust Inc1 0)..U..."Cybe
rtrust Public SureServer SV CA..150414223352Z..150424223352Z0...w0....
..... .Lz...101018164835Z0.........,.)5...101116173409Z0.........,U..I
..101116165848Z0.........,U./...101116173007Z0.........,U.h...10111617
2944Z0.........,V.bC..101116193600Z0.........,V.[H..101116193534Z0....
.....,V3Y)..101116193648Z0.........,V5._..101116193745Z0.........,Vg.z
..101116194901Z0.........,Vh....101116194922Z0.........,Vn.4..10111619
5619Z0.........,Vqvg..101116195553Z0.........,_..(..101118145747Z0....
.....-..4...110315204303Z0........../P....120206141831Z0..........I..@
..120124180322Z0..........JP....110222182509Z0..........Jf/Y..12021314
2815Z0..........Jf.P..120213142915Z0..........OT....120221131614Z0....
......YQ.1..120220131256Z0..........Y`?W..120220131507Z0..........Yuu.
..120220131416Z0..........^..^..111007192320Z0..........`.w...12021314
4727Z0..........`.y...120213145412Z0..........`.&...120130163851Z0....
......hlG...120213145015Z0..........h.....120130140408Z0............j.
..120110213653Z0...........}....110406160143Z0............$...11040100
5006Z0................110401005536Z0............W...120308151704Z0....
.........h..120228141105Z0................110314145902Z0............`.
..110322142311Z0................110322142551Z0............lb..12011021
3802Z0.............0..130201130700Z0............OB..110321165802Z0....
.........o..110321172720Z0...........g.:..120221183148Z0...........Ud.
..110516131110Z0............h5..120229174140Z0................1202
<<< skipped >>>


GET /styles/default/product-info.css HTTP/1.1
Accept: text/css
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.koyotesoft.com
DNT: 1
Connection: Keep-Alive
Cookie: ln=en


HTTP/1.1 200 OK
Date: Tue, 14 Apr 2015 23:47:47 GMT
Server: Apache
Last-Modified: Tue, 09 Sep 2014 12:46:55 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=7200
Expires: Wed, 15 Apr 2015 01:47:47 GMT
X-Stat-Server: web5
Content-Length: 663
Keep-Alive: timeout=7, max=1000
Connection: Keep-Alive
Content-Type: text/css
...........U... ....|..*...^[......`.Z.*@....=...l..K..FL.....Q.2i{...
.P....R&/.QG...]#..S.e..js..s..J.`...d....j..$...K.jEa....S[.0.9."....
....q.:.O..Cz]4.....t..V...........K.\2x-."a.i..J...2C.}...|..n...-.T.
...);k..%[email protected].`G..>.}.HKv.$q..../1....$.;-...V..&.......j.2l..0I..
8....I.d...=..Pa..B,x%.!.x^z.....6^)p.d...7Zos..P.2.4.\.\*..Ri......q.
).u...)Z8-p.B.....K.;..O....9M..2.Y..?~. ..... .{........C.e..?jn>.
s.`]q9...RPnZ......T.E>..`1.f"#....@.;....y..)65.`C..]......4..cW..
.N..J|.b....z.....L..<....(..F.EM.."...%.K6........#.'7.tb...wmx...
....&!...... %W ...^..C..7w....N..v!Q..#......a.OC?C...}...R.....O&.B.
;.?.......l...P.....6.-/B..'`.._......l`#....HTTP/1.1 200 OK..Date: Tu
e, 14 Apr 2015 23:47:47 GMT..Server: Apache..Last-Modified: Tue, 09 Se
p 2014 12:46:55 GMT..Accept-Ranges: bytes..Vary: Accept-Encoding..Cont
ent-Encoding: gzip..Cache-Control: max-age=7200..Expires: Wed, 15 Apr 
2015 01:47:47 GMT..X-Stat-Server: web5..Content-Length: 663..Keep-Aliv
e: timeout=7, max=1000..Connection: Keep-Alive..Content-Type: text/css
.............U... ....|..*...^[......`.Z.*@....=...l..K..FL.....Q.2i{.
...P....R&/.QG...]#..S.e..js..s..J.`...d....j..$...K.jEa....S[.0.9."..
......q.:.O..Cz]4.....t..V...........K.\2x-."a.i..J...2C.}...|..n...-.
T....);k..%[email protected].`G..>.}.HKv.$q..../1....$.;-...V..&.......j.2l..0I
..8....I.d...=..Pa..B,x%.!.x^z.....6^)p.d...7Zos..P.2.4.\.\*..Ri......
q.).u...)Z8-p.B.....K.;..O....9M..2.Y..?~. ..... .{........C.e..?jn>
;.s.`]q9...RPnZ......T.E>..`1.f"#....@.;....y..)65.`C..]......4
<<< skipped >>>


GET /r/__utm.gif?utmwv=5.6.4&utms=2&utmn=84600210&utmhn=VVV.koyotesoft.com&utmcs=utf-8&utmsr=1716x901&utmvp=1716x804&utmsc=24-bit&utmul=en-us&utmje=1&utmfl=-&utmdt=Thank you for installing our software&utmhid=1773240410&utmr=-&utmp=Thank-You/view/sysid%5B410%5D/appid%5B0%5D/lng%5Ben%5D&utmht=1429055269115&utmac=UA-24880798-1&utmcc=__utma=76211983.1903611302.1429055269.1429055269.1429055269.1;+__utmz=76211983.1429055269.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmjid=468005008&utmredir=1&utmmt=1&utmu=vACAAAAAAAAAAAAAAAAAAAAE~ HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.google-analytics.com
DNT: 1
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Date: Tue, 14 Apr 2015 23:47:49 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Server: Golfe2
Content-Length: 35
Alternate-Protocol: 80:quic,p=0.5
GIF89a.............,...........D..;HTTP/1.1 200 OK..Access-Control-All
ow-Origin: *..Date: Tue, 14 Apr 2015 23:47:49 GMT..Pragma: no-cache..E
xpires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, no-sto
re, must-revalidate..Last-Modified: Sun, 17 May 1998 03:00:00 GMT..X-C
ontent-Type-Options: nosniff..Content-Type: image/gif..Server: Golfe2.
.Content-Length: 35..Alternate-Protocol: 80:quic,p=0.5..GIF89a........
.....,...........D..;..



GET /pagead/viewthroughconversion/960689598/?random=1684655829&cv=7&fst=1429055268169&num=1&fmt=3&label=39a2CIrd2gkQvuuLygM&bg=ffffff&hl=en&guid=ON&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&convclickts=0&ocp_id=JKctVb72C4P-8QPuuIFI HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: googleads.g.doubleclick.net
DNT: 1
Connection: Keep-Alive
Cookie: id=caebd6253000002||t=1384780400|et=730|cs=002213fd480c4c2631f7c541a4


HTTP/1.1 302 Found
P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Tue, 14 Apr 2015 23:47:48 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Location: hXXp://VVV.google.com/ads/conversion/960689598/?random=1684655829&cv=7&fst=1429055268169&num=1&fmt=3&label=39a2CIrd2gkQvuuLygM&bg=ffffff&hl=en&guid=ON&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&cdct=2&convclickts=0&ocp_id=JKctVb72C4P-8QPuuIFI&random=533510730
Content-Type: image/gif
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.5
GIF89a.............!.......,...........D.;HTTP/1.1 302 Found..P3P: pol
icyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="C
URa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV O
TC NOI DSP COR"..Date: Tue, 14 Apr 2015 23:47:48 GMT..Pragma: no-cache
..Expires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, mus
t-revalidate..Location: hXXp://VVV.google.com/ads/conversion/960689598
/?random=1684655829&cv=7&fst=1429055268169&num=1&fmt=3&label=39a2CIrd2
gkQvuuLygM&bg=ffffff&hl=en&guid=ON&u_h=901&u_w=1716&u_ah=857&u_aw=1716
&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=ht
tp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&
appid=0&type=New&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present
=false&cdct=2&convclickts=0&ocp_id=JKctVb72C4P-8QPuuIFI&random=5335107
30..Content-Type: image/gif..X-Content-Type-Options: nosniff..Server: 
cafe..Content-Length: 42..X-XSS-Protection: 1; mode=block..Alternate-P
rotocol: 80:quic,p=0.5..GIF89a.............!.......,...........D.;..
<<< skipped >>>


GET /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?8eb48351c39e83b7 HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Tue, 24 Mar 2015 16:17:41 GMT
If-None-Match: "804047d4e66d01:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com


HTTP/1.1 304 Not Modified
Content-Type: application/octet-stream
Last-Modified: Tue, 24 Mar 2015 16:17:41 GMT
ETag: "804047d4e66d01:0"
Cache-Control: max-age=86400
Date: Tue, 14 Apr 2015 23:47:49 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: application/octet-stream..Las
t-Modified: Tue, 24 Mar 2015 16:17:41 GMT..ETag: "804047d4e66d01:0"..C
ache-Control: max-age=86400..Date: Tue, 14 Apr 2015 23:47:49 GMT..Conn
ection: keep-alive..



GET /js/250/addthis_widget.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: s7.addthis.com
DNT: 1
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Tue, 14 Apr 2015 23:47:47 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 14 Apr 2015 21:08:39 GMT
ETag: "2842ee9-3eb05-513b5a272e3c0"
Content-Encoding: gzip
CF-Cache-Status: HIT
X-Host: s7.addthis.com
X-Referer-Domain-MD5: 0be1835335c24d6238195592b2af130f
X-Distribution: 99
Server: cloudflare-nginx
CF-RAY: 1d734c3f2e6e046d-FRA
1f3d...............z.F.([email protected]...$,.....,..>.
9...5T..$%;.........BM.q.Z...9.eQ...[y7:.!...I.nr..{..fE.......EU...b#
.0*.Qq...Hb?.i..2.7.w'.h.E.0M.\. rQ.../\,....w..0X$Y./.a..~..4....L...
.p..X.".:....O...v*.Q5>.Z-/....\.g...V....q;.N.k..H.~...V6.H.......
A.?..nm....BW...r.. ..~f.4.n..(.:.}.... ...<..'.F..F2.`...f...1.mYw
..<.. .....I.....j7U6....|....7...t...y4...j.d.<..,.^..G...t...c
..f.....2....:eT$...N.vu=..S..j.S8.U....8,JY....n.aLX^g.Nv...(..i.qZ.M
.w...#......B....m..vT.....8..).D.B..Z.....2..0-.Q.d.8..(.e.,......j..
..\.Q...........F...j._...TN.2.`.|.^.U.ao..........C.....>..l.b....
ih.L.}.G.ZR.............A.....A..I.`.=ltv.!.f...#.8R.8T.Clq~9...vDe./.
..a........V..,.nF.Bk..s.K....ZN.i...r.p.0..F.a|x$...z4...a.0.........
ao/.........:...^.`..#w..Ms...{|...a........].t9..w....w........M.@...
.|z....A..wx.....^|.w..0....q'.%p.;.;:8.........^..G. <.........7.$
|l...a.r.w.2......w.;]^....A.....C.....2:..r|..".....z.{.8..vy....:...
..;..u:...!/..c.......wv..a....h7:..!4....=.v.dx.........{........./.A
(;.#.....h.{p.........{..At0..r8.....!/.c.B....v.w.=........H.E.....w,
{GQ....{.. e/........L./T..^7...w.c....G.ja...x....yz...........E...=h
.Q,...hQ......y.....%.....x...G......A...v{..... ........t.v....y..C..
p..........C-....E{ro..do.>.{(...eo?:..s.kc. .........O.C.<id.?.
'i.f.....IP.o.$.;........q5N.v.Ov...B....q..Y...s!t{G=OT...B.h.....^'.
[email protected]...> ..-..Q...Wy.X..a.f..-..,.kH..e..../T.tF-gt.ok.....Y..
DTg.......l..y.8Q...|......9..Y.....a.,.'...........ZU.K..........
<<< skipped >>>

GET /static/sh.0a1bbbc8.html HTTP/1.1


Accept: text/html, application/xhtml xml, */*
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: s7.addthis.com
DNT: 1
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Tue, 14 Apr 2015 23:47:48 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 14 Apr 2015 21:34:11 GMT
Cache-Control: public, no-check, max-age=86313600
P3P: CP="NON ADM OUR DEV IND COM STA"
CF-Cache-Status: HIT
X-Host: s7.addthis.com
Server: cloudflare-nginx
CF-RAY: 1d734c448e71046d-FRA
Content-Encoding: gzip
2b32.............}.s.....bcwXb....'.D.8...m.N.vw?...HHbL...$..........
..3.u:2q.~..A^........\...<}..~..^..._......k..f..'...d).e.Y....Xhv
...dV..).....*..ra''/..k.&6..?<.]...S.....Ia.L.Iv.......*..,1w.I<
;.6.b.%M..*....~u..`...@_......,e../..s...7.E..$.| .P|.T.Q"r..3.2...\.
...H.....\......(.x...*D$..,...z|Q.m6...<.AA..O.U6.N.....<.....2
..y.3 ...}......n>.#..../.L...m..i.d.^]O|6IR..f..|.&.LN....$y......
..[.{..I.].Y/..dp,.`.....n.b.)..U...0v9..H.h./.zK.=..Z&Se.2X.]^Luf....
?..R..s1.q.-.X.E......l.[1i......... *...*...$.fr.L.. ...g5...zx=..#..
..8..'[&.tx....6I.z..#..H......R..H..?.s1IR..P.Opt..2...0.L.|.qA....9.
6....;be.}...I..)....I...H.cu.*.....Xd]`..ZE3....B.O_p..y.1......0...7
;...}......\`.I.... .. ...?..T....p;..-P......x.E....w...g.@c".=C ..2.
....Es?...<....R.E....g_<..>.e..M2..O....x6M&...a3......y..LJ
..M..m'...n6..g..G!..Y^.j.(R........._3^.....p._..UI.q........y.......
...T4.t.a]..0..L.I....O.g..h. ......~.................&.G..q0IJ.....XU
N..llP..4W.h...C...-L{.Sy<..t./....En..m..j..Y=.L...N......^.....JS
..seUQ...{...l7.\D.x0......$\/.yX.W.s..../=.?....J=i..........E.(kU4.Z
........l.F....@<?..a.~(..]g...^...6. .iP,..W.c.}...(....J$|]z...s2
.....y....._7.%T.:.a..P...oE.o.[.u.J..H...*l.WhG.i$.&)....pa{L...Gj.Bv
.B.x..Y.O6.?..Go.........P.E.".k.m....8..S0..-...../2a.oktWF.>[..t.
1.."M.....I^.Z...0w....R.M.lX.^....x".... ...9.y^..a..s.u.p.\k...... .
........?a.HS...L...}.....f......*...z.G...3......w..o...58...b......n
64.....j^.;....4\N..p.6..D..(......%.Q.."..$.t.b.L.....`V.......".
<<< skipped >>>

GET /js/300/addthis_widget.js HTTP/1.1


Accept: application/javascript, */*;q=0.8
Referer: hXXp://s7.addthis.com/static/sh.0a1bbbc8.html
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: s7.addthis.com
DNT: 1
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Tue, 14 Apr 2015 23:47:48 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 14 Apr 2015 21:08:39 GMT
ETag: "39242b7-3eb05-513b5a272e3c0"
Content-Encoding: gzip
CF-Cache-Status: HIT
X-Host: s7.addthis.com
X-Referer-Domain-MD5: d0c6a189514d01fed4fba842cf159f5a
X-Distribution: 99
Server: cloudflare-nginx
CF-RAY: 1d734c454e72046d-FRA
19b7...............z.F.([email protected]...$,.....,..>.
9...5T..$%;.........BM.q.Z...9.eQ...[y7:.!...I.nr..{..fE.......EU...b#
.0*.Qq...Hb?.i..2.7.w'.h.E.0M.\. rQ.../\,....w..0X$Y./.a..~..4....L...
.p..X.".:....O...v*.Q5>.Z-/....\.g...V....q;.N.k..H.~...V6.H.......
A.?..nm....BW...r.. ..~f.4.n..(.:.}.... ...<..'.F..F2.`...f...1.mYw
..<.. .....I.....j7U6....|....7...t...y4...j.d.<..,.^..G...t...c
..f.....2....:eT$...N.vu=..S..j.S8.U....8,JY....n.aLX^g.Nv...(..i.qZ.M
.w...#......B....m..vT.....8..).D.B..Z.....2..0-.Q.d.8..(.e.,......j..
..\.Q...........F...j._...TN.2.`.|.^.U.ao..........C.....>..l.b....
ih.L.}.G.ZR.............A.....A..I.`.=ltv.!.f...#.8R.8T.Clq~9...vDe./.
..a........V..,.nF.Bk..s.K....ZN.i...r.p.0..F.a|x$...z4...a.0.........
ao/.........:...^.`..#w..Ms...{|...a........].t9..w....w........M.@...
.|z....A..wx.....^|.w..0....q'.%p.;.;:8.........^..G. <.........7.$
|l...a.r.w.2......w.;]^....A.....C.....2:..r|..".....z.{.8..vy....:...
..;..u:...!/..c.......wv..a....h7:..!4....=.v.dx.........{........./.A
(;.#.....h.{p.........{..At0..r8.....!/.c.B....v.w.=........H.E.....w,
{GQ....{.. e/........L./T..^7...w.c....G.ja...x....yz...........E...=h
.Q,...hQ......y.....%.....x...G......A...v{..... ........t.v....y..C..
p..........C-....E{ro..do.>.{(...eo?:..s.kc. .........O.C.<id.?.
'i.f.....IP.o.$.;........q5N.v.Ov...B....q..Y...s!t{G=OT...B.h.....^'.
[email protected]...> ..-..Q...Wy.X..a.f..-..,.kH..e..../T.tF-gt.ok.....Y..
DTg.......l..y.8Q...|......9..Y.....a.,.'...........ZU.K..........
<<< skipped >>>


GET /ga.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.google-analytics.com
DNT: 1
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Tue, 14 Apr 2015 22:04:32 GMT
Expires: Wed, 15 Apr 2015 00:04:32 GMT
Last-Modified: Wed, 08 Apr 2015 20:30:30 GMT
X-Content-Type-Options: nosniff
Content-Type: text/javascript
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 16075
Age: 6195
Cache-Control: public, max-age=7200
Alternate-Protocol: 80:quic,p=0.5
...........}.W........_/.>.!aj..f....--....Y.!MHB.0....o..-'.......
{K..y.....d.Wig.....r.H.P.. ............"..a?..;..P2...C.R.&..e....o.e
x"...e.....[..C.K...G:....de...d.F.,..|.=..Fn..9..//5$X...Co..=..'z2..
.`0..%[email protected]...#.^a.......Kh.'.C.....I.]......tp..:.sO...x..
.8...t0<....\b;=. .z.e>.1..#.v.j......<q...#[email protected]...}H1.C..
.R.5...z..XWb.2.t.......B.....[(i.....P...x.....9.nM...."...^.....c.. 
R......t...Z..q.hl......;.c.....9.@g_.(..n.hO....|......t`.|.)H..Z....
.l..f .j......J...%._.KN......Tf..g.^.b....r.I..z...UK.\^^.m....}..DA/
.......g.A........0.........".c0.....$~I....D#......{...}.=..j...m....
@.....k.?$....J..Q......}.g......~...6.l<]..x...d?.\...w.3].._.X@..
|....}.C..$0.|.53...Q.8.....i.0=Vr.h.........<.a>.....4.:...ttg.
.....f....'.T.`=..........a...oB...Q.q......3N5 ..<....R....4......
....K..I.i#..C..$#i....`Ja..:..z.*...O...?..41.!.w}......T............
.........y..pE^r..n....A..............q..`.i>;........ .).......m..
P61I.jK.nG..Vj......9.....2....Tv. ^. ........OZ....U.9399].).,.p..\..
\YW..j3..H%...........e.c.....[[email protected].=...R...
.]....xz.`.<..7........r1..87.....7.iL}u..Yu;T. X..d.GT L Uy.....q}
......./...=. ..<#u%..4h...mZJ......p.m...,,<..4.,o$..E.a&.-qy9Z
^6i-,@...".6.7.......-f;.`..f.2...?./.S<[email protected].%.|.
.:.J5.Vy...........%5....... ..g.*..v..".......K..e0....H.....n..6a...
q..I..8..:.q1`......Z*'[email protected]... X.1.....
.B.km._.Uzr..2.D..2..n..}8.wu.O....38..}5.c.`.. ....`...MC.....#A[
<<< skipped >>>

GET /r/__utm.gif?utmwv=5.6.4&utms=1&utmn=272591294&utmhn=VVV.koyotesoft.com&utmcs=utf-8&utmsr=1716x901&utmvp=1716x804&utmsc=24-bit&utmul=en-us&utmje=1&utmfl=-&utmdt=Thank you for installing our software&utmhid=1773240410&utmr=-&utmp=sysid%5B410%5D/install&utmht=1429055269103&utmac=UA-24880798-2&utmcc=__utma=76211983.1903611302.1429055269.1429055269.1429055269.1;+__utmz=76211983.1429055269.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmjid=1171696188&utmredir=1&utmmt=1&utmu=vACAAAAAAAAAAAAAAAAAAAAE~ HTTP/1.1


Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.google-analytics.com
DNT: 1
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Date: Tue, 14 Apr 2015 23:47:49 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Server: Golfe2
Content-Length: 35
Alternate-Protocol: 80:quic,p=0.5
GIF89a.............,...........D..;HTTP/1.1 200 OK..Access-Control-All
ow-Origin: *..Date: Tue, 14 Apr 2015 23:47:49 GMT..Pragma: no-cache..E
xpires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, no-sto
re, must-revalidate..Last-Modified: Sun, 17 May 1998 03:00:00 GMT..X-C
ontent-Type-Options: nosniff..Content-Type: image/gif..Server: Golfe2.
.Content-Length: 35..Alternate-Protocol: 80:quic,p=0.5..GIF89a........
.....,...........D..;..



GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cache-Control: max-age=547582, public, no-transform, must-revalidate
Last-Modified: Tue, 14 Apr 2015 07:54:56 GMT
Expires: Tue, 21 Apr 2015 07:54:56 GMT
Date: Tue, 14 Apr 2015 23:51:37 GMT
Connection: keep-alive
0..........0..... .....0......0...0......'.V.8.F.V....H....JW..2015041
4075456Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5......
.A..2.....:...:......20150414075456Z....20150421075456Z0...*.H........
[email protected]...>5...B.hdp.~..$9...d...Tx\.....<9i..m?...W..!.#..
...b...4.e...:..3...6p.L.U...s.y.8.....(e.. ........,....-.C.........)
.6..qb..E..B.. .aJ....So.^.U...{.z.GD5..}0...z.M..'...i5...m.)L.qT....
op....P|'S..7.......U.P..6.{jk..z.J..-.9d.."[...u05.WE}_....#0...0...0
..........r..?.*......y"..0...*.H........0..1.0...U....US1.0...U....Ve
riSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use a
t hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code S
igning 2009-2 CA0...150226000000Z..150527235959Z0..1.0...U....US1.0...
U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms o
f use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Clas
s 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.......
......m5*R........2....>...yU4..L.. ...........u..Hez..Pn.....d...n
z(...V7.}^...d!RX...bl..[..a...L.. .~..Ij......%..%p.-...u..:..i..F*].
..*....{NH..|0...gHX.Q.r....S..........._.9.(w...suC...N..s.....&."...
:.C.Q.i~rl..<..krS..8.B..o][email protected]...
U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.veri
sign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS inco
rp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U..
......0... .....0......0"..U....0...0.1.0...U....TGV-B-32010...*.H
<<< skipped >>>


GET /sac.php?id=0&dlanc=1 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.searchnu.com
DNT: 1
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Tue, 14 Apr 2015 23:47:48 GMT
P3P: CP="NON DSP COR CURa TIA", policyref="/w3c/p3p.xml"
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Last-Modified: Tue, 14 Apr 2015 23:47:48 GMT
X-Server: web2
Content-Type: text/html
Set-Cookie: appid=0; expires=Sun, 12-Apr-2020 23:47:48 GMT; path=/; domain=.searchnu.com
Set-Cookie: dlanc=1; expires=Sun, 12-Apr-2020 23:47:48 GMT; path=/; domain=.searchnu.com
Vary: Accept-Encoding
Content-Encoding: gzip
X-Stat-Server: web2
X-XSS-Protection: 0
Content-Length: 20
Keep-Alive: timeout=7, max=1000
Connection: Keep-Alive
....................HTTP/1.1 200 OK..Date: Tue, 14 Apr 2015 23:47:48 G
MT..P3P: CP="NON DSP COR CURa TIA", policyref="/w3c/p3p.xml"..Expires:
 Sat, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalida
te..Pragma: no-cache..Last-Modified: Tue, 14 Apr 2015 23:47:48 GMT..X-
Server: web2..Content-Type: text/html..Set-Cookie: appid=0; expires=Su
n, 12-Apr-2020 23:47:48 GMT; path=/; domain=.searchnu.com..Set-Cookie:
 dlanc=1; expires=Sun, 12-Apr-2020 23:47:48 GMT; path=/; domain=.searc
hnu.com..Vary: Accept-Encoding..Content-Encoding: gzip..X-Stat-Server:
 web2..X-XSS-Protection: 0..Content-Length: 20..Keep-Alive: timeout=7,
 max=1000..Connection: Keep-Alive........................



GET /ads/user-lists/1058190622/?label=CtURCILbwwUQnurK-AM&fmt=1&num=3&cv=7&frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&random=1164428424 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Cookie: NID=67=tACTmxJZuQBCoaBTncvhIAUD4cmxVyWHHn36O7o00UcFdLAdd5eLP3n3BPq_mzmehpSBYrOWYKsj3MrQESLBCMdQXw2xML6zZg3qisLaobo6HxP4k_TCeJW2HZEUvIrs
DNT: 1
Connection: Keep-Alive
Host: VVV.google.com


HTTP/1.1 302 Found
Location: hXXp://VVV.google.com.ua/ads/user-lists/1058190622/?label=CtURCILbwwUQnurK-AM&fmt=1&num=3&cv=7&frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&random=1164428424&ipr=y
Cache-Control: private, max-age=43200
Date: Tue, 14 Apr 2015 23:47:48 GMT
Expires: Tue, 14 Apr 2015 23:47:48 GMT
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: adclick_server
Content-Length: 448
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.5
<HTML><HEAD><meta http-equiv="content-type" content="te
xt/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HE
AD><BODY>.<H1>302 Moved</H1>.The document has mov
ed.<A HREF="hXXp://VVV.google.com.ua/ads/user-lists/1058190622/?lab
el=CtURCILbwwUQnurK-AM&fmt=1&num=3&cv=7&frm=0&url=
http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414%
26appid=0&type=New&random=1164428424&ipr=y">here</
A>...</BODY></HTML>..HTTP/1.1 302 Found..Location: http
://VVV.google.com.ua/ads/user-lists/1058190622/?label=CtURCILbwwUQnurK
-AM&fmt=1&num=3&cv=7&frm=0&url=http://VVV.koyotesoft.com/thankyou.ph
p?soft=11&systemid=414&appid=0&type=New&random=1164428
424&ipr=y..Cache-Control: private, max-age=43200..Date: Tue, 14 Apr 20
15 23:47:48 GMT..Expires: Tue, 14 Apr 2015 23:47:48 GMT..Content-Type:
 text/html; charset=UTF-8..X-Content-Type-Options: nosniff..Server: ad
click_server..Content-Length: 448..X-XSS-Protection: 1; mode=block..Al
ternate-Protocol: 80:quic,p=0.5..<HTML><HEAD><meta http
-equiv="content-type" content="text/html;charset=utf-8">.<TITLE&
gt;302 Moved</TITLE></HEAD><BODY>.<H1>302 Move
d</H1>.The document has moved.<A HREF="hXXp://VVV.google.com.
ua/ads/user-lists/1058190622/?label=CtURCILbwwUQnurK-AM&fmt=1&
num=3&cv=7&frm=0&url=http://VVV.koyotesoft.com/thankyou.
php?soft=11&systemid=414&appid=0&type=New&rand
<<< skipped >>>


GET /connect/xd_arbiter/6Dg4oLkBbYq.js?version=41 HTTP/1.1
Accept: text/html, application/xhtml xml, */*
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: static.ak.facebook.com
DNT: 1
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Content-Encoding: gzip
X-FB-Debug: FOjYPijx17Se3wZxgpDmG xR3YJJopQxy5gk0zkveEfy9vLakwhA1nVlOcVic9pn7a0AWUxcesyDiKVGEm9Nkg==
Vary: Accept-Encoding
Content-Length: 10239
Cache-Control: public, max-age=28480255
Expires: Wed, 09 Mar 2016 14:58:43 GMT
Date: Tue, 14 Apr 2015 23:47:48 GMT
Connection: keep-alive
...........}y..F....)T...F...g.......{.c..k.../......D...g..<..Gu{.
.o.yz..gdDd\.R]].x...?...&.<..R....WY.......0.g..$N...x...z.....hlM
x...US..j.....\_.^.,.k.....GY....e..../... .9....m..$.........q.0..V..
h..$.$.......Y..I.'..n8.^f...m.8....GA.}.t.Xb.)K....w9p=.....i6.R.S9.L
..h...#..f>.CJ..!.....d<aY.....]...X...:..].{.A.*.-w..:....NuC.&
lt; ..wH.7.K.)...w.YM..;[email protected]..;..9.=&3:lx,.......L{....5z.
.O.!.......g.$...=..Q..p. }..:.......h..0..i.. -<(`..........._...R
q%.....~...E.g1B....Y..-'g.V..%?.A.6...p...y..?nn.....:.q....5....y...
._.u..p...8xm!P..`.S..CK.{.&.O..H..x,..|.f..[.*....w.B..@........(.j.4
._.:.Z....D....x..]N.B.XS..4,.ub..l..v..<.. ..... ^.J1...8.^-.mP...
6.....hO.b.......eGw.IQa...k.k..(<tr.................0..*kU.xq..-"o
[email protected]. '...pw$).....xTbv...P.x..c!@&D..d.I
.V.#..-...g..A.ZA.. . [email protected].'/[email protected]#.!(.r..k ..c.jJA;...
............h..ic.L'...!kO-...dCN...K.4/I...k5.%.(.N.l.HI..*.z/...A...
;.........%..O......*..^.......yzi...w#r..`..d..:...6rF`..jt,`....F.;.
.V..f....)`.....,.^K`v;..r/.f..r.....YB..j.C.bD.j..R..}E {)v...Xh.....
....iLG.BD...X.....;.X...{\....u.D.....$.a;..k..N..z.....`MgR.#r'....r
...7.h.&.E ..K...eq.[%...W..-l.8;.(F&. .\)....ky$.K2...b..\<.....(.
.....*z....d...&A. ....X@O.$...B .)w...*.D..R..F...#..2_d..!..U.M`.@. 
.Xh.S.....A:|....<P..."#...5......E.cH..`.7.xE..5l4..g.j.4.<....
.......2M....I......P..^]....[vm.a....G..... \ [email protected].....^...,
..O._...O.PI.)....u........v.n.6!5.n..v-.QC.6.0......juxEE...v....
<<< skipped >>>


GET /ads/conversion/1050435832/?random=693854266&cv=7&fst=1429055268169&num=5&fmt=3&value=0&label=cHYlCKLXwwUQ-MHx9AM&bg=ffffff&hl=en&guid=ON&eid=317150502&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&cdct=2&convclickts=0&ocp_id=JKctVaGwEIyx8wOmpoCoAw&random=1053631945 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Cookie: NID=67=tACTmxJZuQBCoaBTncvhIAUD4cmxVyWHHn36O7o00UcFdLAdd5eLP3n3BPq_mzmehpSBYrOWYKsj3MrQESLBCMdQXw2xML6zZg3qisLaobo6HxP4k_TCeJW2HZEUvIrs
DNT: 1
Connection: Keep-Alive
Host: VVV.google.com


HTTP/1.1 302 Found
Location: hXXp://VVV.google.com.ua/ads/conversion/1050435832/?random=693854266&cv=7&fst=1429055268169&num=5&fmt=3&value=0&label=cHYlCKLXwwUQ-MHx9AM&bg=ffffff&hl=en&guid=ON&eid=317150502&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&cdct=2&convclickts=0&ocp_id=JKctVaGwEIyx8wOmpoCoAw&random=1053631945&ipr=y
Cache-Control: private, max-age=43200
Date: Tue, 14 Apr 2015 23:47:48 GMT
Expires: Tue, 14 Apr 2015 23:47:48 GMT
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: adclick_server
Content-Length: 819
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.5
<HTML><HEAD><meta http-equiv="content-type" content="te
xt/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HE
AD><BODY>.<H1>302 Moved</H1>.The document has mov
ed.<A HREF="hXXp://VVV.google.com.ua/ads/conversion/1050435832/?ran
dom=693854266&cv=7&fst=1429055268169&num=5&fmt=3&v
alue=0&label=cHYlCKLXwwUQ-MHx9AM&bg=ffffff&hl=en&guid=
ON&eid=317150502&u_h=901&u_w=1716&u_ah=857&u_aw=17
16&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&
amp;u_nmime=0&frm=0&url=http://VVV.koyotesoft.com/thankyou.p
hp?soft=11&systemid=414&appid=0&type=New&vis=1&
;ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&cdct=2&co
nvclickts=0&ocp_id=JKctVaGwEIyx8wOmpoCoAw&random=1053631945&am
p;ipr=y">here</A>...</BODY></HTML>......
<<< skipped >>>

GET /ads/user-lists/1070618923/?label=a1scCPGJggcQq7LB_gM&fmt=1&num=6&cv=7&frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&random=1797623072 HTTP/1.1


Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Cookie: NID=67=tACTmxJZuQBCoaBTncvhIAUD4cmxVyWHHn36O7o00UcFdLAdd5eLP3n3BPq_mzmehpSBYrOWYKsj3MrQESLBCMdQXw2xML6zZg3qisLaobo6HxP4k_TCeJW2HZEUvIrs
DNT: 1
Connection: Keep-Alive
Host: VVV.google.com


HTTP/1.1 302 Found
Location: hXXp://VVV.google.com.ua/ads/user-lists/1070618923/?label=a1scCPGJggcQq7LB_gM&fmt=1&num=6&cv=7&frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&random=1797623072&ipr=y
Cache-Control: private, max-age=43200
Date: Tue, 14 Apr 2015 23:47:48 GMT
Expires: Tue, 14 Apr 2015 23:47:48 GMT
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: adclick_server
Content-Length: 448
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.5
<HTML><HEAD><meta http-equiv="content-type" content="te
xt/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HE
AD><BODY>.<H1>302 Moved</H1>.The document has mov
ed.<A HREF="hXXp://VVV.google.com.ua/ads/user-lists/1070618923/?lab
el=a1scCPGJggcQq7LB_gM&fmt=1&num=6&cv=7&frm=0&url=
http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414%
26appid=0&type=New&random=1797623072&ipr=y">here</
A>...</BODY></HTML>..HTTP/1.1 302 Found..Location: http
://VVV.google.com.ua/ads/user-lists/1070618923/?label=a1scCPGJggcQq7LB
_gM&fmt=1&num=6&cv=7&frm=0&url=http://VVV.koyotesoft.com/thankyou.ph
p?soft=11&systemid=414&appid=0&type=New&random=1797623
072&ipr=y..Cache-Control: private, max-age=43200..Date: Tue, 14 Apr 20
15 23:47:48 GMT..Expires: Tue, 14 Apr 2015 23:47:48 GMT..Content-Type:
 text/html; charset=UTF-8..X-Content-Type-Options: nosniff..Server: ad
click_server..Content-Length: 448..X-XSS-Protection: 1; mode=block..Al
ternate-Protocol: 80:quic,p=0.5..<HTML><HEAD><meta http
-equiv="content-type" content="text/html;charset=utf-8">.<TITLE&
gt;302 Moved</TITLE></HEAD><BODY>.<H1>302 Move
d</H1>.The document has moved.<A HREF="hXXp://VVV.google.com.
ua/ads/user-lists/1070618923/?label=a1scCPGJggcQq7LB_gM&fmt=1&
num=6&cv=7&frm=0&url=http://VVV.koyotesoft.com/thankyou.
php?soft=11&systemid=414&appid=0&type=New&rand
<<< skipped >>>


GET /styles/default/inner.css HTTP/1.1
Accept: text/css
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.koyotesoft.com
DNT: 1
Connection: Keep-Alive
Cookie: ln=en


HTTP/1.1 200 OK
Date: Tue, 14 Apr 2015 23:47:47 GMT
Server: Apache
Last-Modified: Tue, 09 Sep 2014 12:46:55 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=7200
Expires: Wed, 15 Apr 2015 01:47:47 GMT
X-Stat-Server: web6
Content-Length: 847
Keep-Alive: timeout=7, max=1000
Connection: Keep-Alive
Content-Type: text/css
...........V...0...Wy.V*..!.....?`l'X1.2f7)...7....T...xf......o..-.CC
..&.R.2..q{.Br.#.).........$.3. .F.....z.&.i....0.~..?..q.7.x.)...(n'.
2........U\).....aW..v..|.X:.Y'.:....A_g...!}......*..#f.S.KS.....@y..
}NPL...m..!..2Hg;.x..O.U]..$1.......U..bEn*(....^...hd\.....NS.m.....T
[email protected]<l;......1:`....%.....t<_5....l9.3..=..q...m
i......X.T...<.h{.....bF..B..,3x6..4.'.z...)....H........z"Xf.![...
......M;.....3.....|>..._t.........=bG 1,.}4U.dS.FV....b..!...6...a
...:g7.-...Nl...}..L.JS.j..../'!.....................gPFFA6&....^.....
*..:.....^.6.uQ.>U.........fI...M.....$ k.........@....)...f.K%{...
...{....P....3_r.>.....t..QM.U#l.n.4.C...;......{....E...e/...Uk..z
._....nc$. P...hk.dO.Sd........OU,SE...8...AJ.i..N.5.b...4....t..%K.Z.
tV....."O.c.....{.&...v......M......&..g.O.p..k.qD!{R..8..8._....|5..;
CD*...k...q.....?S{E.....HTTP/1.1 200 OK..Date: Tue, 14 Apr 2015 23:47
:47 GMT..Server: Apache..Last-Modified: Tue, 09 Sep 2014 12:46:55 GMT.
.Accept-Ranges: bytes..Vary: Accept-Encoding..Content-Encoding: gzip..
Cache-Control: max-age=7200..Expires: Wed, 15 Apr 2015 01:47:47 GMT..X
-Stat-Server: web6..Content-Length: 847..Keep-Alive: timeout=7, max=10
00..Connection: Keep-Alive..Content-Type: text/css.............V...0..
.Wy.V*..!.....?`l'X1.2f7)...7....T...xf......o..-.CC..&.R.2..q{.Br.#.)
.........$.3. .F.....z.&.i....0.~..?..q.7.x.)...(n'.2........U\).....a
W..v..|.X:.Y'.:....A_g...!}......*..#f.S.KS.....@y..}NPL...m..!..2Hg;.
x..O.U]..$1.......U..bEn*(....^...hd\[email protected].
<<< skipped >>>


GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Tue, 24 Mar 2015 05:02:25 GMT
If-None-Match: "a1132b8ef65d01:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com


HTTP/1.1 304 Not Modified
Content-Type: application/pkix-crl
Last-Modified: Tue, 24 Mar 2015 05:02:25 GMT
ETag: "a1132b8ef65d01:0"
Cache-Control: max-age=900
Date: Tue, 14 Apr 2015 23:48:19 GMT
Connection: keep-alive
....


