Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MBAM found hundreds of PUPs


  • This topic is locked This topic is locked
26 replies to this topic

#1 Ender1981

Ender1981

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 28 June 2014 - 06:47 AM

Yesterday while scanning my pc using Malwarebytes, a few hundred instances of PUPs was found which I then quarantined and began a new scan.  In the new scan some hundred or so more PUPs were found and quarantined and I started a new scan which then showed more PUPs to be quarantined, which I did.

 

I did this for at least 5 maybe 6 overall scans which only on the last scan produced no results, so skeptical as I was, I went to bed and started a new scan this morning after a fresh reboot, Malwarebytes was unable to find any more threats.  However, I am not convinced, and would like some help on the matter, so my friend suggested that I post a topic here.

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16385  BrowserJavaVersion: 10.55.2
Run by W4RKN1T3 at 13:29:10 on 2014-06-28
Microsoft Windows 7 Professional   6.1.7600.0.1252.27.1033.18.8076.3424 [GMT 2:00]
.
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Fatal1ty Utility\FSTU\Bin\FSTU.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\ASRock\XFast LAN\spd.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\XFastUSB\XFastUsb.exe
C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Verbatim\GREEN BUTTON\GREEN BUTTON.exe
C:\Users\W4RKN1T3\AppData\Local\Apps\2.0\2EOOOEKC.JKV\4XTQDLCD.1GT\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\CurseClient.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Battle.net\Battle.net.4767\Battle.net.exe
C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\ASRock Utility\XFast RAM\asrRd.exe
C:\Users\Public\Games\World of Warcraft\WoW-64.exe
C:\Users\Public\Games\World of Warcraft\Utils\WowBrowserProxy.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.za/
mWinlogon: Userinit = userinit.exe
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Fatal1tySTU] <no file>
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [XFastUSB] "C:\Program Files (x86)\XFastUSB\XFastUsb.exe"
mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
StartupFolder: C:\Users\W4RKN1T3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\W4RKN1T3\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\VERBAT~1.LNK - C:\Program Files (x86)\Verbatim\GREEN BUTTON\GREEN BUTTON.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{39912DA9-6E35-4CAE-95DF-C858E16FAD10} : DHCPNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe
x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-Run: [Ask Mr. Robot] C:\Program Files\AskMrRobot\AmrTray.exe
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\W4RKN1T3\AppData\Roaming\Mozilla\Firefox\Profiles\4h95d05i.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.za/
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AsrRamDisk;AsrRamDisk;C:\Windows\System32\drivers\AsrRamDisk.sys [2013-4-10 31016]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-4-10 16152]
R1 AsrAppCharger;AsrAppCharger;C:\Windows\System32\drivers\AsrAppCharger.sys [2013-4-10 17192]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2014-3-22 28600]
R1 FNETURPX;FNETURPX;C:\Windows\System32\drivers\FNETURPX.SYS [2013-4-10 15936]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2014-3-22 430160]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2014-3-22 430160]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2014-3-22 112080]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-4-10 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-4-10 121344]
R2 ISCTAgent;ISCT Always Updated Agent;C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [2012-2-9 133632]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-4-10 161560]
R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [2013-3-26 230416]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-2 1631008]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-11-15 21055432]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-8-6 3291008]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-5-27 413128]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-3-22 4972864]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-4-10 363800]
R3 AsrHidFilter;AsrHidFilter;C:\Windows\System32\drivers\AsrHidFilter.sys [2013-4-10 17928]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2013-4-10 59392]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2013-4-10 84608]
R3 FNETTBOH_305;FNETTBOH_305;C:\Windows\System32\drivers\FNETTBOH_305.SYS [2013-4-11 32320]
R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\drivers\ikbevent.sys [2012-2-9 25536]
R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\drivers\imsevent.sys [2012-2-9 25536]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-4-10 331264]
R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2012-2-9 44992]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-4-10 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-4-10 787736]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-5-9 425000]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-24 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2013-1-17 66800]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-24 16008]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
R3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2013-4-10 32344]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-5-16 20256]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-5-16 40392]
R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);C:\Windows\System32\drivers\WPRO_41_2001.sys [2013-4-10 34752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-6-5 1030600]
S3 rzendpt;rzendpt;C:\Windows\System32\drivers\rzendpt.sys [2013-11-15 39080]
S3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2013-11-15 149160]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S4 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [2014-3-22 1039952]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2014-06-28 10:03:10    94656    ----a-w-    C:\Windows\System32\WPRO_41_2001woem.tmp
2014-06-27 23:08:51    122584    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-27 23:08:40    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-06-27 23:08:40    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-06-27 23:08:40    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-22 14:27:35    --------    d-----w-    C:\Users\W4RKN1T3\AppData\Local\The Witcher 2
2014-06-15 10:16:17    --------    d-----w-    C:\Users\W4RKN1T3\AppData\Local\TB
2014-06-03 05:50:52    1715176    ----a-w-    C:\Windows\System32\nvspbridge64.dll
2014-06-03 05:50:52    1291232    ----a-w-    C:\Windows\SysWow64\nvspbridge.dll
2014-05-30 06:11:24    --------    d-----w-    C:\ProgramData\APN
.
==================== Find3M  ====================
.
2014-06-28 10:18:35    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-28 10:18:35    699056    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-06-28 10:03:10    34752    ----a-w-    C:\Windows\System32\drivers\WPRO_41_2001.sys
2014-06-03 12:02:58    112080    ----a-w-    C:\Windows\System32\drivers\avgntflt.sys
2014-05-29 23:07:51    1122312    ----a-w-    C:\Windows\SysWow64\nvspcap.dll
2014-05-29 23:07:38    1279480    ----a-w-    C:\Windows\System32\nvspcap64.dll
2014-05-20 01:25:42    6769096    ----a-w-    C:\Windows\System32\nvcpl.dll
2014-05-20 01:25:42    3514144    ----a-w-    C:\Windows\System32\nvsvc64.dll
2014-05-20 01:25:39    927520    ----a-w-    C:\Windows\System32\nvvsvc.exe
2014-05-20 01:25:38    62808    ----a-w-    C:\Windows\System32\nvshext.dll
2014-05-20 01:25:38    387528    ----a-w-    C:\Windows\System32\nvmctray.dll
2014-05-19 23:10:44    601432    ----a-w-    C:\Windows\SysWow64\nvStreaming.exe
2014-05-14 23:49:42    3774821    ----a-w-    C:\Windows\System32\nvcoproc.bin
2014-05-12 05:25:56    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-04-14 18:13:43    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-03-31 16:42:44    40392    ----a-w-    C:\Windows\System32\drivers\nvvad64v.sys
2014-03-31 16:42:42    37320    ----a-w-    C:\Windows\System32\nvaudcap64v.dll
2014-03-31 16:42:40    34760    ----a-w-    C:\Windows\SysWow64\nvaudcap32v.dll
.
============= FINISH: 13:29:39.00 ===============
 

 

 

Any assistance with this matter will be greatly appreciated.

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Ender1981

Ender1981
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 28 June 2014 - 07:21 AM

I've been looking through my quarantine files and I found a trojan called Trojan.KillAV as well as something Hacktool.Agent.

Hopefully this helps solve this better?



#3 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:37 PM

Posted 28 June 2014 - 10:06 AM

Hello and Welcome on board Ender1981 :welcome:,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
 
  • Start Malwarebytes
  • Go to the tab called History
  • Then click on Application Logs
tq7qi6z6.png
  • Then select the one log where it has found anything, do a double click on it
  • Then click on the Export
  • Button - select in the menu Text File (.txt)
p84ykoav.png
  • Save it on your Desktop and post the content of this text file into your next reply.
 

Please download FRST (by Farbar) from the link below and save it to your Desktop.
 

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#4 Ender1981

Ender1981
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 28 June 2014 - 10:33 AM

Hi Machiavelli

 

Thank you for taking the time to help me with my problem, I have done the FRST scan and I will post the logs below.

 

 

Here is the MBAM log file contents requested:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2014/06/28
Scan Time: 01:11:02 AM
Logfile: MBAM scan log 28 June 2014 1.10AM.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.27.09
Rootkit Database: v2014.06.23.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7
CPU: x64
File System: NTFS
User: W4RKN1T3

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 292794
Time Elapsed: 12 min, 51 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\cflheckfmhopnialghigdlggahiomebp, Quarantined, [e68f1d60afcc2610153fab020200629e],

Registry Values: 1
PUP.Optional.Conduit.A, HKU\S-1-5-21-4116402114-3448456545-381346044-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|APISupport, "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\W4RKN1T3\AppData\Local\TB\APISupport\APISupport.dll",DLLRunAPISupport, Delete-on-Reboot, [1f56413c3447251100d9ceec7290b848]

Registry Data: 0
(No malicious items detected)

Folders: 115
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp, Delete-on-Reboot, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0, Delete-on-Reboot, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\APISupport, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\js, Delete-on-Reboot, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\js\lib, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\js\options, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\js\tabs, Delete-on-Reboot, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\js\tabs\back, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\js\toolbarAPI, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\mam, Delete-on-Reboot, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\mam\scripts, Delete-on-Reboot, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\mam\scripts\contentScripts, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\nativeMessaging, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\plugins, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search, Delete-on-Reboot, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages, Delete-on-Reboot, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\API, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb, Delete-on-Reboot, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al, Delete-on-Reboot, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\aboutBox, Delete-on-Reboot, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\aboutBox\images, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\aboutBox\js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ac, Delete-on-Reboot, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ac\css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ac\img, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ac\res, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\api, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\msd, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\options, Delete-on-Reboot, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\options\css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\options\images, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\options\js, Delete-on-Reboot, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\options\js\resources, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\sp, Delete-on-Reboot, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\sp\js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\sp\spbd, Delete-on-Reboot, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\sp\spbd\images, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\sp\spsd, Delete-on-Reboot, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\sp\spsd\images, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui, Delete-on-Reboot, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\dlg, Delete-on-Reboot, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\dlg\ftd, Delete-on-Reboot, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\dlg\ftd\images, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\dlg\restart, Delete-on-Reboot, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\dlg\restart\images, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\gadgetFrame, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\gf, Delete-on-Reboot, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\gf\css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\gf\img, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\gf\js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\menu, Delete-on-Reboot, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\menu\css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\menu\img, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\menu\js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa, Delete-on-Reboot, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\APPLICATION_BUTTON, Delete-on-Reboot, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\APPLICATION_BUTTON\Js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\APPLICATION_BUTTON\resources, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\EMAIL_NOTIFIER, Delete-on-Reboot, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\EMAIL_NOTIFIER\css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\EMAIL_NOTIFIER\js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\HIGHLIGHTER, Delete-on-Reboot, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\HIGHLIGHTER\css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\HIGHLIGHTER\js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\MULTI_RSS, Delete-on-Reboot, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\MULTI_RSS\css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\MULTI_RSS\img, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\MULTI_RSS\js, Delete-on-Reboot, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\MULTI_RSS\js\resources, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\NOTIFICATION, Delete-on-Reboot, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\NOTIFICATION\css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\NOTIFICATION\images, Delete-on-Reboot, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\NOTIFICATION\images\dark, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\NOTIFICATION\images\light, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\NOTIFICATION\js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\Optimizer, Delete-on-Reboot, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\Optimizer\js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\PRICE_GONG, Delete-on-Reboot, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\PRICE_GONG\agreement, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\PRICE_GONG\css, Delete-on-Reboot, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\PRICE_GONG\css\custom-theme, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\PRICE_GONG\images, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\RADIO_PLAYER, Delete-on-Reboot, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\RADIO_PLAYER\css, Delete-on-Reboot, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\RADIO_PLAYER\css\custom-theme, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\RADIO_PLAYER\js, Delete-on-Reboot, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\RADIO_PLAYER\js\resources, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\SEARCH, Delete-on-Reboot, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\SEARCH\buildSettings, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\SEARCH\Css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\SEARCH\js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\SEARCH\resources, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\SEARCH\view, Delete-on-Reboot, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\SEARCH\view\script, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\SEARCH\view\style, Delete-on-Reboot, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\SEARCH\view\style\rsx, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\TWITTER, Delete-on-Reboot, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\TWITTER\img, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\TWITTER\js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\WEATHER, Delete-on-Reboot, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\WEATHER\css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\WEATHER\js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\core, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\lib, Delete-on-Reboot, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\lib\jquery.alerts, Delete-on-Reboot, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\lib\jquery.alerts\images, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\lib\jquery.jscrollpane, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\sl, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\_locales, Delete-on-Reboot, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\_locales\en, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],