GET /pki/crl/products/WinPCA.crl HTTP/1.1


Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 07 Mar 2015 06:01:44 GMT
If-None-Match: "dde36a309c58d01:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com


HTTP/1.1 304 Not Modified
Content-Type: application/pkix-crl
Last-Modified: Sat, 07 Mar 2015 06:01:44 GMT
ETag: "dde36a309c58d01:0"
Cache-Control: max-age=900
Date: Tue, 14 Apr 2015 23:48:20 GMT
Connection: keep-alive
....


GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1


Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 05 Mar 2015 06:01:35 GMT
If-None-Match: "cf2633d6957d01:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com


HTTP/1.1 304 Not Modified
Content-Type: application/pkix-crl
Last-Modified: Thu, 05 Mar 2015 06:01:35 GMT
ETag: "cf2633d6957d01:0"
Cache-Control: max-age=900
Date: Tue, 14 Apr 2015 23:48:20 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: application/pkix-crl..Last-Mo
dified: Thu, 05 Mar 2015 06:01:35 GMT..ETag: "cf2633d6957d01:0"..Cache
-Control: max-age=900..Date: Tue, 14 Apr 2015 23:48:20 GMT..Connection
: keep-alive..



GET /widgets/tweetbutton/count.json?url=http://VVV.koyotesoft.com&callback=__twttr.receiveCount HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://platform.twitter.com/widgets/tweet_button.3a4bde0b5804628844cfe7c865ab1925.en.html
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: cdn.syndication.twitter.com
DNT: 1
Connection: Keep-Alive


HTTP/1.1 200 OK
cache-control: must-revalidate, max-age=900
content-encoding: gzip
content-type: application/javascript;charset=utf-8
expires: Wed, 15 Apr 2015 00:02:48 GMT
last-modified: Tue, 14 Apr 2015 23:47:48 GMT
server: tsa_f
strict-transport-security: max-age=631138519
x-connection-hash: 4081ed9d636885224d0a6cf1c2ffe038
x-response-time: 97
Content-Length: 103
Accept-Ranges: bytes
Date: Tue, 14 Apr 2015 23:47:48 GMT
Via: 1.1 varnish
Age: 0
Connection: keep-alive
X-Served-By: cache-tw-sto1-7-TWSTO1
X-Cache: MISS
X-Cache-Hits: 0
Vary: Accept-Encoding
................/)/)). JMN.,Ku./. ..VJ..JV...f:J.E9JVJ.%%.V1.1....z...
.%...i%z...1.J.............1sO...HTTP/1.1 200 OK..cache-control: must-
revalidate, max-age=900..content-encoding: gzip..content-type: applica
tion/javascript;charset=utf-8..expires: Wed, 15 Apr 2015 00:02:48 GMT.
.last-modified: Tue, 14 Apr 2015 23:47:48 GMT..server: tsa_f..strict-t
ransport-security: max-age=631138519..x-connection-hash: 4081ed9d63688
5224d0a6cf1c2ffe038..x-response-time: 97..Content-Length: 103..Accept-
Ranges: bytes..Date: Tue, 14 Apr 2015 23:47:48 GMT..Via: 1.1 varnish..
Age: 0..Connection: keep-alive..X-Served-By: cache-tw-sto1-7-TWSTO1..X
-Cache: MISS..X-Cache-Hits: 0..Vary: Accept-Encoding..................
/)/)). JMN.,Ku./. ..VJ..JV...f:J.E9JVJ.%%.V1.1....z....%...i%z...1.J..
...........1sO.....



GET /statistics/koyote/install.php?systemid=414&os=6.1&is64=1&ver=1.0.0.123850&type=New&appid=0&userHome=Yes&userToolbar=Yes HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.mlstat.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Apr 2015 23:47:33 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=30
X-Server: waim1
HTTP/1.1 200 OK..Server: nginx..Date: Tue, 14 Apr 2015 23:47:33 GMT..C
ontent-Type: text/html..Content-Length: 0..Connection: keep-alive..Kee
p-Alive: timeout=30..X-Server: waim1..



GET /crls/secureca.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.geotrust.com


HTTP/1.1 200 OK
Server: Apache
ETag: "59173381ba860afd89a5081254166e03:1429052426"
Last-Modified: Tue, 14 Apr 2015 23:00:26 GMT
Date: Tue, 14 Apr 2015 23:47:49 GMT
Content-Length: 724
Connection: keep-alive
Content-Type: application/pkix-crl
0...0..90...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equ
ifax Secure Certificate Authority..150414224300Z..150424224300Z0...0..
..v...140618150003Z0........140429180917Z0........140709194633Z0......
..140416233935Z0.....)..140617185515Z0....Bf..120627171053Z0.....3..02
0515130611Z0.....#..140606204021Z0........100729164439Z0........140606
222139Z0....%...020514181157Z0........140725020038Z0....M\..1404300004
42Z0........100729164732Z0....uU..150118022133Z0....V...140624123102Z0
........120627171025Z0........140618143256Z0.....>..140711125531Z0.
...j...140226123519Z0...*.H..............KCR../...........-i.....u..'.
....i!^............a...=......X.x..r...C..[(.B.$XX%b?......~a.......H.
w....f.$.B.I.cgu=....v...wwHTTP/1.1 200 OK..Server: Apache..ETag: "591
73381ba860afd89a5081254166e03:1429052426"..Last-Modified: Tue, 14 Apr 
2015 23:00:26 GMT..Date: Tue, 14 Apr 2015 23:47:49 GMT..Content-Length
: 724..Connection: keep-alive..Content-Type: application/pkix-crl..0..
.0..90...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equifa
x Secure Certificate Authority..150414224300Z..150424224300Z0...0....v
...140618150003Z0........140429180917Z0........140709194633Z0........1
40416233935Z0.....)..140617185515Z0....Bf..120627171053Z0.....3..02051
5130611Z0.....#..140606204021Z0........100729164439Z0........140606222
139Z0....%...020514181157Z0........140725020038Z0....M\..140430000442Z
0........100729164732Z0....uU..150118022133Z0....V...140624123102Z0...
.....120627171025Z0........140618143256Z0.....>..140711125531Z0
<<< skipped >>>


GET /b?c1=7&c2=2000001&c3=1&rn=1owhpjj&c7=http://VVV.koyotesoft.com/thankyou.php&c8=Thank you for installing our software&cv=1.7 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://s7.addthis.com/static/sh.0a1bbbc8.html
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: b.scorecardresearch.com
DNT: 1
Connection: Keep-Alive
Cookie: UID=120c9bfd-194.221.64.106-1384780341; UIDR=1384780341


HTTP/1.1 204 No Content
Content-Length: 0
Date: Tue, 14 Apr 2015 23:47:49 GMT
Connection: keep-alive
Set-Cookie: UID=120c9bfd-194.221.64.106-1384780341; expires=Mon, 03-Apr-2017 23:47:49 GMT; path=/; domain=.scorecardresearch.com
Set-Cookie: UIDR=1429055269; expires=Mon, 03-Apr-2017 23:47:49 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
HTTP/1.1 204 No Content..Content-Length: 0..Date: Tue, 14 Apr 2015 23:
47:49 GMT..Connection: keep-alive..Set-Cookie: UID=120c9bfd-194.221.64
.106-1384780341; expires=Mon, 03-Apr-2017 23:47:49 GMT; path=/; domain
=.scorecardresearch.com..Set-Cookie: UIDR=1429055269; expires=Mon, 03-
Apr-2017 23:47:49 GMT; path=/; domain=.scorecardresearch.com..P3P: pol
icyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"..Pragm
a: no-cache..Expires: Mon, 01 Jan 1990 00:00:00 GMT..Cache-Control: pr
ivate, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate..



GET /url/shares.json?url=http://VVV.koyotesoft.com&callback=_ate.cbs.sc_httpwwwkoyotesoftcom0 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: api-public.addthis.com
DNT: 1
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Tue, 14 Apr 2015 23:47:49 GMT
Content-Type: application/json
Content-Length: 72
Connection: keep-alive
Cache-Control: no-transform, must-revalidate, max-age=0, s-maxage=3600
Surrogate-Key: VVV.koyotesoft.com/
Last-Modified: Tue, 14 Apr 2015 23:40:41 GMT
Content-Encoding: gzip
X-Varnish: 2536702620 2536411340
Via: 1.1 varnish
CF-Cache-Status: EXPIRED
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 1d734c46c0240461-FRA
...........O,I.KN*. N..())(//..../I-.O I..5..V*.H,J-V..045..........4.
..HTTP/1.1 200 OK..Date: Tue, 14 Apr 2015 23:47:49 GMT..Content-Type: 
application/json..Content-Length: 72..Connection: keep-alive..Cache-Co
ntrol: no-transform, must-revalidate, max-age=0, s-maxage=3600..Surrog
ate-Key: VVV.koyotesoft.com/..Last-Modified: Tue, 14 Apr 2015 23:40:41
 GMT..Content-Encoding: gzip..X-Varnish: 2536702620 2536411340..Via: 1
.1 varnish..CF-Cache-Status: EXPIRED..Accept-Ranges: bytes..Server: cl
oudflare-nginx..CF-RAY: 1d734c46c0240461-FRA.............O,I.KN*. N..(
))(//..../I-.O I..5..V*.H,J-V..045..........4.....



GET /pagead/viewthroughconversion/1006373716/?random=1429055268177&cv=7&fst=1429055268169&num=2&fmt=1&label=RZXuCLy__AcQ1Jbw3wM&guid=ON&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: googleads.g.doubleclick.net
DNT: 1
Connection: Keep-Alive
Cookie: id=caebd6253000002||t=1384780400|et=730|cs=002213fd480c4c2631f7c541a4


HTTP/1.1 302 Found
P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Tue, 14 Apr 2015 23:47:48 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Location: hXXp://VVV.google.com/ads/user-lists/1006373716/?label=RZXuCLy__AcQ1Jbw3wM&fmt=1&num=2&cv=7&frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&random=2748859103
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: cafe
Content-Length: 76
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.5
............(....I.O.T(...I.UJJL.N/./.K.M.../.*)J. .H,J. Q......R`....
h.?.......


GET /pagead/viewthroughconversion/1050435832/?random=693854266&cv=7&fst=1429055268169&num=5&fmt=3&value=0&label=cHYlCKLXwwUQ-MHx9AM&bg=ffffff&hl=en&guid=ON&eid=317150502&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&convclickts=0&ocp_id=JKctVaGwEIyx8wOmpoCoAw HTTP/1.1


Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: googleads.g.doubleclick.net
DNT: 1
Connection: Keep-Alive
Cookie: id=caebd6253000002||t=1384780400|et=730|cs=002213fd480c4c2631f7c541a4


HTTP/1.1 302 Found
P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Tue, 14 Apr 2015 23:47:48 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Location: hXXp://VVV.google.com/ads/conversion/1050435832/?random=693854266&cv=7&fst=1429055268169&num=5&fmt=3&value=0&label=cHYlCKLXwwUQ-MHx9AM&bg=ffffff&hl=en&guid=ON&eid=317150502&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&cdct=2&convclickts=0&ocp_id=JKctVaGwEIyx8wOmpoCoAw&random=1053631945
Content-Type: image/gif
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.5
GIF89a.............!.......,...........D.;HTTP/1.1 302 Found..P3P: pol
icyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="C
URa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV O
TC NOI DSP COR"..Date: Tue, 14 Apr 2015 23:47:48 GMT..Pragma: no-cache
..Expires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, mus
t-revalidate..Location: hXXp://VVV.google.com/ads/conversion/105043583
2/?random=693854266&cv=7&fst=1429055268169&num=5&fmt=3&value=0&label=c
HYlCKLXwwUQ-MHx9AM&bg=ffffff&hl=en&guid=ON&eid=317150502&u_h=901&u_w=1
716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&
u_nmime=0&frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=
11&systemid=414&appid=0&type=New&vis=1&ctc_id=CAIVAgAAAB0C
AAAA&ct_cookie_present=false&cdct=2&convclickts=0&ocp_id=JKctVaGwEIyx8
wOmpoCoAw&random=1053631945..Content-Type: image/gif..X-Content-Type-O
ptions: nosniff..Server: cafe..Content-Length: 42..X-XSS-Protection: 1
; mode=block..Alternate-Protocol: 80:quic,p=0.5..GIF89a.............!.
......,...........D.;..
<<< skipped >>>


GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com


HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=512906
Content-Type: application/ocsp-response
Date: Tue, 14 Apr 2015 23:47:49 GMT
Etag: "552d58b9-1d7"
Expires: Tue, 21 Apr 2015 11:47:49 GMT
Last-Modified: Tue, 14 Apr 2015 18:13:13 GMT
Server: ECS (frf/8792)
X-Cache: HIT
Content-Length: 471
0..........0..... .....0......0...0.......>.i...G...&....cd ...2015
0413200000Z0s0q0I0... ............([email protected]....>.i...G...&...
.cd ........\..m. B.]......20150413200000Z....20150420200000Z0...*.H..
...........O...8/*wn..C.(9....IA.3.Ao..k...p..{|R..u.]..9...B..../C;..
...[....... =tHy...........-n.. ....s.7..?A.}.AbC....9T.b..?...O8...p\
..5hg.N)bJ.g._......cK....j._.S.78..............Y....d...n./l.)..-..W.
....l.(...".L.7.Kk....../}."...B/.n.6.......n.....tt Xg..HTTP/1.1 200 
OK..Accept-Ranges: bytes..Cache-Control: max-age=512906..Content-Type:
 application/ocsp-response..Date: Tue, 14 Apr 2015 23:47:49 GMT..Etag:
 "552d58b9-1d7"..Expires: Tue, 21 Apr 2015 11:47:49 GMT..Last-Modified
: Tue, 14 Apr 2015 18:13:13 GMT..Server: ECS (frf/8792)..X-Cache: HIT.
.Content-Length: 471..0..........0..... .....0......0...0.......>.i
...G...&....cd ...20150413200000Z0s0q0I0... ............(..A...B..G@B.
X....>.i...G...&....cd ........\..m. B.]......20150413200000Z....20
150420200000Z0...*.H.............O...8/*wn..C.(9....IA.3.Ao..k...p..{|
R..u.]..9...B..../C;.....[....... =tHy...........-n.. ....s.7..?A.}.Ab
C....9T.b..?...O8...p\..5hg.N)bJ.g._......cK....j._.S.78..............
Y....d...n./l.)..-..W.....l.(...".L.7.Kk....../}."...B/.n.6.......n...
..tt Xg......
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY+sl+j4yzQuAcL2oQno5fCgQUUWj/kK8CB3U8zNllZGKiErhZcjsCEAsUX59vUz7Ns8XhbIWWoEQ= HTTP/1.1


Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com


HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=513891
Content-Type: application/ocsp-response
Date: Tue, 14 Apr 2015 23:47:49 GMT
Etag: "552d5f0c-1d7"
Expires: Tue, 21 Apr 2015 11:47:49 GMT
Last-Modified: Tue, 14 Apr 2015 18:40:12 GMT
Server: ECS (frf/87C7)
X-Cache: HIT
Content-Length: 471
0..........0..... .....0......0...0......Qh.....u<..edb...Yr;..2015
0414182500Z0s0q0I0... .........&....~...B../j..._...Qh.....u<..edb.
..Yr;...._.oS>....l...D....20150414182500Z....20150421184000Z0...*.
H.............'T.B26..F.v...aK0...........0.4.z....A...t.w....z-......
.G.b.BWt..-]7.k....;........y.J...I #.. .'C).m#w......?..Cj_....J...r?
..3.j-.aD...v,a........$........u.@........^..%.}...L..LeP@_....(z..J.
.N.;Z.uY..<..z...`.(*..g..aM4...8.D.R.b].........n>b.0..;...HTTP
/1.1 200 OK..Accept-Ranges: bytes..Cache-Control: max-age=513891..Cont
ent-Type: application/ocsp-response..Date: Tue, 14 Apr 2015 23:47:49 G
MT..Etag: "552d5f0c-1d7"..Expires: Tue, 21 Apr 2015 11:47:49 GMT..Last
-Modified: Tue, 14 Apr 2015 18:40:12 GMT..Server: ECS (frf/87C7)..X-Ca
che: HIT..Content-Length: 471..0..........0..... .....0......0...0....
..Qh.....u<..edb...Yr;..20150414182500Z0s0q0I0... .........&....~..
.B../j..._...Qh.....u<..edb...Yr;...._.oS>....l...D....201504141
82500Z....20150421184000Z0...*.H.............'T.B26..F.v...aK0........
...0.4.z....A...t.w....z-.......G.b.BWt..-]7.k....;........y.J...I #..
 .'C).m#w......?..Cj_....J...r?..3.j-.aD...v,a........$........u.@....
....^..%.}...L..LeP@_....(z..J..N.;Z.uY..<..z...`.(*..g..aM4...8.D.
R.b].........n>b.0..;.....
<<< skipped >>>


GET /ads/conversion/960689598/?random=1684655829&cv=7&fst=1429055268169&num=1&fmt=3&label=39a2CIrd2gkQvuuLygM&bg=ffffff&hl=en&guid=ON&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&cdct=2&convclickts=0&ocp_id=JKctVb72C4P-8QPuuIFI&random=533510730 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Cookie: NID=67=tACTmxJZuQBCoaBTncvhIAUD4cmxVyWHHn36O7o00UcFdLAdd5eLP3n3BPq_mzmehpSBYrOWYKsj3MrQESLBCMdQXw2xML6zZg3qisLaobo6HxP4k_TCeJW2HZEUvIrs
DNT: 1
Connection: Keep-Alive
Host: VVV.google.com


HTTP/1.1 302 Found
Location: hXXp://VVV.google.com.ua/ads/conversion/960689598/?random=1684655829&cv=7&fst=1429055268169&num=1&fmt=3&label=39a2CIrd2gkQvuuLygM&bg=ffffff&hl=en&guid=ON&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&cdct=2&convclickts=0&ocp_id=JKctVb72C4P-8QPuuIFI&random=533510730&ipr=y
Cache-Control: private, max-age=43200
Date: Tue, 14 Apr 2015 23:47:48 GMT
Expires: Tue, 14 Apr 2015 23:47:48 GMT
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: adclick_server
Content-Length: 786
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.5
<HTML><HEAD><meta http-equiv="content-type" content="te
xt/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HE
AD><BODY>.<H1>302 Moved</H1>.The document has mov
ed.<A HREF="hXXp://VVV.google.com.ua/ads/conversion/960689598/?rand
om=1684655829&cv=7&fst=1429055268169&num=1&fmt=3&l
abel=39a2CIrd2gkQvuuLygM&bg=ffffff&hl=en&guid=ON&u_h=9
01&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&
;u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&ur
l=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=41
4&appid=0&type=New&vis=1&ctc_id=CAIVAgAAAB0CAAAA&c
t_cookie_present=false&cdct=2&convclickts=0&ocp_id=JKctVb7
2C4P-8QPuuIFI&random=533510730&ipr=y">here</A>...<
/BODY></HTML>......
<<< skipped >>>

GET /ads/conversion/992395230/?random=1820824389&cv=7&fst=1429055268169&num=7&fmt=3&value=0&label=GI3TCMK0ywQQ3v-a2QM&bg=ffffff&hl=en&guid=ON&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&cdct=2&convclickts=0&ocp_id=JKctVdScGYSL8wPWlYCYDw&random=553525008 HTTP/1.1


Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Cookie: NID=67=tACTmxJZuQBCoaBTncvhIAUD4cmxVyWHHn36O7o00UcFdLAdd5eLP3n3BPq_mzmehpSBYrOWYKsj3MrQESLBCMdQXw2xML6zZg3qisLaobo6HxP4k_TCeJW2HZEUvIrs
DNT: 1
Connection: Keep-Alive
Host: VVV.google.com


HTTP/1.1 302 Found
Location: hXXp://VVV.google.com.ua/ads/conversion/992395230/?random=1820824389&cv=7&fst=1429055268169&num=7&fmt=3&value=0&label=GI3TCMK0ywQQ3v-a2QM&bg=ffffff&hl=en&guid=ON&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&cdct=2&convclickts=0&ocp_id=JKctVdScGYSL8wPWlYCYDw&random=553525008&ipr=y
Cache-Control: private, max-age=43200
Date: Tue, 14 Apr 2015 23:47:48 GMT
Expires: Tue, 14 Apr 2015 23:47:48 GMT
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: adclick_server
Content-Length: 800
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.5
<HTML><HEAD><meta http-equiv="content-type" content="te
xt/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HE
AD><BODY>.<H1>302 Moved</H1>.The document has mov
ed.<A HREF="hXXp://VVV.google.com.ua/ads/conversion/992395230/?rand
om=1820824389&cv=7&fst=1429055268169&num=7&fmt=3&v
alue=0&label=GI3TCMK0ywQQ3v-a2QM&bg=ffffff&hl=en&guid=
ON&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&
;u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&
frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&s
ystemid=414&appid=0&type=New&vis=1&ctc_id=CAIVAgAAAB
0CAAAA&ct_cookie_present=false&cdct=2&convclickts=0&oc
p_id=JKctVdScGYSL8wPWlYCYDw&random=553525008&ipr=y">here<
;/A>...</BODY></HTML>....
<<< skipped >>>


POST /statistics/dm/install.php HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE; Win32)
Host: dm.mlstat.com
Content-Length: 897
Cache-Control: no-cache

4.1.0.3114Newen6.104141YesYesNoYesYesYesYesYesTypical1New
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Apr 2015 23:47:41 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=30
X-Server: waim1
Content-Length: 12
s2s: no hit.HTTP/1.1 200 OK..Server: nginx..Date: Tue, 14 Apr 2015 23:
47:41 GMT..Content-Type: text/html..Connection: keep-alive..Keep-Alive
: timeout=30..X-Server: waim1..Content-Length: 12..s2s: no hit...



GET /CRL/Omniroot2025.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: cdp1.public-trust.com


HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Last-Modified: Wed, 08 Apr 2015 19:45:01 GMT
ETag: "20103-6ca-5133bc4543d0a"
Accept-Ranges: bytes
Content-Type: application/x-pkcs7-crl
Connection: Keep-Alive
Date: Tue, 14 Apr 2015 23:49:29 GMT
Content-Length: 1738
0...0......0...*.H........0Z1.0...U....IE1.0...U....Baltimore1.0...U..
..CyberTrust1"0 ..U....Baltimore CyberTrust Root..150408171249Z..15070
7171749Z0...0....'k...120111220757Z0....'k...120111220847Z0....'.C..13
0130174530Z0....'....130807173059Z0....'....140122185220Z0....'....140
212185542Z0....'....141112202254Z0....'....100217174732Z0....'#...1003
03201301Z0....'!...100312202204Z0....''q..100414175202Z0....'L...11022
4181251Z0....'Pn..110309142119Z0....'....100216203312Z0....'#...100303
201213Z0....'3#..100908172555Z0....''n..101208175627Z0....''m..1012081
75749Z0....''p..101208175916Z0....'H...110114162156Z0#...'X>..11081
5145134Z0.0...U.......0#...'Z2..110818184101Z0.0...U.......0....'g...1
20111164333Z0....'g...120111164409Z0....'g...120111164519Z0....'....10
0216213519Z0....''s..100414175225Z0....''k..100414181839Z0....'3"..100
908172705Z0....'3$..100908172728Z0....''o..101208175645Z0....''l..1012
08175727Z0....'H...110119195142Z0....'Nz..110302154045Z0....'c...11120
7220933Z0....'g...120111164445Z0....''r..100414175143Z0....'8...101012
182723Z0....'e...120111163041Z0....'VJ..110714160903Z0....'s...1301231
62633Z0....'....130904190524Z0....'....131024214319Z0....'....14012917
2435Z0....'....140129172453Z0....'....131024214310Z0....'....131101204
601Z0....'....140219171632Z0....'.^..140409155638Z0....'i...1407091719
30Z0....'/:..141119193302Z0....'k...120111220827Z0....'8...14071619120
3Z0....'....131219195909Z0....'....140219171545Z..0.0...U........0...*
.H...............m.`..R.A27.E9z.t.....r.5n.............9=H"......!
<<< skipped >>>


GET /ads/conversion/1050435832/?random=1644799996&cv=7&fst=1429055268169&num=5&fmt=3&adtest=on&value=0&label=cHYlCKLXwwUQ-MHx9AM&bg=ffffff&hl=en&guid=ON&eid=317150502&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&cdct=2&convclickts=0&ocp_id=JKctVevvEYL-8AOkyoHoBw&random=1106911834&ipr=y HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
DNT: 1
Connection: Keep-Alive
Host: VVV.google.com.ua


HTTP/1.1 200 OK
Content-Type: image/gif
Date: Tue, 14 Apr 2015 23:47:48 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Server: adclick_server
Content-Length: 42
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.5
GIF89a.............!.......,...........D.;HTTP/1.1 200 OK..Content-Typ
e: image/gif..Date: Tue, 14 Apr 2015 23:47:48 GMT..Pragma: no-cache..E
xpires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, no-sto
re, must-revalidate..X-Content-Type-Options: nosniff..Server: adclick_
server..Content-Length: 42..X-XSS-Protection: 1; mode=block..Alternate
-Protocol: 80:quic,p=0.5..GIF89a.............!.......,...........D.;..



GET /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?9e6b604af514559e HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Tue, 24 Mar 2015 16:17:41 GMT
If-None-Match: "804047d4e66d01:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com


HTTP/1.1 304 Not Modified
Content-Type: application/octet-stream
Last-Modified: Tue, 24 Mar 2015 16:17:41 GMT
ETag: "804047d4e66d01:0"
Cache-Control: max-age=86400
Date: Tue, 14 Apr 2015 23:47:49 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: application/octet-stream..Las
t-Modified: Tue, 24 Mar 2015 16:17:41 GMT..ETag: "804047d4e66d01:0"..C
ache-Control: max-age=86400..Date: Tue, 14 Apr 2015 23:47:49 GMT..Conn
ection: keep-alive..



GET /pagead/viewthroughconversion/955861747/?random=1429055268244&cv=7&fst=1429055268169&num=4&fmt=1&label=XPluCIWZjgYQ85XlxwM&guid=ON&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: googleads.g.doubleclick.net
DNT: 1
Connection: Keep-Alive
Cookie: id=caebd6253000002||t=1384780400|et=730|cs=002213fd480c4c2631f7c541a4


HTTP/1.1 302 Found
P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Tue, 14 Apr 2015 23:47:48 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Location: hXXp://VVV.google.com/ads/user-lists/955861747/?label=XPluCIWZjgYQ85XlxwM&fmt=1&num=4&cv=7&frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&random=1818266846
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: cafe
Content-Length: 76
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.5
............(....I.O.T(...I.UJJL.N/./.K.M.../.*)J. .H,J. Q......R`....
h.?.......


GET /pagead/viewthroughconversion/1050435832/?random=1644799996&cv=7&fst=1429055268169&num=5&fmt=3&adtest=on&value=0&label=cHYlCKLXwwUQ-MHx9AM&bg=ffffff&hl=en&guid=ON&eid=317150502&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&convclickts=0&ocp_id=JKctVevvEYL-8AOkyoHoBw HTTP/1.1


Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: googleads.g.doubleclick.net
DNT: 1
Connection: Keep-Alive
Cookie: id=caebd6253000002||t=1384780400|et=730|cs=002213fd480c4c2631f7c541a4


HTTP/1.1 302 Found
P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Tue, 14 Apr 2015 23:47:48 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Location: hXXp://VVV.google.com/ads/conversion/1050435832/?random=1644799996&cv=7&fst=1429055268169&num=5&fmt=3&adtest=on&value=0&label=cHYlCKLXwwUQ-MHx9AM&bg=ffffff&hl=en&guid=ON&eid=317150502&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&cdct=2&convclickts=0&ocp_id=JKctVevvEYL-8AOkyoHoBw&random=1106911834
Content-Type: image/gif
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.5
GIF89a.............!.......,...........D.;HTTP/1.1 302 Found..P3P: pol
icyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="C
URa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV O
TC NOI DSP COR"..Date: Tue, 14 Apr 2015 23:47:48 GMT..Pragma: no-cache
..Expires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, mus
t-revalidate..Location: hXXp://VVV.google.com/ads/conversion/105043583
2/?random=1644799996&cv=7&fst=1429055268169&num=5&fmt=3&adtest=on&valu
e=0&label=cHYlCKLXwwUQ-MHx9AM&bg=ffffff&hl=en&guid=ON&eid=317150502&u_
h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true
&u_nplug=0&u_nmime=0&frm=0&url=http://VVV.koyotesoft.com/thankyou.ph
p?soft=11&systemid=414&appid=0&type=New&vis=1&ctc_id=C
AIVAgAAAB0CAAAA&ct_cookie_present=false&cdct=2&convclickts=0&ocp_id=JK
ctVevvEYL-8AOkyoHoBw&random=1106911834..Content-Type: image/gif..X-Con
tent-Type-Options: nosniff..Server: cafe..Content-Length: 42..X-XSS-Pr
otection: 1; mode=block..Alternate-Protocol: 80:quic,p=0.5..GIF89a....
.........!.......,...........D.;..
<<< skipped >>>


GET /thankyou.php?soft=11&systemid=414&appid=0&type=New HTTP/1.1
Accept: text/html, application/xhtml xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.koyotesoft.com
DNT: 1
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Tue, 14 Apr 2015 23:47:47 GMT
X-Server: web5
Content-Type: text/html
Set-Cookie: ln=en; path=/; domain=.koyotesoft.com
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=7200
Expires: Wed, 15 Apr 2015 01:47:47 GMT
X-Stat-Server: web5
Keep-Alive: timeout=7, max=1000
Connection: Keep-Alive
Transfer-Encoding: chunked
d23.............[{S.....f.;..{...qBx.H:i..-ly....b ...RK&.....#.N.....
n;.t&8....y.......z...>r.....gG.ud....T.....z..q|....:....e..i ....
mY.^/. .y...g...RTd..)4M...Q.mqw.4?.6:.G...]=&...6...$.]RI...%>..O.
...4...1Q.0|.\.G......N.l J.........4.Q!6........!Bl....C.(..b.p.dX...
.(.K%.o..>j.Q.t.K..?..>..).&.....as&.....8G.*.$..R.. ... .....e 
..;.}..C...........(.F..@......]1,....V....<|.(R.~c..Q.)....i...'S.
3.....a.&...%..-.6.-.bv..a..v..E:...J..78j5...e...{.F...}....ZM..R.U.2
.......N.S...ac/E_..iJc.8N....P6..T....|...~..a7m....'...,.z...../r9..
.m.J.9..}.{..6V....\r.{..).{.../o....k,.,..{..K.d.R.Kr..J.X.". ...I,..
..y.#&f..Kj.m..._....?...#....V..~..0.b;d..ZMO...n:..<...uVP.......
..R.......n..VBl.$.`<......&.._.3....m...F.u.....j. ..f..mm.6.[fQi.
.$.o(..PVQU..hi'.g.F... Jfl.<d2...s.p....DK..!sH.2.....A3.=.h..F...
!..Z.$./U..f..F..K..3 .....Q..%..N...N`.Z.z*q......vs.&..}.....'H$'d..
...e.QOn..y......Bay'..Y..k}...hz#.1..K.2!....lU.,1.0...F..}'=.#%..~G|
..3.C.*.j...`3{D......q.Z..~..n..)a.g.Q...7..:..CgN.....)...Yw...O....
....n*.........%....S.=....S.{.(.\ r*G......G<[email protected]..
@..Y..euq7.......w!...wH.8...c....F...[..i....`....(c.......:..6..1.z.
.....Tp%..&..qY.RR...... .js..(.P.A<...5=..] ..CI .%w[...q.Co......
`.JUs.V=..F..':...q*.k...0sP-t(G.. .D.g..h/..%[email protected]
...6P.:.......;B;. .u..-.....\.{[email protected]... <.&..!y...p....sr
..;.I ..jR...2.Q...#[email protected]...}..P...lC.W.aI..|.p.%........
...*I..E....?..... ....!....h.h..%\...*..D.M.I.hz.I.j........ .P@.
<<< skipped >>>

GET /styles/default/main.css HTTP/1.1


Accept: text/css
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.koyotesoft.com
DNT: 1
Connection: Keep-Alive
Cookie: ln=en


HTTP/1.1 200 OK
Date: Tue, 14 Apr 2015 23:47:47 GMT
Server: Apache
Last-Modified: Tue, 09 Sep 2014 12:46:55 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=7200
Expires: Wed, 15 Apr 2015 01:47:47 GMT
X-Stat-Server: web5
Content-Length: 1554
Keep-Alive: timeout=7, max=999
Connection: Keep-Alive
Content-Type: text/css
...........Xk..6.. ..j[)D<..!...~.4......&q.....I...^...&..v"..0..{
...9.....=.E............Zg...eI..|s..s\|9..\...e?|..W.Z}....!X./h.l...
. F*../ ......,K.u).e..zy...xyL..W..A.O.]..Z......I........6.-.(8.m.X.
.b]...`......\ ...T\..S.[.kq[...}....5.r......2T...V...6~....P........
.... .d.o..........8..i)... ].:Z7/...`...G.....P.pX.....zB..mb.gs.zB..
.(I.m.A....?.kI...K.3^|..v............m..~#...=.9O.>...b.B.uN..K..,
E.*...JR....k] g....(..y....^."@[.ol^.].U!..q<..E.sG..[."..........
6.`.E...~6.r.J.n.(R...(I.".C..u.6.....-..H..l.Z....F.AJ.\v..'| .P]...N
...7..l...]/#K.T~..Z.R._)k....{.V............m.....r=R.....xR.I.U}g.3.
[email protected].....~P.~..=G...V.u......8.%...........l...F.,-{.W....*xs..
.5Ro..(.;[email protected][...C...h...?.....r;.2...&.rW..>..W..C.3t.eI...
G.K....n..z.......a.-...:F..x;j.I8.2c*.....T"X.Zo.........f.0N.84.<
.....1y:2L......L..|....W....x....4g9..5<y..:M......=.....Q$m...c..
..x:..)[email protected]..<.G...5...,...A..s...rrg..^..
..])T..P..1.e.IQ=...Vs..l9^...&..F..._.N}g1.X......^I%1J.\.\. ?..zd5.Y
..u.NO......a.h3.3.8.W.ii...9.R..c.......0(.'..;...*rzL&.Q....oN......
6.......`p....Ge.q81....[.{.?.)X...q4q..9z..^...YO...;....S..d...R.%..
F......1..u.......|.C.J.[......p.;.....S.X.T....ngfcz..X..R..C.0......
....)kA.m.1......C...md.V...0k.Z.(.u.0.Ky..s...y...~.21m....P.LY......
..A..Q..c~....].wRx..S....|...7..|v.:...{d...h..WOz....f.P...S-&i.....
.3..%q.j.M..[.K....\W}.8..gA..4.l,..N...... .hN.......g.G..6...IJ5.G.d
t....k...Y....Ts...I...N.L.{......P..7|...K.~...-......up..qn...MK
<<< skipped >>>

GET /styles/default/small-box-free-mp3-wma-converter.png HTTP/1.1


Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.koyotesoft.com
DNT: 1
Connection: Keep-Alive
Cookie: ln=en


HTTP/1.1 200 OK
Date: Tue, 14 Apr 2015 23:47:47 GMT
Server: Apache
Last-Modified: Sun, 09 Jun 2013 21:04:19 GMT
Accept-Ranges: bytes
Content-Length: 10649
X-Stat-Server: web5
Keep-Alive: timeout=7, max=998
Connection: Keep-Alive
Content-Type: image/png
.PNG........IHDR..._...h......3,.....tEXtSoftware.Adobe ImageReadyq.e&
lt;..);IDATx..}..T...{[email protected]~.....d~'y.....dL&>3.,
.N..?q.c$......A.AP.Av.fi.}.....|...>u...j(.\........[.w.Uz{{a.. /.
.X.....[..o.w..i.....O.o.[:^.lV...X.b.<l.`......].~.........zzz.w..
.....X......-.....m/D<..v.F....v...DD...m..FD..E...^.8:..3..7EU..&.
.....9k.`.e.V...55./7...{xt..:C'.......T$........).Kg.3Xs.D..1..3...".
......n.......dm k/......E|zq..Q....H..........z...8.....{.....`.....L
@...e&H.=..z........./...FKY.J'.a^.{."...Ah.-W?....M..Y..x.!...#....!.
.....=..U....gY..e.?...EV$kh.~.IS<.h......=.E...g../...W.;...x.7.1.
A.0.H...%....d$_.....,. "~8...hApI:dF.I|"W......x..%R<\.z.dmG.<.
F|E&...0W..@P..|[email protected].".C"..........L.=.68?....G......
rE4.=..H.'..2.. ...'..5...z$.J ...FS....}PzYEq tl#<.~....xO..G....;
.....r:8c.X....w.....K...ABB.7.....,.ap.{).(.L..Z<b.....Y.....j....
...........(.4.v?.../!\..../[email protected]<..<...Jh..A).....J:s.{X<2
......&....W..|..t@=.!..~...J..&"P...,q....x)~{:..c.]..Zv).7~........d
[email protected](........c@....;...hY.,..A.:......f(..q&..6.m...}P.....
..@E<-..W../TQH..b'....|.(.B0.h;. ....?.g^...<.j.Bq....I.....$."
d..#..U....\......X..m.nh..;.?rnf1...IC....f..2.md.hM.i...F..b!/'c..P.
..0IU.t..{.G...eD.....1.k........r.....e..pbj.^.&~...AkX...A.......2..
P..2.a/_...]..~.....x.....b.c.#*l.. ....#"...y<..!...t.N..h%.......
..j...........-...._.Z6...j ....!.[......M.D.c..j.D.....")%%-/r/O.....
c.a......,.o...tv.pOY.{.y.U....f...AH1.W<.?|.6......ux..[......
<<< skipped >>>

GET /styles/default/top-header.jpg HTTP/1.1


Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.koyotesoft.com
DNT: 1
Connection: Keep-Alive
Cookie: ln=en


HTTP/1.1 200 OK
Date: Tue, 14 Apr 2015 23:47:48 GMT
Server: Apache
Last-Modified: Sun, 09 Jun 2013 21:04:19 GMT
Accept-Ranges: bytes
Content-Length: 43799
Cache-Control: max-age=86400
Expires: Wed, 15 Apr 2015 23:47:48 GMT
X-Stat-Server: web5
Keep-Alive: timeout=7, max=997
Connection: Keep-Alive
Content-Type: image/jpeg
......JFIF.....d.d......Ducky.......Z......Adobe.d....................
......................................................................
.........................................................k............
......................................................................
.............!..1...AQa"...q.2#...B.......Rbr.3.$.%U.V.W....S.4X..Cs.t
...DT......d..5e&6v.'7.......................!..1A..Qa...q.."..2BR.d..
.br....#3S.T.....Cs..$4.D5c....t%6.............?.UU..7.s.......RU[..V.
Z&....../.a.j..%N........*3 \[email protected]..&..L.\.<..S......".4.j..d.
....Q..'.... [email protected].*P..C.D...a......S...R.K........[.M.i.F..]...75%
..O..'....[..j.1.9..)B..... .hH........:..TN...V-......<.PO'.6r._s.
w..v*.]..Q..yK..^!j...m..Yr.b.Y3(.S.k..U.].....}Q........e.......R..U.
{.P.s...4}..,c..u4..M..D.....$..I<.k...}Kp...4v'iAQ...~..r..28.....
...`[email protected].:.....M.?!...Q
l.O....FX...E%..L6.a.:.BJ.ET8.G....P.t.;...,4.SMr.HRFj<G..[.F....J.
...)..T.\..A.;.Y..&..}S]RYR..^U.......s......7 ..........(......$ln..o
M27......z..d.Eq.q....a.m..T...i.U|.N"[email protected]|...x....o..../ht...
m4.Ff.%UH.<M1........Fh...4R..;V[....P.7....4.q.;6.(..7p..~7.......
1e:.t.....;].8}. Aj..&..f.T.RZ...(..(.Z..z ..........JI.}RQ..P.......[
P]J.x.&..E0U.....3...&...V.#....|%..6.T{.#..[%....E.).jU.g~....Z......
>e...o.... n.C*...d..G....<x..ZShB.:k...1...\..;.m..z5.......n.|
.%..cK.ZH=J9..(...[.....u..w....Y...u....\B..ZZq...kNc.....{_...u.....
8.G..$-......]...m..h...vi....-m.....Q..I...9S..yA...'...y.Ww7....
<<< skipped >>>

GET /images/favicon.ico HTTP/1.1


Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Host: VVV.koyotesoft.com
DNT: 1
Connection: Keep-Alive
Cookie: ln=en; __utma=76211983.1903611302.1429055269.1429055269.1429055269.1; __utmb=76211983.2.10.1429055269; __utmc=76211983; __utmz=76211983.1429055269.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmt_~1=1; __atuvc=1|15; __atuvs=552da72496aa85e6000


HTTP/1.1 200 OK
Date: Tue, 14 Apr 2015 23:47:51 GMT
Server: Apache
Last-Modified: Sun, 09 Jun 2013 21:04:19 GMT
Accept-Ranges: bytes
Content-Length: 894
X-Stat-Server: web5
Keep-Alive: timeout=7, max=996
Connection: Keep-Alive
Content-Type: image/x-icon
..............h.......(....... .......................................
.............xxxnnn.................................___...............
...111.....................>>>""#............................
.......................bb_..............................OOO......Z..D.
.....q..k.R........WXX...............|......q..o..m..p..y.9...q..x.u..
...vyzyyy.........R...t..s..t..s..u..t..t..t..t.'.....jjiedd...(''...[
...y..y.)..l..!..%...z.k........755]]\......FGG......$..z.....h.....V.
....NNM......vwv$$$#$$~..o..8..=..I..w..G..9..i.....$$$$%%*  ...,,,...
...V..=..A..@..>..A..X..Q.....:89,,,ZZZ...<==<==...L..J......
.................JLL333.........<;<...U........PPN......uuw[ZWno
nHFGWWW.........utu.........FFFFFFFFFFFFFFFFFFFFFMMM..................
...CCCDDDCCCCCCCCCCCCBBB\\\........................uuuAAA;;;;;;;;;]]].
......................................................................
........HTTP/1.1 200 OK..Date: Tue, 14 Apr 2015 23:47:51 GMT..Server: 
Apache..Last-Modified: Sun, 09 Jun 2013 21:04:19 GMT..Accept-Ranges: b
ytes..Content-Length: 894..X-Stat-Server: web5..Keep-Alive: timeout=7,
 max=996..Connection: Keep-Alive..Content-Type: image/x-icon..........
......h.......(....... ...............................................
.....xxxnnn.................................___..................111..
...................>>>""#....................................
...............bb_..............................OOO......Z..D......q..
k.R........WXX...............|......q..o..m..p..y.9...q..x.u.....v
<<< skipped >>>


GET /static/menu.de4757db7c1fd78e7562.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: s7.addthis.com
DNT: 1
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Tue, 14 Apr 2015 23:47:48 GMT
Content-Type: text/javascript
Content-Length: 18933
Connection: keep-alive
Last-Modified: Tue, 14 Apr 2015 21:34:13 GMT
Content-Encoding: gzip
Cache-Control: public, no-check, max-age=86313600
CF-Cache-Status: HIT
Accept-Ranges: bytes
X-Host: s7.addthis.com
Server: cloudflare-nginx
CF-RAY: 1d734c451c27046d-FRA
...........}{.......)$..".`Y....B.4i..4m.&=i....$JbL.*IYv-.g.....E9IO.
....a.x...f.3../6.w ..{..{...:..Q..! X....F...}...,9q.E.........=q.n..
}..vo7...7t..j{...=~|....-..|....w....?..|{......'."..h}........o.a'_.
Q.:.w.N.&.b........ix...u:....2.......l..7<k. .7....W. ...K~....5?.
.?.Z.k............_..............q.....v...7.]8.5.WE.%s7....t.f.x.....
C.M..7.....>..e.n...4s1.........h.a.d^.y....".......`uY\y.4).d.6...
T..(o':..eOb..V...u.aQ0M'.e..f.E'M..;HO.[.5...e.~..}...>..?w.y4ty..
u.....d..Z.q3.GG..v........".(..T-.5u..7~.D..a...wq.8.u......t..|.) .$
:..WM.Wn...h.q...~.......... [email protected]
V........I...{.S...*r..j...Y...[x.....r.ag.....(<........B.`.v.<
.q....U..w0..^c..a.(.M1X....0..f....$/.......*Lg....p.3........};.91{.
(.j=.../ar[...r.....VYt% ."..'.....]./A1t&1.s.w....[..V..B>/qg....w
~.&!...v.aD....Is{..'..'.A..6..|.....m*(..[h.............p.=..Mc[N.A..
p.v.v.''...O<[email protected](.&..q.d....
t.&.......q:.>........\.z..y....'C.W...0......&.{....t.V|..Q ..<
6..r}..?|...B.#r.........d....Zjr.C{....7{.M.M...|]. Q...*[email protected].
.....^....2..&........5g..Qf.F.EQS..r..#...SJ..Q..it....~.Q$F.. ._w...
.8_.X^.X[...h..`.....0...vt.{'.di...o....p,.....mX..fi.WeE..0..,...Z..
].8$...."f#@*..a<.........f.h"..Kz>rV....TVV)..]....*.2.ma..V.J 
EM .-...&R..6.....1..^$..O.J.......`... [email protected] ..a
.r9c/...3..:]y.K3..YW.$.F...i....y.e]c.?.....>.wM|.L.F.....p.Du..Vi
[email protected].,...WW|IDe.YDq.....$...P7rt.....
<<< skipped >>>


GET /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?0ac1263c79154a8f HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Tue, 24 Mar 2015 16:17:41 GMT
If-None-Match: "804047d4e66d01:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com


HTTP/1.1 304 Not Modified
Content-Type: application/octet-stream
Last-Modified: Tue, 24 Mar 2015 16:17:41 GMT
ETag: "804047d4e66d01:0"
Cache-Control: max-age=86400
Date: Tue, 14 Apr 2015 23:47:49 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: application/octet-stream..Las
t-Modified: Tue, 24 Mar 2015 16:17:41 GMT..ETag: "804047d4e66d01:0"..C
ache-Control: max-age=86400..Date: Tue, 14 Apr 2015 23:47:49 GMT..Conn
ection: keep-alive..



GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAhFdyHYrCjz HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com


HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Apr 2015 16:55:56 GMT
Expires: Sat, 18 Apr 2015 16:55:56 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Cache-Control: public, max-age=345600
Age: 24714
Alternate-Protocol: 80:quic,p=0.5
0..........0..... .....0......0...0......J......h.v....b..Z./..2015041
4070513Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
..Ew!..(.....20150414070513Z....20150421070513Z0...*.H.............g..
....e.&..Q..C-....0*....S.>..5..N.R./.....9.Z^..@>.f.s..........
N3\H.|.\\..O...AT...^8W0~>..........HzQ.c..<J..2v"^s..rM;6D.... 
...R.....G(r.K.....Q.y..C.g.u..)C.B...T.c:...y[5U3..Q.\.z........D.E.l
....'...Q0......:..[.3..)..Rj..RR..(BV(....4.^.t..8Mz..HTTP/1.1 200 OK
..Content-Type: application/ocsp-response..Date: Tue, 14 Apr 2015 16:5
5:56 GMT..Expires: Sat, 18 Apr 2015 16:55:56 GMT..Server: ocsp_respond
er..Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Opti
ons: SAMEORIGIN..Cache-Control: public, max-age=345600..Age: 24714..Al
ternate-Protocol: 80:quic,p=0.5..0..........0..... .....0......0...0..
....J......h.v....b..Z./..20150414070513Z0k0i0A0... ..........j.....p.
I.#z...(~d..J......h.v....b..Z./...Ew!..(.....20150414070513Z....20150
421070513Z0...*.H.............g......e.&..Q..C-....0*....S.>..5..N.
R./.....9.Z^..@>.f.s..........N3\H.|.\\..O...AT...^8W0~>........
..HzQ.c..<J..2v"^s..rM;6D.... ...R.....G(r.K.....Q.y..C.g.u..)C.B..
.T.c:...y[5U3..Q.\.z........D.E.l....'...Q0......:..[.3..)..Rj..RR..(B
V(....4.^.t..8Mz......
<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCGtwRpJBuewH HTTP/1.1


Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com


HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Apr 2015 16:53:30 GMT
Expires: Sat, 18 Apr 2015 16:53:30 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Cache-Control: public, max-age=345600
Age: 24860
Alternate-Protocol: 80:quic,p=0.5
0..........0..... .....0......0...0......J......h.v....b..Z./..2015041
4070543Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
.kpF.A.......20150414070543Z....20150421070543Z0...*.H.............~&.
.r.2K......X.%..%G.....#.!.V...9px.<-:...)_...b.<...g.N....}....
.nL.,q.......M.;..ll. -F6Q'l.).6M(.. ....Y;..;W.jA...H..q!].......1r..
..r.*._:...C>.._.x.s}PX..S.c.....k...-~..t..%EY....\N.l...........m
.c.[..0.L... mbU.G..}.~..[[email protected]...........|.&6...HTTP/1.1 200 OK..C
ontent-Type: application/ocsp-response..Date: Tue, 14 Apr 2015 16:53:3
0 GMT..Expires: Sat, 18 Apr 2015 16:53:30 GMT..Server: ocsp_responder.
.Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options
: SAMEORIGIN..Cache-Control: public, max-age=345600..Age: 24860..Alter
nate-Protocol: 80:quic,p=0.5..0..........0..... .....0......0...0.....
.J......h.v....b..Z./..20150414070543Z0k0i0A0... ..........j.....p.I.#
z...(~d..J......h.v....b..Z./..kpF.A.......20150414070543Z....20150421
070543Z0...*.H.............~&..r.2K......X.%..%G.....#.!.V...9px.<-
:...)_...b.<...g.N....}.....nL.,q.......M.;..ll. -F6Q'l.).6M(.. ...
.Y;..;W.jA...H..q!].......1r....r.*._:...C>.._.x.s}PX..S.c.....k...
-~..t..%EY....\N.l...........m.c.[..0.L... mbU.G..}.~..[[email protected]......
.....|.&6.....
<<< skipped >>>


GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cache-Control: max-age=392832, public, no-transform, must-revalidate
Last-Modified: Sun, 12 Apr 2015 12:55:22 GMT
Expires: Sun, 19 Apr 2015 12:55:22 GMT
Date: Tue, 14 Apr 2015 23:51:32 GMT
Connection: keep-alive
0..........0..... .....0......0...0......'.V.8.F.V....H....JW..2015041
2125522Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5......
..M.s.Q~...@?j.......20150412125522Z....20150419125522Z0...*.H........
......BU$.cve..io'...N..O.....X4...6.>...3...._.y....U...>{....~
.9.6.M.I..^..X.K..'.........zM......<........E....4ob/.)*....G\.L;O
..H.../......XG.L9....%*.%.0.yS......q...J4.....M...oU2.x.......e.!...
...E=....O..#.i..!."....L!..L:a....z.T.$.......O...U....7y.F...#0...0.
..0..........r..?.*......y"..0...*.H........0..1.0...U....US1.0...U...
.VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of us
e at hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Cod
e Signing 2009-2 CA0...150226000000Z..150527235959Z0..1.0...U....US1.0
...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Term
s of use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign C
lass 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0....
.........m5*R........2....>...yU4..L.. ...........u..Hez..Pn.....d.
..nz(...V7.}^...d!RX...bl..[..a...L.. .~..Ij......%..%p.-...u..:..i..F
*]...*....{NH..|0...gHX.Q.r....S..........._.9.(w...suC...N..s.....&."
...:.C.Q.i~rl..<..krS..8.B..o][email protected]
...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.v
erisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS i
ncorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...
U........0... .....0......0"..U....0...0.1.0...U....TGV-B-32010...
<<< skipped >>>


GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAhFdyHYrCjz HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com


HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Apr 2015 16:46:04 GMT
Expires: Sat, 18 Apr 2015 16:46:04 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Cache-Control: public, max-age=345600
Age: 25306
Alternate-Protocol: 80:quic,p=0.5
0..........0..... .....0......0...0......J......h.v....b..Z./..2015041
4070513Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
..Ew!..(.....20150414070513Z....20150421070513Z0...*.H.............g..
....e.&..Q..C-....0*....S.>..5..N.R./.....9.Z^..@>.f.s..........
N3\H.|.\\..O...AT...^8W0~>..........HzQ.c..<J..2v"^s..rM;6D.... 
...R.....G(r.K.....Q.y..C.g.u..)C.B...T.c:...y[5U3..Q.\.z........D.E.l
....'...Q0......:..[.3..)..Rj..RR..(BV(....4.^.t..8Mz..HTTP/1.1 200 OK
..Content-Type: application/ocsp-response..Date: Tue, 14 Apr 2015 16:4
6:04 GMT..Expires: Sat, 18 Apr 2015 16:46:04 GMT..Server: ocsp_respond
er..Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Opti
ons: SAMEORIGIN..Cache-Control: public, max-age=345600..Age: 25306..Al
ternate-Protocol: 80:quic,p=0.5..0..........0..... .....0......0...0..
....J......h.v....b..Z./..20150414070513Z0k0i0A0... ..........j.....p.
I.#z...(~d..J......h.v....b..Z./...Ew!..(.....20150414070513Z....20150
421070513Z0...*.H.............g......e.&..Q..C-....0*....S.>..5..N.
R./.....9.Z^..@>.f.s..........N3\H.|.\\..O...AT...^8W0~>........
..HzQ.c..<J..2v"^s..rM;6D.... ...R.....G(r.K.....Q.y..C.g.u..)C.B..
.T.c:...y[5U3..Q.\.z........D.E.l....'...Q0......:..[.3..)..Rj..RR..(B
V(....4.^.t..8Mz....
<<< skipped >>>


GET /styles/default/small-box-free-easy-cd-dvd-burner.png HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.koyotesoft.com
DNT: 1
Connection: Keep-Alive
Cookie: ln=en


HTTP/1.1 200 OK
Date: Tue, 14 Apr 2015 23:47:47 GMT
Server: Apache
Last-Modified: Sun, 09 Jun 2013 21:04:19 GMT
Accept-Ranges: bytes
Content-Length: 13127
X-Stat-Server: web3
Keep-Alive: timeout=7, max=1000
Connection: Keep-Alive
Content-Type: image/png
.PNG........IHDR..._...h......3,.....tEXtSoftware.Adobe ImageReadyq.e&
lt;....iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.0-c061 64.140949, 2010/12/07-10:57:01        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpRights="hXXp://ns.adobe.com
/xap/1.0/rights/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:
stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http
://ns.adobe.com/xap/1.0/" xmpRights:Marked="False" xmpMM:OriginalDocum
entID="uuid:FCCDD02FF8D6E011B33FBF95E2CA3554" xmpMM:DocumentID="xmp.di
d:C5D30FBF5C7311E1AF77BBD5778D3C92" xmpMM:InstanceID="xmp.iid:C5D30FBE
5C7311E1AF77BBD5778D3C92" xmp:CreatorTool="Adobe Photoshop CS5.1 Windo
ws"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:F436284F705CE1
11BFBF99EA98E50F8C" stRef:documentID="uuid:FCCDD02FF8D6E011B33FBF95E2C
A3554"/> </rdf:Description> </rdf:RDF> </x:xmpmeta&g
t; <?xpacket end="r"?>....../.IDATx..}y.]U..:..C.c.*......V.....
"<en.}...VQ.E}.>.........>Z[.^7..4j...>&.A...C #d..*..<
.....o..O..uo......wr..{.=....o.....r...Q(.(..R(.".u.q..oY..g...:..P..
.|.?...b.H.pX.....{.....k.D".8..........llM......l.A.y...O..{y.8.)f.E.
.}[email protected],..6.$?'.p..w..lH.7..*{.\...6........
.....`!..)..n6b.*...a...6....:<.....1u<......p.Dl..z........9.\.
.........i.6..........~P..ZF.. am.J..*k...1.#..b.'..ia..B.s9X)....
<<< skipped >>>

GET /styles/default/background.gif HTTP/1.1


Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.koyotesoft.com
DNT: 1
Connection: Keep-Alive
Cookie: ln=en


HTTP/1.1 200 OK
Date: Tue, 14 Apr 2015 23:47:48 GMT
Server: Apache
Last-Modified: Sun, 09 Jun 2013 21:04:19 GMT
Accept-Ranges: bytes
Content-Length: 178
Cache-Control: max-age=86400
Expires: Wed, 15 Apr 2015 23:47:48 GMT
X-Stat-Server: web3
Keep-Alive: timeout=7, max=999
Connection: Keep-Alive
Content-Type: image/gif
GIF89a.......S.....888>>>!.......,...........................
..H...........L...............W..}..R.t..Oh...^.Y.v.=v.Em.9&..gf.....s
..^...yi..'V.@Xhx..........)9IYiy..........Y..;....


GET /styles/default/thumbsup.gif HTTP/1.1


Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.koyotesoft.com
DNT: 1
Connection: Keep-Alive
Cookie: ln=en


HTTP/1.1 200 OK
Date: Tue, 14 Apr 2015 23:47:48 GMT
Server: Apache
Last-Modified: Sun, 09 Jun 2013 21:04:19 GMT
Accept-Ranges: bytes
Content-Length: 3379
Cache-Control: max-age=86400
Expires: Wed, 15 Apr 2015 23:47:48 GMT
X-Stat-Server: web3
Keep-Alive: timeout=7, max=998
Connection: Keep-Alive
Content-Type: image/gif
GIF89ab.I.............................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
...........!.......,....b.I........H...........&..#J.H1a......0/....*.
.I.b..|t]......0c.|....?..PZ.........J.a...:... ..I....U.....P..W.....
.,:3....h....!.'...} .G.>:O.]L.W$.w........G{...b.h...!..s..&......
...!.\D..p.......'I..?x.............i.jk..-.c...)...,q ...}R...).5r...
....j.........(?..d...9.~./[email protected]...........^.A6...h..`..
.......2.FV.8v<....>A....AF...c.8...O.n8.. D...h,....>d`.|...
.!x8...< .cZ([email protected]'.....e@!F4.>Y.....L...h.,[email protected]
.. .....0PR..b.q.K.q...........'B.x.....2.|..`..*` j.!....c....8\...7`
..J.L.2.A....,...Y........A...,a./q.q.#7\......."........'.>. ..~..
.(..1..b......a.%.@..!D.q.."....x.CG.jt;...x`......#k..G!.(..0....(...
../...,...N,{..H.B.3).\.!C.o9.Z.2`....... 'X...ltA.....H...b....sH
<<< skipped >>>


GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9+WQCtWAQU1A1lP3q9NMb+R+dMDcC98t4Vq3ECECVRccvD8Qb29B4D63fPT+k= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.thawte.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1396
content-transfer-encoding: binary
Cache-Control: max-age=528054, public, no-transform, must-revalidate
Last-Modified: Tue, 14 Apr 2015 02:30:17 GMT
Expires: Tue, 21 Apr 2015 02:30:17 GMT
Date: Tue, 14 Apr 2015 23:51:34 GMT
Connection: keep-alive
0..p......i0..e.. .....0.....V0..R0......Qw.}`[email protected]
4023017Z0s0q0I0... ........l....r.vdv0..*.~Y..X....e?z.4..G.L.......q.
.%Qq.........w.O.....20150414023017Z....20150421023017Z0...*.H........
.....j..f.... %).r...J..4.3T.<..gD.R.mw.>g.A..`.......M.........
A.19.#&W3...7.?.1..G.k...o.jy....i..#....E...Ls%0.h.............i.....
.i....#.........mc......./[email protected]}.c.z....6.R....S..
.e$.JdZY..g8...D.......z/.........7j.]Mx.P5....?C".....Q3....0...0...0
..y.......^..........N...)0...*.H........0J1.0...U....US1.0...U....Tha
wte, Inc.1$0"..U....Thawte Code Signing CA - G20...150303000000Z..1506
01235959Z0Y1.0...U....US1.0...U....Thawte, Inc.1301..U...*Thawte Code 
Signing CA - G2 OCSP Responder0.."0...*.H.............0............).Z
.......O.~.l...,\.3.".'.'W .ih./..}OA...K...HJd....K^..<.....-.rWJ.
j.U.._......W.../.6....J.y.u-.\...2..U.52B.>...=F...RbR.y.zm.......
{b.bj....Y..J..m...*=.^......V.}p......rmA......9.L ...{?.g.-Y........
....8...k.$.:.5..6#4..F.#....t.B.8.O)'F.p).........d0b0...U....0.0...U
.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U..
..TGV-B-32450...*.H..............C.....8.Aw.{....`...y1N...W4M..M.J.3~
..7#}..X..:x..5....$...Z^%.?6..e...}I.)....... .A.w......_...B..j.T..Y
u.o.....g....H....q.Ju.SA`K.....~..O_.....S....I>..O.X..E.......]..
.y..L..F....K......../...._XSk6.:a};.?`...:^.....p....4Z.3L;.......t..
..>.....j....
<<< skipped >>>


GET /newtab/geoip.php HTTP/1.1
User-Agent: NSIS_DOWNLOAD
Host: search.vmn.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Date: Wed, 15 Apr 2015 00:46:42 GMT
Server: Microsoft-IIS/5.0
Keep-Alive: timeout=2, max=40
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/xml
56 ..<?xml version="1.0" encoding="ISO-8859-1"?>.<geaodata>
;.<country id='US'/>.</geaodata>...0..HTTP/1.1 200 OK..Dat
e: Wed, 15 Apr 2015 00:46:42 GMT..Server: Microsoft-IIS/5.0..Keep-Aliv
e: timeout=2, max=40..Connection: Keep-Alive..Transfer-Encoding: chunk
ed..Content-Type: text/xml..56 ..<?xml version="1.0" encoding="ISO-
8859-1"?>.<geaodata>.<country id='US'/>.</geaodata&g
t;...0..



GET /appli/Setup_FreeVideoConverter.exe HTTP/1.1
Accept: text/html, application/xhtml xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.koyotesoft.com
DNT: 1
Connection: Keep-Alive
Cookie: __atuvc=1|15; __atuvs=552da72496aa85e6000; __utma=76211983.1903611302.1429055269.1429055269.1429055269.1; __utmb=76211983.2.10.1429055269; __utmz=76211983.1429055269.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmt_~1=1; ln=en; __utmc=76211983


HTTP/1.1 302 Found
Date: Tue, 14 Apr 2015 23:48:12 GMT
Location: hXXp://download.cdn.koyotesoft.com/cdn/r/0/FreeVideoConverterSetup-r0-n-bi.exe
X-Server: web5
Content-Length: 0
Content-Type: text/html
Set-Cookie: ln=en; path=/; domain=.koyotesoft.com
Cache-Control: max-age=7200
Expires: Wed, 15 Apr 2015 01:48:12 GMT
X-Stat-Server: web5
Keep-Alive: timeout=7, max=1000
Connection: Keep-Alive
HTTP/1.1 302 Found..Date: Tue, 14 Apr 2015 23:48:12 GMT..Location: htt
p://download.cdn.koyotesoft.com/cdn/r/0/FreeVideoConverterSetup-r0-n-b
i.exe..X-Server: web5..Content-Length: 0..Content-Type: text/html..Set
-Cookie: ln=en; path=/; domain=.koyotesoft.com..Cache-Control: max-age
=7200..Expires: Wed, 15 Apr 2015 01:48:12 GMT..X-Stat-Server: web5..Ke
ep-Alive: timeout=7, max=1000..Connection: Keep-Alive..



GET /PublicSureServerSV.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.omniroot.com


HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=864000
Content-Type: application/x-pkcs7-crl
Date: Tue, 14 Apr 2015 23:47:52 GMT
Etag: "2b0023-48144-3c8fdc0"
Expires: Fri, 24 Apr 2015 23:47:52 GMT
Last-Modified: Tue, 14 Apr 2015 22:47:27 GMT
Server: ECS (frf/87C8)
X-Cache: HIT
X-Cnection: close
Content-Length: 295236
0...?0...&...0...*.H........0F1.0...U....Cybertrust Inc1 0)..U..."Cybe
rtrust Public SureServer SV CA..150414223352Z..150424223352Z0...w0....
..... .Lz...101018164835Z0.........,.)5...101116173409Z0.........,U..I
..101116165848Z0.........,U./...101116173007Z0.........,U.h...10111617
2944Z0.........,V.bC..101116193600Z0.........,V.[H..101116193534Z0....
.....,V3Y)..101116193648Z0.........,V5._..101116193745Z0.........,Vg.z
..101116194901Z0.........,Vh....101116194922Z0.........,Vn.4..10111619
5619Z0.........,Vqvg..101116195553Z0.........,_..(..101118145747Z0....
.....-..4...110315204303Z0........../P....120206141831Z0..........I..@
..120124180322Z0..........JP....110222182509Z0..........Jf/Y..12021314
2815Z0..........Jf.P..120213142915Z0..........OT....120221131614Z0....
......YQ.1..120220131256Z0..........Y`?W..120220131507Z0..........Yuu.
..120220131416Z0..........^..^..111007192320Z0..........`.w...12021314
4727Z0..........`.y...120213145412Z0..........`.&...120130163851Z0....
......hlG...120213145015Z0..........h.....120130140408Z0............j.
..120110213653Z0...........}....110406160143Z0............$...11040100
5006Z0................110401005536Z0............W...120308151704Z0....
.........h..120228141105Z0................110314145902Z0............`.
..110322142311Z0................110322142551Z0............lb..12011021
3802Z0.............0..130201130700Z0............OB..110321165802Z0....
.........o..110321172720Z0...........g.:..120221183148Z0...........Ud.
..110516131110Z0............h5..120229174140Z0................1202
<<< skipped >>>


GET /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?3cac9b9bb275f6a9 HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Tue, 24 Mar 2015 16:17:41 GMT
If-None-Match: "804047d4e66d01:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com


HTTP/1.1 304 Not Modified
Content-Type: application/octet-stream
Last-Modified: Tue, 24 Mar 2015 16:17:41 GMT
ETag: "804047d4e66d01:0"
Cache-Control: max-age=86400
Date: Tue, 14 Apr 2015 23:47:49 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: application/octet-stream..Las
t-Modified: Tue, 24 Mar 2015 16:17:41 GMT..ETag: "804047d4e66d01:0"..C
ache-Control: max-age=86400..Date: Tue, 14 Apr 2015 23:47:49 GMT..Conn
ection: keep-alive..