Files: 576
PUP.Optional.Superfish.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Quarantined, [4c29f8851863b48263cd2395788a659b],
PUP.Optional.Superfish.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [0f66047938433ef8ec44209821e19b65],
PUP.Optional.Conduit.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.vaccint.com_0.localstorage, Quarantined, [482d037ac9b28fa797ea3c7cfd057789],
PUP.Optional.Conduit.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.vaccint.com_0.localstorage-journal, Quarantined, [6c09add0accfb2848bf67840b05250b0],
PUP.Optional.Pricegong, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage, Quarantined, [c2b3ee8ffc7fb87ed42eb91604fe3ac6],
PUP.Optional.Pricegong, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage-journal, Quarantined, [f481f38a2b501f17956debe4689a3bc5],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\634520779497696087.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\634583052885979538.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\AbstractionLayerBack.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\AbstractionLayerFront.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\blank.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\CT3289075.txt, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\CT3289075_public.txt, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\initdata.json, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\manifest.json, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\shouldShowTB.txt, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\APISupport\APISupport.dll, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\js\framework.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\js\bcview.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\js\chromeBackstage.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\js\chromeBackstage.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\js\chromeBackstageLoader.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\js\communicator.back.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\js\compatibility.end.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\js\compatibility.service.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\js\compatibility.start.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\js\contentScript.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\js\iframeHost.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\js\iframeHost.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\js\JSONStringify.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\js\logger.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\js\match.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\js\nativeMsgCom.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\js\navigationHandler.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\js\pluginLoader.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\js\pricegongMigration.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\js\toolbarEnv.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\js\updatesManager.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\js\verlyEarly.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\js\lib\jquery-1.5.min.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\js\options\Options.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\js\tabs\back\postNavigation.htm, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\js\toolbarAPI\toolbarAPI.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\mam\background.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\mam\settings.json, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\mam\scripts\background.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\mam\scripts\iframeHost.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\mam\scripts\iframeHost.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\mam\scripts\popup.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\mam\scripts\contentScripts\contentScript.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\nativeMessaging\nmHostConfig.json, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\nativeMessaging\nmHostManifest.json, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\nativeMessaging\TBMessagingHost.exe, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\plugins\ChromeApiPlugin.dll, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\initData.json, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\html\SearchBackground.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\html\searchInNewTabAPI.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\API\MostVisited.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\API\Applications.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\API\Bookmarks.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\API\CntRedirect.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\API\DeveloperMode.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\API\EmbeddedConfig.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\API\enable_disable.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\API\EventHandler.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\API\Global.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\API\LocationService.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\API\LogMsg.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\API\NewTabAPI.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\API\RecentlyClosed.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\API\SearchBox.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\API\SearchBoxIframe.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\API\ServiceMap.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\API\Settings.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\API\startupSequence.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\API\Thumbnails.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\API\Toolbar.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\API\Translation.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\API\Usage.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\css\about_memory.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\css\alert_overlay.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\css\apps_page.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\css\bubble.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\css\chrome_shared.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\css\chrome_shared2.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\css\chrome_shared2_touch.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\css\dialogs.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\css\expandable_bubble.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\css\footer_menu.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\css\list.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\css\menu.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\css\most_visited_page.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\css\nav_dot.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\css\new_tab.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\css\new_tab_theme.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\css\overlay.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\css\spinner.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\css\suggestions_page.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\css\table.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\css\tabs.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\css\throbber.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\css\tile_page.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\css\trash.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\css\tree.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\css\ui_account_tweaks.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\css\widgets.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\html\alert_overlay.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\html\appLauncher.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\html\loadfile.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\html\NewTabBackground.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\html\new_tab.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\html\Options.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\html\redirect.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\html\trash.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\close_bar_mask.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\exclamationIcon.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\history_section.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\app_promo_button.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\check.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\checkbox_black.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\checkbox_white.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\closed_window.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\close_bar.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\close_bar_2x.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\close_bar_h.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\close_bar_h_2x.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\close_bar_mask_2x.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\close_bar_p.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\close_bar_p_2x.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\detected_sd.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\detected_usb.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\disabled_select.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\disclosure_triangle_mask.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\downloads_section.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\favicon.ico, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\favicon.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\folder_closed.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\folder_closed_rtl.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\folder_open.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\folder_open_rtl.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\gear.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\google-transparent.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\guest_icon_standalone.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\help.gif, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\icon128.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\icon16.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\icon48.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\icon_checkmark.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\icon_file.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\icon_folder.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\icon_warning.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\icon_warning2.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\IDR_PRODUCT_LOGO.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\ImagesRepository.json, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\insert.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\minus.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\nub.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\nub_mask.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\otr_icon_standalone.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\phishing_icon.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\plus.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\select.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\small_bubble.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\spinner.svg, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\star_small.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\success.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\throbber.svg, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\thumbnailPlaceHolder.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\trash.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\trashBinN.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\WebStore128.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\x-hover.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\x.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\img\__IDR_PRODUCT_LOGO.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\context_menu_handler.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\i18n_template.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\alert_overlay.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\appLauncher.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\apps_page.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\autocomplete_list.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\Base64.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\bubble.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\card_slider.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\color-thief.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\command.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\command_line.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\context_menu_button.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\cr.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\database.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\dialogs.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\dot_list.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\drag_wrapper.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\event_target.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\event_tracker.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\expandable_bubble.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\focus_outline_manager.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\i18n_process.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\i18n_template2.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\jquery.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\link_controller.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\loadFile.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\load_time_data.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\local_strings.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\logerror.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\logging.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\md5.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\media_common.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\menu.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\menu_button.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\menu_item.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\most_visited_page.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\nav_dot.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\NewTabBackground.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\newTabBeforeStart.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\newTabLoadTimeData.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\new_tab.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\options.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\other_sessions.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\overlay.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\page_list_view.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\page_switcher.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\parse_html_subset.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\position_util.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\promise.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\quantize.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\recently_closed.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\repeating_button.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\SearchBoxPage.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\search_history.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\splitter.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\suggestions_page.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\tile_page.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\touch_handler.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\trash.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\tree.css.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\tree.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\ui.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\ui_account_tweaks.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\util.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\Search\NewTabPages\js\ZipFile.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\backstage.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\version.txt, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\al.view.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\aboutBox\aboutBox.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\aboutBox\images\logo.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\aboutBox\images\OK-Button-Default.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\aboutBox\images\OK-Button-MouseOver.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\aboutBox\images\OK-Button-OnClick.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\aboutBox\images\truste.gif, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\aboutBox\images\x.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\aboutBox\js\aboutBox.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ac\appManager.controller.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ac\appManager.model.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ac\appManager.view.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ac\css\toolbar.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ac\img\minibrowser24.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ac\img\ajax-loader.gif, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ac\img\buttonSprites.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ac\img\chevron_sprites.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ac\img\fallback24.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ac\img\ie8_mouseover_button.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ac\img\ie8_onclick_button.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ac\img\loader-icon.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ac\img\menu_arrow.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ac\img\minibrowser.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ac\img\mp_sprites.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ac\img\new_chevron_sprites.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ac\img\rounded_corners_left_transparent.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ac\img\rounded_corners_left_white.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ac\img\rounded_corners_left_white_34.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ac\img\rounded_corners_right_transparent.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ac\img\rounded_corners_right_white.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ac\img\rounded_corners_right_white_34.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ac\img\separator.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ac\img\separator_hover.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ac\img\uus.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ac\res\yoxscroll.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\api\toolbarapi.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\api\webAppApi.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\api\webAppApiFront.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\msd\excanvas.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\msd\trusted.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\msd\trusted.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\msd\untrusted.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\msd\untrusted.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\msd\untrusted.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\options\options.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\options\css\jquery.jscrollpane.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\options\css\options.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\options\css\reset.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\options\images\bg-hide-click.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\options\images\bg-hide.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\options\images\checkbox-check-off.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\options\images\checkbox-check-on.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\options\images\ic_Closer.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\options\images\ic_Closer_hover.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\options\images\logo.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\options\images\minibrowser.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\options\images\scroller.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\options\images\sprite-ok-button.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\options\images\truste.gif, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\options\images\x.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\options\js\html5SupportIe.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\options\js\options.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\options\js\resources\html5shiv.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\options\js\resources\jquery.jscrollpane.min.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\options\js\resources\jquery.mousewheel.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\sp\js\searchProtectorManager.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\sp\spbd\bubble.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\sp\spbd\bubble.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\sp\spbd\main.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\sp\spbd\images\information.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\sp\spbd\images\x-default-LTR.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\sp\spbd\images\x-default-RTL.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\sp\spbd\images\x-mouseover-LTR.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\sp\spbd\images\x-mouseover-RTL.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\sp\spsd\main.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\sp\spsd\SearchProtector.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\sp\spsd\settings.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\sp\spsd\images\ok-button.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\sp\spsd\images\separation-line.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\sp\spsd\images\warning.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\menus.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\popups.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\dlg\DialogsAPI.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\dlg\excanvas.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\dlg\generalDialogStyle.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\dlg\PIE.htc, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\dlg\settings.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\dlg\ftd\main.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\dlg\ftd\ToolbarFirstTimeDialog.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\dlg\ftd\ToolbarFirstTimeDialog.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\dlg\ftd\images\app-store-icon.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\dlg\ftd\images\arrow.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\dlg\ftd\images\dialog_tip_left.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\dlg\ftd\images\dialog_tip_right.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\dlg\ftd\images\divider.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\dlg\ftd\images\emailNotifier.gif, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\dlg\ftd\images\facebook.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\dlg\ftd\images\radio.GIF, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\dlg\ftd\images\Thumbs.db, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\dlg\ftd\images\truste_welcome.GIF, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\dlg\ftd\images\weather.GIF, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\dlg\restart\main.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\dlg\restart\restartDialog.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\dlg\restart\restartDialog.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\dlg\restart\images\2.0--spec--kicker.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\dlg\restart\images\content-pattern.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\dlg\restart\images\content-sep.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\dlg\restart\images\OK-Button-Default.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\dlg\restart\images\OK-Button-MouseOver.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\dlg\restart\images\OK-Button-OnClick.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\dlg\restart\images\x.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\gadgetFrame\gf.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\gadgetFrame\lgf.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\gf\gf.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\gf\lgf.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\gf\css\gf.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\gf\css\gf_ie.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\gf\img\ie_back.gif, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\gf\img\loader.gif, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\gf\img\resize.gif, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\gf\img\sprites.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\gf\js\gf.view.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\gf\js\lgf.view.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\menu\popup.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\menu\css\menu.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\menu\img\arrow-down-strong.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\menu\img\arrow-down.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\menu\img\arrow-left-strong.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\menu\img\arrow-left.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\menu\img\arrow-right-strong.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\menu\img\arrow-right.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\menu\img\arrows.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\menu\js\jquery.ellipsis.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\menu\js\jquery.scrollTo-1.4.2-min.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\menu\js\menu.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\menu\js\renderHandler.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\menu\js\scrollers.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\ui\menu\js\showHandler.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\browserAppApi.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\APPLICATION_BUTTON\bgpage.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\APPLICATION_BUTTON\Js\bgpage.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\APPLICATION_BUTTON\resources\defaultEngineImage.gif, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\EMAIL_NOTIFIER\bgPage.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\EMAIL_NOTIFIER\popup.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\EMAIL_NOTIFIER\css\en.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\EMAIL_NOTIFIER\css\en_rtl.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\EMAIL_NOTIFIER\css\jquery.jscrollpane.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\EMAIL_NOTIFIER\js\AccountManager.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\EMAIL_NOTIFIER\js\bgPage.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\EMAIL_NOTIFIER\js\EN.model.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\EMAIL_NOTIFIER\js\IMAPExecuter.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\EMAIL_NOTIFIER\js\Inboxer.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\EMAIL_NOTIFIER\js\Invoker.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\EMAIL_NOTIFIER\js\MailDecoder.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\EMAIL_NOTIFIER\js\MailMerger.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\EMAIL_NOTIFIER\js\POP3Executer.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\EMAIL_NOTIFIER\js\Popup.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\EMAIL_NOTIFIER\js\providerHelper.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\EMAIL_NOTIFIER\js\Providers.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\EMAIL_NOTIFIER\js\SettingsManager.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\EMAIL_NOTIFIER\js\Timer.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\EMAIL_NOTIFIER\js\Translation.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\EMAIL_NOTIFIER\js\Utils.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\HIGHLIGHTER\bgpage.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\HIGHLIGHTER\embedded.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\HIGHLIGHTER\popup.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\HIGHLIGHTER\css\embedded.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\HIGHLIGHTER\css\popup.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\HIGHLIGHTER\css\reset.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\HIGHLIGHTER\js\bgpage.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\HIGHLIGHTER\js\embedded.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\HIGHLIGHTER\js\higlighter_script.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\HIGHLIGHTER\js\popup.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\MULTI_RSS\bgpage.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\MULTI_RSS\popup.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\MULTI_RSS\css\popup.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\MULTI_RSS\img\arrows.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\MULTI_RSS\img\badges.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\MULTI_RSS\img\icons.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\MULTI_RSS\js\bgpage.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\MULTI_RSS\js\popup.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\MULTI_RSS\js\resources\webAppUtils.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\NOTIFICATION\bgpage.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\NOTIFICATION\embedded.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\NOTIFICATION\NotificationPopup.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\NOTIFICATION\Settings.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\NOTIFICATION\css\gadget.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\NOTIFICATION\css\general.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\NOTIFICATION\css\Main.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\NOTIFICATION\css\newMain.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\NOTIFICATION\css\settings.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\NOTIFICATION\css\ui.stepper.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\NOTIFICATION\images\closeIcon.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\NOTIFICATION\images\downArrow.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\NOTIFICATION\images\settingsIcon.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\NOTIFICATION\images\upArrow.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\NOTIFICATION\images\dark\close.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\NOTIFICATION\images\dark\Next.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\NOTIFICATION\images\dark\Next_hover.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\NOTIFICATION\images\dark\powered-by.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\NOTIFICATION\images\dark\Prev.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\NOTIFICATION\images\dark\Prev_hover.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\NOTIFICATION\images\dark\settings.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\NOTIFICATION\images\light\close.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\NOTIFICATION\images\light\Next.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\NOTIFICATION\images\light\Next_hover.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\NOTIFICATION\images\light\powered-by.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\NOTIFICATION\images\light\Prev.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\NOTIFICATION\images\light\Prev_hover.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\NOTIFICATION\images\light\settings.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\NOTIFICATION\js\AppName.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\NOTIFICATION\js\bgpage.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\NOTIFICATION\js\bgpageEarly.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\NOTIFICATION\js\commons.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\NOTIFICATION\js\jquery.ezmark.min.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\NOTIFICATION\js\notification.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\NOTIFICATION\js\NotificationSettings.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\NOTIFICATION\js\notificationUIManger.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\NOTIFICATION\js\Settings.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\NOTIFICATION\js\stepper.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\NOTIFICATION\js\ToolbarAndAppsSettings.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\Optimizer\bgpage.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\Optimizer\js\bgpage.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\PRICE_GONG\bgpage.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\PRICE_GONG\bgpage.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\PRICE_GONG\pg_offers.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\PRICE_GONG\pg_offers.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\PRICE_GONG\agreement\agree.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\PRICE_GONG\agreement\agree.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\PRICE_GONG\agreement\Close.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\PRICE_GONG\agreement\Image.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\PRICE_GONG\agreement\Logo.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\PRICE_GONG\agreement\OK_Btn.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\PRICE_GONG\agreement\Topbg.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\PRICE_GONG\css\gadget.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\PRICE_GONG\css\ie7styles.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\PRICE_GONG\css\iestyle.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\PRICE_GONG\css\custom-theme\jquery-ui-1.8.10.custom.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\PRICE_GONG\images\icon.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\RADIO_PLAYER\bgpage.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\RADIO_PLAYER\embedded.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\RADIO_PLAYER\popup2.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\RADIO_PLAYER\css\gadget.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\RADIO_PLAYER\css\jquery.jscrollpane.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\RADIO_PLAYER\css\reset.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\RADIO_PLAYER\css\stations.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\RADIO_PLAYER\css\custom-theme\jquery-ui-1.8.10.custom.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\RADIO_PLAYER\js\bgpage.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\RADIO_PLAYER\js\bgpageEarly.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\RADIO_PLAYER\js\embedded.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\RADIO_PLAYER\js\embeddedEarly.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\RADIO_PLAYER\js\localization.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\RADIO_PLAYER\js\player.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\RADIO_PLAYER\js\popup.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\RADIO_PLAYER\js\resources\BrowserDetect.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\RADIO_PLAYER\js\resources\jquery-ui-1.8.10.custom.min.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\RADIO_PLAYER\js\resources\jquery.jscrollpane.min.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\RADIO_PLAYER\js\resources\jquery.scrollTo-1.4.2-min.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\RADIO_PLAYER\js\resources\radioCommon.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\RADIO_PLAYER\js\resources\system.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\RADIO_PLAYER\js\resources\utils.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\SEARCH\bgpage.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\SEARCH\embedded.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\SEARCH\information.popup.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\SEARCH\buildSettings\SearchApp_Ant.xml, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\SEARCH\Css\information.popup.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\SEARCH\js\bgpage.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\SEARCH\js\common.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\SEARCH\js\contentManager.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\SEARCH\js\historyProvider.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\SEARCH\js\information.popup.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\SEARCH\js\layoutManager.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\SEARCH\js\searchListener.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\SEARCH\js\selectionListener.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\SEARCH\js\suggestProvider.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\SEARCH\resources\history--x-default.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\SEARCH\resources\history--x-mouseover.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\SEARCH\resources\menu.icon.apps.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\SEARCH\view\script\view.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\SEARCH\view\style\default.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\SEARCH\view\style\rsx\dd-arrow.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\SEARCH\view\style\rsx\ie8.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\TWITTER\bgpage.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\TWITTER\popup.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\TWITTER\popup.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\TWITTER\img\icons.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\TWITTER\img\inbox.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\TWITTER\img\scroll_down.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\TWITTER\img\scroll_up.png, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\TWITTER\js\bgpage.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\TWITTER\js\localization.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\TWITTER\js\popup.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\WEATHER\bgpage.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\WEATHER\popup.html, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\WEATHER\css\gadget.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\WEATHER\css\ie7styles.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\WEATHER\css\iestyle.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\WEATHER\js\bgpage.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\WEATHER\js\common.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\WEATHER\js\date-functions.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\WEATHER\js\gadget.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\WEATHER\js\jquery.autocomplete.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\WEATHER\js\jquery.textshadow.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\WEATHER\js\logic.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\WEATHER\js\main.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\al\wa\WEATHER\js\xPath.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\core\corelibs.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\core\framework.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\core\utils.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\lib\al.view.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\lib\al.viewPerformanceLog.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\lib\background.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\lib\ie_fix.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\lib\jquery.min.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\lib\jquery.mousewheel.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\lib\jquery.text-overflow.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\lib\jquery.tmpl.min.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\lib\jquery.xml2json.custom.min.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\lib\jquery.xml2json.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\lib\json2.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\lib\json2.min.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\lib\script2injectEmbedded.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\lib\script2injectPopup.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\lib\sdk.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\lib\jquery.alerts\jquery.alerts.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\lib\jquery.alerts\jquery.alerts.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\lib\jquery.alerts\images\help.gif, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\lib\jquery.alerts\images\important.gif, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\lib\jquery.alerts\images\info.gif, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\lib\jquery.alerts\images\title.gif, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\lib\jquery.jscrollpane\jquery.jscrollpane.css, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\lib\jquery.jscrollpane\jquery.jscrollpane.min.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\tb\sl\serviceLayer.js, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],
PUP.Optional.SlickSavings.A, C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.0.526_0\_locales\en\messages.json, Quarantined, [f1846e0f5823d2644dc1baf10af856aa],

Physical Sectors: 0
(No malicious items detected)


(end)



#5 Ender1981

Ender1981
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 28 June 2014 - 10:34 AM

Hi Machiavelli

 

 

Here is the FRST.txt log file contents as requested

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-06-2014 02
Ran by W4RKN1T3 (administrator) on WARKNITE on 28-06-2014 17:23:34
Running from C:\Users\W4RKN1T3\Downloads
Platform: Windows 7 Professional (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUSB\XFastUsb.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Verbatim) C:\Program Files (x86)\Verbatim\GREEN BUTTON\GREEN BUTTON.exe
(Curse) C:\Users\W4RKN1T3\AppData\Local\Apps\2.0\2EOOOEKC.JKV\4XTQDLCD.1GT\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\CurseClient.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.4767\Battle.net.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Program Files\ASRock Utility\XFast RAM\asrRd.exe
(Blizzard Entertainment) C:\Users\Public\Games\World of Warcraft\Wow-64.exe
(Blizzard Entertainment) C:\Users\Public\Games\World of Warcraft\Utils\WowBrowserProxy.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [XFast LAN] => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [1441152 2011-10-19] (cFos Software GmbH)
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\THXCfg64.dll [26624 2011-05-13] (Creative Technology Ltd.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-25] (Logitech Inc.)
HKLM\...\Run: [Ask Mr. Robot] => C:\Program Files\AskMrRobot\AmrTray.exe [796160 2013-09-30] ()
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1279480 2014-05-30] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [XFastUSB] => C:\Program Files (x86)\XFastUSB\XFastUsb.exe [4934880 2013-04-10] (FNet Co., Ltd.)
HKLM-x32\...\Run: [THX TruStudio NB Settings] => C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [909824 2011-05-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [442712 2013-11-17] (Razer Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-03] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-4116402114-3448456545-381346044-1000\...\Run: [Fatal1tySTU] => [X]
HKU\S-1-5-21-4116402114-3448456545-381346044-1000\...\Run: [zASRockInstantBoot] => [X]
HKU\S-1-5-21-4116402114-3448456545-381346044-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1754816 2014-05-29] (Valve Corporation)
HKU\S-1-5-21-4116402114-3448456545-381346044-1000\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe [2907184 2014-06-25] (Blizzard Entertainment)
HKU\S-1-5-21-4116402114-3448456545-381346044-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-4116402114-3448456545-381346044-1000\...\MountPoints2: {5489a932-7af9-11e3-a6a6-bc5ff4856074} - F:\iLinker.exe
HKU\S-1-5-21-4116402114-3448456545-381346044-1000\...\MountPoints2: {5e6993cb-0ef5-11e3-a08c-bc5ff4856074} - E:\FingerVerify_2Lun.exe
HKU\S-1-5-21-4116402114-3448456545-381346044-1000\...\MountPoints2: {710d534b-a1fe-11e2-8ca6-806e6f6e6963} - D:\NAGRequirementsCheck.exe
HKU\S-1-5-21-4116402114-3448456545-381346044-1000\...\MountPoints2: {f12ebb49-a1f4-11e2-9704-806e6f6e6963} - D:\Setup.exe
HKU\S-1-5-21-4116402114-3448456545-381346044-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Fatal1tySTU] => [X]
HKU\S-1-5-21-4116402114-3448456545-381346044-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [zASRockInstantBoot] => [X]
HKU\S-1-5-21-4116402114-3448456545-381346044-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1754816 2014-05-29] (Valve Corporation)
HKU\S-1-5-21-4116402114-3448456545-381346044-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe [2907184 2014-06-25] (Blizzard Entertainment)
HKU\S-1-5-21-4116402114-3448456545-381346044-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-4116402114-3448456545-381346044-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {5489a932-7af9-11e3-a6a6-bc5ff4856074} - F:\iLinker.exe
HKU\S-1-5-21-4116402114-3448456545-381346044-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {5e6993cb-0ef5-11e3-a08c-bc5ff4856074} - E:\FingerVerify_2Lun.exe
HKU\S-1-5-21-4116402114-3448456545-381346044-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {710d534b-a1fe-11e2-8ca6-806e6f6e6963} - D:\NAGRequirementsCheck.exe
HKU\S-1-5-21-4116402114-3448456545-381346044-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {f12ebb49-a1f4-11e2-9704-806e6f6e6963} - D:\Setup.exe
Startup: C:\Users\W4RKN1T3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\W4RKN1T3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verbatim GREEN BUTTON.lnk
ShortcutTarget: Verbatim GREEN BUTTON.lnk -> C:\Program Files (x86)\Verbatim\GREEN BUTTON\GREEN BUTTON.exe (Verbatim)
ShellIconOverlayIdentifiers: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.za/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://howzit.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x34F56EF10D36CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-za
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH
SearchScopes: HKCU - {1DDD8925-96BE-4be8-96DB-C8994BD2221A} URL = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A6976579318&ie=UTF-8&q=&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A6976579318&q={searchTerms}
SearchScopes: HKCU - {2457C00F-2F74-42EE-AED4-9510A03728A7} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289075&CUI=UN15963860415059266&UM=1
SearchScopes: HKCU - {FDBC0DCE-C5EF-4b4b-840A-A16EB938E962} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\W4RKN1T3\AppData\Roaming\Mozilla\Firefox\Profiles\4h95d05i.default
FF Homepage: hxxp://www.google.co.za/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: EPUBReader - C:\Users\W4RKN1T3\AppData\Roaming\Mozilla\Firefox\Profiles\4h95d05i.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2014-01-26]
FF Extension: Adblock Plus - C:\Users\W4RKN1T3\AppData\Roaming\Mozilla\Firefox\Profiles\4h95d05i.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-24]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-11]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-11]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-08-23]

Chrome:
=======
CHR DefaultSearchKeyword: google.co.za
CHR Extension: (Google Docs) - C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-08]
CHR Extension: (Google Drive) - C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-15]
CHR Extension: (YouTube) - C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-08]
CHR Extension: (Google Search) - C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-08]
CHR Extension: (Google Wallet) - C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-08]
CHR Extension: (Gmail) - C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-08]
CHR HKCU\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\W4RKN1T3\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-03-26]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-03] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1039952 2014-06-03] (Avira Operations GmbH & Co. KG)
R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [395136 2011-10-19] (cFos Software GmbH)
S3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1030600 2013-06-05] (Macrovision Europe Ltd.) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [121344 2012-02-07] () [File not signed]
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation)
S3 wampapache; c:\wamp\bin\apache\apache2.4.4\bin\httpd.exe [24576 2013-06-23] (Apache Software Foundation) [File not signed]
S3 wampmysqld; c:\wamp\bin\mysql\mysql5.6.12\bin\mysqld.exe [12867584 2013-06-23] () [File not signed]