GET /Stubs/FreeVideoConverter/001/FreeVideoConverter_stub.exe HTTP/1.1
Authorization: Basic Og==
Host: download.koyotesoft.com
Accept: */*
Accept-Encoding: identity


HTTP/1.1 200 OK
Date: Tue, 14 Apr 2015 23:47:00 GMT
Server: Apache
Last-Modified: Wed, 09 Nov 2011 16:35:19 GMT
Accept-Ranges: bytes
Content-Length: 3818372
Cache-Control: max-age=2592000
Expires: Thu, 14 May 2015 23:47:00 GMT
X-Stat-Server: web6
Content-Type: application/octet-stream
MZP.....................@.............................................
..!..L.!..This program must be run under Win32..$7....................
......................................................................
..............................................PE..L....^B*............
.........F......`.............@..........................@............
[email protected]........,......................
......................................................................
..............CODE................................ ..`DATA....L.......
....................@...BSS.....T................................idata
[email protected]................................
[email protected]....................
[email protected]....,.......,[email protected].............@..
[email protected]..............................................
......................................................................
..............................................string................&l
t;[email protected].@..........)@..(@..(@..)@.....$)@..Free..0)@..InitInstance.
.L)@..CleanupInstance..h(@..ClassType..l(@..ClassName...(@..ClassNameI
s...(@..ClassParent...)@..ClassInfo...(@..InstanceSize...)@..InheritsF
rom...)@..Dispatch...)@..MethodAddress..<*@..MethodName..x*@..Field
Address...)@..DefaultHandler...(@..NewInstance...(@..FreeInstance.TObj
ect.@...@..% .@....%..@....%..@....%..@....%..@....%..@....%..@....%(.
@....%..@....%..@....%..@....%..@....%..@....%..@....%..@....%..@.
<<< skipped >>>

GET /SearchSuite/002/SetupDataMngr_Searchqu.exe HTTP/1.1


Authorization: Basic Og==
Host: download.koyotesoft.com
Accept: */*
Accept-Encoding: identity


HTTP/1.1 200 OK
Date: Tue, 14 Apr 2015 23:47:15 GMT
Server: Apache
Last-Modified: Sun, 02 Sep 2012 11:21:43 GMT
Accept-Ranges: bytes
Content-Length: 4380296
Cache-Control: max-age=2592000
Expires: Thu, 14 May 2015 23:47:15 GMT
X-Stat-Server: web6
Content-Type: application/octet-stream
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^...........0.......p....@.........
..........................C......................................t....
...p..(.............B.................................................
.............p...............................text...L\.......^........
.......... ..`.rdata.......p.......b..............@[email protected]\......
.....v..............@....ndata...................................rsrc.
..(....p.......z..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
[email protected]@..e...E..E.P.u...Pr@
..}[email protected]... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@[email protected]
....E..9}[email protected].}[email protected]..
[email protected]@.W...E..E.h ...Pj.h`[email protected]...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>


GET /pagead/conversion.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.googleadservices.com
DNT: 1
Connection: Keep-Alive


HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: text/javascript; charset=UTF-8
ETag: 9405028351040404657
Date: Tue, 14 Apr 2015 19:38:03 GMT
Expires: Wed, 15 Apr 2015 19:38:03 GMT
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 4012
X-XSS-Protection: 1; mode=block
Age: 14984
Cache-Control: public, max-age=86400
Alternate-Protocol: 80:quic,p=0.5
...........Z{s.6....B.td.b(...9..&.7u..i.4..u...H......%.w.]..C......P
.b.X...-hm...,.#.~_..3g..... .<..Y.].x..V0.Hl..NF..)4.... J3.9..<
;I..&"[%... .!...R0ul..qYN5.I..8.....$.<..a.sI......A....h......lR.
....h..E...$#......YE....pI..M.a...zA..H..ez..E...x.......z.oJe...^..:
-n..I%.U).N..E..NA.V.c.I..Zr..4.`M...E..^.v...pJ:d.'\p....X.L....H....
q.I....pz..|.^m.....S.]...yc..ng...;.]..|..m.....1'.......k.eo.4..H&.I
...]... .....^.....H........|?...4..........'.2....O.#|_.b3~..rc#.. ..
G.a.m?f<...7.......D.l.....~(...LlF.Z.q|.y...P.....!...z...c..9...A
.....K..awM.kjD.V..?....|..............n..x.o(..c...D,..h.E UstO..m..f
.G.vn..J.{....`N....s......'..9.yV.. }..A{.3.8..9...<..ak....3B....
.;.}[...V|cs#....Y.`...o.s..X."y...H.N.o.s.N.....o.!{.|.b.O....._...&.
\....F..M9........../\<uI.N....h..xy.L...Z8w1...j..Y.&...%O.F......
.h9....F.g.?.._..t...w..0.A...k...Pk.....Yt`...)...^.R......6.qo....WL
7.6..2v..N...c...F}..oA..o>....#.../{......e.Mc-.........H..C...C..
m..<.....=...lL*'.U.K...on....,.(x.z...b\Dt....t....j..j....0O.@...
3K.q.IG%...u.......t..3...m.....S{6C.....<P...q...c....ar".S..Iil.{
.e....'O....7...i.."d....hq..-K......M.S.e.3..4.Zy.3.d..b....9....D.y.
....g.g...g{.g......\{..TR.a.{%~T....x....=..u..<.t-_7.t....\.>.
.~....N/.Tp_.G..3Ak..o.;..%...I.8..i......g.>Q.q......K.-#^.{...I..
....'.9-x...h...'...E...W.k...3l.;..P..m.........E.& ..D.. ELy.8$..x..
..2 O.D..w.G.....r...8~.DA&.iI_.Y.....5bm....v7X......k.T..{.....]'^f.
.........P..R.."o...$$.v........M[.c.$i&.#zKw.....R2..1v....A.....
<<< skipped >>>

GET /pagead/conversion/960689598/?random=1429055268169&cv=7&fst=1429055268169&num=1&fmt=3&label=39a2CIrd2gkQvuuLygM&bg=ffffff&hl=en&guid=ON&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1 HTTP/1.1


Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.googleadservices.com
DNT: 1
Connection: Keep-Alive


HTTP/1.1 302 Found
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Date: Tue, 14 Apr 2015 23:47:48 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: image/gif
Location: hXXp://googleads.g.doubleclick.net/pagead/viewthroughconversion/960689598/?random=1684655829&cv=7&fst=1429055268169&num=1&fmt=3&label=39a2CIrd2gkQvuuLygM&bg=ffffff&hl=en&guid=ON&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&convclickts=0&ocp_id=JKctVb72C4P-8QPuuIFI
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.5
GIF89a.............!.......,...........D.;....


GET /pagead/conversion/1050435832/?random=1429055268248&cv=7&fst=1429055268169&num=5&fmt=3&value=0&label=cHYlCKLXwwUQ-MHx9AM&bg=ffffff&hl=en&guid=ON&eid=317150502&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1 HTTP/1.1


Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.googleadservices.com
DNT: 1
Connection: Keep-Alive


HTTP/1.1 302 Found
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Date: Tue, 14 Apr 2015 23:47:48 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: image/gif
Location: hXXp://googleads.g.doubleclick.net/pagead/viewthroughconversion/1050435832/?random=693854266&cv=7&fst=1429055268169&num=5&fmt=3&value=0&label=cHYlCKLXwwUQ-MHx9AM&bg=ffffff&hl=en&guid=ON&eid=317150502&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&convclickts=0&ocp_id=JKctVaGwEIyx8wOmpoCoAw
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.5
GIF89a.............!.......,...........D.;HTTP/1.1 302 Found..P3P: pol
icyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV P
SA PSD IVA IVD OTP OUR OTR IND OTC"..Date: Tue, 14 Apr 2015 23:47:48 G
MT..Pragma: no-cache..Expires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Co
ntrol: no-cache, must-revalidate..Content-Type: image/gif..Location: h
ttp://googleads.g.doubleclick.net/pagead/viewthroughconversion/1050435
832/?random=693854266&cv=7&fst=1429055268169&num=5&fmt=3&value=0&label
=cHYlCKLXwwUQ-MHx9AM&bg=ffffff&hl=en&guid=ON&eid=317150502&u_h=901&u_w
=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=
0&u_nmime=0&frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft%
3D11&systemid=414&appid=0&type=New&vis=1&ctc_id=CAIVAgAAAB
0CAAAA&ct_cookie_present=false&convclickts=0&ocp_id=JKctVaGwEIyx8wOmpo
CoAw..X-Content-Type-Options: nosniff..Server: cafe..Content-Length: 4
2..X-XSS-Protection: 1; mode=block..Alternate-Protocol: 80:quic,p=0.5.
.GIF89a.............!.......,...........D.;..
<<< skipped >>>


GET /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?8c90aedf65e77ddc HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Tue, 24 Mar 2015 16:17:41 GMT
If-None-Match: "804047d4e66d01:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com


HTTP/1.1 304 Not Modified
Content-Type: application/octet-stream
Last-Modified: Tue, 24 Mar 2015 16:17:41 GMT
ETag: "804047d4e66d01:0"
Cache-Control: max-age=86400
Date: Tue, 14 Apr 2015 23:47:49 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: application/octet-stream..Las
t-Modified: Tue, 24 Mar 2015 16:17:41 GMT..ETag: "804047d4e66d01:0"..C
ache-Control: max-age=86400..Date: Tue, 14 Apr 2015 23:47:49 GMT..Conn
ection: keep-alive..



GET /pagead/viewthroughconversion/1058190622/?random=1429055268192&cv=7&fst=1429055268169&num=3&fmt=1&label=CtURCILbwwUQnurK-AM&guid=ON&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: googleads.g.doubleclick.net
DNT: 1
Connection: Keep-Alive
Cookie: id=caebd6253000002||t=1384780400|et=730|cs=002213fd480c4c2631f7c541a4


HTTP/1.1 302 Found
P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Tue, 14 Apr 2015 23:47:48 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Location: hXXp://VVV.google.com/ads/user-lists/1058190622/?label=CtURCILbwwUQnurK-AM&fmt=1&num=3&cv=7&frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&random=1164428424
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: cafe
Content-Length: 76
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.5
............(....I.O.T(...I.UJJL.N/./.K.M.../.*)J. .H,J. Q......R`....
h.?.......


GET /pagead/viewthroughconversion/1070618923/?random=1429055268353&cv=7&fst=1429055268169&num=6&fmt=1&label=a1scCPGJggcQq7LB_gM&guid=ON&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1 HTTP/1.1


Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: googleads.g.doubleclick.net
DNT: 1
Connection: Keep-Alive
Cookie: id=caebd6253000002||t=1384780400|et=730|cs=002213fd480c4c2631f7c541a4


HTTP/1.1 302 Found
P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Tue, 14 Apr 2015 23:47:48 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Location: hXXp://VVV.google.com/ads/user-lists/1070618923/?label=a1scCPGJggcQq7LB_gM&fmt=1&num=6&cv=7&frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&random=1797623072
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: cafe
Content-Length: 76
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.5
............(....I.O.T(...I.UJJL.N/./.K.M.../.*)J. .H,J. Q......R`....
h.?.......


GET /pagead/viewthroughconversion/992395230/?random=1820824389&cv=7&fst=1429055268169&num=7&fmt=3&value=0&label=GI3TCMK0ywQQ3v-a2QM&bg=ffffff&hl=en&guid=ON&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&convclickts=0&ocp_id=JKctVdScGYSL8wPWlYCYDw HTTP/1.1


Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: googleads.g.doubleclick.net
DNT: 1
Connection: Keep-Alive
Cookie: id=caebd6253000002||t=1384780400|et=730|cs=002213fd480c4c2631f7c541a4


HTTP/1.1 302 Found
P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Tue, 14 Apr 2015 23:47:48 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Location: hXXp://VVV.google.com/ads/conversion/992395230/?random=1820824389&cv=7&fst=1429055268169&num=7&fmt=3&value=0&label=GI3TCMK0ywQQ3v-a2QM&bg=ffffff&hl=en&guid=ON&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&cdct=2&convclickts=0&ocp_id=JKctVdScGYSL8wPWlYCYDw&random=553525008
Content-Type: image/gif
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.5
GIF89a.............!.......,...........D.;HTTP/1.1 302 Found..P3P: pol
icyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="C
URa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV O
TC NOI DSP COR"..Date: Tue, 14 Apr 2015 23:47:48 GMT..Pragma: no-cache
..Expires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, mus
t-revalidate..Location: hXXp://VVV.google.com/ads/conversion/992395230
/?random=1820824389&cv=7&fst=1429055268169&num=7&fmt=3&value=0&label=G
I3TCMK0ywQQ3v-a2QM&bg=ffffff&hl=en&guid=ON&u_h=901&u_w=1716&u_ah=857&u
_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=
0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid%
3D414&appid=0&type=New&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie
_present=false&cdct=2&convclickts=0&ocp_id=JKctVdScGYSL8wPWlYCYDw&rand
om=553525008..Content-Type: image/gif..X-Content-Type-Options: nosniff
..Server: cafe..Content-Length: 42..X-XSS-Protection: 1; mode=block..A
lternate-Protocol: 80:quic,p=0.5..GIF89a.............!.......,........
...D.;..
<<< skipped >>>


GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAhFdyHYrCjz HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com


HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Apr 2015 16:55:56 GMT
Expires: Sat, 18 Apr 2015 16:55:56 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Cache-Control: public, max-age=345600
Age: 24714
Alternate-Protocol: 80:quic,p=0.5
0..........0..... .....0......0...0......J......h.v....b..Z./..2015041
4070513Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
..Ew!..(.....20150414070513Z....20150421070513Z0...*.H.............g..
....e.&..Q..C-....0*....S.>..5..N.R./.....9.Z^..@>.f.s..........
N3\H.|.\\..O...AT...^8W0~>..........HzQ.c..<J..2v"^s..rM;6D.... 
...R.....G(r.K.....Q.y..C.g.u..)C.B...T.c:...y[5U3..Q.\.z........D.E.l
....'...Q0......:..[.3..)..Rj..RR..(BV(....4.^.t..8Mz..HTTP/1.1 200 OK
..Content-Type: application/ocsp-response..Date: Tue, 14 Apr 2015 16:5
5:56 GMT..Expires: Sat, 18 Apr 2015 16:55:56 GMT..Server: ocsp_respond
er..Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Opti
ons: SAMEORIGIN..Cache-Control: public, max-age=345600..Age: 24714..Al
ternate-Protocol: 80:quic,p=0.5..0..........0..... .....0......0...0..
....J......h.v....b..Z./..20150414070513Z0k0i0A0... ..........j.....p.
I.#z...(~d..J......h.v....b..Z./...Ew!..(.....20150414070513Z....20150
421070513Z0...*.H.............g......e.&..Q..C-....0*....S.>..5..N.
R./.....9.Z^..@>.f.s..........N3\H.|.\\..O...AT...^8W0~>........
..HzQ.c..<J..2v"^s..rM;6D.... ...R.....G(r.K.....Q.y..C.g.u..)C.B..
.T.c:...y[5U3..Q.\.z........D.E.l....'...Q0......:..[.3..)..Rj..RR..(B
V(....4.^.t..8Mz......
<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCFFvJnCnmRtw HTTP/1.1


Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com


HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 14 Apr 2015 16:49:14 GMT
Expires: Sat, 18 Apr 2015 16:49:14 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Cache-Control: public, max-age=345600
Age: 25116
Alternate-Protocol: 80:quic,p=0.5
0..........0..... .....0......0...0......J......h.v....b..Z./..2015041
4071248Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
.Qo&p...p....20150414071248Z....20150421071248Z0...*.H.............x..
...2...u.L.V...M...g'/.9...r.S.<..""y.....`5_.u.I...2k../X.j.c.....
....9..d....B....=..........gM....gf..5l..r.!1.3Awqk..}..L..S(.tnV..V.
..N.9.....I.F.k.o~.-........[d...q}?<...C...............D.C..p...*.
....gh..}o..ZT2e..|.Vc...U..H&[.3.._n/P.....@Wv=.HTTP/1.1 200 OK..Cont
ent-Type: application/ocsp-response..Date: Tue, 14 Apr 2015 16:49:14 G
MT..Expires: Sat, 18 Apr 2015 16:49:14 GMT..Server: ocsp_responder..Co
ntent-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: S
AMEORIGIN..Cache-Control: public, max-age=345600..Age: 25116..Alternat
e-Protocol: 80:quic,p=0.5..0..........0..... .....0......0...0......J.
.....h.v....b..Z./..20150414071248Z0k0i0A0... ..........j.....p.I.#z..
.(~d..J......h.v....b..Z./..Qo&p...p....20150414071248Z....20150421071
248Z0...*.H.............x.....2...u.L.V...M...g'/.9...r.S.<..""y...
..`5_.u.I...2k../X.j.c.........9..d....B....=..........gM....gf..5l..r
.!1.3Awqk..}..L..S(.tnV..V...N.9.....I.F.k.o~.-........[d...q}?<...
C...............D.C..p...*.....gh..}o..ZT2e..|.Vc...U..H&[.3.._n/P....
.@Wv=...
<<< skipped >>>


GET /MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6dg== HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: g.symcd.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1363
content-transfer-encoding: binary
Cache-Control: max-age=407733, public, no-transform, must-revalidate
Last-Modified: Sun, 12 Apr 2015 17:00:17 GMT
Expires: Sun, 19 Apr 2015 17:00:17 GMT
Date: Tue, 14 Apr 2015 23:47:49 GMT
Connection: keep-alive
0..O......H0..D.. .....0.....50..10......7).nj./P(.3.\\.;.B....2015041
2170017Z0f0d0<0... ..........9.....yP..`...<.......*.A.....>U
....... ...:v....20150412170017Z....20150419170017Z0...*.H............
.N....S<?..m...P.....g;............4>..r. ..[...l..n.-qIe.|x..`Q
.4...l`e.....9.........F.............-.Y..`..#....D}..... ,.9.IhL..\Z.
V.W.^.B..R..x'.f.:..............J}......9...|...y._......0.......SH...
f...p./.S.E.....'.f...<.u..;~....s].....f.R...HC.?..*....0...0..}0.
.e........:}0...*.H........0B1.0...U....US1.0...U....GeoTrust Inc.1.0.
..U....GeoTrust Global CA0...141201130534Z..151216130534Z02100...U...'
GeoTrust Global CA TGV OCSP Responder 30.."0...*.H.............0......
......\.hpc..J.a.j-.t......F`Aw...)L.YE.2..~..-...2.Y(.".CZ.w..T..Y. s
yd.....x..YE..<....lwv.:J.76>U....uF.a.|8N.. ..1p...`f.X...B>
x..............6..m.&...'..W.plK....[.m.V..h..lI.........?~.....>.|
'....o...A!.Pm.*.N ...<.....3...*|.x._..1..m.W<*....._S.........
....0..0...U.#..0....z.h.....d..}.}e...N0... .....0......0...U.%..0...
 .......0...U...........0...U.......0.0!..U....0...0.1.0...U....TGV-B-
2830...*.H.............~....2!...V..0...Y....L..k....z}~a.3Y.x..dS.L..
.Dk$a...nR9_......B......m....Y....U.5....'.....<{....v&=.2].....j*
.r(7...=..w.I...z....\.#.J.ac.....I.[.[....6.X....0...g.3d...z.i.H..f.
..v.....\.....^.N..1.J<.)`Z.....4.-.E..n.E.~t....v.e.T...?. ......i
..%....
<<< skipped >>>


GET /ads/user-lists/955861747/?label=XPluCIWZjgYQ85XlxwM&fmt=1&num=4&cv=7&frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&random=1818266846 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Cookie: NID=67=tACTmxJZuQBCoaBTncvhIAUD4cmxVyWHHn36O7o00UcFdLAdd5eLP3n3BPq_mzmehpSBYrOWYKsj3MrQESLBCMdQXw2xML6zZg3qisLaobo6HxP4k_TCeJW2HZEUvIrs
DNT: 1
Connection: Keep-Alive
Host: VVV.google.com


HTTP/1.1 302 Found
Location: hXXp://VVV.google.com.ua/ads/user-lists/955861747/?label=XPluCIWZjgYQ85XlxwM&fmt=1&num=4&cv=7&frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&random=1818266846&ipr=y
Cache-Control: private, max-age=43200
Date: Tue, 14 Apr 2015 23:47:48 GMT
Expires: Tue, 14 Apr 2015 23:47:48 GMT
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: adclick_server
Content-Length: 447
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.5
<HTML><HEAD><meta http-equiv="content-type" content="te
xt/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HE
AD><BODY>.<H1>302 Moved</H1>.The document has mov
ed.<A HREF="hXXp://VVV.google.com.ua/ads/user-lists/955861747/?labe
l=XPluCIWZjgYQ85XlxwM&fmt=1&num=4&cv=7&frm=0&url=h
ttp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414%2
6appid=0&type=New&random=1818266846&ipr=y">here</A
>...</BODY></HTML>..HTTP/1.1 302 Found..Location: http:
//VVV.google.com.ua/ads/user-lists/955861747/?label=XPluCIWZjgYQ85Xlxw
M&fmt=1&num=4&cv=7&frm=0&url=http://VVV.koyotesoft.com/thankyou.php%
3Fsoft=11&systemid=414&appid=0&type=New&random=181826684
6&ipr=y..Cache-Control: private, max-age=43200..Date: Tue, 14 Apr 2015
 23:47:48 GMT..Expires: Tue, 14 Apr 2015 23:47:48 GMT..Content-Type: t
ext/html; charset=UTF-8..X-Content-Type-Options: nosniff..Server: adcl
ick_server..Content-Length: 447..X-XSS-Protection: 1; mode=block..Alte
rnate-Protocol: 80:quic,p=0.5..<HTML><HEAD><meta http-e
quiv="content-type" content="text/html;charset=utf-8">.<TITLE>
;302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved&
lt;/H1>.The document has moved.<A HREF="hXXp://VVV.google.com.ua
/ads/user-lists/955861747/?label=XPluCIWZjgYQ85XlxwM&fmt=1&num
=4&cv=7&frm=0&url=http://VVV.koyotesoft.com/thankyou.php
?soft=11&systemid=414&appid=0&type=New&random=
<<< skipped >>>


GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com


HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Last-Modified: Tue, 14 Apr 2015 05:02:07 GMT
Accept-Ranges: bytes
ETag: "2711f7277076d01:0"
Server: Microsoft-IIS/8.5
VTag: 438486457400000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Content-Length: 554
Cache-Control: max-age=900
Date: Tue, 14 Apr 2015 23:51:37 GMT
Connection: keep-alive
0..&0......0...*.H........0y1.0...U....US1.0...U....Washington1.0...U.
...Redmond1.0...U....Microsoft Corporation1#0!..U....Microsoft Code Si
gning PCA..150413163223Z..150713045223Z.a0_0...U.#..0..........X..7.3.
..L...0... .....7.........0...U......Z0... .....7......150712164223Z0.
..*.H.............WK....e.\.-.n......./......."]..E!.. //=...[....w...
 ..........#...[.l.J..f|..... .s......w...J._.......3.[..#.z....ko.I..
Q{....e.nV......F..d}..rF\H.jlH]dQ.E....x......W............j....&L. 2
.$.?...X?.#.(.....pK.v.......y..r....t......=.AW......K.G.gJD.b...



GET /cgi-bin/CRL/2018/cdp.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: VVV.public-trust.com


HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Last-Modified: Wed, 08 Apr 2015 19:45:01 GMT
ETag: "200c0-420-5133bc4534ad9"
Accept-Ranges: bytes
Content-Type: application/x-pkcs7-crl
Connection: Keep-Alive
Date: Tue, 14 Apr 2015 23:49:26 GMT
Content-Length: 1056
0...0......0...*.H........0u1.0...U....US1.0...U....GTE Corporation1'0
%..U....GTE CyberTrust Solutions, Inc.1#0!..U....GTE CyberTrust Global
 Root..150408180656Z..150712181156Z0...0....'.x..110110211653Z0....'..
..141119195306Z0....'B...141119195752Z0....'....141119200006Z0....'1-.
.150204203232Z0....'.:..071121154528Z0....'.v..080219183346Z0....'....
080514142515Z0....'....080515170349Z0....'....080924143337Z0....'#...0
81203144336Z0....''j..090209174351Z0....'b...100414181148Z0....'....08
0917150432Z0....'#...081203144209Z0....'#...081203144241Z0....'#...081
203144304Z0....'%u..081203144409Z0....'/9..090318130930Z0....'8...0907
15181853Z0....'TU..100113191852Z0....'k...101130163724Z0....'.B..11110
7193907Z0....'@...141119200409Z0....'....080917150312Z0....'....140709
175318Z0....'....141210173900Z0....'-E..141119195854Z0....'....1411192
00037Z0....'F...141217193909Z0....'F...141217193956Z..0.0...U........0
...*.H............v.o.....;....... ....5...M....k....T.S|1.?<.....M
.e....3k.].H......p...?^......L.,..W....|....;..Z.I<...PPXM.ZR.....
@...c]....5BHTTP/1.1 200 OK..Server: Apache/2.2.15 (CentOS)..Last-Modi
fied: Wed, 08 Apr 2015 19:45:01 GMT..ETag: "200c0-420-5133bc4534ad9"..
Accept-Ranges: bytes..Content-Type: application/x-pkcs7-crl..Connectio
n: Keep-Alive..Date: Tue, 14 Apr 2015 23:49:26 GMT..Content-Length: 10
56..0...0......0...*.H........0u1.0...U....US1.0...U....GTE Corporatio
n1'0%..U....GTE CyberTrust Solutions, Inc.1#0!..U....GTE CyberTrust Gl
obal Root..150408180656Z..150712181156Z0...0....'.x..110110211653Z
<<< skipped >>>


GET /live/red_lojson/300lo.json?zq29za&colc=1429055269069&si=552da724463b29c7&uid=552da72489ec3891&pub=ytdcs&rev=v1.1.2-wp&jsl=8352&ln=en&pc=men&vpc=&dp=VVV.koyotesoft.com&fp=thankyou.php&aa=0&of=0&uf=1&pd=0&irt=0&ct=1&tct=0&abt=0<=544&cdn=0&lnlc=US&whcs=1&tl=c=135,m=430,i=469,xm=991,xp=993&pi=1&&rb=0&gen=1000&gen=100&callback=_ate.track.hsr&uvs=552da72496aa85e6000&chr=utf-8&md=0&vcl=0 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://s7.addthis.com/static/sh.0a1bbbc8.html
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: m.addthis.com
DNT: 1
Connection: Keep-Alive
Cookie: uid=552da72489ec3891; uvc=1|15; uit=1


HTTP/1.1 200 OK
Date: Tue, 14 Apr 2015 23:47:49 GMT
Content-Type: application/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: di2=NMTM3P.UYM;Path=/;Domain=.addthis.com;Expires=Thu, 13-Apr-2017 23:47:49 GMT
Set-Cookie: bt=;Path=/;Domain=.addthis.com;Expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: dt=X;Path=/;Domain=.addthis.com;Expires=Thu, 14-May-2015 23:47:49 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Content-Encoding: gzip
Server: cloudflare-nginx
CF-RAY: 1d734c48b319159b-FRA
61.............O,I. )JL...(...V..OV.R.uq,.uqr...s.. }...,W#0...a...J:J
.E9.JV..:J.....y%`^..5...7.[.....0..HTTP/1.1 200 OK..Date: Tue, 14 Apr
 2015 23:47:49 GMT..Content-Type: application/javascript;charset=UTF-8
..Transfer-Encoding: chunked..Connection: keep-alive..Cache-Control: m
ax-age=0, no-cache, no-store..Pragma: no-cache..Set-Cookie: di2=NMTM3P
.UYM;Path=/;Domain=.addthis.com;Expires=Thu, 13-Apr-2017 23:47:49 GMT.
.Set-Cookie: bt=;Path=/;Domain=.addthis.com;Expires=Thu, 01-Jan-1970 0
0:00:00 GMT..Set-Cookie: dt=X;Path=/;Domain=.addthis.com;Expires=Thu, 
14-May-2015 23:47:49 GMT..Expires: Thu, 01 Jan 1970 00:00:00 GMT..P3P:
 policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"..Content-E
ncoding: gzip..Server: cloudflare-nginx..CF-RAY: 1d734c48b319159b-FRA.
.61.............O,I. )JL...(...V..OV.R.uq,.uqr...s.. }...,W#0...a...J:
J.E9.JV..:J.....y%`^..5...7.[.....0..
<<< skipped >>>


GET /widgets.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: platform.twitter.com
DNT: 1
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: public, max-age=1800
Last-Modified: Wed, 08 Apr 2015 23:36:11 GMT
Content-Type: application/javascript; charset=utf-8
Etag: "4a70ac51d33f13366358e9d0c37218e4 gzip"
Content-Encoding: gzip
Content-Length: 37793
Accept-Ranges: bytes
Date: Tue, 14 Apr 2015 23:47:48 GMT
Via: 1.1 varnish
Age: 853
Connection: keep-alive
X-Served-By: cache-tw-sto1-2-TWSTO1
X-Cache: HIT
X-Cache-Hits: 15934
X-Timer: S1429055268.117941,VS0,VE0
Vary: Accept-Encoding
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
............iw$.q .]."."....D&..HFa.U([email protected]."G.f.
..4.R#.Td79;..c...C.......Ro[.4".......#...G......~........\o.v. .m...
.ki..L..W_.Q..Qz6.Ui.. .....ww..j.k.....)OR;.O.c?...8...1.S..bN.X.v.B.
8.:%...;.A.............Y...y.y....S. ....6....;N..q..:..\...H.E2.[.x!?
.m.q...M?.....9..Qw<.....d.z.r.i?.Nk.F'.r..{...;[..........-..&....
.{...(...=.L.8...A......!...>...=*.:...m9...7B.;.6fYM...&..v.2'=..6
.].^,.....Ac.....N.......z......g.e.sn..c....4.:..6..9.MT.#......8T...
...`0....L0....=Y. ....._..j.....wx.4B.8..:...3...j.xM......,..Qg<.
.otb..|.j....-KC.7.#..'...y...~'..-?.....a. .F....[XH?.d....c.wa..1...
[email protected](......^...T6`7.9.*..p...G.....Y~........7.v..-..r..~z...?
...6..a...DA..d"].....Y...zu.q...`..&..h\.....$...._.......A...i..=..Z
.MmmSUMj.}.....u........U......2....z.}.N:~.......48..q......H..$6..."
Rd..n"6*......l..b..o..bo.x.3L..........O..3...{H.....J...~0...i:.n.Z.
....?.....q.(.NC...q.s.P.82t.16..0;.V.y.0Ia.x......$.......Y.k.{..M..D
's.g.j~"b......7...(}.dm..C..I....c........l.P....\Q..C...4......j.\.h
,...yJU.).u....qb.JV....q.....|...!...l....s....U....u..Y..p....N...8.
'...m{.V.hxoZ...k....}.....<.5.t."/V.U6K..;....h..,|......./..G....
024...-.;x...S...h........,.a.Y.3.gg......C.6..Y..X...;.j:[email protected]&
gt;F....F6.,s[B. 5...J..J..*....w%.c....'.:l.!.....%"o..B0[.{}....N.H.
..8$.... ...E{`..%.Zg......a......O.]....@|8....u.....P*.xm~~.~..x/...
...5.......eP_..a....;..A.RFy...A..}.#...#8_..;.9...H=.....|;..q.6l...
....$.(<.Uc>..0..........Yu.9..u#.T.fG...ES..!p21..l:.......
<<< skipped >>>

GET /widgets/tweet_button.3a4bde0b5804628844cfe7c865ab1925.en.html HTTP/1.1


Accept: text/html, application/xhtml xml, */*
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: platform.twitter.com
DNT: 1
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: public, max-age=315569260
Last-Modified: Wed, 08 Apr 2015 23:36:16 GMT
Content-Type: text/html; charset=utf-8
Etag: "fe61a79104f29d48adc00fb85cfc0cc1 gzip"
Content-Encoding: gzip
Content-Length: 16285
Accept-Ranges: bytes
Date: Tue, 14 Apr 2015 23:47:48 GMT
Via: 1.1 varnish
Age: 519052
Connection: keep-alive
X-Served-By: cache-tw-sto1-2-TWSTO1
X-Cache: HIT
X-Cache-Hits: 5100086
X-Timer: S1429055268.585908,VS0,VE0
Vary: Accept-Encoding
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
...........}.{.H.._..].,2....}E.9.=.)#P......N........]o.T.N>.N1.} 
u..y..X..../...X.}.xS..|p..b.sl...P/....4.f...5-....[z.@.....)....[..S
.D._..Kx..I.. .-.Q........}...F{Q...<._.[...Zb.fM....SY}..-..B.q...
..M........A[E.QO.V..].'....n....n.hzs ......&.;.Vx6....O.1.V%,..a.."=
..j..?.....^.....@...".....G..Wh...~)....xo....e.pt!g....k....S,.ST.&g
t;... [email protected][1t.4Q.px|.....K......kC......."....K...a.&l
t;.eo..'c'..j.......".9U....4^.<...T.%..l.. .(..F...?.Q..D.........
.s........~....ToH..<..C..hZ4..&F..W.-...Prx.&.2GS......a).pD....}h
z.HE.oJ.....v..X.Q6YA.t...$..C.._.k....0..f.y>`..".....G...rq(..0b.
X..D.3T....d.@$.....)sl(.L....d..wL.F....l..t.@\.t.U6../t.!.....0zsK..
}dy..7o..:9...V!...o .A.......s..p...D7k..x...{):.I.( !.........t..<
;..[@........r%I...pl...&...E...a. .....a.O.Y....FD&.%N.1...2.Eb.Y$L..
.c.4.r...3..M'.t*!JB<.I.....r.6@..}4...._q..GJ'._I...d.*A(.Bw...U.`
....xY...T...Qd..U........Z-.'..>............FKYT.t..)..za..V;..O.j
.....;5.8......|.....X)W.....#..jo..Y...z.......dl.?-..bWI.=>.j....
.R...H.........)s:."S......*.....lQ.u.D.b.hTV..,^.."...i[R"..z....i.uz
..d;...t]:f.....Yil...Yd[4...<..z..KZ...:..i.\'2.=5.Z......x...x..v
;.:96.r.bg.....XsR.6v..6.i...6./.s....r.....=#.?.Z..i..bN.m..t..U-aw..
~o....8U....o$,EJ*.....R=....Q.>.8=..`.bgR...}.0.%..[.R.IE..VBb..9.
>3j6.Fv.Ql.X(.F.J7..............j)k!..V.]M...{.LNB.V...f.....P...).
.fS..U.k....fl....;.....h._I.P.O.L..l..#..c...".a....c...[[email protected].
?.k)Q,.i.4!.c.s.&J......k..'...cg..}q....~...B.:%U.A.TN...c.z.3).L
<<< skipped >>>

GET /widgets/hub.5e35c44edb867aec88b804135e0a46c4.html HTTP/1.1


Accept: text/html, application/xhtml xml, */*
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: platform.twitter.com
DNT: 1
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: public, max-age=315569260
Last-Modified: Fri, 03 Apr 2015 02:31:08 GMT
Content-Type: text/html; charset=utf-8
Etag: "5e35c44edb867aec88b804135e0a46c4 gzip"
Content-Encoding: gzip
Content-Length: 7211
Accept-Ranges: bytes
Date: Tue, 14 Apr 2015 23:47:48 GMT
Via: 1.1 varnish
Age: 1026775
Connection: keep-alive
X-Served-By: cache-tw-sto1-2-TWSTO1
X-Cache: HIT
X-Cache-Hits: 14752477
X-Timer: S1429055268.674165,VS0,VE0
Vary: Accept-Encoding
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
...........<.r.:..B.....L..sP..9..l.....YIq.$dqB.....'...../.v2S..W
&.6.F..|/:o>......c)V......._..B...k..p....<.._...}..b..kxK7I.pH
&.......K..8.,...A.Qs.V7...e..X.b..m}.u...........>y.l...O.......qb
e)O^......X.....%....h.\s.,h'..s...u.&.....8.../...3....n.q...zf.E.D..
.v.&..y_..p.....q.$qB.k7.ba,.L.*....G.....1.b..wFfy.......o./.>~..z
....7.e{.o....-._..H..~?.3L.s.s...,...h....#.......V..M"[.{.`.H.......
._..p.....|..........F,.i.g.4A..[.......e<...#.%..l.|.N....8fp..c..
XnvC.{x./.&7...$..8.v.d._..{..$.s.q..".......Q.......6.|c.m.(1.m..R.xh
2.e.k...(^.h.....H.o\.aj.2-`..`...{2.=.}.OLV.....{b..F.#...GH$...{...q
.'.;f.."...n....^.zB.F........].. .6....X"8>%,6. ?^.A./UK.VM..r/K8.
.......8.(!.i....W.9j.U..w'....... ....\..)....nl......q...x..IL8 .h.K
..x...0m.ps.g..=b..=...ltH.%...'..F.....a.....O..,D..<{...$H|......
.......K QJRy...s".t......v..&..Q..t./.KJ.L...*.nK...t........g.[..HJ\
[email protected]`[email protected].!.z...W..B).
`.8.D...M..Xj..I....P..RF........8bo>.....^........ ..dK...J... ..C
...l.G.m8.]w.V.F8....`[email protected]*.T...Lh...c......v.....9I....?.......
K..)ai."(.=.................v}.r..d....U.B[. ..Y#....../..i.#L=.P*uP.Y
...T....D,.Jd....B..Nd.[.lh..&5.&....3.8:Vz.J.%~$iX.z.n.F.&.t....9^...
B..M5...f.....c..x.~......^....g..?.......5..Jn...g.....(.AF...|......
A#..._..nO8B..#.i.!..y..to>....U.GSv.4]........U[.e..Q..-......2.v,
.&s..N$.V....5..(.........\[email protected].^'...J....R......?../
..E..1|.....|x..jsR.%x.................j........./.a5.\..%.g....O.
<<< skipped >>>


GET /static/hi-res-css.bae0b8460868cf3675a8.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: s7.addthis.com
DNT: 1
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Tue, 14 Apr 2015 23:47:48 GMT
Content-Type: text/javascript
Content-Length: 27853
Connection: keep-alive
Last-Modified: Tue, 14 Apr 2015 21:34:11 GMT
Content-Encoding: gzip
Cache-Control: public, no-check, max-age=86313600
CF-Cache-Status: HIT
Accept-Ranges: bytes
X-Host: s7.addthis.com
Server: cloudflare-nginx
CF-RAY: 1d734c450b480485-FRA
.............n.I.-.>_Q(..Tb.c..f.Q........<5..f..`gH..Td....ck.m
.. )R...IuW.....~17../k.}~........v._..7..............|....w..?...._..
.b........|......./...~.....o....?............../...._\../............
9.._oV...pu}..gv...|......../:..W.7q.\_...|L..w...7...............\...
.........~8_.......7...../........|w.................zwq...7?N......8.
s..~w.^.y....p.......?.............<.......|./.....6..o77..._^.....
....'..s...U.....T~..r...g>....:..}..>....]X.....8...f....^m.../
..-~..:.?..s............_M.....o............?rO./........L...../..em_.
.W).w.r....8..'n...}.0.........Wo.^\.._..&S^....W.m.. .*.i.k...}......
V[..7J.\...\...F.l._.nr}V._...O.Bo.~H.....SK...).|....l...3r..k.v.3.i.
\ox.o..........g.....n.lJ.@[.....M..x..mWs.....>..K..nr8}...6}(.W97
;.[y.Q..>lW?.?m./......p.i......K...}w...t......r...r....>s";O.y
...8S....}..aV)..)./.4iZ..pO_-5.....M.....g-...dj.>)..]..._Z..}....
q;.).2Go.m.....2.......q.O.[=~....cH....^. .>.w.O..t.|...k}....W1..
1c..~w..6.#jh..c<..........,..>...!.'.#%[email protected]{.P.94{.v..kU.
...}.W....n?x3.0..._.XR.. ...}...u.k...[fr.h.Cf..... ...B.r....t...[..
....=R........./uv3..............G..8{?....c...M.....w..p...X..=._."..
xo})...m..~...V...-.$V_.[.u.z....vy...|........^.p..&......Mq...e*P...
.?a.3.....W~......O..5P..K......]....[.B3.1"....E..........3.~..j....9
.J.....^?...N...iQ..g...x.xg..%o8.W%.....V..Z.R...W\.....'H....z..].q.
0.._c..k.:...Zw..K....V...F.a...fZ.&...........>1.l..{..]...o..6...
P{..~yh.s.lW.... L.....p\g./.?v...,........(6.$..O....gY^.%...R...
<<< skipped >>>


GET /js/default/main.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.koyotesoft.com
DNT: 1
Connection: Keep-Alive
Cookie: ln=en


HTTP/1.1 200 OK
Date: Tue, 14 Apr 2015 23:47:47 GMT
Server: Apache
Last-Modified: Mon, 10 Jun 2013 06:38:27 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=7200
Expires: Wed, 15 Apr 2015 01:47:47 GMT
X-Stat-Server: web2
Content-Length: 1540
Keep-Alive: timeout=7, max=1000
Connection: Keep-Alive
Content-Type: application/javascript
...........Wms.8........Tp&8i;mj..8M.d..u....cd.mR.8$.p....^.........g
W..g.{...............n......?.....Z....].........DD,......h....= ...8.
....7'..1..........?Y..=.es.&...9~.......wo.~8zm. _........#.z.......x
x..........G.$... .......M..#_.4.K{.}N.0.X...."O....y......g...!$...pC
.. ../.(..<....<..T`[email protected]...>....'F..'.H...YN.5......a4....
.fL......et9.1..w.l.......EL.HB.BD.W..Kw\;"....ZPa..O..Y\C.....N...R.V
".YH.(.4..t.2j/........*' MV.NB.h.e.P.e..X..D......TA/.}KI.,...p...v .
(Y.:.;.vs....k.C.....>Y...I9...v.QT...pB...I.H.. K...B.T...}......&
....N...* ;.....$.....Z.^!..'M..\a.U......dx..r..C&..&...Ne.[.RpS>.
..=0.H..p*..../4.(v..5..<8T..{..;.9...f.Xw.......5...K][email protected].
.*e...'......s....?.Y.e..0.....K...L?.D.`O.X'.*/..v(..P. gADb.........
.C....z..iM.|.Z.y. ZFv.r7...,\t.]4.S|...x.`2-u...*...A..y...l..H.....(
.D.B........1.Pb .5..f.h.Q..8.....=...q.<..j....-d..O{..\."a.CU..;.
Hx>.mn....(..K.t..y..'....|[email protected].,..,r.%..,........e.g...
MF......].?.6.......).>U...5.'...........<[email protected].........
...#S).m.....8.([email protected]" .>.....[...f............'H.w..z..,{.\.....W
.7.o......A....>`...pk...1./4F%..[U.0 asi.#.r~..w....W.T.bO..Z...2.
..r....C..rM..u....2\O..7....g.9g.X<c....q.C..n.s.@HC|.P.h......=..
.T...p........-.C:'y,|...Z.y......4.....-...-=.d.Q@e.<....G?.....F{
x.......]m..g=%.....W.fPnI-3:..m.aj...~.Y.1`z6..8...z-/.......Wj.._...
h.. \..K...m.V_.R.>.$.i.k..3.m.J.8.y..M-.f.R.b=z...7.;....*Eu......
.A......;...<L.'F.[..G..Y..Vj...J...b......E.;.V...=.M..)8..,..
<<< skipped >>>

GET /styles/default/sprites.gif HTTP/1.1


Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.koyotesoft.com
DNT: 1
Connection: Keep-Alive
Cookie: ln=en


HTTP/1.1 200 OK
Date: Tue, 14 Apr 2015 23:47:48 GMT
Server: Apache
Last-Modified: Sun, 09 Jun 2013 21:04:19 GMT
Accept-Ranges: bytes
Content-Length: 2848
Cache-Control: max-age=86400
Expires: Wed, 15 Apr 2015 23:47:48 GMT
X-Stat-Server: web2
Keep-Alive: timeout=7, max=999
Connection: Keep-Alive
Content-Type: image/gif
[email protected]>>>....|.yyy..9........%..8.{..t..}...7..6
..#.w...).y...-.. ../..'.s...3.v...5..!..1.R..q...7...HHH..#..........
...~.........~.....@.......................{..{.......................
W.......................................................a.;AF..1..<
........x......Ebv....{(..........W...8.h...DS..C]n....Z......4P...}*.
.........o ....\...1...........n..2.^.===..A....r"...._.......O.......
..U..g........u$.d...]..B..,...899.l...5..O../....i......-.x&........6
.U..X......A..9..#..T.....N..............C.. .........................
......................................................................
......................................................................
......................................................................
.......................!.......,....0.@........"%.....H.......#J..(O.9
."...&O.. CB,[email protected].'..BO..i.(..<..t
.t'Q.M...z5.V.\...*2lO.dC...6.......kU,..t......*.x...........=;6.b...
:Vu.....//fk91f.s?O..9.b.....,zrk..9gF..tg..r........s..N...... _.....
..K.N......k...........O......._.........O...............(`...8`....[.
... ........X...F(...j......b..r.....x..)b."./R."...X..7.X..9......8..
1....A....G....I*.%....$.UZ9%.["..._R)d.#..%......ary&.mz...p....`.I..
n....h..g.w.Zg...zh...:b....)....(..f.g..u........t.P.D.......Z..tl.!.
.*..HT.A..!*......P.m.......qDj.U.....q...Ub.D..'.v....U.u.Q..^'.D...l
u.>..Rv.....N..B..J....k..........n... ...7,.s.."0J.7.\...U...#.od.
?.1..).0t#.l.."{.....Kr...<..6.[s......4K.r.8K$...Y;..I .......
<<< skipped >>>


GET /MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6dg== HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: g.symcd.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1363
content-transfer-encoding: binary
Cache-Control: max-age=407733, public, no-transform, must-revalidate
Last-Modified: Sun, 12 Apr 2015 17:00:17 GMT
Expires: Sun, 19 Apr 2015 17:00:17 GMT
Date: Tue, 14 Apr 2015 23:47:49 GMT
Connection: keep-alive
0..O......H0..D.. .....0.....50..10......7).nj./P(.3.\\.;.B....2015041
2170017Z0f0d0<0... ..........9.....yP..`...<.......*.A.....>U
....... ...:v....20150412170017Z....20150419170017Z0...*.H............
.N....S<?..m...P.....g;............4>..r. ..[...l..n.-qIe.|x..`Q
.4...l`e.....9.........F.............-.Y..`..#....D}..... ,.9.IhL..\Z.
V.W.^.B..R..x'.f.:..............J}......9...|...y._......0.......SH...
f...p./.S.E.....'.f...<.u..;~....s].....f.R...HC.?..*....0...0..}0.
.e........:}0...*.H........0B1.0...U....US1.0...U....GeoTrust Inc.1.0.
..U....GeoTrust Global CA0...141201130534Z..151216130534Z02100...U...'
GeoTrust Global CA TGV OCSP Responder 30.."0...*.H.............0......
......\.hpc..J.a.j-.t......F`Aw...)L.YE.2..~..-...2.Y(.".CZ.w..T..Y. s
yd.....x..YE..<....lwv.:J.76>U....uF.a.|8N.. ..1p...`f.X...B>
x..............6..m.&...'..W.plK....[.m.V..h..lI.........?~.....>.|
'....o...A!.Pm.*.N ...<.....3...*|.x._..1..m.W<*....._S.........
....0..0...U.#..0....z.h.....d..}.}e...N0... .....0......0...U.%..0...
 .......0...U...........0...U.......0.0!..U....0...0.1.0...U....TGV-B-
2830...*.H.............~....2!...V..0...Y....L..k....z}~a.3Y.x..dS.L..
.Dk$a...nR9_......B......m....Y....U.5....'.....<{....v&=.2].....j*
.r(7...=..w.I...z....\.#.J.ac.....I.[.[....6.X....0...g.3d...z.i.H..f.
..v.....\.....^.N..1.J<.)`Z.....4.-.E..n.E.~t....v.e.T...?. ......i
..%....
<<< skipped >>>


GET /ads/user-lists/1006373716/?label=RZXuCLy__AcQ1Jbw3wM&fmt=1&num=2&cv=7&frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&random=2748859103&ipr=y HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
DNT: 1
Connection: Keep-Alive
Host: VVV.google.com.ua


HTTP/1.1 200 OK
Date: Tue, 14 Apr 2015 23:47:48 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: adclick_server
Content-Length: 76
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.5
............(....I.O.T(...I.UJJL.N/./.K.M.../.*)J. .H,J. Q......R`....
h.?.......


GET /ads/conversion/992395230/?random=1820824389&cv=7&fst=1429055268169&num=7&fmt=3&value=0&label=GI3TCMK0ywQQ3v-a2QM&bg=ffffff&hl=en&guid=ON&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&cdct=2&convclickts=0&ocp_id=JKctVdScGYSL8wPWlYCYDw&random=553525008&ipr=y HTTP/1.1


Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
DNT: 1
Connection: Keep-Alive
Host: VVV.google.com.ua


HTTP/1.1 200 OK
Content-Type: image/gif
Date: Tue, 14 Apr 2015 23:47:48 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Server: adclick_server
Content-Length: 42
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.5
GIF89a.............!.......,...........D.;HTTP/1.1 200 OK..Content-Typ
e: image/gif..Date: Tue, 14 Apr 2015 23:47:48 GMT..Pragma: no-cache..E
xpires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, no-sto
re, must-revalidate..X-Content-Type-Options: nosniff..Server: adclick_
server..Content-Length: 42..X-XSS-Protection: 1; mode=block..Alternate
-Protocol: 80:quic,p=0.5..GIF89a.............!.......,...........D.;..



GET /sac.php?id=0&dlanc=1 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.searchqu.com
DNT: 1
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Tue, 14 Apr 2015 23:47:48 GMT
P3P: CP="NON DSP COR CURa TIA", policyref="/w3c/p3p.xml"
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Last-Modified: Tue, 14 Apr 2015 23:47:48 GMT
X-Server: web1
Content-Type: text/html
Set-Cookie: appid=0; expires=Sun, 12-Apr-2020 23:47:48 GMT; path=/; domain=.searchqu.com
Set-Cookie: dlanc=1; expires=Sun, 12-Apr-2020 23:47:48 GMT; path=/; domain=.searchqu.com
Vary: Accept-Encoding
Content-Encoding: gzip
X-Stat-Server: web1
X-XSS-Protection: 0
Content-Length: 20
Keep-Alive: timeout=7, max=1000
Connection: Keep-Alive
....................HTTP/1.1 200 OK..Date: Tue, 14 Apr 2015 23:47:48 G
MT..P3P: CP="NON DSP COR CURa TIA", policyref="/w3c/p3p.xml"..Expires:
 Sat, 26 Jul 1997 05:00:00 GMT..Cache-Control: no-cache, must-revalida
te..Pragma: no-cache..Last-Modified: Tue, 14 Apr 2015 23:47:48 GMT..X-
Server: web1..Content-Type: text/html..Set-Cookie: appid=0; expires=Su
n, 12-Apr-2020 23:47:48 GMT; path=/; domain=.searchqu.com..Set-Cookie:
 dlanc=1; expires=Sun, 12-Apr-2020 23:47:48 GMT; path=/; domain=.searc
hqu.com..Vary: Accept-Encoding..Content-Encoding: gzip..X-Stat-Server:
 web1..X-XSS-Protection: 0..Content-Length: 20..Keep-Alive: timeout=7,
 max=1000..Connection: Keep-Alive........................



GET /ads/user-lists/1058190622/?label=CtURCILbwwUQnurK-AM&fmt=1&num=3&cv=7&frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&random=1164428424&ipr=y HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
DNT: 1
Connection: Keep-Alive
Host: VVV.google.com.ua


HTTP/1.1 200 OK
Date: Tue, 14 Apr 2015 23:47:48 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: adclick_server
Content-Length: 76
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.5
............(....I.O.T(...I.UJJL.N/./.K.M.../.*)J. .H,J. Q......R`....
h.?...HTTP/1.1 200 OK..Date: Tue, 14 Apr 2015 23:47:48 GMT..Pragma: no
-cache..Expires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cach
e, no-store, must-revalidate..Content-Type: text/html; charset=UTF-8..
X-Content-Type-Options: nosniff..Content-Encoding: gzip..Server: adcli
ck_server..Content-Length: 76..X-XSS-Protection: 1; mode=block..Altern
ate-Protocol: 80:quic,p=0.5..............(....I.O.T(...I.UJJL.N/./.K.M
.../.*)J. .H,J. Q......R`....h.?.....



GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9+WQCtWAQU1A1lP3q9NMb+R+dMDcC98t4Vq3ECECweDf1SB/y6YiX2rmFYcGg= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.thawte.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1396
content-transfer-encoding: binary
Cache-Control: max-age=430836, public, no-transform, must-revalidate
Last-Modified: Sun, 12 Apr 2015 23:30:31 GMT
Expires: Sun, 19 Apr 2015 23:30:31 GMT
Date: Tue, 14 Apr 2015 23:51:47 GMT
Connection: keep-alive
0..p......i0..e.. .....0.....V0..R0......Qw.}`[email protected]
2233031Z0s0q0I0... ........l....r.vdv0..*.~Y..X....e?z.4..G.L.......q.
.,...R...b%..aXph....20150412233031Z....20150419233031Z0...*.H........
....../[email protected]?.S.3.7i.....>..J!m...uS.'...E.Q.h...$-
.(@L...U(.g.....GP^.KA=..i..F...F.sV3...[m.E.w}....R...\{..}..d.b..@Z.
[t %X./.q....U....i...R.'..<.?.....:.].......o....J.5.m?..7O..We".,
....*.....!0h. \..%..tl......C:..M....Fq.n)...(`.g$^..u.\....0...0...0
..y.......^..........N...)0...*.H........0J1.0...U....US1.0...U....Tha
wte, Inc.1$0"..U....Thawte Code Signing CA - G20...150303000000Z..1506
01235959Z0Y1.0...U....US1.0...U....Thawte, Inc.1301..U...*Thawte Code 
Signing CA - G2 OCSP Responder0.."0...*.H.............0............).Z
.......O.~.l...,\.3.".'.'W .ih./..}OA...K...HJd....K^..<.....-.rWJ.
j.U.._......W.../.6....J.y.u-.\...2..U.52B.>...=F...RbR.y.zm.......
{b.bj....Y..J..m...*=.^......V.}p......rmA......9.L ...{?.g.-Y........
....8...k.$.:.5..6#4..F.#....t.B.8.O)'F.p).........d0b0...U....0.0...U
.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U..
..TGV-B-32450...*.H..............C.....8.Aw.{....`...y1N...W4M..M.J.3~
..7#}..X..:x..5....$...Z^%.?6..e...}I.)....... .A.w......_...B..j.T..Y
u.o.....g....H....q.Ju.SA`K.......
<<< skipped >>>


GET /ads/conversion/1050435832/?random=693854266&cv=7&fst=1429055268169&num=5&fmt=3&value=0&label=cHYlCKLXwwUQ-MHx9AM&bg=ffffff&hl=en&guid=ON&eid=317150502&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&cdct=2&convclickts=0&ocp_id=JKctVaGwEIyx8wOmpoCoAw&random=1053631945&ipr=y HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
DNT: 1
Connection: Keep-Alive
Host: VVV.google.com.ua


HTTP/1.1 200 OK
Content-Type: image/gif
Date: Tue, 14 Apr 2015 23:47:48 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Server: adclick_server
Content-Length: 42
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.5
GIF89a.............!.......,...........D.;....


GET /ads/user-lists/1070618923/?label=a1scCPGJggcQq7LB_gM&fmt=1&num=6&cv=7&frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&random=1797623072&ipr=y HTTP/1.1


Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
DNT: 1
Connection: Keep-Alive
Host: VVV.google.com.ua


HTTP/1.1 200 OK
Date: Tue, 14 Apr 2015 23:47:48 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: adclick_server
Content-Length: 76
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.5
............(....I.O.T(...I.UJJL.N/./.K.M.../.*)J. .H,J. Q......R`....
h.?...HTTP/1.1 200 OK..Date: Tue, 14 Apr 2015 23:47:48 GMT..Pragma: no
-cache..Expires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cach
e, no-store, must-revalidate..Content-Type: text/html; charset=UTF-8..
X-Content-Type-Options: nosniff..Content-Encoding: gzip..Server: adcli
ck_server..Content-Length: 76..X-XSS-Protection: 1; mode=block..Altern
ate-Protocol: 80:quic,p=0.5..............(....I.O.T(...I.UJJL.N/./.K.M
.../.*)J. .H,J. Q......R`....h.?.....



GET /MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6dg== HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: g.symcd.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1363
content-transfer-encoding: binary
Cache-Control: max-age=407672, public, no-transform, must-revalidate
Last-Modified: Sun, 12 Apr 2015 17:00:17 GMT
Expires: Sun, 19 Apr 2015 17:00:17 GMT
Date: Tue, 14 Apr 2015 23:47:49 GMT
Connection: keep-alive
0..O......H0..D.. .....0.....50..10......7).nj./P(.3.\\.;.B....2015041
2170017Z0f0d0<0... ..........9.....yP..`...<.......*.A.....>U
....... ...:v....20150412170017Z....20150419170017Z0...*.H............
.N....S<?..m...P.....g;............4>..r. ..[...l..n.-qIe.|x..`Q
.4...l`e.....9.........F.............-.Y..`..#....D}..... ,.9.IhL..\Z.
V.W.^.B..R..x'.f.:..............J}......9...|...y._......0.......SH...
f...p./.S.E.....'.f...<.u..;~....s].....f.R...HC.?..*....0...0..}0.
.e........:}0...*.H........0B1.0...U....US1.0...U....GeoTrust Inc.1.0.
..U....GeoTrust Global CA0...141201130534Z..151216130534Z02100...U...'
GeoTrust Global CA TGV OCSP Responder 30.."0...*.H.............0......
......\.hpc..J.a.j-.t......F`Aw...)L.YE.2..~..-...2.Y(.".CZ.w..T..Y. s
yd.....x..YE..<....lwv.:J.76>U....uF.a.|8N.. ..1p...`f.X...B>
x..............6..m.&...'..W.plK....[.m.V..h..lI.........?~.....>.|
'....o...A!.Pm.*.N ...<.....3...*|.x._..1..m.W<*....._S.........
....0..0...U.#..0....z.h.....d..}.}e...N0... .....0......0...U.%..0...
 .......0...U...........0...U.......0.0!..U....0...0.1.0...U....TGV-B-
2830...*.H.............~....2!...V..0...Y....L..k....z}~a.3Y.x..dS.L..
.Dk$a...nR9_......B......m....Y....U.5....'.....<{....v&=.2].....j*
.r(7...=..w.I...z....\.#.J.ac.....I.[.[....6.X....0...g.3d...z.i.H..f.
..v.....\.....^.N..1.J<.)`Z.....4.-.E..n.E.~t....v.e.T...?. ......i
..%....
<<< skipped >>>


GET /js/plusone.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: apis.google.com
DNT: 1
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
X-UA-Compatible: IE=edge, chrome=1
Timing-Allow-Origin: *
ETag: "ba16df6e28c35d5a39e84a06941e0034"
Expires: Tue, 14 Apr 2015 23:47:48 GMT
Date: Tue, 14 Apr 2015 23:47:48 GMT
Cache-Control: private, max-age=1800
Content-Encoding: gzip
Transfer-Encoding: chunked
Set-Cookie: NID=67=tACTmxJZuQBCoaBTncvhIAUD4cmxVyWHHn36O7o00UcFdLAdd5eLP3n3BPq_mzmehpSBYrOWYKsj3MrQESLBCMdQXw2xML6zZg3qisLaobo6HxP4k_TCeJW2HZEUvIrs;Domain=.google.com;Path=/;Expires=Wed, 14-Oct-2015 23:47:48 GMT;HttpOnly
P3P: CP="This is not a P3P policy! See hXXp://VVV.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alternate-Protocol: 80:quic,p=0.5
327F.............}iw....w..[.&R(...t"Y.&v..N..;..U..%B`!Om.....JB`r...
}.:mjR..v..*.2...I.].i8..W.......}.O.4..<.ydZ. .O..R...H.<...u{.
....4..../o....8..\...._z...(...........{.e.F....l..Ea...Y..D$.0Z..-..
.KS......"K7...L"..o\..<CN&Q....$4....a....#.]G.!~"u......gd.$.Ad._
(..i .8..Pf...!=.y...(."..e..R.q....y....9zI.....1FJ.......M_....'I57.
.....!...|..`..(.$1.x........qN .o.|.!9...8.'....a...1% ...K.Gr..Ri1.)
...0..C....\[email protected]_...z.P.....!.x.V.].b.k...-...hC..............
W..G..H....U&X.s5h../.6.c...}Y..At [email protected].~..K|p1.%u..3~.c...Mr
.a|.e.r.... ...%..zu>.:/{....'d6....\...M.7.........,.g8/(.. .....c
.z......$.".a.M.....W.Z..o,W.\[email protected]?..h.......TV8.o...E.t..$..j....
...=.....F....6.<.V..t..bZoy.."I......l:I...f.Y1.[k@.{p...V.....THk
......h6w..C..8...;.....x_..u;.....v*k.........y.g6...c...m.hDC.^...h.
X.......Y|.y....z!.........=.g9.r.k.'..r...M.b.pO..!.`0F.Y.s.-/.......
.z^T....C.....#....3~....~.....>~O...;....=.P..&G.....e.\.>SnP..
P..b\..)...Sd...............U.}[email protected].=..D...\.{.hX
...n(..W.Q6.DY~...6s.u........ ..Z...<...m...jR..0....%.b7NV...2_/V
....w........v.*.<...../rt.$2q*.;.r.....aX...}6..A2.!n.ju..9..D...%
.........g?...c.u.nxf.G.....@w.._i.........h....K.....)....[ 9d.......
......s......lS.f..$.......)q.!..9......../8......N.....^.C.{N....=..G
[email protected]!....B....-...
.....y..H@.*..Z......@.*@....._@[email protected]*N........~.O......0.
...{>`.L.<....A.%|.i.........*./.KD:'.M.M....ag .F.v..Q.....
<<< skipped >>>


GET /ads/conversion/960689598/?random=1684655829&cv=7&fst=1429055268169&num=1&fmt=3&label=39a2CIrd2gkQvuuLygM&bg=ffffff&hl=en&guid=ON&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&cdct=2&convclickts=0&ocp_id=JKctVb72C4P-8QPuuIFI&random=533510730&ipr=y HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
DNT: 1
Connection: Keep-Alive
Host: VVV.google.com.ua


HTTP/1.1 200 OK
Content-Type: image/gif
Date: Tue, 14 Apr 2015 23:47:48 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Server: adclick_server
Content-Length: 42
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.5
GIF89a.............!.......,...........D.;HTTP/1.1 200 OK..Content-Typ
e: image/gif..Date: Tue, 14 Apr 2015 23:47:48 GMT..Pragma: no-cache..E
xpires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, no-sto
re, must-revalidate..X-Content-Type-Options: nosniff..Server: adclick_
server..Content-Length: 42..X-XSS-Protection: 1; mode=block..Alternate
-Protocol: 80:quic,p=0.5..GIF89a.............!.......,...........D.;..



GET /update/UpdateFVC.txt HTTP/1.1
Host: VVV.koyotesoft.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Tue, 14 Apr 2015 23:47:58 GMT
Server: Apache
Last-Modified: Tue, 17 Dec 2013 13:49:26 GMT
Accept-Ranges: bytes
Content-Length: 3216
Vary: Accept-Encoding
X-Stat-Server: web4
Keep-Alive: timeout=7, max=1000
Connection: Keep-Alive
Content-Type: text/plain
3.2.0.0.#########################################.# August 2012 - Vers
ion 3.2.0.0.#########################################.- Fix minor bugs
..3.1.0.0.#########################################.# November 2011 - 
Version 3.1.0.0.#########################################..3.0.0.0.###
######################################.# July 2011 - Version 3.0.0.0.#
########################################..2.92.0.0.###################
######################.# April 2011 - Version 2.92.0.0.###############
##########################..#########################################.
# June 2010 - Version 2.8.0.0.########################################
#.- Crashs and memory leaks fixed.- Ogg Theora added..################
#########################.# June 2010 - Version 2.8.0.0.##############
###########################.- Crashs and memory leaks fixed.- Ogg Theo
ra added..#########################################.# May 2010 - Versi
on 2.7.0.0.#########################################.- Improve video c
onversion.- MKV multi-audio fixed.- no sound bug fixed..##############
###########################.# April 2010 - Version 2.6.0.0.###########
##############################.- Presets added and some corrected.- iP
ad output Support.- New translations..################################
#########.# December 2009 - Version 2.5.0.0.##########################
###############.- Deinterlace video option added.- Correct some transl
ations..#########################################.# December 2009 - Ve
rsion 2.4.0.0.#########################################.- OGM form
<<< skipped >>>


GET /pagead/conversion/1050435832/?random=1429055268248&cv=7&fst=1429055268169&num=5&fmt=4&adtest=on&value=0&label=cHYlCKLXwwUQ-MHx9AM&bg=ffffff&hl=en&guid=ON&eid=317150502&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.googleadservices.com
DNT: 1
Connection: Keep-Alive


HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Date: Tue, 14 Apr 2015 23:47:48 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/javascript; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 432
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.5
..........=R.n.0... ....I..R.E..-.....4'..V.."........|...3.]b..u.....
...I.WmW......5.7...q.p.X......Z.(G..J....j...h..ZD.O-......i...H..<
;H.8J.(.?.B......6.H..`......<H.0.x.3.:HX.Y..(-R..l..!.L.#*..7.{x.5
.?..<.....;.P].5.P...%.<3...-O.L....<..g 1% ......K..0^j...Z.
.x...-&.vpHX......k..\5t...,/.......;...9Le=i:.6B...y}C5..}.}.|...y...
%...$......=.H..g6]|I .4....-..(.......i...C?...B%..l..esv$.F.K...i_q.
..=.d.........}C?..zT.e*.......