==================== Drivers (Whitelisted) ====================

R3 AsrHidFilter; C:\Windows\System32\DRIVERS\AsrHidFilter.sys [17928 2011-02-17] (ASRock Inc.)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2014-01-12] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2013-04-10] (FNet Co., Ltd.)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39080 2013-11-15] (Razer Inc)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-06-28] ()
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-28 17:23 - 2014-06-28 17:23 - 00021775 _____ () C:\Users\W4RKN1T3\Downloads\FRST.txt
2014-06-28 17:21 - 2014-06-28 17:23 - 00000000 ____D () C:\FRST
2014-06-28 17:20 - 2014-06-28 17:20 - 02083328 _____ (Farbar) C:\Users\W4RKN1T3\Downloads\FRST64.exe
2014-06-28 13:29 - 2014-06-28 13:31 - 00005317 _____ () C:\Users\W4RKN1T3\Desktop\attach.txt
2014-06-28 13:29 - 2014-06-28 13:30 - 00018884 _____ () C:\Users\W4RKN1T3\Desktop\dds.txt
2014-06-28 13:22 - 2014-06-28 13:23 - 00688992 ____R (Swearware) C:\Users\W4RKN1T3\Desktop\dds.com
2014-06-28 12:06 - 2014-06-28 12:06 - 00003032 _____ () C:\Windows\System32\Tasks\asrRd
2014-06-28 12:03 - 2014-06-28 12:03 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-06-28 01:08 - 2014-06-28 17:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-28 01:08 - 2014-06-28 01:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-28 01:08 - 2014-06-28 01:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-28 01:08 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-28 01:08 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-22 16:27 - 2014-06-22 16:34 - 00000000 ____D () C:\Users\W4RKN1T3\Documents\Witcher 2
2014-06-22 16:27 - 2014-06-22 16:27 - 00000000 ____D () C:\Users\W4RKN1T3\AppData\Local\The Witcher 2
2014-06-15 12:16 - 2014-06-15 12:16 - 00000000 ____D () C:\Users\W4RKN1T3\AppData\Local\TB
2014-06-11 06:48 - 2014-06-11 06:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-03 07:50 - 2014-05-30 01:07 - 01715176 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-06-03 07:50 - 2014-05-30 01:07 - 01291232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-05-30 08:11 - 2014-05-30 08:11 - 00000000 ____D () C:\ProgramData\APN
2014-05-30 08:10 - 2014-05-30 08:10 - 01272912 _____ (BitTorrent Inc.) C:\Users\W4RKN1T3\Downloads\uTorrent(1).exe

==================== One Month Modified Files and Folders =======

2014-06-28 17:23 - 2014-06-28 17:23 - 00021775 _____ () C:\Users\W4RKN1T3\Downloads\FRST.txt
2014-06-28 17:23 - 2014-06-28 17:21 - 00000000 ____D () C:\FRST
2014-06-28 17:21 - 2013-10-10 09:00 - 00000000 ____D () C:\Users\W4RKN1T3\AppData\Local\Battle.net
2014-06-28 17:20 - 2014-06-28 17:20 - 02083328 _____ (Farbar) C:\Users\W4RKN1T3\Downloads\FRST64.exe
2014-06-28 17:17 - 2013-10-31 17:43 - 00000000 ____D () C:\Users\W4RKN1T3\AppData\Local\Deployment
2014-06-28 17:14 - 2014-06-28 01:08 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-28 17:10 - 2013-07-27 06:16 - 00000000 ____D () C:\Users\W4RKN1T3\AppData\Roaming\Skype
2014-06-28 17:07 - 2014-04-08 07:51 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-28 17:02 - 2013-07-31 17:34 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-28 13:31 - 2014-06-28 13:29 - 00005317 _____ () C:\Users\W4RKN1T3\Desktop\attach.txt
2014-06-28 13:30 - 2014-06-28 13:29 - 00018884 _____ () C:\Users\W4RKN1T3\Desktop\dds.txt
2014-06-28 13:23 - 2014-06-28 13:22 - 00688992 ____R (Swearware) C:\Users\W4RKN1T3\Desktop\dds.com
2014-06-28 13:00 - 2014-03-22 14:11 - 00014925 _____ () C:\Windows\setupact.log
2014-06-28 12:18 - 2013-07-31 17:34 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-28 12:18 - 2013-04-11 19:01 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-28 12:18 - 2013-04-11 19:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-28 12:11 - 2009-07-14 06:45 - 00020512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-28 12:11 - 2009-07-14 06:45 - 00020512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-28 12:09 - 2009-07-14 07:13 - 00778150 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-28 12:07 - 2013-04-10 17:43 - 00575816 _____ () C:\Windows\WindowsUpdate.log
2014-06-28 12:06 - 2014-06-28 12:06 - 00003032 _____ () C:\Windows\System32\Tasks\asrRd
2014-06-28 12:06 - 2014-02-27 19:36 - 00002966 _____ () C:\Windows\System32\Tasks\FSTU
2014-06-28 12:03 - 2014-06-28 12:03 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-06-28 12:03 - 2014-04-08 07:51 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-28 12:03 - 2013-04-10 23:23 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-28 12:03 - 2013-04-10 20:35 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-28 12:03 - 2013-04-10 18:54 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-06-28 12:03 - 2013-04-10 18:50 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-06-28 12:03 - 2013-04-10 18:16 - 00000000 ____D () C:\Users\W4RKN1T3
2014-06-28 12:03 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-28 12:02 - 2014-03-31 19:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-28 12:02 - 2014-03-22 14:10 - 00462422 _____ () C:\Windows\PFRO.log
2014-06-28 12:02 - 2009-07-14 06:45 - 00000000 ____D () C:\Windows\Setup
2014-06-28 12:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Vss
2014-06-28 12:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system
2014-06-28 10:00 - 2013-04-10 18:50 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-06-28 02:45 - 2013-06-12 21:26 - 00000000 ____D () C:\Users\W4RKN1T3\AppData\Roaming\vlc
2014-06-28 01:08 - 2014-06-28 01:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-28 01:08 - 2014-06-28 01:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-28 01:08 - 2014-03-22 14:01 - 00000000 ____D () C:\Users\W4RKN1T3\AppData\Roaming\Malwarebytes
2014-06-28 01:08 - 2014-03-22 14:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-27 15:18 - 2013-04-10 20:30 - 00000000 ____D () C:\Users\W4RKN1T3\AppData\Roaming\uTorrent
2014-06-25 22:36 - 2013-10-10 09:00 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-06-24 20:49 - 2013-04-10 19:06 - 00000000 ____D () C:\Users\W4RKN1T3\AppData\Local\CrashDumps
2014-06-22 23:50 - 2013-08-28 16:18 - 00000000 ____D () C:\Users\W4RKN1T3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-06-22 23:08 - 2013-04-11 00:12 - 00000000 ____D () C:\Users\W4RKN1T3\AppData\Roaming\Mumble
2014-06-22 16:34 - 2014-06-22 16:27 - 00000000 ____D () C:\Users\W4RKN1T3\Documents\Witcher 2
2014-06-22 16:27 - 2014-06-22 16:27 - 00000000 ____D () C:\Users\W4RKN1T3\AppData\Local\The Witcher 2
2014-06-22 16:27 - 2014-04-23 19:46 - 00035620 _____ () C:\Windows\DirectX.log
2014-06-22 10:28 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-19 23:02 - 2014-04-08 07:51 - 00003898 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-19 23:02 - 2014-04-08 07:51 - 00003646 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-15 12:16 - 2014-06-15 12:16 - 00000000 ____D () C:\Users\W4RKN1T3\AppData\Local\TB
2014-06-13 02:02 - 2014-04-08 07:54 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-11 06:48 - 2014-06-11 06:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-11 06:03 - 2012-05-16 17:03 - 00000000 ____D () C:\Program Files\Diablo III
2014-06-04 19:45 - 2014-05-25 23:01 - 00000000 ____D () C:\Users\W4RKN1T3\AppData\Local\Game Dev Tycoon - Steam
2014-06-03 14:02 - 2014-03-22 13:58 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-03 14:02 - 2014-03-22 13:58 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-03 07:50 - 2013-04-10 23:21 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-05-30 08:12 - 2014-01-24 08:48 - 00000796 _____ () C:\Users\W4RKN1T3\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-05-30 08:11 - 2014-05-30 08:11 - 00000000 ____D () C:\ProgramData\APN
2014-05-30 08:10 - 2014-05-30 08:10 - 01272912 _____ (BitTorrent Inc.) C:\Users\W4RKN1T3\Downloads\uTorrent(1).exe
2014-05-30 01:07 - 2014-06-03 07:50 - 01715176 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-05-30 01:07 - 2014-06-03 07:50 - 01291232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-05-30 01:07 - 2013-11-15 20:11 - 01279480 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-05-30 01:07 - 2013-11-15 20:11 - 01122312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-05-29 00:56 - 2013-12-09 13:20 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-05-29 00:52 - 2009-07-14 07:08 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

Some content of TEMP:
====================
C:\Users\W4RKN1T3\AppData\Local\Temp\avgnt.exe
C:\Users\W4RKN1T3\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\W4RKN1T3\AppData\Local\Temp\nitro_reader3_x64.exe
C:\Users\W4RKN1T3\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\W4RKN1T3\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\W4RKN1T3\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\W4RKN1T3\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\W4RKN1T3\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\W4RKN1T3\AppData\Local\Temp\nvStInst.exe
C:\Users\W4RKN1T3\AppData\Local\Temp\SkypeSetup.exe
C:\Users\W4RKN1T3\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\W4RKN1T3\AppData\Local\Temp\uttFE67.tmp.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-28 05:41

==================== End Of Log ============================



#6 Ender1981

Ender1981
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 28 June 2014 - 10:36 AM

Hi Machiavelli

 

Here is the Additions.txt log file contents as requested

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-06-2014 02
Ran by W4RKN1T3 at 2014-06-28 17:24:03
Running from C:\Users\W4RKN1T3\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.31515 - BitTorrent Inc.)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
AmrAddonInstall (Version: 1.1.11.0 - Microsoft) Hidden
Antichamber (HKLM-x32\...\Steam App 219890) (Version:  - Alexander Bruce)
Ask Mr. Robot (HKLM-x32\...\{0479d93c-565a-413f-b8f7-dc68cf260ac2}) (Version: 1.3.9.0 - Ask Mr. Robot)
Ask Mr. Robot (Version: 1.3.9.0 - Ask Mr. Robot) Hidden
ASRock App Charger v1.0.5 (HKLM\...\ASRock App Charger_is1) (Version:  - ASRock Inc.)
ASRock InstantBoot v1.29 (HKLM-x32\...\ASRock InstantBoot_is1) (Version:  - )
ASRock SmartConnect v1.0.6 (HKLM\...\ASRock SmartConnect_is1) (Version:  - ASRock Inc.)
ASRock XFast RAM v2.0.9 (HKLM\...\ASRock XFast RAM_is1) (Version:  - ASRock Inc.)
AutoCAD Architecture 2010 (HKLM\...\AutoCAD Architecture 2010) (Version: 6.0.56.0 - Autodesk)
AutoCAD Architecture 2010 (Version: 6.0.56.0 - Autodesk) Hidden
AutoCAD Architecture 2010 Language Pack - English (Version: 18.0.55.0 - Autodesk) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.4.672 - Avira)
Banished (HKLM-x32\...\Steam App 242920) (Version:  - Shining Rock Software LLC)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.5.1 - Broadcom Corporation)
CameraHelperMsi (x32 Version: 13.50.854.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Crysis 2 Maximum Edition (HKLM-x32\...\Steam App 108800) (Version:  - Crytek Studios)
Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.810 - Curse)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
ePub Reader for Windows version 5.0 (HKLM-x32\...\{BFBA7F3A-1F10-4754-ADEC-A8CFBB4F925B}_is1) (Version: 5.0 - HANSoft, Inc.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Etron USB3.0 Host Controller (x32 Version: 0.109 - Etron Technology) Hidden
Fable - The Lost Chapters (HKLM-x32\...\Steam App 204030) (Version:  - Lionhead Studios)
F-Stream Tuning v0.1.73.27 (HKLM-x32\...\F-Stream Tuning_is1) (Version:  - )
Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version:  - Greenheart Games)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google SketchUp 7 (HKLM-x32\...\{E5D52570-5EF1-4576-A434-6CCD92268F0F}) (Version: 2.0.10247 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version:  - IO Interactive)
Hitman: Sniper Challenge (HKLM-x32\...\Steam App 205930) (Version:  - IO Interactive)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® Smart Connect Technology 2.0 x64 (HKLM\...\{D1B033E8-A077-4B0D-9831-5798E19E861E}) (Version: 2.0.1083.0 - Intel)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Leisure Suit Larry in the Land of the Lounge Lizards: Reloaded (HKLM-x32\...\Steam App 231910) (Version:  - nFusion Interactive)
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.46 (HKLM\...\Logitech Gaming Software) (Version: 8.46.27 - Logitech Inc.)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.50.854.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.50.862.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.50.859.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.30.1395.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.50.861.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Video Mask Maker (x32 Version: 13.30.1379.0 - Logitech) Hidden
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mumble 1.2.4 (HKLM-x32\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig)
My Game Long Name (HKLM\...\UDK-7fc4a26c-0ade-4f1d-afe7-fc7c60ae4032) (Version:  - Epic Games, Inc.)
Nitro Reader 3 (HKLM\...\{4436B9BD-CA66-4D69-9091-2D2EB62F09AD}) (Version: 3.5.2.10 - Nitro)
NVIDIA 3D Vision Controller Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Control Panel 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Update 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.2.2730 - Electronic Arts, Inc.)
PlayCatan Access Software (HKLM-x32\...\PlayCatan Client) (Version: 3.1086 - Catan GmbH)
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Portal 2 Publishing Tool (HKLM-x32\...\Steam App 644) (Version:  - )
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.16.6 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6392 - Realtek Semiconductor Corp.)
Samsung i-Launcher 1.0.1.54 (HKLM-x32\...\Samsung i-Launcher) (Version: 1.0.1.54 - Samsung Electronics Co., Ltd.)
SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.11.13307 - Skype Technologies S.A.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27614 - TeamViewer)
The Elder Scrolls Online Beta (HKLM-x32\...\The Elder Scrolls Online Beta_is1) (Version: 0.3.4 - )
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Mighty Quest For Epic Loot (HKLM-x32\...\Steam App 239220) (Version:  - Ubisoft Montreal)
The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version:  - Galactic Cafe)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD Projekt RED)
THX TruStudio (HKLM-x32\...\{AFB907F5-C0E6-4753-8284-DE955EF86AC2}) (Version: 1.00.01 - Creative Technology Limited)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Verbatim GREEN BUTTON 1.61 (HKLM-x32\...\Verbatim GREEN BUTTON_is1) (Version:  - Verbatim)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WampServer 2.4 (HKLM-x32\...\WampServer 2_is1) (Version:  - Hervé Leclerc (HeL))
WildStar (HKLM-x32\...\WildStar) (Version:  - NCSOFT)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
XFast LAN v6.61 (HKLM\...\XFast LAN) (Version: 6.61 - cFos Software GmbH, Bonn)
XFastUSB (HKLM-x32\...\XFastUSB) (Version: 3.02.28 - ASRock Inc.)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-04-07 23:00 - 00000878 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1       localhost