GET /pagead/conversion/992395230/?random=1429055268394&cv=7&fst=1429055268169&num=7&fmt=3&value=0&label=GI3TCMK0ywQQ3v-a2QM&bg=ffffff&hl=en&guid=ON&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1 HTTP/1.1


Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.googleadservices.com
DNT: 1
Connection: Keep-Alive


HTTP/1.1 302 Found
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Date: Tue, 14 Apr 2015 23:47:48 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: image/gif
Location: hXXp://googleads.g.doubleclick.net/pagead/viewthroughconversion/992395230/?random=1820824389&cv=7&fst=1429055268169&num=7&fmt=3&value=0&label=GI3TCMK0ywQQ3v-a2QM&bg=ffffff&hl=en&guid=ON&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&convclickts=0&ocp_id=JKctVdScGYSL8wPWlYCYDw
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.5
GIF89a.............!.......,...........D.;HTTP/1.1 302 Found..P3P: pol
icyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV P
SA PSD IVA IVD OTP OUR OTR IND OTC"..Date: Tue, 14 Apr 2015 23:47:48 G
MT..Pragma: no-cache..Expires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Co
ntrol: no-cache, must-revalidate..Content-Type: image/gif..Location: h
ttp://googleads.g.doubleclick.net/pagead/viewthroughconversion/9923952
30/?random=1820824389&cv=7&fst=1429055268169&num=7&fmt=3&value=0&label
=GI3TCMK0ywQQ3v-a2QM&bg=ffffff&hl=en&guid=ON&u_h=901&u_w=1716&u_ah=857
&u_aw=1716&u_cd=24&u_his=1&u_tz=180&u_java=true&u_nplug=0&u_nmime=0&fr
m=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemi
d=414&appid=0&type=New&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cook
ie_present=false&convclickts=0&ocp_id=JKctVdScGYSL8wPWlYCYDw..X-Conten
t-Type-Options: nosniff..Server: cafe..Content-Length: 42..X-XSS-Prote
ction: 1; mode=block..Alternate-Protocol: 80:quic,p=0.5..GIF89a.......
......!.......,...........D.;..
<<< skipped >>>


GET /crls/secureca.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.geotrust.com


HTTP/1.1 200 OK
Server: Apache
ETag: "59173381ba860afd89a5081254166e03:1429052426"
Last-Modified: Tue, 14 Apr 2015 23:00:26 GMT
Date: Tue, 14 Apr 2015 23:47:49 GMT
Content-Length: 724
Connection: keep-alive
Content-Type: application/pkix-crl
0...0..90...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equ
ifax Secure Certificate Authority..150414224300Z..150424224300Z0...0..
..v...140618150003Z0........140429180917Z0........140709194633Z0......
..140416233935Z0.....)..140617185515Z0....Bf..120627171053Z0.....3..02
0515130611Z0.....#..140606204021Z0........100729164439Z0........140606
222139Z0....%...020514181157Z0........140725020038Z0....M\..1404300004
42Z0........100729164732Z0....uU..150118022133Z0....V...140624123102Z0
........120627171025Z0........140618143256Z0.....>..140711125531Z0.
...j...140226123519Z0...*.H..............KCR../...........-i.....u..'.
....i!^............a...=......X.x..r...C..[(.B.$XX%b?......~a.......H.
w....f.$.B.I.cgu=....v...wwHTTP/1.1 200 OK..Server: Apache..ETag: "591
73381ba860afd89a5081254166e03:1429052426"..Last-Modified: Tue, 14 Apr 
2015 23:00:26 GMT..Date: Tue, 14 Apr 2015 23:47:49 GMT..Content-Length
: 724..Connection: keep-alive..Content-Type: application/pkix-crl..0..
.0..90...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equifa
x Secure Certificate Authority..150414224300Z..150424224300Z0...0....v
...140618150003Z0........140429180917Z0........140709194633Z0........1
40416233935Z0.....)..140617185515Z0....Bf..120627171053Z0.....3..02051
5130611Z0.....#..140606204021Z0........100729164439Z0........140606222
139Z0....%...020514181157Z0........140725020038Z0....M\..140430000442Z
0........100729164732Z0....uU..150118022133Z0....V...140624123102Z0...
.....120627171025Z0........140618143256Z0.....>..140711125531Z0
<<< skipped >>>


GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD/yl6nWPkczAQUe1tFz6/Oy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS+zcBkvzl4= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.thawte.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1503
content-transfer-encoding: binary
Cache-Control: max-age=417592, public, no-transform, must-revalidate
Last-Modified: Sun, 12 Apr 2015 19:50:16 GMT
Expires: Sun, 19 Apr 2015 19:50:16 GMT
Date: Tue, 14 Apr 2015 23:51:38 GMT
Connection: keep-alive
0..........0..... .....0......0...0......&Km...."....}....,.c..2015041
2195016Z0s0q0I0... ........0..k....&..p..^.X.....{[E....z.1..j..F.WHP.
.G.Mxs..../.p./.^....20150412195016Z....20150419195016Z0...*.H........
...../..m..=.:.Z.N....Q..3.-p.....m..J...f`m$.6y......EV*h=yX...M4T..j
."X.?....D...k..V2....x.A#.0..,.6..F..r ..h..gb..-.R.!...A.....wM..{..
..pp.5..$^.....6H....zSn.2.T]...-.....cm ...f.6.9R7......]H.Bb.3md..P.
..=)1^..1.e>j......`._;..t.....&...t...X...V..2H.......0...0...0...
.........I...*....^n...0...*.H........0..1.0...U....US1.0...U....thawt
e, Inc.1(0&..U....Certification Services Division1806..U.../(c) 2006 t
hawte, Inc. - For authorized use only1.0...U....thawte Primary Root CA
0...141202000000Z..151216235959Z0_1.0...U....US1.0...U....thawte, Inc.
1907..U...0thawte Primary Root OCSP Responder Certificate 30.."0...*.H
.............0.........x...F83..,.D.,2D.;JGc.|_.k.....B.7.....G}.M.s..
...S.i.Uu.h.Aq..v...4:l..U.......T7l...~vl...r....{*..........V.o..8|.
B..^.a.. ...z....x..s...\[Y....<....'> ..YC..7.zVk.$...o3..kao]c
...>C./bPX.......I..Oc.....NN......g.....,/..]......qN.....V!<.3
.)...y#.........i0g0...U.%..0... .......0... .....0......0...U.......0
.0...U...........0!..U....0...0.1.0...U....TGV-B-2770...*.H...........
.....lt..\..z. ..N.f.!.S5d?J.&....r...D........L.`.s.p...HC.L.8f... ..
.......GA7......P..Z.%.../............z.n.6~I...].).....W...W\|.uya..:
...^...hW..7.Z.uc.'....:.xL...HS.....>.........5......%....3S....h.
.......U....o.C.\.t.....G.._.C0(l.E9..6UTxg.gF ..;.....
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9+WQCtWAQU1A1lP3q9NMb+R+dMDcC98t4Vq3ECEHrQLbdeduqNjPSk0cJZEik= HTTP/1.1


Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.thawte.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1396
content-transfer-encoding: binary
Cache-Control: max-age=560313, public, no-transform, must-revalidate
Last-Modified: Tue, 14 Apr 2015 11:30:11 GMT
Expires: Tue, 21 Apr 2015 11:30:11 GMT
Date: Tue, 14 Apr 2015 23:51:38 GMT
Connection: keep-alive
0..p......i0..e.. .....0.....V0..R0......Qw.}`[email protected]
4113011Z0s0q0I0... ........l....r.vdv0..*.~Y..X....e?z.4..G.L.......q.
.z.-.^v.......Y.)....20150414113011Z....20150421113011Z0...*.H........
......h...[...r..=.do...c.:ka...f....T.3.l2;..u!. ~Jz......R.f.5b..HvP
...4b.w.........@H5y......... ....|,p...p.-.QZ.&..%...8.....xz....B.X.
{..AS......N:....z..<..;.vJ.9.M..WRT..#.s.;...U.s.Y...(.4.....lC..h
....5.E7...n.7^.]..P....'...ro.......;.b3.w...{Y..O.......0...0...0..y
.......^..........N...)0...*.H........0J1.0...U....US1.0...U....Thawte
, Inc.1$0"..U....Thawte Code Signing CA - G20...150303000000Z..1506012
35959Z0Y1.0...U....US1.0...U....Thawte, Inc.1301..U...*Thawte Code Sig
ning CA - G2 OCSP Responder0.."0...*.H.............0............).Z...
....O.~.l...,\.3.".'.'W .ih./..}OA...K...HJd....K^..<.....-.rWJ.j.U
.._......W.../.6....J.y.u-.\...2..U.52B.>...=F...RbR.y.zm.......{b.
bj....Y..J..m...*=.^......V.}p......rmA......9.L ...{?.g.-Y...........
.8...k.$.:.5..6#4..F.#....t.B.8.O)'F.p).........d0b0...U....0.0...U.%.
.0... .......0...U........0... .....0......0"..U....0...0.1.0...U....T
GV-B-32450...*.H..............C.....8.Aw.{....`...y1N...W4M..M.J.3~..7
#}..X..:x..5....$...Z^%.?6..e...}I.)....... .A.w......_...B..j.T..Yu.o
.....g....H....q.Ju.SA`K.....~..O_.....S....I>..O.X..E.......]...y.
.L..F....K......../...._XSk6.:a};.?`...:^.....p....4Z.3L;.......t....&
gt;.....j....
<<< skipped >>>


GET /ads/user-lists/1006373716/?label=RZXuCLy__AcQ1Jbw3wM&fmt=1&num=2&cv=7&frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&random=2748859103 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
DNT: 1
Connection: Keep-Alive
Host: VVV.google.com


HTTP/1.1 302 Found
Location: hXXp://VVV.google.com.ua/ads/user-lists/1006373716/?label=RZXuCLy__AcQ1Jbw3wM&fmt=1&num=2&cv=7&frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&random=2748859103&ipr=y
Cache-Control: private, max-age=43200
Date: Tue, 14 Apr 2015 23:47:48 GMT
Expires: Tue, 14 Apr 2015 23:47:48 GMT
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: adclick_server
Content-Length: 448
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.5
<HTML><HEAD><meta http-equiv="content-type" content="te
xt/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HE
AD><BODY>.<H1>302 Moved</H1>.The document has mov
ed.<A HREF="hXXp://VVV.google.com.ua/ads/user-lists/1006373716/?lab
el=RZXuCLy__AcQ1Jbw3wM&fmt=1&num=2&cv=7&frm=0&url=
http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414%
26appid=0&type=New&random=2748859103&ipr=y">here</
A>...</BODY></HTML>..HTTP/1.1 302 Found..Location: http
://VVV.google.com.ua/ads/user-lists/1006373716/?label=RZXuCLy__AcQ1Jbw
3wM&fmt=1&num=2&cv=7&frm=0&url=http://VVV.koyotesoft.com/thankyou.ph
p?soft=11&systemid=414&appid=0&type=New&random=2748859
103&ipr=y..Cache-Control: private, max-age=43200..Date: Tue, 14 Apr 20
15 23:47:48 GMT..Expires: Tue, 14 Apr 2015 23:47:48 GMT..Content-Type:
 text/html; charset=UTF-8..X-Content-Type-Options: nosniff..Server: ad
click_server..Content-Length: 448..X-XSS-Protection: 1; mode=block..Al
ternate-Protocol: 80:quic,p=0.5..<HTML><HEAD><meta http
-equiv="content-type" content="text/html;charset=utf-8">.<TITLE&
gt;302 Moved</TITLE></HEAD><BODY>.<H1>302 Move
d</H1>.The document has moved.<A HREF="hXXp://VVV.google.com.
ua/ads/user-lists/1006373716/?label=RZXuCLy__AcQ1Jbw3wM&fmt=1&
num=2&cv=7&frm=0&url=http://VVV.koyotesoft.com/thankyou.
php?soft=11&systemid=414&appid=0&type=New&rand
<<< skipped >>>


GET /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?a4214b151cedb05d HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Tue, 24 Mar 2015 16:17:41 GMT
If-None-Match: "804047d4e66d01:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com


HTTP/1.1 304 Not Modified
Content-Type: application/octet-stream
Last-Modified: Tue, 24 Mar 2015 16:17:41 GMT
ETag: "804047d4e66d01:0"
Cache-Control: max-age=86400
Date: Tue, 14 Apr 2015 23:47:49 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: application/octet-stream..Las
t-Modified: Tue, 24 Mar 2015 16:17:41 GMT..ETag: "804047d4e66d01:0"..C
ache-Control: max-age=86400..Date: Tue, 14 Apr 2015 23:47:49 GMT..Conn
ection: keep-alive..



GET /baltimoreroot/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfACBAcnpGo= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.omniroot.com


HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/ocsp-response
Date: Tue, 14 Apr 2015 23:47:50 GMT
Last-Modified: Thu, 09 Apr 2015 15:18:40 GMT
Server: ECS (frf/87D3)
X-Cache: HIT
Content-Length: 1406
0..z......s0..o.. .....0.....`0..\0......`;.l.uZ..k.F..^|A.Tb..2015040
9094612Z0g0e0=0... ........./Ev..Y..].....x.#......Y0.GX....T6.{:..M..
..'.j....20150408171249Z....20150707171749Z0...*.H.............T>~.
...F..P........XIT}y...SWj;...^W-"..r4.a..O.Q.......p..$'>.J.9.9n..
c"Y...?...8..../...8,.i.rmq.Xi9...x...M.R.O.6..gy..... .S...Q.>..df
..'S...}}/.....!......j...I...y....s.GN|.C....l......*.E...Te...t. ...
....8.......N...0x....!...b.~....?.F.SQ.g.at........0...0...0.........
..'..0...*.H........0Z1.0...U....IE1.0...U....Baltimore1.0...U....Cybe
rTrust1"0 ..U....Baltimore CyberTrust Root0...150114195242Z..160114195
229Z0G1.0...U....US1.0...U....Cybertrust1#0!..U....Cybertrust-Validati
on-20110.."0...*.H.............0.........?....(Fb....G... ..=..(L..wK.
..04..I......C...1.Z......U.$b.f..Pa.....S...#..B.........^T..IP8.....
.....h8GM..*.4.MP..../[email protected].
..2.x....$..@@....q2...Uby.e......D....lf...C....ZP}O......7...mM..c.g
..j.\.>.O....G.A........0..0... .....0......0...U.......0.0...U....
.......0...U.%..0... .......0...U.#..0.....Y0.GX....T6.{:..M.0...U....
..`;.l.uZ..k.F..^|A.Tb0...*.H.............n.h\Ch*G.c..yr..."._....J.-.
...j.t%..e.....([email protected]!m...sZH.N..>.S....K..........7wi3..x.D..l
..ud.....CC......<.&.2. ..d...T.......;.S....\... ......m.6......#(
.&....q.[z.........r..T....W...7ea.}..B.1........al.]i.F...-.0c...y.=?
....E...........'>..O.._..
<<< skipped >>>


GET /static/counter.971cced8b482342dda43.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: s7.addthis.com
DNT: 1
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Tue, 14 Apr 2015 23:47:48 GMT
Content-Type: text/javascript
Content-Length: 6443
Connection: keep-alive
Last-Modified: Tue, 14 Apr 2015 21:34:11 GMT
Content-Encoding: gzip
Cache-Control: public, no-check, max-age=86313600
CF-Cache-Status: HIT
Accept-Ranges: bytes
X-Host: s7.addthis.com
Server: cloudflare-nginx
CF-RAY: 1d734c451b980f8d-FRA
...........[.s.H..W...,..`s.XO...I @.I.R.n...vs'..S...#........}.%....
..xf...K".$...*.(..]............1. F.V.....Y.1...x.........1.&8&..h...
H......Q,4.S..i.cM......VD.c.(...m...E.@..(2.......}'...STH..N...U.A..
!&.RL.&J....%.Dk.....h9Jm....... E........#.7n...(o.M.L...,...n...cCQ9
L......y...n.C9..P6.e.4.....E..)(n..X......|m....d..W...~}.?N....Z:.[.
......a/u^...c.1}C.c..#......T.QD..&H...b.B#.$(*.....8.....0:Q.`...l^g
,".P$l..B......x.......y,[email protected]|[email protected].#...\.
.u`..p\T...h(..............*.R?....s?x.1. .......e..qe.......I...~..]&
{...F.;.U.a_..i..D.E.L...Q....q..Pka""..4c....,`...b..Y\D....'..%..6..
nM>....mh.9..Eb.&a.:.eA.U...p..%C.hH.M9-5.J1}...(............>..
:.2..^......cC.Cs.ABR..C...fG..:k....L... <H...y*y..8..Wa... =.....
.&...R............u.V...Q....R.rt$.T..J..5.@{.,........e.5.....*:.DJ..
.h.3........e..7l...g.r.$G..6Y....0O......"....6)>j.F....QS.. 8.QGM
.i.....^./.F|-Z|.G.".C....'a.......M1~...c..{.@D#&_.nb?...Y.....*.....
VE6.....z..z..j.X......S...N..#..0...@...=_.~...P..8.3.;N...d.H.bG.y..
.. .n(.......%x>....g.4..gj>.qPiAE.;B:.....ec.ae........r.;YN...
.:..TC...(:..c....,$....c....d\.@'x.N..M.M....[..O.!; q.*.<.#.2`..h
..1....T.......O..].iS.6..t..q1?^......&f'8..@~..O.....;..... ..6`_../
.."..S..\./.G.....A...D..RE/"B.st8......1..2f.y...P.O.b:.E.`...#.R4...
7...".*.Z... $. ........_...= ..`.%.Q......>..4VU.....j.8.m..o.G...
..FG...\...i.4.'`...i...."A../.][email protected]... ..".$."..{......k2.....
.}..F.....Y...X.^.5....A...........u......e]C..mC?%.G.74.a'@h...4*
<<< skipped >>>


GET /live/t00/mu.gif?a=sc&r=1&err=1 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: m.addthisedge.com
DNT: 1
Connection: Keep-Alive


HTTP/1.1 204 No Content
Date: Tue, 14 Apr 2015 23:47:49 GMT
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Server: cloudflare-nginx
CF-RAY: 1d734c49da720467-FRA
HTTP/1.1 204 No Content..Date: Tue, 14 Apr 2015 23:47:49 GMT..Connecti
on: keep-alive..Cache-Control: max-age=0, no-cache, no-store..Pragma: 
no-cache..Server: cloudflare-nginx..CF-RAY: 1d734c49da720467-FRA..



GET /CRL/Omniroot2025.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: cdp1.public-trust.com


HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Last-Modified: Wed, 08 Apr 2015 19:45:01 GMT
ETag: "20103-6ca-5133bc4543d0a"
Accept-Ranges: bytes
Content-Type: application/x-pkcs7-crl
Connection: Keep-Alive
Date: Tue, 14 Apr 2015 23:49:29 GMT
Content-Length: 1738
0...0......0...*.H........0Z1.0...U....IE1.0...U....Baltimore1.0...U..
..CyberTrust1"0 ..U....Baltimore CyberTrust Root..150408171249Z..15070
7171749Z0...0....'k...120111220757Z0....'k...120111220847Z0....'.C..13
0130174530Z0....'....130807173059Z0....'....140122185220Z0....'....140
212185542Z0....'....141112202254Z0....'....100217174732Z0....'#...1003
03201301Z0....'!...100312202204Z0....''q..100414175202Z0....'L...11022
4181251Z0....'Pn..110309142119Z0....'....100216203312Z0....'#...100303
201213Z0....'3#..100908172555Z0....''n..101208175627Z0....''m..1012081
75749Z0....''p..101208175916Z0....'H...110114162156Z0#...'X>..11081
5145134Z0.0...U.......0#...'Z2..110818184101Z0.0...U.......0....'g...1
20111164333Z0....'g...120111164409Z0....'g...120111164519Z0....'....10
0216213519Z0....''s..100414175225Z0....''k..100414181839Z0....'3"..100
908172705Z0....'3$..100908172728Z0....''o..101208175645Z0....''l..1012
08175727Z0....'H...110119195142Z0....'Nz..110302154045Z0....'c...11120
7220933Z0....'g...120111164445Z0....''r..100414175143Z0....'8...101012
182723Z0....'e...120111163041Z0....'VJ..110714160903Z0....'s...1301231
62633Z0....'....130904190524Z0....'....131024214319Z0....'....14012917
2435Z0....'....140129172453Z0....'....131024214310Z0....'....131101204
601Z0....'....140219171632Z0....'.^..140409155638Z0....'i...1407091719
30Z0....'/:..141119193302Z0....'k...120111220827Z0....'8...14071619120
3Z0....'....131219195909Z0....'....140219171545Z..0.0...U........0...*
.H...............m.`..R.A27.E9z.t.....r.5n.............9=H"......!
<<< skipped >>>


GET /plugins/like.php?action=like&app_id=172525162793917&channel=http://static.ak.facebook.com/connect/xd_arbiter/6Dg4oLkBbYq.js?version=41#cb=f186b86fb4b33a2&domain=VVV.koyotesoft.com&origin=http%3A%2F%2FVVV.koyotesoft.com%2Ff205eaefed1fbcc&relation=parent.parent&container_width=0&font=arial&href=http://VVV.koyotesoft.com/&layout=button_count&locale=en_US&ref=.VS2nJFEkyzs.like&sdk=joey&send=false&show_faces=false&width=90 HTTP/1.1
Accept: text/html, application/xhtml xml, */*
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.facebook.com
DNT: 1
Connection: Keep-Alive


HTTP/1.1 302 Found
Location: hXXps://VVV.facebook.com/plugins/like.php?action=like&app_id=172525162793917&channel=http://static.ak.facebook.com/connect/xd_arbiter/6Dg4oLkBbYq.js?version=41#cb=f186b86fb4b33a2&domain=VVV.koyotesoft.com&origin=http%3A%2F%2FVVV.koyotesoft.com%2Ff205eaefed1fbcc&relation=parent.parent&container_width=0&font=arial&href=http://VVV.koyotesoft.com/&layout=button_count&locale=en_US&ref=.VS2nJFEkyzs.like&sdk=joey&send=false&show_faces=false&width=90
X-Content-Type-Options: nosniff
X-UA-Compatible: IE=edge
Content-Type: text/html
X-FB-Debug: Yo9c PdoqV4Z16eXMIHbu/FB 25H7XeRZH1tmg4HR1dUZpcXVER3WJQJHFeutzqfgFCrXww215WOiyhHD9Q tg==
Date: Tue, 14 Apr 2015 23:47:51 GMT
Connection: keep-alive
Content-Length: 0
HTTP/1.1 302 Found..Location: hXXps://VVV.facebook.com/plugins/like.ph
p?action=like&app_id=172525162793917&channel=http://static.ak.fa
cebook.com/connect/xd_arbiter/6Dg4oLkBbYq.js?version=41#cb
=f186b86fb4b33a2&domain=VVV.koyotesoft.com&origin=http%3A%
252F%2FVVV.koyotesoft.com%2Ff205eaefed1fbcc&relation=parent.pa
rent&container_width=0&font=arial&href=http://VVV.koyotesoft.com
/&layout=button_count&locale=en_US&ref=.VS2nJFEkyzs.like&sdk=joey&se
nd=false&show_faces=false&width=90..X-Content-Type-Options: nosniff..X
-UA-Compatible: IE=edge..Content-Type: text/html..X-FB-Debug: Yo9c Pdo
qV4Z16eXMIHbu/FB 25H7XeRZH1tmg4HR1dUZpcXVER3WJQJHFeutzqfgFCrXww215WOiy
hHD9Q tg==..Date: Tue, 14 Apr 2015 23:47:51 GMT..Connection: keep-aliv
e..Content-Length: 0..
<<< skipped >>>


GET /MFUwUzBRME8wTTAJBgUrDgMCGgUABBS856ddZAq5lE7vDJmoUDW1u98SMAQU3WyAfLq1MhelhEFA8NIEZhMvqZACFGozgiJkrf5JafrJHx/pwJ6+De+O HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: vassg141.ocsp.omniroot.com


HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 1770
Last-Modified: Tue, 14 Apr 2015 23:35:14 GMT
ETag: "07271cd59a4880353370a3db2f04e4f0ec18925f"
Cache-Control: public, no-transform, must-revalidate, max-age=339468
Expires: Sat, 18 Apr 2015 22:05:38 GMT
Date: Tue, 14 Apr 2015 23:47:50 GMT
Connection: keep-alive
0..........0..... .....0......0...0........<v.@.^g...%.).......2015
0414233514Z0w0u0M0... ...........]d...N....P5....0...l.|[email protected]./
....j3."d..Ii...............20150414233514Z....20150418233514Z0...*.H.
............K...F..4.D..6..8U...b..L.6"..h....."...... ....4[.s..<.
"_|2c*....%HN(.p......!......O..HB.;..n.....?.....P......3A U..7....\.
1....2.k.......-bV`w........`#.s}P...;.4-.K.o..{........h....m.>"%`
T.$.....!..."..rX..CQ...m.......rW...2A....i)..1.W.....O...)TbXh....0.
[email protected]...*.H........0..1.0...U....NL1.
0...U....Amsterdam1%0#..U....Verizon Enterprise Solutions1.0...U....Cy
bertrust1.0,..U...%Verizon Akamai SureServer CA G14-SHA10...1503271153
53Z..160327115353Z0..1.0...U....NL1.0...U....Amsterdam1%0#..U....Veriz
on Enterprise Solutions1.0...U....Cybertrust1=0;..U...4Verizon Akamai 
SureServer CA G14-SHA1 Responder 20150.."0...*.H.............0........
...F........_.Sq...@.:pI.....W.........0....Q.".0$/...0..f.<A.Z^Y."
...............[O...Y.....vNHh...8.D{a.._Z{]S..#8.?cf#..j{........=.:.
...Y....y..M.o..w....p./gA....q.F..%.....F.......?.....Aw.M....!/D.w..
..<F..[..jt.....zl).....$(..3.7...rT-.......I...s........H0..D0... 
.....0......0L..U. .E0C0A.. .....>..0402.. ........&hXXps://secure.
omniroot.com/repository0~.. ........r0p06.. .....0..*hXXps://cacert.a.
omniroot.com/vassg141.crt06.. .....0..*hXXps://cacert.a.omniroot.com/v
assg141.der0...U...........0...U.%..0... .......0...U.#..0....l.|..2..
[email protected]./..0...U........<v.@.^g...%.).....0...*.H.............W
<<< skipped >>>


GET /ads/user-lists/955861747/?label=XPluCIWZjgYQ85XlxwM&fmt=1&num=4&cv=7&frm=0&url=http://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New&random=1818266846&ipr=y HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
DNT: 1
Connection: Keep-Alive
Host: VVV.google.com.ua


HTTP/1.1 200 OK
Date: Tue, 14 Apr 2015 23:47:48 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: adclick_server
Content-Length: 76
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.5
............(....I.O.T(...I.UJJL.N/./.K.M.../.*)J. .H,J. Q......R`....
h.?...HTTP/1.1 200 OK..Date: Tue, 14 Apr 2015 23:47:48 GMT..Pragma: no
-cache..Expires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cach
e, no-store, must-revalidate..Content-Type: text/html; charset=UTF-8..
X-Content-Type-Options: nosniff..Content-Encoding: gzip..Server: adcli
ck_server..Content-Length: 76..X-XSS-Protection: 1; mode=block..Altern
ate-Protocol: 80:quic,p=0.5..............(....I.O.T(...I.UJJL.N/./.K.M
.../.*)J. .H,J. Q......R`....h.?.....



GET /crls/secureca.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.geotrust.com


HTTP/1.1 200 OK
Server: Apache
ETag: "59173381ba860afd89a5081254166e03:1429052426"
Last-Modified: Tue, 14 Apr 2015 23:00:26 GMT
Date: Tue, 14 Apr 2015 23:47:49 GMT
Content-Length: 724
Connection: keep-alive
Content-Type: application/pkix-crl
0...0..90...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equ
ifax Secure Certificate Authority..150414224300Z..150424224300Z0...0..
..v...140618150003Z0........140429180917Z0........140709194633Z0......
..140416233935Z0.....)..140617185515Z0....Bf..120627171053Z0.....3..02
0515130611Z0.....#..140606204021Z0........100729164439Z0........140606
222139Z0....%...020514181157Z0........140725020038Z0....M\..1404300004
42Z0........100729164732Z0....uU..150118022133Z0....V...140624123102Z0
........120627171025Z0........140618143256Z0.....>..140711125531Z0.
...j...140226123519Z0...*.H..............KCR../...........-i.....u..'.
....i!^............a...=......X.x..r...C..[(.B.$XX%b?......~a.......H.
w....f.$.B.I.cgu=....v...wwHTTP/1.1 200 OK..Server: Apache..ETag: "591
73381ba860afd89a5081254166e03:1429052426"..Last-Modified: Tue, 14 Apr 
2015 23:00:26 GMT..Date: Tue, 14 Apr 2015 23:47:49 GMT..Content-Length
: 724..Connection: keep-alive..Content-Type: application/pkix-crl..0..
.0..90...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equifa
x Secure Certificate Authority..150414224300Z..150424224300Z0...0....v
...140618150003Z0........140429180917Z0........140709194633Z0........1
40416233935Z0.....)..140617185515Z0....Bf..120627171053Z0.....3..02051
5130611Z0.....#..140606204021Z0........100729164439Z0........140606222
139Z0....%...020514181157Z0........140725020038Z0....M\..140430000442Z
0........100729164732Z0....uU..150118022133Z0....V...140624123102Z0...
.....120627171025Z0........140618143256Z0.....>..140711125531Z0
<<< skipped >>>


GET /cdn/r/0/FreeVideoConverterSetup-r0-n-bi.exe HTTP/1.1
Accept: text/html, application/xhtml xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: download.cdn.koyotesoft.com
DNT: 1
Connection: Keep-Alive
Cookie: __utma=76211983.1903611302.1429055269.1429055269.1429055269.1; __utmb=76211983.2.10.1429055269; __utmz=76211983.1429055269.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmt_~1=1; ln=en; __utmc=76211983


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 1280856
Last-Modified: Mon, 23 Mar 2015 15:15:14 GMT
Accept-Ranges: bytes
X-Stat-Server: web4
Cache-Control: max-age=2592000
Expires: Thu, 14 May 2015 23:48:13 GMT
Date: Tue, 14 Apr 2015 23:48:13 GMT
Connection: keep-alive
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8
...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8.......
.PE..L.....GO.................t...z...B...8............@..............
............._......G....@.................................@........@_
..(..........Pu.......`...............................................
........................................text....r.......t.............
..... ..`.rdata..n .......,...x..............@[email protected].... ...........
[email protected]....(.
..@_..*..................@[email protected][email protected].
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U....\.}..t .}.F.E.u..H
[email protected][email protected]...
..@..}[email protected]... M..........M........E...FQ.....NU
..M.......M...VT..U........FP..E...............E.P.M...H.@..E..P.E..E.
[email protected]}[email protected].}.j.W.E......E.....
[email protected][email protected][email protected] [email protected].
u.....@._^3.[.....L$....G...i. @...T.....tUVW.q.3.;5..G.sD..i. @...D..
S.....t.G.....t...O..t .....u...3....3...F. @..;5..G.r.[_^...U..QQ
<<< skipped >>>


GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com


HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=512906
Content-Type: application/ocsp-response
Date: Tue, 14 Apr 2015 23:47:49 GMT
Etag: "552d58b9-1d7"
Expires: Tue, 21 Apr 2015 11:47:49 GMT
Last-Modified: Tue, 14 Apr 2015 18:13:13 GMT
Server: ECS (frf/8792)
X-Cache: HIT
Content-Length: 471
0..........0..... .....0......0...0.......>.i...G...&....cd ...2015
0413200000Z0s0q0I0... ............([email protected]....>.i...G...&...
.cd ........\..m. B.]......20150413200000Z....20150420200000Z0...*.H..
...........O...8/*wn..C.(9....IA.3.Ao..k...p..{|R..u.]..9...B..../C;..
...[....... =tHy...........-n.. ....s.7..?A.}.AbC....9T.b..?...O8...p\
..5hg.N)bJ.g._......cK....j._.S.78..............Y....d...n./l.)..-..W.
....l.(...".L.7.Kk....../}."...B/.n.6.......n.....tt Xg..HTTP/1.1 200 
OK..Accept-Ranges: bytes..Cache-Control: max-age=512906..Content-Type:
 application/ocsp-response..Date: Tue, 14 Apr 2015 23:47:49 GMT..Etag:
 "552d58b9-1d7"..Expires: Tue, 21 Apr 2015 11:47:49 GMT..Last-Modified
: Tue, 14 Apr 2015 18:13:13 GMT..Server: ECS (frf/8792)..X-Cache: HIT.
.Content-Length: 471..0..........0..... .....0......0...0.......>.i
...G...&....cd ...20150413200000Z0s0q0I0... ............(..A...B..G@B.
X....>.i...G...&....cd ........\..m. B.]......20150413200000Z....20
150420200000Z0...*.H.............O...8/*wn..C.(9....IA.3.Ao..k...p..{|
R..u.]..9...B..../C;.....[....... =tHy...........-n.. ....s.7..?A.}.Ab
C....9T.b..?...O8...p\..5hg.N)bJ.g._......cK....j._.S.78..............
Y....d...n./l.)..-..W.....l.(...".L.7.Kk....../}."...B/.n.6.......n...
..tt Xg......
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTtSK3dy3sA4g6EKqm0CfGsMDTPlgQUUOpzidsp+xCPnuUBINTeeZlIg/cCEAVZCGVlwVI+JFPBNWH01oo= HTTP/1.1


Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com


HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=510235
Content-Type: application/ocsp-response
Date: Tue, 14 Apr 2015 23:47:49 GMT
Etag: "552d83b0-1d7"
Expires: Tue, 21 Apr 2015 11:47:49 GMT
Last-Modified: Tue, 14 Apr 2015 21:16:32 GMT
Server: ECS (frf/87A3)
X-Cache: HIT
Content-Length: 471
0..........0..... .....0......0...0......P.s..)...... ..y.H....2015041
4210100Z0s0q0I0... .........H...{....*.....04....P.s..)...... ..y.H...
..Y.ee.R>$S.5a.......20150414210100Z....20150421211600Z0...*.H.....
.............]...N.p8Mp......fy..6a..lX.v.....K7...3=Oe..E|2BX.....E.5
.....Ku..)..C......o..C!Y...........U.......aq...&.=qKi.$.......='S..q
6..).d..~.G.W.?.ZNI..,.q.....EqR....VL(z.........w.....]... .h...QU...
:Hp..3.zo).l.(:.%.7.X.r.......t.1...!.C..w.gK.........HTTP/1.1 200 OK.
.Accept-Ranges: bytes..Cache-Control: max-age=510235..Content-Type: ap
plication/ocsp-response..Date: Tue, 14 Apr 2015 23:47:49 GMT..Etag: "5
52d83b0-1d7"..Expires: Tue, 21 Apr 2015 11:47:49 GMT..Last-Modified: T
ue, 14 Apr 2015 21:16:32 GMT..Server: ECS (frf/87A3)..X-Cache: HIT..Co
ntent-Length: 471..0..........0..... .....0......0...0......P.s..)....
.. ..y.H....20150414210100Z0s0q0I0... .........H...{....*.....04....P.
s..)...... ..y.H.....Y.ee.R>$S.5a.......20150414210100Z....20150421
211600Z0...*.H..................]...N.p8Mp......fy..6a..lX.v.....K7...
3=Oe..E|2BX.....E.5.....Ku..)..C......o..C!Y...........U.......aq...&.
=qKi.$.......='S..q6..).d..~.G.W.?.ZNI..,.q.....EqR....VL(z.........w.
....]... .h...QU...:Hp..3.zo).l.(:.%.7.X.r.......t.1...!.C..w.gK......
.....
<<< skipped >>>


GET /styles/default/free-audio-video-software-home.gif HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.koyotesoft.com
DNT: 1
Connection: Keep-Alive
Cookie: ln=en


HTTP/1.1 200 OK
Date: Tue, 14 Apr 2015 23:47:47 GMT
Server: Apache
Last-Modified: Sun, 09 Jun 2013 21:04:19 GMT
Accept-Ranges: bytes
Content-Length: 4256
Cache-Control: max-age=86400
Expires: Wed, 15 Apr 2015 23:47:47 GMT
X-Stat-Server: web4
Keep-Alive: timeout=7, max=1000
Connection: Keep-Alive
Content-Type: image/gif
GIF89a..:........|...?..........y............I.....dj.............8..3
..J...............^........u............q......#......a.............B.
.E...|...................i.z....U.............[..V.....<...........
~.w...6........-..............)..V..2.x.......o...............z.......
..............-.w....W...|..|.........e.....O.....r..;z..........L....
....;......Z..........=....n......Z..|.u......:..:........>k.......
.............u....\..P.................0............d...s.........>
..u.........q..........L..s..z........<..!...q...........b.........
......v..t..x...=.}........{..r...X.....u..............@.........]....
[email protected]..[..H...........?........>.....=............
.y.[....O...........(.........t..w...............}......n.............
..}..........{.q..r..u.S..!.......,......:............V^..\......#J.H.
....32\%......).H....(S^.....bI........8s......#...Q.....H.........N.8
R"[email protected]..*.T.p.Y..h....dG.3~"..q....j........~.E e...Q5.*^l./....
..!...._2d....b.*.D.a.C.*.fE\....3.<.V..P...7.QQ......... ....dA...
...5.T.M]e_-.#............4f..5.P.K& .......E.r..%....:...2.p...lp.%..
..#.XQN%.P2.$..0!..`.L<...H.4$......Q.....~G.u.8...C.2.PA$Y 0.0.$..
[email protected]..$......`.C..DR. .Lg......C.dI..,[email protected]..!.....B.....P.C"eX..
..........=n<[email protected].@(..dA..........?.d.AJ......0...X,`..z.....
..........'..K.7`.......I.Bj.B.fii..f)icN....kf...fL...)D.....s..BH`..
[email protected].)/..5K.dk.l..<...&...."..A.;..........$.
.!..................... .*A4..`..<l....j.W."......yi.&yq...D.0.
<<< skipped >>>


GET /en_US/all.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://VVV.koyotesoft.com/thankyou.php?soft=11&systemid=414&appid=0&type=New
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: connect.facebook.net
DNT: 1
Connection: Keep-Alive


HTTP/1.1 200 OK
ETag: "d91aaba146dd2cbb919a317a8284d3de"
Content-Type: application/x-javascript; charset=utf-8
Timing-Allow-Origin: *
Vary: Accept-Encoding
Content-Encoding: gzip
Content-MD5: nPV9z0o/WBLTSpUcZ58wXg==
X-FB-Debug: vsId UiDW0hdPI6enUci9G8JE30LbW6AMbuZXqRREGhkw7Qkk8P4UW07jwMYHAB850jD33aiTnaPfkdTDghNTw==
Content-Length: 53518
Cache-Control: public, max-age=1200
Expires: Wed, 15 Apr 2015 00:07:48 GMT
Date: Tue, 14 Apr 2015 23:47:48 GMT
Connection: keep-alive
............}..H.?..y...k.A...#D./.....Ir......|.. ..#.....~.[..j.a;3s
..w..X.sWWWWUWU..p........G.=.??|..I&.|....d..\.<}......N..|.a.?.c.
.........gQ.0....a'IF...n....S..'i..,&.pV.....i..?*...#...E...@..|>
m.._]]...YOf..XJ..?}x....w{Rz.?..eeu.Mz.U......R=_Lx.UIv ....f.4.. ~E.
.J/....dn..:...1..hBC. .I..4$=....q.,..Y.....y8...\...u.0.m4a.J..Vr.-.
..~....6....yW..t.|[email protected]..&.d....G?:Io..,.N....B:
.'...BN....;wW.y.Q.........lR.,b.p...({....y%|..........C...F.4.O.j6..
[..~........*.d..'...u._.......a.*..z.....y}...q.....q8....z}^..R..1]8
5S..T....4}3...... }...c...6.1m.*....m....0..i.~RR.q......tj....9.4.nn
.^.WA..l..<X.P..N.,f.p.....MJ..a....3..2......... 1...N...6...2.].2
p..h........ L......DS......1..2n.,......R.0..-..M..\/VU.FT.z2.L....x.
.mY....r.....T...P..D...O.g..UinKm.Yx..f..n.Z....:....L .....I'..#U...
.../.f.?.7K.5Nz.....i2...YK..$... H?]M>..... ......g...NI......`.\U
&.U..l.....<..S.kN.Z..H .0.T.N.n."u. [email protected].%./......?9k.JTQ#.
...e..k5w.^E...:[email protected]?r...)?..k.S..,...rw)^%*.P.|
.H...Y.z7..*Jx<....>]....>3......ma..I....n5........d<....
...x{.>.......... 5.f...5{.n2..s..O..\...3 .p.n.1.Y.1.HfA..M6.D)o.^
u...'.g.`I(8O0......6....^.c...f..[L.......##...........P..e.. .C...j|
.}..!Wiq..C....Q.V..............@#..D...2...q.C.v..CV..OA....D).......
.......(..7'..x.Lx...Fz^.X.y..2c.sx........O.a..."......dd.d...1z..#3.
!.>/...*....zU.9.y.i2....;..>f.fn..3q.......e .b..5.H.G/.nT..<
;.V.r..d..^..]^[email protected].$.r.......H.'vy..kM.^....%r~..*.E.3
<<< skipped >>>


GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEApfEU0DWxeRF9Lv1AOMPzs= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com


HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=515319
Content-Type: application/ocsp-response
Date: Tue, 14 Apr 2015 23:47:49 GMT
Etag: "552d5e30-1d7"
Expires: Tue, 21 Apr 2015 11:47:49 GMT
Last-Modified: Tue, 14 Apr 2015 18:36:32 GMT
Server: ECS (frf/8796)
X-Cache: HIT
Content-Length: 471
0..........0..... .....0......0...0.......>.i...G...&....cd ...2015
0413200000Z0s0q0I0... ............([email protected]....>.i...G...&...
.cd ...._.M.[........?;....20150413200000Z....20150420200000Z0...*.H..
...........%....1......i.4.....mA....=.0...} ..R.8...L]*S[0-.._..V..O,
!..C......L.../?...j...o8...._....E.....`y...,...M.C.x...9..A.[3......
...no....a.&.0'.'.. .. l..q_E..w.Cf. ....].".E.F<9.....\|m..i......
{...@}.B....k......j]F...,l.z.1.....Z....<.]9........;......HTTP/1.
1 200 OK..Accept-Ranges: bytes..Cache-Control: max-age=515319..Content
-Type: application/ocsp-response..Date: Tue, 14 Apr 2015 23:47:49 GMT.
.Etag: "552d5e30-1d7"..Expires: Tue, 21 Apr 2015 11:47:49 GMT..Last-Mo
dified: Tue, 14 Apr 2015 18:36:32 GMT..Server: ECS (frf/8796)..X-Cache
: HIT..Content-Length: 471..0..........0..... .....0......0...0.......
>.i...G...&....cd ...20150413200000Z0s0q0I0... ............(..A...B
[email protected]....>.i...G...&....cd ...._.M.[........?;....20150413200000Z
....20150420200000Z0...*.H.............%....1......i.4.....mA....=.0..
.} ..R.8...L]*S[0-.._..V..O,!..C......L.../?...j...o8...._....E.....`y
...,...M.C.x...9..A.[3.........no....a.&.0'.'.. .. l..q_E..w.Cf. ....]
.".E.F<9.....\|m..i......{...@}.B....k......j]F...,l.z.1.....Z....&
lt;.]9........;........
<<< skipped >>>

The Malware connects to the servers at the folowing location(s):

DATAMN~1.EXE_3036:

.text
`.rdata
@.data
.rsrc
@.reloc
8%u,j
FtPh
FtPS
9iDt.WQ
<8%u5
.bE;l$
 1 23 456
xSSSh
FTPjKS
FtPj;S
C.PjRV
<%u7j
X<%u2j
RegOpenKeyTransactedW
RegCreateKeyTransactedW
RegDeleteKeyTransactedW
FRegDeleteKeyExW
boost::too_few_args: format-string referred to more arguments than were passed
boost::too_many_args: format-string referred to less arguments than were passed
insert into keywords (short_name, keyword, url, favicon_url, input_encodings, show_in_default_list, safe_for_autoreplace) values ('%s', '%s', '%s', '', 'UTF-8', 1, 1);
select * from keywords
where short_name = '%s' and url = '%s';
update meta set value = %s where key = 'Default Search Provider ID';
E:\Work\SearchSuite\G4.1\SearchSuite\G4.1\Kipod\KipodUI\KipodUI\Statistic\CollectedItems.cpp
select url from keywords where short_name like '%s'
E:\Work\SearchSuite\G4.1\SearchSuite\G4.1\Kipod\KipodUI\KipodUI\Statistic\StatisticCollector.cpp
../../../../CGL/Libs\boost/exception/detail/exception_ptr.hpp
class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> > __thiscall ProtectKeyInfo::GetDisplayRealValue(void) const
E:\Work\SearchSuite\G4.1\SearchSuite\G4.1\Kipod\KipodUI\KipodUI\Protector\KeyProtect.cpp
__thiscall AOTL::detail::ObjectWeakPtrConverter<class Statistic::StatisticThread>::operator class Statistic::StatisticThread *(void) const
e:\work\searchsuite\g4.1\cgl\ptl\activeobject\ActiveObject.hpp
keywords
select * from %s where %s = '%s';
select %s from %s where key = '%s';
CPPSQLITE_ERROR
SQLITE_DONE
SQLITE_ROW
SQLITE_RANGE
SQLITE_FORMAT
SQLITE_AUTH
SQLITE_NOLFS
SQLITE_MISUSE
SQLITE_MISMATCH
SQLITE_CONSTRAINT
SQLITE_TOOBIG
SQLITE_SCHEMA
SQLITE_EMPTY
SQLITE_PROTOCOL
SQLITE_CANTOPEN
SQLITE_FULL
SQLITE_NOTFOUND
SQLITE_CORRUPT
SQLITE_IOERR
SQLITE_INTERRUPT
SQLITE_READONLY
SQLITE_NOMEM
SQLITE_LOCKED
SQLITE_BUSY
SQLITE_ABORT
SQLITE_PERM
SQLITE_INTERNAL
SQLITE_ERROR
SQLITE_OK
%s[%d]: %s
Only Internet Explorer code should write this user setting. See hXXp://go.microsoft.com/fwlink/?LinkId=159651 for more details.
bool __cdecl KipodTools::IETools::`anonymous-namespace'::UnlockKey(struct HKEY__ *)
E:\Work\SearchSuite\G4.1\SearchSuite\G4.1\Kipod\KipodTools\IETools.cpp
bool __cdecl KipodTools::IETools::`anonymous-namespace'::LockKey(struct HKEY__ *)
large file support is disabled
SQL logic error or missing database
foreign_keys
sqlite_source_id
sqlite_version
sqlite_attach
sqlite_detach
sqlite_stat1
RowKey
3.6.20
SQLite format 3
CREATE TABLE sqlite_master(
sql text
CREATE TEMP TABLE sqlite_temp_master(
,o.qr
REINDEXEDESCAPEACHECKEYBEFOREIGNOREGEXPLAINSTEADDATABASELECTABLEFTHENDEFERRABLELSEXCEPTRANSACTIONATURALTERAISEXCLUSIVEXISTSAVEPOINTERSECTRIGGEREFERENCESCONSTRAINTOFFSETEMPORARYUNIQUERYATTACHAVINGROUPDATEBEGINNERELEASEBETWEENOTNULLIKECASCADELETECASECOLLATECREATECURRENT_DATEDETACHIMMEDIATEJOINSERTMATCHPLANALYZEPRAGMABORTVALUESVIRTUALIMITWHENWHERENAMEAFTEREPLACEANDEFAULTAUTOINCREMENTCASTCOLUMNCOMMITCONFLICTCROSSCURRENT_TIMESTAMPRIMARYDEFERREDISTINCTDROPFAILFROMFULLGLOBYIFISNULLORDERESTRICTOUTERIGHTROLLBACKROWUNIONUSINGVACUUMVIEWINITIALLY
922337203685477580
?%s\etilqs_
OsError 0x%x (%u)
2nd reference to page %d
invalid page number %d
%s(%d)
keyinfo(%d
%r %s BY term out of range - should be between 1 and %d
Expression tree is too large (maximum depth %d)
too many SQL variables
variable number must be between ?1 and ?%d
too many columns in %s
%s OR name=%Q
SELECT idx, stat FROM %Q.sqlite_stat1
access to %s.%s.%s is prohibited
access to %s.%s is prohibited
object name reserved for internal use: %s
sqlite_
duplicate column name: %s
too many columns on %s
unknown column "%s" in foreign key definition
number of columns in foreign key does not match the number of columns in the referenced table
foreign key on %s should reference only one column of table %T
a JOIN clause is required before %s
cannot modify %s because it is a view
table %s may not be modified
foreign key mismatch
error during initialization: %s
no entry point [%s] in shared library [%s]
unable to open shared library [%s]
sqlite3_extension_init
unknown or unsupported join type: %T %T%s%T
RIGHT and FULL OUTER JOINs are not currently supported
%s:%d
no such index: %s
UPDATE %Q.%s SET type='table', name=%Q, tbl_name=%Q, rootpage=0, sql=%Q WHERE rowid=#%d
sqlite_master
sqlite_temp_master
vtable constructor did not declare schema: %s
vtable constructor failed: %s
no such module: %s
table %s: xBestIndex returned an invalid plan
foreign key constraint failed
DELETE FROM %Q.%s WHERE tbl=%Q
CREATE TABLE %Q.%s(%s)
%s %T cannot reference objects in database %s
default value of column [%s] is not constant
UPDATE %Q.%s SET rootpage=%d WHERE #%d AND rootpage=#%d
%s - %s
malformed database schema (%s)
cannot join using column %s - column not present in both tables
cannot have both ON and USING clauses in the same join
a NATURAL join may not have an ON or USING clause
Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)
Failed to read ptrmap key=%d
failed to get page %d
%d of %d pages missing from overflow list starting at %d
freelist leaf count too big on page %d
Fragmentation of %d bytes reported as %d on page %d
Multiple uses for byte %d of page %d
Corruption detected in cell %d on page %d
On page %d at right child:
On tree page %d cell %d:
unable to get the page. error code=%d
btreeInitPage() returns error code %d
Page %d:
Outstanding page count goes from %d to %d during this analysis
Pointer map page %d is referenced
Page %d is never used
%s: %s
%s: %s.%s
%s: %s.%s.%s
misuse of aliased aggregate %s
not authorized to use function: %s
too many terms in %s BY clause
invalid name: "%s"
%s-mjX
INSERT INTO %Q.%s VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')
unable to use function %s in the requested context
database %s is locked
cannot detach database %s
no such database: %s
no such collation sequence: %s
%s.%s
%.*s"%w"%s
%s%.*s"%w"
UPDATE "%w".%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d) WHERE type = 'table' AND name = %Q
Cannot add a PRIMARY KEY column
automatic extension loading failed: %s
B}Tunable to close due to unfinished backup operation
d-d-d d:d:d
d:d:d
d-d-d
misuse of aggregate: %s()
sqlite_rename_parent
sqlite_rename_trigger
sqlite_rename_table
database schema is locked: %s
SELECTs to the left and right of %s do not have the same number of result columns
LIMIT clause should come after %s not before
ORDER BY clause should come after %s not before
INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM main.sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'
SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %'
SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND rootpage>0
PRAGMA vacuum_db.synchronous=OFF
BmTdatabase table is locked: %s
SELECT name, rootpage, sql FROM '%q'.%s WHERE %s
cannot commit transaction - SQL statements in progress
cannot rollback transaction - SQL statements in progress
cannot %s savepoint - SQL statements in progress
no such savepoint: %s
cannot open savepoint - SQL statements in progress
indexed columns are not unique
PRIMARY KEY must be unique
%s.%s may not be NULL
%s ORDER BY
%s VIRTUAL TABLE INDEX %d:%s
%s USING PRIMARY KEY
%s VIA MULTI-INDEX UNION
cannot use index: %s
%s WITH INDEX %s
%s AS %s
TABLE %s
at most %d tables in a join
no such vfs: %s
@SELECT name, rootpage, sql FROM '%q'.%s
unsupported file format
sqlite3_get_table() called with two or more incompatible queries
no such trigger: %S
unable to open database: %s
database %s is already in use
too many attached databases - max %d
sqlite_sequence
there is already an index named %s
DELETE FROM %Q.sqlite_stat1 WHERE idx=%Q
DELETE FROM %Q.%s WHERE name=%Q
index associated with UNIQUE or PRIMARY KEY constraint cannot be dropped
no such index: %S
unable to identify the object to be reindexed
no such table: %s
sqlite_subquery_%p_
cannot create INSTEAD OF trigger on table: %S
cannot create %s trigger on view: %S
cannot open value of type %s
cannot open %s column for writing
no such column: "%s"
cannot open view: %s
cannot open virtual table: %s
indexed
foreign key
sqlite_altertab_%s
INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
CREATE%s INDEX %.*s
table %s has no column named %s
sqlite_autoindex_%s_%d
index %s already exists
there is already a table named %s
virtual tables may not be indexed
views may not be indexed
table %s may not be indexed
AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY
table "%s" has more than one primary key
CREATE TABLE %Q.sqlite_sequence(name,seq)
UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d
CREATE %s %.*s
view %s is circularly defined
table %S has no column named %s
%d values for %d columns
table %S has %d columns but %d values were supplied
*** in database %s ***
unsupported encoding: %s
foreign_key_list
no such column: %s
there is already another table or index with this name: %s
UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
UPDATE "%w".sqlite_sequence set name = %Q WHERE name = %Q
UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d 18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
UPDATE sqlite_master SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
view %s may not be altered
table %s may not be altered
-- TRIGGER %s
DELETE FROM %Q.sqlite_stat1 WHERE tbl=%Q
DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'
DELETE FROM %s.sqlite_sequence WHERE name=%Q
use DROP VIEW to delete view %s
use DROP TABLE to delete table %s
table %s may not be dropped
the NOT INDEXED clause is not allowed on UPDATE or DELETE statements within triggers
the INDEXED BY clause is not allowed on UPDATE or DELETE statements within triggers
E:\Work\SearchSuite\G4.1\CGL\Tools\StringTools.cpp
E:\Work\SearchSuite\G4.1\CGL\Tools\FileTools.cpp
</%s>
<!--%s-->
&#xX;
<![CDATA[%s]]>
%s='%s'
%s="%s"
standalone="%s"
encoding="%s"
version="%s"
boost::filesystem::directory_iterator::operator  
kernel32.dll
Can't terminate a sub-expression with an alternation operator |.
A regular expression can start with the alternation operator |.
Alternation operators are not allowed inside a DEFINE block.
More than one alternation operator | was encountered inside a conditional expression.
A repetition operator cannot be applied to a zero-width assertion.
Invalid alternation operators within (?...) block.
The \c and \C escape sequences are not supported by POSIX basic regular expressions: try the Perl syntax instead.
Found a closing repetition operator } with no corresponding {.
The repeat operator " " cannot start a regular expression.
The repeat operator "?" cannot start a regular expression.
The repeat operator "*" cannot start a regular expression.
right-curly-bracket
left-curly-bracket
0123456789
Unmatched quantified repeat operator { or \{.
Invalid preceding regular expression prior to repetition operator.
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag
Visual C   CRT: Not enough memory to complete call to strerror.
portuguese-brazilian
Broken pipe
Inappropriate I/O control operation
Operation not permitted
operator
GetProcessWindowStation
%d / %m / %y
%I : %M : %S %p
%m / %d / %y
%b %d %H : %M : %S %Y
?#%X.y
VERSION.dll
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
WININET.dll
GetProcessHeap
KERNEL32.dll
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
USER32.dll
GDI32.dll
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegNotifyChangeKeyValue
RegEnumKeyW
ADVAPI32.dll
SHELL32.dll
ole32.dll
OLEAUT32.dll
UrlIsW
SHDeleteKeyW
SHCopyKeyW
SHLWAPI.dll
COMCTL32.dll
GetCPInfo
.?AVChromeHelper@@
.?AVFireFoxHelper@@
.?AVCppSQLite3Exception@@
.?AVOperaHelper@@
.?AVChromeStatistic@KipodStatistic@@
.?AVOperaStatistic@KipodStatistic@@
.?AV?$_Ref_count_obj@VChromeStatistic@KipodStatistic@@@tr1@std@@
.?AV?$_Ref_count_obj@VOperaStatistic@KipodStatistic@@@tr1@std@@
.PAUMessageTag@ErrorInfo@@
.?AVProtectChromeDBInfo@@
.?AV?$sp_counted_impl_p@VHolder@?$HoldPolicy@V?$HandlePolicy@PAUHKEY__@@$0A@P6GJPAU1@@Z$1?RegCloseKey@@YGJ0@ZVRegCloseKeyChecker@Tools@@VOpenRegPolicy@4@@HTL@PTL@@Vshared_ptr@boost@@@Fast@Detail@HTL@PTL@@@detail@boost@@
.?AVProtectKeyInfo@@
.?AV?$_Ref_count@V?$ProtectedValues@VUrlLess@Protection@KipodTools@@_W@Protection@KipodTools@@@tr1@std@@
.?AV?$ProtectedValues@VUrlLess@Protection@KipodTools@@_W@Protection@KipodTools@@
.?AV?$sp_counted_impl_p@VProtectChromeDBInfo@@@detail@boost@@
.?AV?$sp_counted_impl_p@VProtectKeyInfo@@@detail@boost@@
.?AVCppSQLite3Query@@
.?AVCppSQLite3Table@@
.?AVCppSQLite3DB@@
.PAUErrorCodeTag@ErrorInfo@StringTools@Tools@@
.PAUErrorCodeDescription@ErrorInfo@StringTools@Tools@@
.PAUOSErrorCodeTag@ErrorInfo@FileTools@Tools@@
.PAUPathTag@ErrorInfo@FileTools@Tools@@
$& ,/|\;:=?@"`<>{}[]#%^~
.?AVwindows_file_codecvt@@
zcÁ
.?AU?$concrete_parser@U?$contiguous@U?$confix_parser@U?$chlit@D@classic@spirit@boost@@U?$kleene_star@U?$escape_char_parser@$01D@classic@spirit@boost@@@234@U1234@Uunary_parser_category@234@Unon_nested@234@Unon_lexeme@234@@classic@spirit@boost@@@classic@spirit@boost@@V?$scanner@V?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@U?$scanner_policies@U?$skipper_iteration_policy@Uiteration_policy@classic@spirit@boost@@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@
.?AU?$concrete_parser@U?$contiguous@U?$confix_parser@U?$chlit@D@classic@spirit@boost@@U?$kleene_star@U?$escape_char_parser@$01D@classic@spirit@boost@@@234@U1234@Uunary_parser_category@234@Unon_nested@234@Unon_lexeme@234@@classic@spirit@boost@@@classic@spirit@boost@@V?$scanner@V?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$scanner_policies@U?$skipper_iteration_policy@Uiteration_policy@classic@spirit@boost@@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>
6o6o6
2 2$2(2,2024282<2@2
= =$=(=,=0=
9{:0;4;8;<;
9$:(:,:0:3;:;
0#1.151<1
5&656&787
9{9&;8;\;
8&959&:5:
1 1$1(1,1014181
<"<(<.<9<|<
11f1x1
78v8
:!;7;>;_<
=)=/=6===
00C0-1P1
=!='=6=?=
< <$<(<,<0<
9&9-9p9v9}9
8$8(8,8084888<8@8
9(9/94989<9]9
7-777M7X7r7}7
1"1(1.1#2<2
8&8,81878
5o6)8
5"5&505>5
0F0m0
2,353@3{3
9(;,;0;4;8;<;@;
= =$=(=,=
1 1$1(1,10141
;(<,<0<4<8<
5 5(545\5
<<<@<\<`<|<
6$6,686\6|6
7 8$8(8,8084888
{ABC38561-45C5-4842-B57E-8B07F256A31A}
Advapi32.dll
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
Software\DataMngr\Chrome\Preferences
https
\Opera\Opera\operaprefs.ini
\Opera\operaprefs_default.ini
\Opera\Opera\search.ini
\Opera\Opera\toolbar\standard_toolbar.ini
\Opera\locale\%1%\search.ini
\Opera\Opera\sessions\autosave.win
Home URL
Search Panel Toolbar.content
\Google\Chrome\User Data\Default\Preferences
\Google\Chrome\User Data\Default\Web Data
search_url
"%1%" : "%2%"
chrome_url_overrides
chrome-extension://%1%/%2%
\Mozilla\Firefox
\profiles.ini
\prefs.js
\search.sqlite
user_pref("browser.startup.homepage", "
user_pref("browser.startup.page",
user_pref("browser.search.selectedEngine", "
user_pref("browser.search.defaultenginename", "
user_pref("browser.search.order.1", "
user_pref("keyword.URL", "
user_pref("general.useragent.extra.%1%", "
user_pref("DataMngr.Updater.Enabled", "
{1112c7f9-2d8b-4550-bf47-68ef2e02ff20}
{d48c9ead-f59f-4dea-ac97-7065fea79f42}
{af6ac4f2-9825-4fb6-a600-92bc5361f209}
{23cd218f-af09-443f-bbb1-adb89fd5986d}
{9a95b751-bf3e-4ea8-a938-2d4d84cd4964}
{99079a25-328f-4bd4-be04-00955acaa0a7}
{28387537-e3f9-4ed7-860c-11e69af4a8a0}
{b7b37500-99b4-46ad-8bf3-2480bcedc38c}
{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}
dts.search-results.com
VVV.gotsearch.com
VVV.insertsearch.com
VVV.mlsearch.com
VVV.searchsupreme.com
VVV.newsearchtab.com
VVV.adoresearch.com
VVV.searchsheet.com
VVV.searchqu.com
VVV.searchnu.com
VVV.searchcore.net
search.lphant.net
search.lphant.com
search.shareazaweb.com
search.shareazaweb.net
search.bearshare.net
search.bearshare.com
search.imesh.com
search.imesh.net
Software\Mozilla\Mozilla Firefox
http\shell\open\command
software\Microsoft\Windows\shell\associations\urlassociations\http\userchoice
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe
SOFTWARE\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Chrome.exe
Software\Opera Software
Opera.exe
Software\Microsoft\Windows\CurrentVersion\Ext\Settings
extensions.ini
xmlns:G="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:em="hXXp://VVV.mozilla.org/2004/em-rdf#"
\install.rdf
xmlns:G="hXXp://a9.com/-/spec/opensearch/1.1/" xmlns:moz="hXXp://VVV.mozilla.org/2006/browser/search/"
Software\Datamngr\Files\ChromeHomepage
Software\Datamngr\Chrome\DS
firefox
chrome
opera
G:Url[@type='text/html']
%1%.%2%.%3%.%4%
{2631C5AC-D5B5-4BEB-B970-E60B5ADBDC43}
Content-Type: application/x-www-form-urlencoded
Mozilla/4.0 (compatible; MSIE; Win32)
Software\DataMngr\{2D5D4879-3493-47B2-9301-0B4641669628}
hXXp://
{9A3EF80D-A921-4ade-B08F-881B935E6E11}
Software\DataMngr\Chrome
{6605194A-B02B-410a-9635-8A05D1C54AD2}
{2BD27A59-BA73-4145-81D5-CD090A36362A}
ChromeHomepage
DependentKey
{F13AD5CD-5344-4c96-B8FD-F6C662E1927B}
Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{5727BA47-5FC5-44ab-B609-C0970CF15406}
StatsUrl
\\.\VBoxMiniRdrDN
VBoxHook.dll
DataMngr\Chrome\FF
ReportTime
<%1%>%2%</%1%>
%d/%m/%Y %H:%M:%S
SOFTWARE\Mozilla\Mozilla Firefox
.SetSecurityInfo failed
5555443332
05555443332
5555443332
\\?\UNC\
Software\Microsoft\Windows\CurrentVersion\Run
Web Server Edition
%1%.%2%.%3%
KERNEL32.DLL
mscoree.dll
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
WUSER32.DLL
@\\?\
C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE
Display the new toolbarPSearchqu Toolbar has detected an attempt to change your browser homepage settingJThis setting controls the website you see each time you open your browser.
%1%dSearchqu Toolbar has detected an attempt to change your default search and browser homepage settingsrThese settings control the website you see each time you open your browser and the searches made via your browser.
DataMngrUI.exe

IEXPLORE.EXE_2448:

.text
`.data
.idata
.rsrc
@.reloc
u\j.Xf9
j.Xf9
USER32.dll
api-ms-win-downlevel-shell32-l1-1-0.dll
IEFRAME.dll
SHELL32.dll
iexplore.pdb
api-ms-win-downlevel-shlwapi-l1-1-0.dll
iertutil.dll
api-ms-win-downlevel-advapi32-l1-1-0.dll
KERNEL32.dll
msvcrt.dll
_wcmdln
_amsg_exit
RegOpenKeyExW
RegCloseKey
<!-- Note: This manifest needs to be kept in sync with iexplore.exe.manifest -->
<assemblyIdentity version="5.1.0.0"
name="Microsoft.InternetExplorer"
<windowsSettings>
<dpiAware xmlns="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
</windowsSettings>
<!--The ID below indicates application support for Windows 8 -->
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
KEYW
.ENNNG.
a.ry.v
l.igM4
?1%SGf
xh.JW^
.97777"7" " " !
3.... )) 
8888888888888
8888888888
.lPV)
úW1
.ApX/
H.ZAf
ð[U
%s!FK
1YYYY1YY9GEAA=77YRNNNW:.VT1
888777777
Y.hilkRROMLK=C,
..(((($$
3...((((%
3....(.''$
3.2...((((%
33.2....(,'
55323222...
(%&'00443445?
00.,,,4(
000.,,9(
0020..9(
003200;(
(#'( (''''!'!
Microsoft.InternetExplorer.Default
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe
{28fb17e0-d393-439d-9a21-9474a070473a}
imm32.dll
Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}
Kernel32.dll
"%s" %s
kernel32.dll
IEXPLORE.EXE
{00000000-0000-0000-0000-000000000000}
\\?\Volume
Imaging_CreateWebPagePreview_Perftrack
Browseui_Tabs_Tearoff_BetweenWindows
Browseui_Tabs_Tearoff_BetweenWindows_TabProc
Frame_URLEntered
Imaging_CreateWebPagePreview
WS_ExecuteQuery
Shdocvw_BaseBrowser_FireEvent_WindowStateChanged
IdleTask_Execution_Time
Shdocvw_BaseBrowser_FireEvent_BeforeScriptExecute
IMTravelLogMVC_TravelURL
10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)
Windows
10.00.9200.16521

IEXPLORE.EXE_3704:

.text
`.data
.idata
.rsrc
@.reloc
u\j.Xf9
j.Xf9
USER32.dll
api-ms-win-downlevel-shell32-l1-1-0.dll
IEFRAME.dll
SHELL32.dll
iexplore.pdb
api-ms-win-downlevel-shlwapi-l1-1-0.dll
iertutil.dll
api-ms-win-downlevel-advapi32-l1-1-0.dll
KERNEL32.dll
msvcrt.dll
_wcmdln
_amsg_exit
RegOpenKeyExW
RegCloseKey
<!-- Note: This manifest needs to be kept in sync with iexplore.exe.manifest -->
<assemblyIdentity version="5.1.0.0"
name="Microsoft.InternetExplorer"
<windowsSettings>
<dpiAware xmlns="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
</windowsSettings>
<!--The ID below indicates application support for Windows 8 -->
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
KEYW
.ENNNG.
a.ry.v
l.igM4
?1%SGf
xh.JW^
.97777"7" " " !
3.... )) 
8888888888888
8888888888
.lPV)
úW1
.ApX/
H.ZAf
ð[U
%s!FK
1YYYY1YY9GEAA=77YRNNNW:.VT1
888777777
Y.hilkRROMLK=C,
..(((($$
3...((((%
3....(.''$
3.2...((((%
33.2....(,'
55323222...
(%&'00443445?
00.,,,4(
000.,,9(
0020..9(
003200;(
(#'( (''''!'!
Microsoft.InternetExplorer.Default
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe
{28fb17e0-d393-439d-9a21-9474a070473a}
imm32.dll
Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}
Kernel32.dll
"%s" %s
kernel32.dll
IEXPLORE.EXE
{00000000-0000-0000-0000-000000000000}
\\?\Volume
Imaging_CreateWebPagePreview_Perftrack
Browseui_Tabs_Tearoff_BetweenWindows
Browseui_Tabs_Tearoff_BetweenWindows_TabProc
Frame_URLEntered
Imaging_CreateWebPagePreview
WS_ExecuteQuery
Shdocvw_BaseBrowser_FireEvent_WindowStateChanged
IdleTask_Execution_Time
Shdocvw_BaseBrowser_FireEvent_BeforeScriptExecute
IMTravelLogMVC_TravelURL
10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)
Windows
10.00.9200.16521


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    FreeVideoConverter.exe:2188
    %original file name%.exe:2364
    SearchquMediaBar.exe:2768
    regsvr32.exe:2616
    regsvr32.exe:2620
    regsvr32.exe:1144
    regsvr32.exe:892
    regsvr32.exe:2996
    regsvr32.exe:1568
    regsvr32.exe:296
    regsvr32.exe:1564
    SetupDataMngr_Searchqu.exe:2272
    rundll32.exe:1160
    rundll32.exe:2348
    rundll32.exe:956
    rundll32.exe:2036
    rundll32.exe:1292
    rundll32.exe:2188
    rundll32.exe:1900
    Brand.tmp:2492
    Brand.exe:300
    RUNDLL32.EXE:2320

  2. Delete the original Malware file.
  3. Delete or disinfect the following files created/modified by the Malware:

    C:\Users\"%CurrentUserName%"\AppData\Roaming\FreeVideoConverter\update.dat (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\FreeVideoConverter\config.ini (48 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\FreeVideoConverter\Config.ini (2443 bytes)
    C:\Windows\win.ini (316 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SetupDataMngr_Searchqu.exe (31881 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscE9F1.tmp\nsc14E8.tmp\SetupDataMngr_Searchqu.exe (539488 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscE9F1.tmp\license.txt (11 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscE9F1.tmp\nsDialogs.dll (21 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscE9F1.tmp\System.dll (23 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu.ini (693 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscE9F1.tmp\modern-header.bmp (2104 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscE9F1.tmp\inetc.dll (48 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscE9F1.tmp\nsc14E8.tmp\Brand.exe (477104 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscE9F1.tmp\UAC.dll (29 bytes)
    C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk (1 bytes)
    %Program Files% (x86)\Free Video Converter\ftalk.ico (3143 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscE9F1.tmp\Helper.dll (24555 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames.css (7 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.png (867 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-volume-3.png (793 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameList.xsl (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_15.png (344 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\about.xml (5 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.png (297 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\searchqutoolbar\setupCfg.xml (509 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png (451 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-main.png (4 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\orange.gif (153 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png (313 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\manager.css (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\reload.png (889 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout.css (696 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\add.png (653 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png (203 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\divider.png (134 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\rss-feed.png (498 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\radiobeta.js (9 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\popupWeather.html (784 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_twitter.png (797 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\yellow.gif (153 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-download.png (692 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\throbber.gif (825 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\template.xml (804 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphredna.png (3 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\initHTML.html (481 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\dtxpaneltransparent.xul (653 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-found.png (677 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\highlight_yellow.png (293 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_06.png (316 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsschannelback.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\radiobeta-playing.gif (854 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options.png (493 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\menu_bg-basic.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\rss-folder-rename.png (621 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\bandoocode.js (1552 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\skin-lichen.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\windowmediator.js (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\blank.gif (55 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png (336 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gif (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png (205 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\pixsy.png (690 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.png (235 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\icons\na-s.png (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-previous-over.png (440 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\scroll-topwin.png (951 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_13.png (277 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\shopping.png (784 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ca.png (763 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\initHTML.html (481 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\ico-shield.png (740 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\grey.gif (152 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\ttlbar-right.png (286 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\options\options-search.png (4 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png (832 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\external.js (23424 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.png (274 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\movetarget.png (491 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\toolbar.xul (23424 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\btn-widgets.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo.png (4 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png (5 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png (211 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.png (191 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\search-go.png (824 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\found.png (886 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css (9 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-btn-pause.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\search-over.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\add.png (637 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\star_x_grey.png (328 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluelite.gif (153 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyA3FE.tmp\UAC.dll (804 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\rss-delete.png (511 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\blank.gif (55 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\music-note.png (775 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\track.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\gametype.xsl (683 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\popupRSS.html (4 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.png (294 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio.png (323 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\imesh.css (8 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\widgets-square-16px.png (3 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiA3ED.tmp (67478 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\siteinfo.png (792 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\orange.gif (153 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\css\slider.css (540 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search-over.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-eq-buffer.gif (755 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_12.png (173 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\tab-off-l.png (205 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\preferences.xml (663 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radiobeta-playing.gif (854 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\btnleft-vista.png (293 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\searchqutoolbar\setupCfg.xml (509 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\gamecategory.xsl (706 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-subscribe.png (2 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-buffering.gif (642 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-eq-bg.png (691 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif (755 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\wmpstreamer.html (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_08.png (328 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\slider.css (540 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png (444 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\menuseparatorback.gif (165 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-back.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\graphred3_5.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png (532 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\arrow-up.gif (46 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data\search\engines.xml (5 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png (270 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\menul-bgover.png (168 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\manifest.xml (9 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\searchbox-pnlbtm.png (532 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\toolbarsplitter.png (763 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\imap.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-volume-2.png (721 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\collapse.png (248 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.png (296 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\btnleft-down-vista.png (294 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\edit-back.png (205 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif (49 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png (146 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\scrollt-disable.png (832 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\IdtTransparency3.6.xpt (159 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\icon_youtube.png (544 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_14.png (270 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupGames.html (10 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-next-over.png (442 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.png (189 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\arrow-dn.gif (46 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\protect-id.png (737 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\bg-btnover-start.png (335 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_14.png (270 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-news24.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_youtube.png (544 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-widgets.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyA3FE.tmp\nsisFirewall.dll (16 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\add.png (637 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ebay.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\icon-Info.png (218 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyA3FE.tmp\nsProcess.dll (8 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif (184 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_03.png (218 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dtxlogo.png (867 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png (263 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\button-splitter-down-vista.png (245 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\highlight_lime.png (284 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.xml (804 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png (191 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome.manifest (231 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\weather.png (3 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gif (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\highlight_blue.png (293 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder.png (630 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_07.png (254 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png (457 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\searchqutoolbar-manifest.xml (9 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slider.png (329 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-options-design.png (704 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\logo-separator.png (566 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htm (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\bg-pnl520x390.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\maps.bmp (678 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-orange.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\collapsed_button.gif (184 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gif (46 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\bg-btn-end.png (296 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gamecategory.xsl (706 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\facebook.png (235 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.png (284 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\ico-check.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-eq-on.gif (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-previous.png (476 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\games.xsl (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\external.js (23424 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\partner.coupons.xml (37 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous.png (476 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\neterror.xhtml (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\widgets.png (447 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radiobeta-buffering.gif (642 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\ico-tags.png (209 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif (46 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyA3FE.tmp\CountryLocaleXML.xml (86 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\zoom.png (732 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_02.png (248 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png (92 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\template.html (5 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-grey.png (3 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\grey.gif (152 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\news.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-options-on.png (485 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_06.png (316 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png (240 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png (643 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluesky.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png (163 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\css\popupGames.css (7 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png (663 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\graphred4.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\graphred4_5.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\btn_slider.png (763 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\toolbarsplitter.gif (763 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\relatedlinks.png (691 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search-go.png (824 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\scrollb.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\as_guid.dat (38 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\icons\na-t.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\btnright-down-vista.png (274 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\search.xsl (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\ca.png (763 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\btn-close-greyover.png (444 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\arrow-right.gif (136 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png (196 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\proxy.html (354 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\RSSLogo.png (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_16.png (278 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-next.png (471 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\popupGames.html (10 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.png (326 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\arrow-right-disabled.gif (46 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\dtx.css (784 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png (248 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyA3FE.tmp\xml.dll (812 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\ico-news24.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_20.png (287 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png (431 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png (2 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.png (209 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ico-shield.png (740 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js (784 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\nsnAC97.tmp (60949 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\maps.bmp (678 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-mdl-over.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\over-blue.png (163 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\yahoo.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\vmnrsswin.xml (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\move.gif (58 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyA3FE.tmp\ioSpecial.ini (26 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.png (293 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\icon_games.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_10.png (250 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio.png (323 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\ttlbar-left.png (266 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\radiobeta.ico (1552 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\bluesky.gif (153 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\graphred2.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-play-left.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\widgets-square-16px.png (690 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\ico-playstation-down.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\modules\datastore.jsm (3 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparent.xul (653 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png (266 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\ico-download.png (692 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\ico-play.png (248 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\win-btm-left.png (204 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\bullet-orange.gif (43 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\rss-collapse.png (187 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\btn-search.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\btn-close-grey.png (263 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gif (136 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0_5.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\skin-orange.png (3 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.png (205 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\bg.gif (8 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-reload.png (384 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\menuseparatorback.gif (165 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-try-left.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\menuitemleft-vista.png (293 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\dtx.css (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\vmn.png (3 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\preferences.xml (663 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\searchqutoolbar\geoip.xml (417 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\searchbar\searchbar-background-left.png (286 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\downloadcom.png (972 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\email.png (3 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\emailnotifierproviders.xml (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-delete.png (511 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\throbber.gif (825 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-lichen.png (3 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\edit-back-hot.png (209 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss.png (772 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png (179 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png (205 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\zoom.png (732 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png (152 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png (701 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\technorati.png (493 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\vmncode.js (6 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn_settings.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\yahoosearch.png (7 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png (649 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-feed.png (498 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.png (193 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\protect-id.png (737 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\btn-wide-close-over.png (873 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\track.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\video.bmp (678 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rss.png (816 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\youtube.png (608 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\rss.png (772 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\dtxlogo.png (867 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png (263 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\toolbarsplitter.gif (763 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\tab-on-r.png (278 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\btn_settings.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-eq-off.png (824 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png (155 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_18.png (312 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png (857 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_03.png (218 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\gamethumb-on.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\transparent.gif (49 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\search_button_png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\toolbar.htm (802 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\btn-widgets-over.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\rss.png (816 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify-save.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\btn-widgets-over.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\relatedlinks.png (691 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gif (854 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\dtxwin.xul (387 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\close-normal.png (585 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\skin-grey.png (3 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.png (191 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\resize-box.gif (92 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\dialog.css (3 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-search.png (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\loadingMid.gif (7 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png (969 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\view-thumb-over.png (380 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-right.png (114 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_over_png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png (367 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\volumeslider.html (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyA3FE.tmp\InetLoad.dll (804 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png (496 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\rsstabdivider.gif (85 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\logo.png (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\btnright-vista.png (297 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lichen.gif (153 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\expand.png (287 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\mailcom.png (3 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\uninstall.exe (2365 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\games.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\toolbar.xml (1568 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\modifyhot.png (149 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.png (248 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\scroll-bg-206.png (663 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css (8 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png (205 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\ebay.png (3 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\music-note.png (775 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.png (2 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_15.png (344 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\btn-wide-close.png (857 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\settings.png (902 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\bandoo.css (8 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\dictionary.png (746 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\rssback.gif (469 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-shop.png (233 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\found.png (886 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\panel-botm-noscroll.png (448 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency3.6.dll (2392 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\images.png (660 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\components\windowmediator.js (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png (691 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rssback.gif (469 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin.xul (657 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\box-check.png (174 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-volume-0.png (614 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\btn-close-greyover.png (444 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\win-left.png (114 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\hotmail.png (2 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_games.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\throbber.gif (825 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js (2 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\images.png (660 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-right.png (235 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\comcast.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\graphred0_5.png (3 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.png (55 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\logo-about.png (3 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\remove.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png (188 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back.png (205 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-try-left-over.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3_5.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\options\options-main.png (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\menuitemleft-down-vista.png (270 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png (160 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\scrollt-down.png (864 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify.png (708 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\bg-btnover-mdl_ff.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\icons\na.png (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\babylon_logo.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\highlight.png (795 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\bg-btn-divider.png (205 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\over-orange.png (169 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\music.png (570 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-left.png (114 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\button-splitter-vista.png (248 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\weather.png (3 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rename.gif (223 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\checkmark.png (293 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png (3 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png (204 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\icon-download.png (251 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-addtoolbar-left.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\arrow-up.gif (46 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\rss-folder-remove.png (540 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\wikipedia.png (586 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\geoip[1].xml (86 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\skin.xml (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\graphred0.png (3 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif (181 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png (431 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\highlight_magenta.png (286 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\ico-calendar.png (566 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png (279 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png (169 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\ico-dollar.png (3 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-over.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png (864 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin.xml (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\icon_seperator_png (153 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred5.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\options\options-weather.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\popupWeather.css (7 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png (283 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radiobeta-connecting.gif (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_20.png (287 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png (485 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\skin-yellow.png (3 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\games.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\move.gif (58 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\neterror.xhtml (344 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\scroll-bg.png (663 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email_on.png (3 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\bg-btnover-mdl.png (193 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif (43 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\gameList.xsl (7 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\transparent_1px.gif (45 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_16.png (278 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\graphred5.png (3 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\translate.png (633 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-search-pnlbtm.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-left.png (236 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_02.png (248 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\remove.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\menu_separator_white.png (2 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt.png (893 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\searchqutoolbar\geoip.xml (417 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\RSSLogo.png (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\scroll.png (455 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-normal.png (585 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png (643 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\arrowr-bluew5.png (205 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\wikipedia.png (586 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\modify.png (708 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xul (307 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white.png (2 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.css (6 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png (824 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\scrollt.png (893 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png (614 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png (168 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\widgets-square-16px.png (3 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.html (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\arrow-sml-drop.png (188 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\TRUSTe_about.png (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-options-design-on.png (701 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\searchbar\searchbar-background-middle.png (152 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Add.png (228 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\scrollb-down.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-btn-play.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png (663 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-btn-pause-on.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-eq-warning.png (969 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\news.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\graphred1.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\IdtTransparency.xpt (156 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-separator.png (566 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\engines.xml (5 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupRSS.html (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\gamethumb2-over.png (574 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_11.png (284 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\nsDragAndDrop.js (784 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\managerpanel.html (10 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-yellow.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\css\manager.css (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\icon_twitter.png (797 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\searchbar\searchbar-background-right.png (288 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe (3312 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\ico-joystick24.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\settings.png (902 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\shopping.png (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radiobeta-stopped.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png (793 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\emailnotifierproviders.xml (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\dtxprefwin.xul (307 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\bg.gif (8 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-collapse.png (187 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.htm (802 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\scrollt-over.png (892 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png (440 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-right-over.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\icon-shop.png (233 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\view-thumb-on.png (402 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\imap.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png (683 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_seperator_png (153 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\babylon_logo.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\menuitemback-down-vista.png (186 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\throbber.gif (825 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\menuitemright-vista.png (297 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-play.png (248 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-mdl.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-close-greyover.png (457 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\pixsy.png (690 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png (336 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\radiobeta-buffering.gif (642 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta.ico (1552 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png (312 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-rename.png (621 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\css\panels.css (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\templateFF.html (6 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\text-ellipsis.xml (423 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\ico-playstation.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\win-right.png (114 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\menul-bgon.png (179 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\default.png (867 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\rss-subscribe.png (2 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif (769 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\volumeslider.html (4 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\toolbarsplitter.png (763 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.html (14 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\search.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_07.png (254 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\bluelite.gif (153 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.xul (23424 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css (7 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-stopped.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_09.png (288 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\btnback-vista.png (191 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\menuitemright-down-vista.png (235 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\translate.png (633 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\vmncode.js (6 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png (460 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\win-btm-mdl.png (118 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\btn-search-over.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_10.png (250 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\bg-aboutbox.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\options-weather.png (2 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\about.xml (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\ico-radio.png (879 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\modules\nsDragAndDrop.js (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_09.png (288 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png (7 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-download.png (251 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next.png (471 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\main.html (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\logo-separator.png (566 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\searchqutoolbar\guid.dat (38 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\siteinfo.png (792 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_12.png (173 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\install.rdf (681 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slideron.png (386 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png (442 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-tags.png (209 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\ico-playstation-over.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\pop.png (3 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-expand.png (196 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\facebook.png (235 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.png (293 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\btn-search.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\throbber.gif (825 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-drag.png (486 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluesky.gif (153 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_04.png (293 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gif (46 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\proxy.html (354 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\scrollbar-handle.png (155 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_radio_png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png (286 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\chevron.png (175 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-connecting.gif (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.png (245 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\main.html (2 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\slideron.png (386 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.png (186 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\icon-Add.png (228 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\neterror.xhtml (344 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\loadingMid.gif (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-volume-1.png (668 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\neterror.xhtml (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png (683 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\template.xml (33 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_11.png (284 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif (46 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\css\popupWidgets.css (9 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.png (5 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-radio.png (879 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\ico-check.png (2 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll (15536 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png (788 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\imesh.css (8 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\slider.png (329 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupHTML.html (802 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency3.5.dll (2392 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\graphred3.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radiobeta.ico (1552 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_13.png (277 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\gameData.js (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\btn-widgets.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings-over.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\arrow-sml.png (211 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\bg-btn-start.png (326 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2_5.png (3 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png (668 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\icons\cond999.png (3 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-about.png (3 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-left.png (286 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\bandoocode.js (784 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml (7 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png (2 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\aol.png (3 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png (532 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\datastore.jsm (3 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png (951 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yahoosearch.png (7 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png (3 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\bg-btn-mdl_ff.png (203 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\scrollbar-track.png (92 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\scripts\defscript.js (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\transparent_1px.gif (45 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\gmail.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\IdtTransparency3.5.xpt (159 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\text-ellipsis.xml (423 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.png (297 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\tab-off-r.png (312 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png (873 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\view-detailed-on.png (496 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.png (335 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\rsschannelback.png (3 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png (118 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency.dll (2392 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png (690 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\graphredna.png (3 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xul (407 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yellow.gif (153 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\downloadcom.png (972 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\mail.png (543 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\bg-btnover.png (179 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\skin-bluesky.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\graphred1_5.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\chevron.png (175 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\radiobeta.js (9 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gametype.xsl (683 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search-over.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\arrow-dn.gif (46 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmncode.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\icon_radio_png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\rename.gif (223 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\icon-play.png (290 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_19.png (299 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\menuitemback-vista.png (191 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\btn-close-grey.png (263 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.png (284 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll (3312 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gif (642 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\pop.png (3 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\logo-separator.png (566 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\scroll-right.png (235 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html (784 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.png (286 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-close-grey.png (283 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\vmn.css (8 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.html (5 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets.png (447 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameData.js (784 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png (607 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\manifest.xml (9 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets-over.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png (4 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.png (293 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2.png (3 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\win-btm-right-resize.png (214 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png (653 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lock.png (300 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight.png (795 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png (704 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\mailcom.png (3 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.png (283 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\dtxpanel.xul (535 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-play-left-over.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\nsdAC58.tmp (60949 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png (179 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\partner.coupons.xml (37 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\footer.htm (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\ttlbar-mdl.png (146 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\radiobeta-stopped.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1_5.png (3 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png (5 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png (444 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-btn-play-on.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsstabdivider.gif (85 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\scroll-left.png (236 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\logo-over.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\scrollb-over.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png (3 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-drag.png (486 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png (574 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\options\options-widgets.png (3 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\scroll.png (455 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\star_x_orange.png (367 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\gmail.png (3 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\music.png (570 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\icons\icons.xml (7 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\templateFF.html (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\widgets-square-24px.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\aol.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\email_on.png (3 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-hot.png (579 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\rss-found.png (677 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\checkmark.png (293 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\vmncode.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\highlight_cyan.png (283 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\searchqutoolbar-oldToolbarGuid.xml (69 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png (892 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\games.xsl (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.gif (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-eq-busy.gif (769 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png (167 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png (649 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\dtxpanelwin.xul (407 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\rss-expand.png (196 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\expanded_button.gif (181 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\hotmail.png (2 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluelite.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\win-btm-right.png (205 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-remove.png (540 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lichen.gif (153 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\technorati.png (493 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\btn-settings.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\expand.png (287 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\graphred2_5.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_18.png (312 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\dtxtransparentwin.xul (657 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png (328 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\popupWidgets.html (14 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png (205 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png (313 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png (566 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\bg-pnl.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\yahoo.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\managerpanel.html (10 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.css (5 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dictionary.png (746 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js (1552 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\searchqutoolbar\guid.dat (38 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_08.png (328 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\ico-check.png (248 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\search.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png (205 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data\search\search.xsl (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\modify.png (708 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\menu_separator_bar.png (2 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.css (8 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png (380 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\comcast.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-options.png (493 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\view-detailed-over.png (451 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\search_button_over_png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-back.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-playing.gif (854 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\bg-btnover-divider.png (240 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxwin.xul (387 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_amazon.gif (976 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\btnback-down-vista.png (191 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modifyhot.png (149 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_21.png (300 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\tab-on-l.png (167 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\close-hot.png (579 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-volume-mute.png (788 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\modify.png (708 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xul (535 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png (278 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\skin-bluelite.png (3 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search.png (3 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png (279 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\css\dialog.css (3 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png (448 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\css\popupAbout.css (696 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta.ico (1552 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\collapse.png (248 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png (460 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\loadingMid.gif (7 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png (532 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-moredetails.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\rss-reload.png (384 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\web.png (3 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\btn-settings-over.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\template.xml (33 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_21.png (300 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\lock.png (300 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\rss-folder.png (630 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\resize-box.gif (92 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Info.png (218 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4_5.png (3 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\throbber.gif (825 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.png (293 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\reload.png (889 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\menuitem-splitter.png (55 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\lastsearch-thumb-back.gif (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\bg-btnover-end.png (284 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\video.bmp (678 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\web.png (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png (607 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png (196 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\popupHTML.html (802 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png (402 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-addtoolbar-right.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\divider.png (134 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\options\options-weather.gif (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\bg-btn-mdl.png (189 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gif (46 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\css\popupRSS.css (6 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-play.png (290 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\icon_amazon.gif (976 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png (721 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\rsstopback.gif (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn_slider.png (763 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\youtube.png (608 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png (174 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\modify-save.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\scrollb-disable.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_04.png (293 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png (214 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmnrsswin.xml (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\radiobeta-connecting.gif (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyA3FE.tmp\System.dll (23 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_19.png (299 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\movetarget.png (491 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-right.png (288 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rsstopback.gif (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png (160 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\mail.png (543 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\x64\DnsBHO.dll (315 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\IEBHO.dll (49 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\datamngr.dll (49 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll (146 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll (49 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\DnsBHO.dll (270 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll (90 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll (106 bytes)
    %Program Files% (x86)\Free Video Converter\swscale-0.dll (135 bytes)
    %Program Files% (x86)\Free Video Converter\SDL.dll (258 bytes)
    %Program Files% (x86)\Free Video Converter\avutil-50.dll (73 bytes)
    %Program Files% (x86)\Free Video Converter\VideoCoderX.ocx (450 bytes)
    %Program Files% (x86)\Free Video Converter\avcodec-52.dll (727 bytes)
    %Program Files% (x86)\Free Video Converter\avformat-52.dll (745 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\searchqutoolbar\dtx.ini (15 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\new-tab.html (3 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\SettingManager.js (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyA145.tmp (1271 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\chrome.manifest (968 bytes)
    %Program Files% (x86)\Mozilla Firefox\searchplugins\Search_Results.xml (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\ChromeExtension\config\skin\images\fav_amazon.png (653 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_fantastigames.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\DnsBHO.dll (2861 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\Settings.xml.alt (817 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\DataMngrUI.exe (15058 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss96C3.tmp\Timeout.dll (36 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF14.dll (7479 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\ChromeExtension\OurLocalPage.html (94 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF15.dll (5873 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\ChromeExtension\config\skin\css\new-tab.css (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsx9CAD.tmp (3479 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF9.dll (6898 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\content\RelatedSearch.js (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF12.dll (8439 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF7.dll (5873 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll (5873 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssA1C6.tmp (3765 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\BrowserConnection.dll (1070 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\NewTabBHO.js (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\IEBHO.dll (9901 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF15.dll (9385 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss96C3.tmp\GetVersion.dll (14 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlp.xpt (989 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\Settings.xml (914 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\lib\analytics.js (378 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_youtube.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyAF52.tmp (1597 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsdAF72.tmp (1583 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF4.dll (9483 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsy9ED2.tmp (1319 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyAFA3.tmp (1585 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt (989 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\content\NewTabBHO.js (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\ChromeExtension\lib\analytics.js (378 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\content\overlay.js (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\ChromeExtension\lib\localStorage.js (520 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\IDR_WEBSTORE_ICON.png (7 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_ebay.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\RelatedSearch.js (3 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF6.dll (5873 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\chrome.manifest (968 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiA1D7.tmp (3783 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF5.dll (8054 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_facebook.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiAF41.tmp (1559 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\content\SettingManager.js (4 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\css\new-tab.css (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsnA1A6.tmp (3756 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\SearchquMediaBar.exe (11047 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsnA155.tmp (3810 bytes)
    %Program Files% (x86)\Searchqu Toolbar\sysid.ini (21 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF5.dll (5873 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\lib\preferences.js (766 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\OurLocalPage.html (94 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\ChromeExtension\config\skin\images\fav_fantastigames.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF13.dll (8691 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\SR\Search_Results.xml.alt (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\ChromeExtension\config\skin\images\IDR_WEBSTORE_ICON.png (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} (65 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss96C3.tmp\System.dll (23 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\lib\default-config - Copy.js (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\SR\SRAssetsHelper.dll (12225 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\ChromeExtension\config\skin\images\fav_youtube.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss96C3.tmp\FindProcDLL.dll (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\x64\DataMngr.dll (20750 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\ChromeExtension\config\skin\images\imesh_logo_128.png__ (19 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\ChromeExtension\lib\default-config - Copy.js (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\lib\constant.js (192 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF11.dll (5873 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\ChromeExtension\config\skin\new-tab.html (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\content\DnsBHO.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\ChromeExtension\config\skin\images\fav_ftalk.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\ChromeExtension\manifest.json (660 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\x64\IEBHO.dll (11778 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\SR\Settings.xml.alt (421 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\imesh_logo_128.png (23 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\x64\DnsBHO.dll (2918 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF12.dll (5873 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF10.dll (8080 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\overlay.js (2 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\installhelper.dll (10177 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\content\DataMngr.js (19 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyA196.tmp (3774 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF13.dll (5873 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} (65 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF14.dll (5873 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\lib\jquery.js (601 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\lib\localStorage.js (520 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\content\SearchBHO.js (11 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\install.rdf.alt (732 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SRAssetsHelper.dll (7433 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF8.dll (8728 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\x64\DataMngrUI.exe (22894 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\chrome.manifest.alt (116 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\lib\new-tab.js (12 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyA0F6.tmp (1271 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\lib\default-config.js (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn9D0C.tmp (3663 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\ChromeExtension\config\skin\images\fav_ebay.png (1 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\install.rdf (753 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\content\RequestPreserver.js (4 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\x64\datamngrUI.exe (16158 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\ChromeExtension\config\skin\images\fav_facebook.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\installhelper.dll (10226 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\SearchBHO.js (11 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss96C3.tmp\nsis7z.dll (4159 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\ChromeExtension\lib\default-config.js (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF6.dll (8578 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\ChromeExtension\lib\new-tab.js (12 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\ChromeExtension\lib\constant.js (192 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\DataMngr.js (19 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF7.dll (7525 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssAF82.tmp (1563 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\Error404BHO.js (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\SR\chrome.manifest.alt (116 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsnAFB3.tmp (1565 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\x64\BrowserConnection.dll (663 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssA175.tmp (3702 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\ChromeExtension\lib\preferences.js (766 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\overlay.xul (195 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssAFD3.tmp (1611 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF9.dll (5873 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssAF30.tmp (1575 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\content\Error404BHO.js (5 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\DnsBHO.js (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiAFE4.tmp (1605 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\RequestPreserver.js (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF11.dll (8700 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsnB004.tmp (1458 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\chrome.manifest.alt (116 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\DataMngr.dll (13407 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF4.dll (5873 bytes)
    %Program Files% (x86)\Searchqu Toolbar\uninstall.exe (1617 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF10.dll (5873 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\InstallHelper.dll (16101 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\manifest.json (637 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\ChromeExtension\lib\jquery.js (93 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_ftalk.png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss96C3.tmp\nsRandom.dll (503 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\content\overlay.xul (195 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\ext\FirefoxExtension\components\DataMngrHlpFF3.dll (7509 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssA0D5.tmp (1319 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\files.7z (134885 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Searchqu_DM\SR\install.rdf.alt (731 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\fav_amazon.png (653 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\config\skin\images\imesh_logo_128.png__ (19 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe (13122 bytes)
    %Program Files% (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF8.dll (5873 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\searchplugins\Search_Results.xml (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Preferences (8 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\zwvbr04l.default\prefs.js (163 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Web Data (1520 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal (6322 bytes)
    C:\ProgramData\boost_interprocess\EC3CA8390C77D001\{1832B446-3F6D-4880-99C1-0B3B26170D94} (12 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free Video Converter.lnk (1 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-T4KIL.tmp (708 bytes)
    %Program Files% (x86)\Free Video Converter\unins000.exe (724 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-G1RGA.tmp (640 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-K0I2S.tmp (764 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-A8H5R.tmp (898 bytes)
    %Program Files% (x86)\Free Video Converter\lang\is-63KUK.tmp (3 bytes)
    %Program Files% (x86)\Free Video Converter\lang\is-415LU.tmp (4 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-FJ6L5.tmp (791 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-0L4BO.tmp (974 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-4F63V.tmp (649 bytes)
    %Program Files% (x86)\Free Video Converter\lang\is-T6VEU.tmp (2 bytes)
    %Program Files% (x86)\Free Video Converter\is-I452F.tmp (6420 bytes)
    %Program Files% (x86)\Free Video Converter\lang\is-OGUB9.tmp (2 bytes)
    %Program Files% (x86)\Free Video Converter\is-H2A97.tmp (7 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-8MTQ0.tmp (995 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-PPTMS.tmp (1 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-6A8RO.tmp (1 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-ARQM3.tmp (995 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-7PK98.tmp (611 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-I36SN.tmp (928 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-JFD21.tmp (574 bytes)
    %Program Files% (x86)\Free Video Converter\lang\is-HGTB2.tmp (5 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-A38CB.tmp (506 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-N76RL.tmp (3 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-J1RKC.tmp (142 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-OK4Q2.tmp (268 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-OC1EQ.tmp (1 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-6DM8A.tmp (761 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-1LOUN.tmp (594 bytes)
    %Program Files% (x86)\Free Video Converter\is-QT5P0.tmp (2321 bytes)
    %Program Files% (x86)\Free Video Converter\is-NJBJU.tmp (601 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-T7JNO.tmp (458 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-BBK04.tmp (1 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-H7900.tmp (156 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-IDRS9.tmp (739 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-ML1QT.tmp (915 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-R632S.tmp (1 bytes)
    %Program Files% (x86)\Free Video Converter\lang\is-QA1TE.tmp (4 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-0UPNU.tmp (734 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-0R8U8.tmp (377 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-EGTVN.tmp (1 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-9NP6C.tmp (323 bytes)
    %Program Files% (x86)\Free Video Converter\is-2UM0G.tmp (1281 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-4OQ3F.tmp (801 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-032O5.tmp (1 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-M64O7.tmp (670 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-T31KG.tmp (856 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-P26P4.tmp (1 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-MER7L.tmp (211 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-2NJB6.tmp (677 bytes)
    %Program Files% (x86)\Free Video Converter\lang\is-V5H30.tmp (4 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-SPN7O.tmp (167 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-HTHT8.tmp (413 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-PAOU3.tmp (203 bytes)
    %Program Files% (x86)\Free Video Converter\lang\is-5JU4S.tmp (2 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-OCKR4.tmp (816 bytes)
    %Program Files% (x86)\Free Video Converter\is-U1R4Q.tmp (5 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-14B97.tmp (1 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-0P2BJ.tmp (564 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-IRONF.tmp (583 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-6BP8J.tmp (713 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-56UHM.tmp (639 bytes)
    %Program Files% (x86)\Free Video Converter\lang\is-JUPEK.tmp (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-PTO5R.tmp\_isetup\_setup64.tmp (6 bytes)
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Converter\Uninstall Free Video Converter.lnk (1 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-KFF9V.tmp (691 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-E60ED.tmp (198 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-T950P.tmp (447 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-QTC63.tmp (761 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-5ND1U.tmp (660 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-V0Q2F.tmp (484 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-25JQS.tmp (745 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-QC09L.tmp (544 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-IK522.tmp (885 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-CBD03.tmp (747 bytes)
    %Program Files% (x86)\Free Video Converter\lang\is-8BN8F.tmp (3 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-USG7R.tmp (784 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-O1MAK.tmp (457 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-753L7.tmp (702 bytes)
    %Program Files% (x86)\Free Video Converter\is-T3E69.tmp (45940 bytes)
    %Program Files% (x86)\Free Video Converter\lang\is-NM8C0.tmp (4 bytes)
    %Program Files% (x86)\Free Video Converter\is-EP5IS.tmp (9605 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-GDN8A.tmp (700 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-UCVBC.tmp (617 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-7S4FR.tmp (643 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-VFN9B.tmp (918 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-29LR1.tmp (247 bytes)
    %Program Files% (x86)\Free Video Converter\lang\is-4N9SD.tmp (4 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-G316F.tmp (739 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-DK47R.tmp (729 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-G5RT7.tmp (880 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-O2CRJ.tmp (1 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-IS0Q3.tmp (745 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-SA1R1.tmp (1 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-0LG7I.tmp (1 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-5K9PK.tmp (324 bytes)
    %Program Files% (x86)\Free Video Converter\lang\is-0NHG6.tmp (4 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-8MS6G.tmp (723 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-V9KUK.tmp (583 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-QT2P3.tmp (1 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-J0B5K.tmp (1 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-7211C.tmp (781 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-5DA4O.tmp (1 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-P1TR4.tmp (1 bytes)
    %Program Files% (x86)\Free Video Converter\lang\is-FD5TR.tmp (2 bytes)
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Converter\Free Video Converter.lnk (1 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-6G8DD.tmp (724 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-4HB2S.tmp (1 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-JFTMH.tmp (644 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-0POUN.tmp (620 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-KV293.tmp (782 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-DKFHH.tmp (749 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-6CNKI.tmp (785 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-3P428.tmp (674 bytes)
    %Program Files% (x86)\Free Video Converter\is-D1AAU.tmp (6841 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-S93O7.tmp (780 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-9FK34.tmp (685 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-1P7PD.tmp (172 bytes)
    %Program Files% (x86)\Free Video Converter\lang\is-KKHPS.tmp (2 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-I8V2H.tmp (720 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-L3RF8.tmp (503 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-PMN3R.tmp (140 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-3OP5I.tmp (813 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-9N44V.tmp (889 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-L3OP8.tmp (759 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-32C52.tmp (789 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-QFD61.tmp (804 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-MGDO8.tmp (409 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-2P59L.tmp (747 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-EVPPL.tmp (359 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-PTO5R.tmp\_isetup\_shfoldr.dll (47 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-VA130.tmp (1 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-6724C.tmp (423 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-K97E0.tmp (499 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-90OHK.tmp (797 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-3KQ39.tmp (723 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-BKGTH.tmp (655 bytes)
    %Program Files% (x86)\Free Video Converter\lang\is-KJUGQ.tmp (2 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-FP94U.tmp (754 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-05LVR.tmp (592 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-CHBF1.tmp (1 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-C3HR9.tmp (827 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-122HR.tmp (823 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-GP066.tmp (613 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-6R5IC.tmp (781 bytes)
    %Program Files% (x86)\Free Video Converter\lang\is-H8C84.tmp (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-PTO5R.tmp\isxdl.dll (727 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-N117Q.tmp (721 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-FSFM1.tmp (563 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-AG89Q.tmp (566 bytes)
    %Program Files% (x86)\Free Video Converter\lang\is-45QTT.tmp (2 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-02JGH.tmp (647 bytes)
    %Program Files% (x86)\Free Video Converter\is-I1DUL.tmp (9 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-TQ8GP.tmp (714 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-7UVMK.tmp (276 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-IT68J.tmp (551 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-BHSCR.tmp (139 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-RODQG.tmp (648 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-E5P8F.tmp (628 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-N5U0G.tmp (745 bytes)
    %Program Files% (x86)\Free Video Converter\lang\is-QSL0C.tmp (2 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-URRMQ.tmp (181 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-0ASAS.tmp (476 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-T8PUN.tmp (706 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-JKPOT.tmp (211 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-Q4T6L.tmp (530 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-IABTL.tmp (833 bytes)
    %Program Files% (x86)\Free Video Converter\is-MV9RI.tmp (24 bytes)
    %Program Files% (x86)\Free Video Converter\lang\is-S2UJ0.tmp (2 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-EG000.tmp (884 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-UELJU.tmp (646 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-9LDDO.tmp (1 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-ED70G.tmp (590 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-E8ANF.tmp (883 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-ELPRK.tmp (754 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-DE9E2.tmp (957 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-0SU5U.tmp (762 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-7INR2.tmp (648 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-8364B.tmp (249 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-R50F5.tmp (258 bytes)
    %Program Files% (x86)\Free Video Converter\lang\is-EJACU.tmp (2 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-QHE9K.tmp (159 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-ROT3U.tmp (781 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-A5JIE.tmp (538 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-GCB0H.tmp (944 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-UD7GN.tmp (755 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-TIK2B.tmp (314 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-PTO5R.tmp\_isetup\_RegDLL.tmp (4 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-I2O6M.tmp (253 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-ODV0B.tmp (157 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-OF3K7.tmp (854 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-H15TC.tmp (1 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-L0PE9.tmp (839 bytes)
    %Program Files% (x86)\Free Video Converter\lang\is-0DREU.tmp (5 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-4N21Q.tmp (1 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-1MF3M.tmp (839 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-E2GQP.tmp (956 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-V7MUM.tmp (138 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-DDOMU.tmp (264 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-KF4I1.tmp (318 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-K4R12.tmp (572 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-IG5P9.tmp (642 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-DQND7.tmp (1 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-JTL06.tmp (528 bytes)
    %Program Files% (x86)\Free Video Converter\lang\is-Q0C0J.tmp (2 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-S7O30.tmp (797 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-HR8HE.tmp (391 bytes)
    %Program Files% (x86)\Free Video Converter\lang\is-AOALO.tmp (4 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-QBEFE.tmp (448 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-USNDT.tmp (1 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-GRNG1.tmp (914 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-BFARG.tmp (730 bytes)
    %Program Files% (x86)\Free Video Converter\lang\is-LSLFU.tmp (2 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-IBODV.tmp (256 bytes)
    %Program Files% (x86)\Free Video Converter\lang\is-547UP.tmp (2 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-QJGO8.tmp (846 bytes)
    C:\Users\"%CurrentUserName%"\Desktop\Free Video Converter.lnk (1 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-BHKHI.tmp (569 bytes)
    %Program Files% (x86)\Free Video Converter\lang\is-CJK25.tmp (2 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-K0CC4.tmp (632 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-G7RKC.tmp (649 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-9JVT0.tmp (1 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-FGH7B.tmp (590 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-I0B77.tmp (618 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-KHJMR.tmp (728 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-T6T91.tmp (133 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-9SNR5.tmp (180 bytes)
    %Program Files% (x86)\Free Video Converter\lang\is-PL9J8.tmp (2 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-0C69U.tmp (1 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-7IBVN.tmp (547 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-I910L.tmp (185 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-0903R.tmp (394 bytes)
    %Program Files% (x86)\Free Video Converter\is-GDUQL.tmp (673 bytes)
    %Program Files% (x86)\Free Video Converter\lang\is-KR1DD.tmp (4 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-TJ3ON.tmp (761 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-0LQE5.tmp (10 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-RCG15.tmp (431 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-6JR7M.tmp (512 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-9LV6V.tmp (838 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-N4R71.tmp (662 bytes)
    %Program Files% (x86)\Free Video Converter\lang\is-6B9B0.tmp (4 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-U1SQ4.tmp (1 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-0EU4N.tmp (359 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-V6S9P.tmp (866 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-3PCFO.tmp (664 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-D39GF.tmp (1 bytes)
    %Program Files% (x86)\Free Video Converter\is-17P7I.tmp (24 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-KS005.tmp (482 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-T9FPT.tmp (704 bytes)
    %Program Files% (x86)\Free Video Converter\lang\is-R7048.tmp (2 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-HC8OC.tmp (933 bytes)
    %Program Files% (x86)\Free Video Converter\lang\is-1HMIJ.tmp (4 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-AO7CC.tmp (662 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-KG6FL.tmp (590 bytes)
    %Program Files% (x86)\Free Video Converter\FreeVideoConverter.exe (901 bytes)
    %Program Files% (x86)\Free Video Converter\lang\is-TLSDD.tmp (4 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-SU8E4.tmp (446 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-57H8B.tmp (1 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-57QOM.tmp (825 bytes)
    %Program Files% (x86)\Free Video Converter\lang\is-S8B86.tmp (2 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-RQD8F.tmp (1 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-1739R.tmp (990 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-UKE7Q.tmp (705 bytes)
    %Program Files% (x86)\Free Video Converter\unins000.dat (9740 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-QOHUT.tmp (676 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-3NP6K.tmp (413 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-V3OM2.tmp (726 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-4VSAH.tmp (949 bytes)
    %Program Files% (x86)\Free Video Converter\lang\is-F00GM.tmp (2 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-7EMUB.tmp (662 bytes)
    %Program Files% (x86)\Free Video Converter\is-G8P0R.tmp (5441 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-NHMVF.tmp (1 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-UE82B.tmp (1 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-H26MB.tmp (649 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-GUU7N.tmp (514 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-U58ML.tmp (1 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-E01C9.tmp (599 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-B8L6K.tmp (982 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-SQQ3U.tmp (663 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-A8RE0.tmp (962 bytes)
    %Program Files% (x86)\Free Video Converter\lang\flags\is-6M6JT.tmp (197 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-U4RUS.tmp\Brand.tmp (1423 bytes)

  4. Delete the following value(s) in the autorun key (How to Work with System Registry):

    [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "DATAMNGR" = "C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE"

  5. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
  6. Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

No votes yet


Lavasoft is the maker of Ad-Aware, the world's most popular anti-malware software with over 450 million downloads.
© 2026 Lavasoft. All rights reserved.
Terms Of Use |   Privacy Policy


x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now