==================== Scheduled Tasks (whitelisted) =============

Task: {13978E0A-6192-40EE-B15E-D73D47DE1574} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-08] (Google Inc.)
Task: {25722FCC-4828-4FB6-9377-BD1450C7A5CB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-28] (Adobe Systems Incorporated)
Task: {265C5204-5B00-47CD-BF15-4143FA9B3C7A} - System32\Tasks\FSTU => C:\Program Files (x86)\Fatal1ty Utility\FSTU\Bin\FSTU.exe [2012-02-29] ()
Task: {2C451F56-6689-41C6-B246-1F1FA3064F89} - System32\Tasks\asrRd => C:\Program Files\ASRock Utility\XFast RAM\asrRd.exe [2012-01-13] ()
Task: {359A5004-4CB6-4C15-AA77-6535F32DBDA2} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {7F8338D2-F2C5-489D-B136-E3AC92D200A5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-08] (Google Inc.)
Task: {9212DDC0-3EA0-4723-A71C-C1E45E0DD151} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {AC4491B4-70F3-46FF-B387-8E87DDDAFB0D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe

==================== Loaded Modules (whitelisted) =============

2013-04-10 23:22 - 2014-05-20 03:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-06-22 14:15 - 2011-03-01 00:37 - 00095008 _____ () C:\Windows\System32\Primomonnt.dll
2013-04-10 18:50 - 2012-02-07 17:27 - 00121344 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2012-02-09 16:26 - 2012-02-09 16:26 - 00133632 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2012-02-09 16:26 - 2012-02-09 16:26 - 00048128 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2012-02-09 16:26 - 2012-02-09 16:26 - 00036864 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetDetect.dll
2013-04-10 18:46 - 2012-03-19 09:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-04-10 18:58 - 2011-05-19 09:58 - 00246784 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2014-06-16 17:02 - 2014-06-16 17:02 - 00014848 ____N () C:\Users\W4RKN1T3\AppData\Local\Apps\2.0\2EOOOEKC.JKV\4XTQDLCD.1GT\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\Curse.CurseClient.WowDb.dll
2013-10-31 17:46 - 2013-10-31 17:44 - 00035840 _____ () C:\Users\W4RKN1T3\AppData\Local\Apps\2.0\2EOOOEKC.JKV\4XTQDLCD.1GT\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\Curse.Advertising.dll
2014-06-16 17:02 - 2014-06-16 17:02 - 00099840 ____N () C:\Users\W4RKN1T3\AppData\Local\Apps\2.0\2EOOOEKC.JKV\4XTQDLCD.1GT\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\Curse.CurseClient.CMOD2.dll
2013-04-10 18:55 - 2012-01-13 15:47 - 01448744 _____ () C:\Program Files\ASRock Utility\XFast RAM\asrRd.exe
2011-08-12 12:20 - 2011-08-12 12:20 - 01260568 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\UMVPLMute.dll
2011-08-12 12:19 - 2011-08-12 12:19 - 00221208 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\FxPreview.dll
2011-08-12 12:20 - 2011-08-12 12:20 - 01349656 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\MRSystem.dll
2011-08-12 12:20 - 2011-08-12 12:20 - 00135192 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\MapTrackData.dll
2011-08-12 12:20 - 2011-08-12 12:20 - 01323032 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\MMSystem.dll
2011-08-12 12:20 - 2011-08-12 12:20 - 00294424 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\VMSystem.dll
2014-05-22 00:47 - 2014-04-30 02:08 - 01135104 _____ () C:\Program Files (x86)\Steam\libavcodec-55.dll
2014-04-23 19:11 - 2014-04-30 02:08 - 00471552 _____ () C:\Program Files (x86)\Steam\libavutil-53.dll
2014-05-22 00:47 - 2014-04-30 02:08 - 00404992 _____ () C:\Program Files (x86)\Steam\libavformat-55.dll
2014-01-12 02:41 - 2014-04-30 02:08 - 00340992 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2013-03-25 14:23 - 2014-05-17 03:36 - 00756224 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-22 00:47 - 2014-05-29 19:37 - 02139840 _____ () C:\Program Files (x86)\Steam\video.dll
2014-05-22 00:47 - 2014-04-29 02:37 - 00519168 _____ () C:\Program Files (x86)\Steam\libswscale-2.dll
2013-03-29 11:53 - 2014-05-29 19:36 - 01116864 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-03-26 16:16 - 2014-05-02 01:35 - 20628160 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2012-12-11 09:51 - 2013-06-15 01:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2012-12-11 09:51 - 2013-06-15 01:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2012-12-11 09:51 - 2013-06-15 01:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 02145304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 07956504 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00342552 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00029208 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00128536 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2014-06-11 06:48 - 2014-06-11 06:48 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-06-25 21:04 - 2014-06-25 21:04 - 26065408 _____ () C:\Program Files (x86)\Battle.net\Battle.net.4767\libcef.dll
2014-06-25 21:04 - 2014-06-25 21:04 - 00739840 _____ () C:\Program Files (x86)\Battle.net\Battle.net.4767\libglesv2.dll
2014-06-25 21:04 - 2014-06-25 21:04 - 00130048 _____ () C:\Program Files (x86)\Battle.net\Battle.net.4767\libegl.dll
2013-04-10 18:47 - 2013-04-10 18:47 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c27f6918e0d9f765aba90b1dc11c53f9\IsdiInterop.ni.dll
2013-04-10 18:48 - 2011-11-29 20:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-04-10 18:49 - 2012-02-07 17:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-05-22 12:24 - 2014-06-17 03:36 - 23950848 _____ () C:\Users\Public\Games\World of Warcraft\Utils\libcef.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00113171 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 02396179 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00268307 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00027667 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00031251 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00066579 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 02021395 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00100371 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00240659 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00076307 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00045587 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00060947 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00531475 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00708627 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00114195 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00040467 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00014867 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00133139 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 01512467 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00296979 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 01248787 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00189971 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00054291 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00038419 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 11148307 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00116755 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_http_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00036371 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00291859 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00017939 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 01280019 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00018451 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00336403 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00344595 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00198675 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00027155 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libg711_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00015891 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 01371667 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00146451 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00022035 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00733203 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00018963 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00026131 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00171027 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libopus_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00019475 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liba52_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00019987 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 10396179 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00724499 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00026643 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_yuy2_sse2_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00019987 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_yuy2_mmx_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00555027 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libswscale_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00113683 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_rgb_sse2_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00027667 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi422_yuy2_sse2_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00019987 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi422_yuy2_mmx_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00053779 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_rgb_mmx_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00016915 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00015379 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00032275 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00018963 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00020499 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00017427 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00015379 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00015379 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00013843 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libyuvp_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00067091 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00013843 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00018963 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 01496083 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
2014-06-28 12:18 - 2014-06-28 12:18 - 17024688 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/28/2014 00:03:10 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (06/28/2014 05:42:40 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (06/26/2014 09:16:50 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (06/24/2014 08:49:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HMA.exe, version: 1.0.447.0, time stamp: 0x5149e0b4
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000013
Faulting process id: 0x2cc0
Faulting application start time: 0xHMA.exe0
Faulting application path: HMA.exe1
Faulting module path: HMA.exe2
Report Id: HMA.exe3

Error: (06/24/2014 09:05:50 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (06/23/2014 11:20:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vlc.exe, version: 2.1.3.0, time stamp: 0x00000004
Faulting module name: vlc.exe, version: 2.1.3.0, time stamp: 0x00000004
Exception code: 0xc0000005
Fault offset: 0x000018c5
Faulting process id: 0x2ee4
Faulting application start time: 0xvlc.exe0
Faulting application path: vlc.exe1
Faulting module path: vlc.exe2
Report Id: vlc.exe3

Error: (06/23/2014 11:18:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vlc.exe, version: 2.1.3.0, time stamp: 0x00000004
Faulting module name: vlc.exe, version: 2.1.3.0, time stamp: 0x00000004
Exception code: 0xc0000005
Fault offset: 0x000018c5
Faulting process id: 0x2880
Faulting application start time: 0xvlc.exe0
Faulting application path: vlc.exe1
Faulting module path: vlc.exe2
Report Id: vlc.exe3

Error: (06/23/2014 00:31:35 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (06/22/2014 02:05:58 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (06/20/2014 00:57:16 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.


System errors:
=============
Error: (06/28/2014 11:42:47 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (06/23/2014 02:08:41 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (06/22/2014 11:34:09 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (06/22/2014 09:05:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (06/22/2014 09:05:40 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (06/22/2014 04:26:54 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (06/08/2014 04:14:18 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 08:55:44 AM on ‎2014/‎06/‎08 was unexpected.

Error: (06/03/2014 07:50:57 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (06/02/2014 01:12:01 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (05/29/2014 00:52:24 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:50:19 AM on ‎2014/‎05/‎29 was unexpected.


Microsoft Office Sessions:
=========================
Error: (06/28/2014 00:03:10 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (06/28/2014 05:42:40 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (06/26/2014 09:16:50 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (06/24/2014 08:49:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HMA.exe1.0.447.05149e0b4unknown0.0.0.000000000c0000005000000132cc001cf8fc5179f6fbaC:\Program Files (x86)\Steam\steamapps\common\Hitman Absolution\HMA.exeunknown454ca99e-fbd0-11e3-a96c-bc5ff4856074

Error: (06/24/2014 09:05:50 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (06/23/2014 11:20:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.3.000000004vlc.exe2.1.3.000000004c0000005000018c52ee401cf8f28ed1d17beC:\Program Files (x86)\VideoLAN\VLC\vlc.exeC:\Program Files (x86)\VideoLAN\VLC\vlc.exe451000b5-fb1c-11e3-a96c-bc5ff4856074

Error: (06/23/2014 11:18:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.3.000000004vlc.exe2.1.3.000000004c0000005000018c5288001cf8f18dab8aa8cC:\Program Files (x86)\VideoLAN\VLC\vlc.exeC:\Program Files (x86)\VideoLAN\VLC\vlc.exedc723a5f-fb1b-11e3-a96c-bc5ff4856074

Error: (06/23/2014 00:31:35 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (06/22/2014 02:05:58 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (06/20/2014 00:57:16 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3


CodeIntegrity Errors:
===================================
  Date: 2014-04-08 10:01:22.963
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-08 10:01:22.958
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-08 10:01:22.953
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-08 10:01:20.762
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-08 10:01:20.757
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-08 10:01:20.753
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-08 10:01:20.082
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-s..rics-storageadapter_31bf3856ad364e35_6.1.7600.16385_none_d67ca3c3b6af653e\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-08 10:01:20.076
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-s..rics-storageadapter_31bf3856ad364e35_6.1.7600.16385_none_d67ca3c3b6af653e\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-08 10:01:20.071
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-s..rics-storageadapter_31bf3856ad364e35_6.1.7600.16385_none_d67ca3c3b6af653e\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-08 09:58:51.902
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7600.16385_none_5722666f137ae177\appid.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 63%
Total physical RAM: 8076.14 MB
Available physical RAM: 2987.79 MB
Total Pagefile: 16150.43 MB
Available Pagefile: 10340.76 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:32.44 GB) NTFS
Drive d: (NAGJUN2014) (CDROM) (Total:7.95 GB) (Free:0 GB) UDF
Drive e: (VERBATIM HD) (Fixed) (Total:1862.56 GB) (Free:765.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 1E6E364B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: C48C579F)
Partition 1: (Not Active) - (Size=-198626508800) - (Type=0C)

==================== End Of Log ============================

 

 

 

Thank you again for your assistance in this matter



#7 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:37 PM

Posted 28 June 2014 - 10:51 AM

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#8 Ender1981

Ender1981
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 28 June 2014 - 11:21 AM

Hi Machiavelli

 

Here are the results of the AdwCleaner as requested

 

# AdwCleaner v3.213 - Report created 28/06/2014 at 18:11:21
# Updated 23/06/2014 by Xplode
# Operating System : Windows 7 Professional  (64 bits)
# Username : W4RKN1T3 - WARKNITE
# Running from : C:\Users\W4RKN1T3\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[!] Folder Deleted : C:\ProgramData\AVG Security Toolbar
[!] Folder Deleted : C:\ProgramData\DeviceVM
[!] Folder Deleted : C:\Program Files (x86)\Conduit
[!] Folder Deleted : C:\Users\W4RKN1T3\AppData\Local\Conduit
[!] Folder Deleted : C:\Users\W4RKN1T3\AppData\LocalLow\Conduit
[!] Folder Deleted : C:\Users\W4RKN1T3\AppData\Roaming\DeviceVM
File Deleted : C:\Users\W4RKN1T3\AppData\Local\Temp\Uninstall.exe

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0F3DC9E0-C459-4A40-BCF8-747BD9322E10}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFE66D00-A56A-4F7F-81D7-4A28C5816D6C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.16385


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\W4RKN1T3\AppData\Roaming\Mozilla\Firefox\Profiles\4h95d05i.default\prefs.js ]

Line Deleted : user_pref("CT3289075_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1365622395621,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("smartbar.machineId", "JINAZ9RK/IRJ82VIA+3CRUYTRAJRVOBEV/OUHFJ6NHYTROIWAORZPEOEQ8KWAMHUYKMOIPJVLT/LNYZOFD56MQ");

-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3326 octets] - [28/06/2014 18:02:55]
AdwCleaner[S0].txt - [3284 octets] - [28/06/2014 18:11:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3344 octets] ##########
 



#9 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:37 PM

Posted 28 June 2014 - 11:28 AM

OK I will wait for the other results.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#10 Ender1981

Ender1981
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 28 June 2014 - 11:48 AM

Hi Machiavelli

 

Here is the MBAM scan log as requested

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2014/06/28
Scan Time: 06:21:50 PM
Logfile: MBAM scan log 28 June 2014 6.30PM.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.28.03
Rootkit Database: v2014.06.23.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7
CPU: x64
File System: NTFS
User: W4RKN1T3

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 293757
Time Elapsed: 11 min, 22 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

 

And here is the Junkware Removal Tool log you asked for

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Professional x64
Ran by W4RKN1T3 on 2014/06/28 at 18:42:09.99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskMrRobot-Setup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskMrRobot-Setup_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2457C00F-2F74-42EE-AED4-9510A03728A7}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"



~~~ FireFox

Emptied folder: C:\Users\W4RKN1T3\AppData\Roaming\mozilla\firefox\profiles\4h95d05i.default\minidumps [218 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2014/06/28 at 18:44:36.14
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

I will post the FRST Scan shortly



#11 Ender1981

Ender1981
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 28 June 2014 - 11:51 AM

Here is the FRST scan results as promised

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-06-2014 02
Ran by W4RKN1T3 (administrator) on WARKNITE on 28-06-2014 18:48:58
Running from C:\Users\W4RKN1T3\Downloads
Platform: Windows 7 Professional (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Fatal1ty Utility\FSTU\Bin\FSTU.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Verbatim) C:\Program Files (x86)\Verbatim\GREEN BUTTON\GREEN BUTTON.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUSB\XFastUsb.exe
(Curse) C:\Users\W4RKN1T3\AppData\Local\Apps\2.0\2EOOOEKC.JKV\4XTQDLCD.1GT\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\CurseClient.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.4767\Battle.net.exe
() C:\Program Files\ASRock Utility\XFast RAM\asrRd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [XFast LAN] => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [1441152 2011-10-19] (cFos Software GmbH)
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\THXCfg64.dll [26624 2011-05-13] (Creative Technology Ltd.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-25] (Logitech Inc.)
HKLM\...\Run: [Ask Mr. Robot] => C:\Program Files\AskMrRobot\AmrTray.exe [796160 2013-09-30] ()
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1279480 2014-05-30] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [XFastUSB] => C:\Program Files (x86)\XFastUSB\XFastUsb.exe [4934880 2013-04-10] (FNet Co., Ltd.)
HKLM-x32\...\Run: [THX TruStudio NB Settings] => C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [909824 2011-05-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [442712 2013-11-17] (Razer Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-03] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-4116402114-3448456545-381346044-1000\...\Run: [Fatal1tySTU] => [X]
HKU\S-1-5-21-4116402114-3448456545-381346044-1000\...\Run: [zASRockInstantBoot] => [X]
HKU\S-1-5-21-4116402114-3448456545-381346044-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1754816 2014-05-29] (Valve Corporation)
HKU\S-1-5-21-4116402114-3448456545-381346044-1000\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe [2907184 2014-06-25] (Blizzard Entertainment)
HKU\S-1-5-21-4116402114-3448456545-381346044-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-4116402114-3448456545-381346044-1000\...\MountPoints2: {5489a932-7af9-11e3-a6a6-bc5ff4856074} - F:\iLinker.exe
HKU\S-1-5-21-4116402114-3448456545-381346044-1000\...\MountPoints2: {5e6993cb-0ef5-11e3-a08c-bc5ff4856074} - E:\FingerVerify_2Lun.exe
HKU\S-1-5-21-4116402114-3448456545-381346044-1000\...\MountPoints2: {710d534b-a1fe-11e2-8ca6-806e6f6e6963} - D:\NAGRequirementsCheck.exe
HKU\S-1-5-21-4116402114-3448456545-381346044-1000\...\MountPoints2: {f12ebb49-a1f4-11e2-9704-806e6f6e6963} - D:\Setup.exe
Startup: C:\Users\W4RKN1T3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\W4RKN1T3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verbatim GREEN BUTTON.lnk
ShortcutTarget: Verbatim GREEN BUTTON.lnk -> C:\Program Files (x86)\Verbatim\GREEN BUTTON\GREEN BUTTON.exe (Verbatim)
ShellIconOverlayIdentifiers: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.za/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://howzit.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x34F56EF10D36CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-za
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH
SearchScopes: HKCU - {1DDD8925-96BE-4be8-96DB-C8994BD2221A} URL = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A6976579318&ie=UTF-8&q=&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A6976579318&q={searchTerms}
SearchScopes: HKCU - {FDBC0DCE-C5EF-4b4b-840A-A16EB938E962} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\W4RKN1T3\AppData\Roaming\Mozilla\Firefox\Profiles\4h95d05i.default
FF Homepage: hxxp://www.google.co.za/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: EPUBReader - C:\Users\W4RKN1T3\AppData\Roaming\Mozilla\Firefox\Profiles\4h95d05i.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2014-01-26]
FF Extension: Adblock Plus - C:\Users\W4RKN1T3\AppData\Roaming\Mozilla\Firefox\Profiles\4h95d05i.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-24]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-11]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-11]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-08-23]

Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: google.co.za
CHR Extension: (Google Docs) - C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-08]
CHR Extension: (Google Drive) - C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-15]
CHR Extension: (YouTube) - C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-08]
CHR Extension: (Google Search) - C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-08]
CHR Extension: (Google Wallet) - C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-08]
CHR Extension: (Gmail) - C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-08]
CHR HKCU\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\W4RKN1T3\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-03-26]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-03] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1039952 2014-06-03] (Avira Operations GmbH & Co. KG)
R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [395136 2011-10-19] (cFos Software GmbH)
S3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1030600 2013-06-05] (Macrovision Europe Ltd.) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [121344 2012-02-07] () [File not signed]
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation)
S3 wampapache; c:\wamp\bin\apache\apache2.4.4\bin\httpd.exe [24576 2013-06-23] (Apache Software Foundation) [File not signed]
S3 wampmysqld; c:\wamp\bin\mysql\mysql5.6.12\bin\mysqld.exe [12867584 2013-06-23] () [File not signed]

==================== Drivers (Whitelisted) ====================

R3 AsrHidFilter; C:\Windows\System32\DRIVERS\AsrHidFilter.sys [17928 2011-02-17] (ASRock Inc.)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2014-01-12] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2013-04-10] (FNet Co., Ltd.)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39080 2013-11-15] (Razer Inc)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-06-28] ()
R3 AxtuDrv; \??\C:\Windows\SysWOW64\Drivers\AxtuDrv.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-28 18:44 - 2014-06-28 18:44 - 00003032 _____ () C:\Windows\System32\Tasks\asrRd
2014-06-28 18:44 - 2014-06-28 18:44 - 00001233 _____ () C:\Users\W4RKN1T3\Desktop\JRT.txt
2014-06-28 18:41 - 2014-06-28 18:41 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-06-28 18:37 - 2014-06-28 18:37 - 00000000 ____D () C:\Windows\ERUNT
2014-06-28 18:35 - 2014-06-28 18:35 - 01016261 _____ (Thisisu) C:\Users\W4RKN1T3\Downloads\JRT.exe
2014-06-28 18:14 - 2014-06-28 18:14 - 00003432 _____ () C:\Users\W4RKN1T3\Desktop\AdwCleaner[S0].txt
2014-06-28 18:03 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-28 18:02 - 2014-06-28 18:11 - 00000000 ____D () C:\AdwCleaner
2014-06-28 18:01 - 2014-06-28 18:02 - 01342659 _____ () C:\Users\W4RKN1T3\Downloads\AdwCleaner.exe
2014-06-28 17:25 - 2014-06-28 17:25 - 00045423 _____ () C:\Users\W4RKN1T3\Desktop\Addition.txt
2014-06-28 17:25 - 2014-06-28 17:25 - 00032858 _____ () C:\Users\W4RKN1T3\Desktop\FRST.txt
2014-06-28 17:24 - 2014-06-28 17:24 - 00045423 _____ () C:\Users\W4RKN1T3\Downloads\Addition.txt
2014-06-28 17:23 - 2014-06-28 18:48 - 00019586 _____ () C:\Users\W4RKN1T3\Downloads\FRST.txt
2014-06-28 17:21 - 2014-06-28 18:48 - 00000000 ____D () C:\FRST
2014-06-28 17:20 - 2014-06-28 17:20 - 02083328 _____ (Farbar) C:\Users\W4RKN1T3\Downloads\FRST64.exe
2014-06-28 13:29 - 2014-06-28 13:31 - 00005317 _____ () C:\Users\W4RKN1T3\Desktop\attach.txt
2014-06-28 13:29 - 2014-06-28 13:30 - 00018884 _____ () C:\Users\W4RKN1T3\Desktop\dds.txt
2014-06-28 13:22 - 2014-06-28 13:23 - 00688992 ____R (Swearware) C:\Users\W4RKN1T3\Desktop\dds.com
2014-06-28 01:08 - 2014-06-28 18:21 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-28 01:08 - 2014-06-28 01:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-28 01:08 - 2014-06-28 01:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-28 01:08 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-28 01:08 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-22 16:27 - 2014-06-22 16:34 - 00000000 ____D () C:\Users\W4RKN1T3\Documents\Witcher 2
2014-06-22 16:27 - 2014-06-22 16:27 - 00000000 ____D () C:\Users\W4RKN1T3\AppData\Local\The Witcher 2
2014-06-15 12:16 - 2014-06-15 12:16 - 00000000 ____D () C:\Users\W4RKN1T3\AppData\Local\TB
2014-06-11 06:48 - 2014-06-11 06:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-03 07:50 - 2014-05-30 01:07 - 01715176 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-06-03 07:50 - 2014-05-30 01:07 - 01291232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-05-30 08:10 - 2014-05-30 08:10 - 01272912 _____ (BitTorrent Inc.) C:\Users\W4RKN1T3\Downloads\uTorrent(1).exe

==================== One Month Modified Files and Folders =======

2014-06-28 18:49 - 2014-06-28 17:23 - 00019586 _____ () C:\Users\W4RKN1T3\Downloads\FRST.txt
2014-06-28 18:48 - 2014-06-28 17:21 - 00000000 ____D () C:\FRST
2014-06-28 18:48 - 2013-10-10 09:00 - 00000000 ____D () C:\Users\W4RKN1T3\AppData\Local\Battle.net
2014-06-28 18:47 - 2009-07-14 07:13 - 00778150 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-28 18:44 - 2014-06-28 18:44 - 00003032 _____ () C:\Windows\System32\Tasks\asrRd
2014-06-28 18:44 - 2014-06-28 18:44 - 00001233 _____ () C:\Users\W4RKN1T3\Desktop\JRT.txt
2014-06-28 18:44 - 2014-02-27 19:36 - 00002966 _____ () C:\Windows\System32\Tasks\FSTU
2014-06-28 18:42 - 2013-10-31 17:43 - 00000000 ____D () C:\Users\W4RKN1T3\AppData\Local\Deployment
2014-06-28 18:42 - 2013-07-27 06:16 - 00000000 ____D () C:\Users\W4RKN1T3\AppData\Roaming\Skype
2014-06-28 18:41 - 2014-06-28 18:41 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-06-28 18:41 - 2014-04-08 07:51 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-28 18:41 - 2014-03-22 14:11 - 00015485 _____ () C:\Windows\setupact.log
2014-06-28 18:41 - 2013-04-10 20:35 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-28 18:41 - 2013-04-10 18:54 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-06-28 18:41 - 2013-04-10 18:50 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-06-28 18:41 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-28 18:40 - 2014-03-22 14:10 - 00463548 _____ () C:\Windows\PFRO.log
2014-06-28 18:40 - 2013-04-10 23:23 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-28 18:39 - 2013-04-10 17:43 - 00583047 _____ () C:\Windows\WindowsUpdate.log
2014-06-28 18:37 - 2014-06-28 18:37 - 00000000 ____D () C:\Windows\ERUNT
2014-06-28 18:35 - 2014-06-28 18:35 - 01016261 _____ (Thisisu) C:\Users\W4RKN1T3\Downloads\JRT.exe
2014-06-28 18:22 - 2009-07-14 06:45 - 00020512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-28 18:22 - 2009-07-14 06:45 - 00020512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-28 18:21 - 2014-06-28 01:08 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-28 18:14 - 2014-06-28 18:14 - 00003432 _____ () C:\Users\W4RKN1T3\Desktop\AdwCleaner[S0].txt
2014-06-28 18:11 - 2014-06-28 18:02 - 00000000 ____D () C:\AdwCleaner
2014-06-28 18:11 - 2014-05-27 01:04 - 00000000 ____D () C:\NVIDIA
2014-06-28 18:11 - 2013-04-10 18:16 - 00000000 ____D () C:\Users\W4RKN1T3
2014-06-28 18:07 - 2014-04-08 07:51 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-28 18:02 - 2014-06-28 18:01 - 01342659 _____ () C:\Users\W4RKN1T3\Downloads\AdwCleaner.exe
2014-06-28 18:02 - 2013-07-31 17:34 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-28 17:25 - 2014-06-28 17:25 - 00045423 _____ () C:\Users\W4RKN1T3\Desktop\Addition.txt
2014-06-28 17:25 - 2014-06-28 17:25 - 00032858 _____ () C:\Users\W4RKN1T3\Desktop\FRST.txt
2014-06-28 17:24 - 2014-06-28 17:24 - 00045423 _____ () C:\Users\W4RKN1T3\Downloads\Addition.txt
2014-06-28 17:20 - 2014-06-28 17:20 - 02083328 _____ (Farbar) C:\Users\W4RKN1T3\Downloads\FRST64.exe
2014-06-28 13:31 - 2014-06-28 13:29 - 00005317 _____ () C:\Users\W4RKN1T3\Desktop\attach.txt
2014-06-28 13:30 - 2014-06-28 13:29 - 00018884 _____ () C:\Users\W4RKN1T3\Desktop\dds.txt
2014-06-28 13:23 - 2014-06-28 13:22 - 00688992 ____R (Swearware) C:\Users\W4RKN1T3\Desktop\dds.com
2014-06-28 12:18 - 2013-07-31 17:34 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-28 12:18 - 2013-04-11 19:01 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-28 12:18 - 2013-04-11 19:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-28 12:02 - 2014-03-31 19:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-28 12:02 - 2009-07-14 06:45 - 00000000 ____D () C:\Windows\Setup
2014-06-28 12:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Vss
2014-06-28 12:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system
2014-06-28 10:00 - 2013-04-10 18:50 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-06-28 02:45 - 2013-06-12 21:26 - 00000000 ____D () C:\Users\W4RKN1T3\AppData\Roaming\vlc
2014-06-28 01:08 - 2014-06-28 01:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-28 01:08 - 2014-06-28 01:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-28 01:08 - 2014-03-22 14:01 - 00000000 ____D () C:\Users\W4RKN1T3\AppData\Roaming\Malwarebytes
2014-06-28 01:08 - 2014-03-22 14:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-27 15:18 - 2013-04-10 20:30 - 00000000 ____D () C:\Users\W4RKN1T3\AppData\Roaming\uTorrent
2014-06-25 22:36 - 2013-10-10 09:00 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-06-24 20:49 - 2013-04-10 19:06 - 00000000 ____D () C:\Users\W4RKN1T3\AppData\Local\CrashDumps
2014-06-22 23:50 - 2013-08-28 16:18 - 00000000 ____D () C:\Users\W4RKN1T3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-06-22 23:08 - 2013-04-11 00:12 - 00000000 ____D () C:\Users\W4RKN1T3\AppData\Roaming\Mumble
2014-06-22 16:34 - 2014-06-22 16:27 - 00000000 ____D () C:\Users\W4RKN1T3\Documents\Witcher 2
2014-06-22 16:27 - 2014-06-22 16:27 - 00000000 ____D () C:\Users\W4RKN1T3\AppData\Local\The Witcher 2
2014-06-22 16:27 - 2014-04-23 19:46 - 00035620 _____ () C:\Windows\DirectX.log
2014-06-22 10:28 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-19 23:02 - 2014-04-08 07:51 - 00003898 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-19 23:02 - 2014-04-08 07:51 - 00003646 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-15 12:16 - 2014-06-15 12:16 - 00000000 ____D () C:\Users\W4RKN1T3\AppData\Local\TB
2014-06-13 02:02 - 2014-04-08 07:54 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-11 06:48 - 2014-06-11 06:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-11 06:03 - 2012-05-16 17:03 - 00000000 ____D () C:\Program Files\Diablo III
2014-06-04 19:45 - 2014-05-25 23:01 - 00000000 ____D () C:\Users\W4RKN1T3\AppData\Local\Game Dev Tycoon - Steam
2014-06-03 14:02 - 2014-03-22 13:58 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-03 14:02 - 2014-03-22 13:58 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-03 07:50 - 2013-04-10 23:21 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-05-30 08:12 - 2014-01-24 08:48 - 00000796 _____ () C:\Users\W4RKN1T3\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-05-30 08:10 - 2014-05-30 08:10 - 01272912 _____ (BitTorrent Inc.) C:\Users\W4RKN1T3\Downloads\uTorrent(1).exe
2014-05-30 01:07 - 2014-06-03 07:50 - 01715176 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-05-30 01:07 - 2014-06-03 07:50 - 01291232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-05-30 01:07 - 2013-11-15 20:11 - 01279480 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-05-30 01:07 - 2013-11-15 20:11 - 01122312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-05-29 00:56 - 2013-12-09 13:20 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-05-29 00:52 - 2009-07-14 07:08 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

Some content of TEMP:
====================
C:\Users\W4RKN1T3\AppData\Local\Temp\avgnt.exe
C:\Users\W4RKN1T3\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\W4RKN1T3\AppData\Local\Temp\nitro_reader3_x64.exe
C:\Users\W4RKN1T3\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\W4RKN1T3\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\W4RKN1T3\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\W4RKN1T3\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\W4RKN1T3\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\W4RKN1T3\AppData\Local\Temp\nvStInst.exe
C:\Users\W4RKN1T3\AppData\Local\Temp\Quarantine.exe
C:\Users\W4RKN1T3\AppData\Local\Temp\SkypeSetup.exe
C:\Users\W4RKN1T3\AppData\Local\Temp\uttFE67.tmp.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-28 05:41

==================== End Of Log ============================

 

 

I hope this helps :)



#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:37 PM

Posted 28 June 2014 - 01:09 PM

Step 1: FRST Fix
  • Please download the attached fixlist.txt file and save it to the same location as FRST

    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please disable your AntiVirus before doing these steps!
  • If you have Win Vista / Win 7 / Win 8 please start IE as Administrator!
  • This will only work for Internet Explorer or FireFox
  • Please download ESET Online Scanner from here
  • How to do this?
    • Visit this website here
    • You will see a screen like this:


e922iil8.png

  • Click Run ESET Online Scanner

    4e3svhbd.png
  • A Window will open (see above) - please click on the link
  • A window will pop up - please download the file to your Desktop
  • When the download has finished please run the program (for Win Vista/ Win7 / Win 8 User please run it as Administrator)

    p35jbmyy.png
  • Tick the box next to YES, I accept the Terms of Use then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.

    p3b9meru.png
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Then click on Start
  • virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • After the scan is finished please click on Finish
  • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

Attached Files


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 Ender1981

Ender1981
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 28 June 2014 - 01:35 PM

Hi Machiavelli

 

Just did the FRST Fix and here is the log

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-06-2014 02
Ran by W4RKN1T3 at 2014-06-28 20:17:08 Run:1
Running from C:\Users\W4RKN1T3\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-4116402114-3448456545-381346044-1000\...\Run: [Fatal1tySTU] => [X]
HKU\S-1-5-21-4116402114-3448456545-381346044-1000\...\Run: [zASRockInstantBoot] => [X]
HKU\S-1-5-21-4116402114-3448456545-381346044-1000\...\MountPoints2: {5489a932-7af9-11e3-a6a6-bc5ff4856074} - F:\iLinker.exe
HKU\S-1-5-21-4116402114-3448456545-381346044-1000\...\MountPoints2: {5e6993cb-0ef5-11e3-a08c-bc5ff4856074} - E:\FingerVerify_2Lun.exe
HKU\S-1-5-21-4116402114-3448456545-381346044-1000\...\MountPoints2: {710d534b-a1fe-11e2-8ca6-806e6f6e6963} - D:\NAGRequirementsCheck.exe
HKU\S-1-5-21-4116402114-3448456545-381346044-1000\...\MountPoints2: {f12ebb49-a1f4-11e2-9704-806e6f6e6963} - D:\Setup.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {FDBC0DCE-C5EF-4b4b-840A-A16EB938E962} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
C:\Users\W4RKN1T3\AppData\Local\Temp\avgnt.exe
C:\Users\W4RKN1T3\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\W4RKN1T3\AppData\Local\Temp\nitro_reader3_x64.exe
C:\Users\W4RKN1T3\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\W4RKN1T3\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\W4RKN1T3\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\W4RKN1T3\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\W4RKN1T3\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\W4RKN1T3\AppData\Local\Temp\nvStInst.exe
C:\Users\W4RKN1T3\AppData\Local\Temp\Quarantine.exe
C:\Users\W4RKN1T3\AppData\Local\Temp\SkypeSetup.exe
C:\Users\W4RKN1T3\AppData\Local\Temp\uttFE67.tmp.exe
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-4116402114-3448456545-381346044-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Fatal1tySTU => value deleted successfully.
HKU\S-1-5-21-4116402114-3448456545-381346044-1000\Software\Microsoft\Windows\CurrentVersion\Run\\zASRockInstantBoot => value deleted successfully.
'HKU\S-1-5-21-4116402114-3448456545-381346044-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5489a932-7af9-11e3-a6a6-bc5ff4856074}' => Key deleted successfully.
'HKCR\CLSID\{5489a932-7af9-11e3-a6a6-bc5ff4856074}'=> Key not found.
'HKU\S-1-5-21-4116402114-3448456545-381346044-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e6993cb-0ef5-11e3-a08c-bc5ff4856074}' => Key deleted successfully.
'HKCR\CLSID\{5e6993cb-0ef5-11e3-a08c-bc5ff4856074}'=> Key not found.
'HKU\S-1-5-21-4116402114-3448456545-381346044-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{710d534b-a1fe-11e2-8ca6-806e6f6e6963}' => Key deleted successfully.
'HKCR\CLSID\{710d534b-a1fe-11e2-8ca6-806e6f6e6963}'=> Key not found.
'HKU\S-1-5-21-4116402114-3448456545-381346044-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f12ebb49-a1f4-11e2-9704-806e6f6e6963}' => Key deleted successfully.
'HKCR\CLSID\{f12ebb49-a1f4-11e2-9704-806e6f6e6963}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FDBC0DCE-C5EF-4b4b-840A-A16EB938E962}' => Key deleted successfully.
'HKCR\CLSID\{FDBC0DCE-C5EF-4b4b-840A-A16EB938E962}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
'HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}'=> Key not found.
C:\Users\W4RKN1T3\AppData\Local\Temp\avgnt.exe => Moved successfully.
C:\Users\W4RKN1T3\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe => Moved successfully.
C:\Users\W4RKN1T3\AppData\Local\Temp\nitro_reader3_x64.exe => Moved successfully.
C:\Users\W4RKN1T3\AppData\Local\Temp\nv3DVStreaming.dll => Moved successfully.
C:\Users\W4RKN1T3\AppData\Local\Temp\nvSCPAPI.dll => Moved successfully.
C:\Users\W4RKN1T3\AppData\Local\Temp\nvSCPAPI64.dll => Moved successfully.
C:\Users\W4RKN1T3\AppData\Local\Temp\nvSCPAPISvr.exe => Moved successfully.
C:\Users\W4RKN1T3\AppData\Local\Temp\nvStereoApiI.dll => Moved successfully.
C:\Users\W4RKN1T3\AppData\Local\Temp\nvStInst.exe => Moved successfully.
C:\Users\W4RKN1T3\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\W4RKN1T3\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\W4RKN1T3\AppData\Local\Temp\uttFE67.tmp.exe => Moved successfully.

==== End of Fixlog ====

 

 

 

 

Here is the FRST log as requested

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-06-2014 02
Ran by W4RKN1T3 (administrator) on WARKNITE on 28-06-2014 20:18:53
Running from C:\Users\W4RKN1T3\Desktop
Platform: Windows 7 Professional (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Fatal1ty Utility\FSTU\Bin\FSTU.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Verbatim) C:\Program Files (x86)\Verbatim\GREEN BUTTON\GREEN BUTTON.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUSB\XFastUsb.exe
(Curse) C:\Users\W4RKN1T3\AppData\Local\Apps\2.0\2EOOOEKC.JKV\4XTQDLCD.1GT\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\CurseClient.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.4767\Battle.net.exe
() C:\Program Files\ASRock Utility\XFast RAM\asrRd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [XFast LAN] => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [1441152 2011-10-19] (cFos Software GmbH)
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\THXCfg64.dll [26624 2011-05-13] (Creative Technology Ltd.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-25] (Logitech Inc.)
HKLM\...\Run: [Ask Mr. Robot] => C:\Program Files\AskMrRobot\AmrTray.exe [796160 2013-09-30] ()
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1279480 2014-05-30] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [XFastUSB] => C:\Program Files (x86)\XFastUSB\XFastUsb.exe [4934880 2013-04-10] (FNet Co., Ltd.)
HKLM-x32\...\Run: [THX TruStudio NB Settings] => C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [909824 2011-05-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [442712 2013-11-17] (Razer Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-03] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-4116402114-3448456545-381346044-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1754816 2014-05-29] (Valve Corporation)
HKU\S-1-5-21-4116402114-3448456545-381346044-1000\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe [2907184 2014-06-25] (Blizzard Entertainment)
HKU\S-1-5-21-4116402114-3448456545-381346044-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
Startup: C:\Users\W4RKN1T3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\W4RKN1T3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verbatim GREEN BUTTON.lnk
ShortcutTarget: Verbatim GREEN BUTTON.lnk -> C:\Program Files (x86)\Verbatim\GREEN BUTTON\GREEN BUTTON.exe (Verbatim)
ShellIconOverlayIdentifiers: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.za/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://howzit.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x34F56EF10D36CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-za
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH
SearchScopes: HKCU - {1DDD8925-96BE-4be8-96DB-C8994BD2221A} URL = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A6976579318&ie=UTF-8&q=&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A6976579318&q={searchTerms}
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\W4RKN1T3\AppData\Roaming\Mozilla\Firefox\Profiles\4h95d05i.default
FF Homepage: hxxp://www.google.co.za/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: EPUBReader - C:\Users\W4RKN1T3\AppData\Roaming\Mozilla\Firefox\Profiles\4h95d05i.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2014-01-26]
FF Extension: Adblock Plus - C:\Users\W4RKN1T3\AppData\Roaming\Mozilla\Firefox\Profiles\4h95d05i.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-24]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-11]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-11]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-08-23]

Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: google.co.za
CHR Extension: (Google Docs) - C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-08]
CHR Extension: (Google Drive) - C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-15]
CHR Extension: (YouTube) - C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-08]
CHR Extension: (Google Search) - C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-08]
CHR Extension: (Google Wallet) - C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-08]
CHR Extension: (Gmail) - C:\Users\W4RKN1T3\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-08]
CHR HKCU\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\W4RKN1T3\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-03-26]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-03] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1039952 2014-06-03] (Avira Operations GmbH & Co. KG)
R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [395136 2011-10-19] (cFos Software GmbH)
S3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1030600 2013-06-05] (Macrovision Europe Ltd.) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [121344 2012-02-07] () [File not signed]
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation)
S3 wampapache; c:\wamp\bin\apache\apache2.4.4\bin\httpd.exe [24576 2013-06-23] (Apache Software Foundation) [File not signed]
S3 wampmysqld; c:\wamp\bin\mysql\mysql5.6.12\bin\mysqld.exe [12867584 2013-06-23] () [File not signed]

==================== Drivers (Whitelisted) ====================

R3 AsrHidFilter; C:\Windows\System32\DRIVERS\AsrHidFilter.sys [17928 2011-02-17] (ASRock Inc.)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2014-01-12] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2013-04-10] (FNet Co., Ltd.)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39080 2013-11-15] (Razer Inc)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-06-28] ()
R3 AxtuDrv; \??\C:\Windows\SysWOW64\Drivers\AxtuDrv.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-28 18:49 - 2014-06-28 18:49 - 00032345 _____ () C:\Users\W4RKN1T3\Desktop\FRST 28.6.2014 6.49PM.txt
2014-06-28 18:44 - 2014-06-28 18:44 - 00003032 _____ () C:\Windows\System32\Tasks\asrRd
2014-06-28 18:44 - 2014-06-28 18:44 - 00001233 _____ () C:\Users\W4RKN1T3\Desktop\JRT.txt
2014-06-28 18:41 - 2014-06-28 18:41 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-06-28 18:37 - 2014-06-28 18:37 - 00000000 ____D () C:\Windows\ERUNT
2014-06-28 18:35 - 2014-06-28 18:35 - 01016261 _____ (Thisisu) C:\Users\W4RKN1T3\Desktop\JRT.exe
2014-06-28 18:14 - 2014-06-28 18:14 - 00003432 _____ () C:\Users\W4RKN1T3\Desktop\AdwCleaner[S0].txt
2014-06-28 18:03 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-28 18:02 - 2014-06-28 18:11 - 00000000 ____D () C:\AdwCleaner
2014-06-28 18:01 - 2014-06-28 18:02 - 01342659 _____ () C:\Users\W4RKN1T3\Desktop\AdwCleaner.exe
2014-06-28 17:25 - 2014-06-28 20:18 - 00018588 _____ () C:\Users\W4RKN1T3\Desktop\FRST.txt
2014-06-28 17:25 - 2014-06-28 17:25 - 00045423 _____ () C:\Users\W4RKN1T3\Desktop\Addition.txt
2014-06-28 17:24 - 2014-06-28 17:24 - 00045423 _____ () C:\Users\W4RKN1T3\Downloads\Addition.txt
2014-06-28 17:23 - 2014-06-28 18:49 - 00032345 _____ () C:\Users\W4RKN1T3\Downloads\FRST.txt
2014-06-28 17:21 - 2014-06-28 20:18 - 00000000 ____D () C:\FRST
2014-06-28 17:20 - 2014-06-28 17:20 - 02083328 _____ (Farbar) C:\Users\W4RKN1T3\Desktop\FRST64.exe
2014-06-28 13:29 - 2014-06-28 13:31 - 00005317 _____ () C:\Users\W4RKN1T3\Desktop\attach.txt
2014-06-28 13:29 - 2014-06-28 13:30 - 00018884 _____ () C:\Users\W4RKN1T3\Desktop\dds.txt
2014-06-28 13:22 - 2014-06-28 13:23 - 00688992 ____R (Swearware) C:\Users\W4RKN1T3\Desktop\dds.com
2014-06-28 01:08 - 2014-06-28 18:21 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-28 01:08 - 2014-06-28 01:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-28 01:08 - 2014-06-28 01:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-28 01:08 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-28 01:08 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-22 16:27 - 2014-06-22 16:34 - 00000000 ____D () C:\Users\W4RKN1T3\Documents\Witcher 2
2014-06-22 16:27 - 2014-06-22 16:27 - 00000000 ____D () C:\Users\W4RKN1T3\AppData\Local\The Witcher 2
2014-06-15 12:16 - 2014-06-15 12:16 - 00000000 ____D () C:\Users\W4RKN1T3\AppData\Local\TB
2014-06-11 06:48 - 2014-06-11 06:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-03 07:50 - 2014-05-30 01:07 - 01715176 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-06-03 07:50 - 2014-05-30 01:07 - 01291232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-05-30 08:10 - 2014-05-30 08:10 - 01272912 _____ (BitTorrent Inc.) C:\Users\W4RKN1T3\Downloads\uTorrent(1).exe

==================== One Month Modified Files and Folders =======

2014-06-28 20:19 - 2014-06-28 17:25 - 00018588 _____ () C:\Users\W4RKN1T3\Desktop\FRST.txt
2014-06-28 20:18 - 2014-06-28 17:21 - 00000000 ____D () C:\FRST
2014-06-28 20:18 - 2013-10-10 09:00 - 00000000 ____D () C:\Users\W4RKN1T3\AppData\Local\Battle.net
2014-06-28 20:18 - 2013-07-27 06:16 - 00000000 ____D () C:\Users\W4RKN1T3\AppData\Roaming\Skype
2014-06-28 20:13 - 2013-06-12 21:26 - 00000000 ____D () C:\Users\W4RKN1T3\AppData\Roaming\vlc
2014-06-28 20:07 - 2014-04-08 07:51 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-28 20:02 - 2013-07-31 17:34 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-28 19:55 - 2013-10-31 17:43 - 00000000 ____D () C:\Users\W4RKN1T3\AppData\Local\Deployment
2014-06-28 18:49 - 2014-06-28 18:49 - 00032345 _____ () C:\Users\W4RKN1T3\Desktop\FRST 28.6.2014 6.49PM.txt
2014-06-28 18:49 - 2014-06-28 17:23 - 00032345 _____ () C:\Users\W4RKN1T3\Downloads\FRST.txt
2014-06-28 18:49 - 2009-07-14 06:45 - 00020512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-28 18:49 - 2009-07-14 06:45 - 00020512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-28 18:47 - 2009-07-14 07:13 - 00778150 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-28 18:45 - 2013-04-10 17:43 - 00583047 _____ () C:\Windows\WindowsUpdate.log
2014-06-28 18:44 - 2014-06-28 18:44 - 00003032 _____ () C:\Windows\System32\Tasks\asrRd
2014-06-28 18:44 - 2014-06-28 18:44 - 00001233 _____ () C:\Users\W4RKN1T3\Desktop\JRT.txt
2014-06-28 18:44 - 2014-02-27 19:36 - 00002966 _____ () C:\Windows\System32\Tasks\FSTU
2014-06-28 18:41 - 2014-06-28 18:41 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-06-28 18:41 - 2014-04-08 07:51 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-28 18:41 - 2014-03-22 14:11 - 00015485 _____ () C:\Windows\setupact.log
2014-06-28 18:41 - 2013-04-10 20:35 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-28 18:41 - 2013-04-10 18:54 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-06-28 18:41 - 2013-04-10 18:50 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-06-28 18:41 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-28 18:40 - 2014-03-22 14:10 - 00463548 _____ () C:\Windows\PFRO.log
2014-06-28 18:40 - 2013-04-10 23:23 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-28 18:37 - 2014-06-28 18:37 - 00000000 ____D () C:\Windows\ERUNT
2014-06-28 18:35 - 2014-06-28 18:35 - 01016261 _____ (Thisisu) C:\Users\W4RKN1T3\Desktop\JRT.exe
2014-06-28 18:21 - 2014-06-28 01:08 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-28 18:14 - 2014-06-28 18:14 - 00003432 _____ () C:\Users\W4RKN1T3\Desktop\AdwCleaner[S0].txt
2014-06-28 18:11 - 2014-06-28 18:02 - 00000000 ____D () C:\AdwCleaner
2014-06-28 18:11 - 2014-05-27 01:04 - 00000000 ____D () C:\NVIDIA
2014-06-28 18:11 - 2013-04-10 18:16 - 00000000 ____D () C:\Users\W4RKN1T3
2014-06-28 18:02 - 2014-06-28 18:01 - 01342659 _____ () C:\Users\W4RKN1T3\Desktop\AdwCleaner.exe
2014-06-28 17:25 - 2014-06-28 17:25 - 00045423 _____ () C:\Users\W4RKN1T3\Desktop\Addition.txt
2014-06-28 17:24 - 2014-06-28 17:24 - 00045423 _____ () C:\Users\W4RKN1T3\Downloads\Addition.txt
2014-06-28 17:20 - 2014-06-28 17:20 - 02083328 _____ (Farbar) C:\Users\W4RKN1T3\Desktop\FRST64.exe
2014-06-28 13:31 - 2014-06-28 13:29 - 00005317 _____ () C:\Users\W4RKN1T3\Desktop\attach.txt
2014-06-28 13:30 - 2014-06-28 13:29 - 00018884 _____ () C:\Users\W4RKN1T3\Desktop\dds.txt
2014-06-28 13:23 - 2014-06-28 13:22 - 00688992 ____R (Swearware) C:\Users\W4RKN1T3\Desktop\dds.com
2014-06-28 12:18 - 2013-07-31 17:34 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-28 12:18 - 2013-04-11 19:01 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-28 12:18 - 2013-04-11 19:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-28 12:02 - 2014-03-31 19:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-28 12:02 - 2009-07-14 06:45 - 00000000 ____D () C:\Windows\Setup
2014-06-28 12:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Vss
2014-06-28 12:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system
2014-06-28 10:00 - 2013-04-10 18:50 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-06-28 01:08 - 2014-06-28 01:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-28 01:08 - 2014-06-28 01:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-28 01:08 - 2014-03-22 14:01 - 00000000 ____D () C:\Users\W4RKN1T3\AppData\Roaming\Malwarebytes
2014-06-28 01:08 - 2014-03-22 14:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-27 15:18 - 2013-04-10 20:30 - 00000000 ____D () C:\Users\W4RKN1T3\AppData\Roaming\uTorrent
2014-06-25 22:36 - 2013-10-10 09:00 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-06-24 20:49 - 2013-04-10 19:06 - 00000000 ____D () C:\Users\W4RKN1T3\AppData\Local\CrashDumps
2014-06-22 23:50 - 2013-08-28 16:18 - 00000000 ____D () C:\Users\W4RKN1T3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-06-22 23:08 - 2013-04-11 00:12 - 00000000 ____D () C:\Users\W4RKN1T3\AppData\Roaming\Mumble
2014-06-22 16:34 - 2014-06-22 16:27 - 00000000 ____D () C:\Users\W4RKN1T3\Documents\Witcher 2
2014-06-22 16:27 - 2014-06-22 16:27 - 00000000 ____D () C:\Users\W4RKN1T3\AppData\Local\The Witcher 2
2014-06-22 16:27 - 2014-04-23 19:46 - 00035620 _____ () C:\Windows\DirectX.log
2014-06-22 10:28 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-19 23:02 - 2014-04-08 07:51 - 00003898 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-19 23:02 - 2014-04-08 07:51 - 00003646 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-15 12:16 - 2014-06-15 12:16 - 00000000 ____D () C:\Users\W4RKN1T3\AppData\Local\TB
2014-06-13 02:02 - 2014-04-08 07:54 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-11 06:48 - 2014-06-11 06:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-11 06:03 - 2012-05-16 17:03 - 00000000 ____D () C:\Program Files\Diablo III
2014-06-04 19:45 - 2014-05-25 23:01 - 00000000 ____D () C:\Users\W4RKN1T3\AppData\Local\Game Dev Tycoon - Steam
2014-06-03 14:02 - 2014-03-22 13:58 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-03 14:02 - 2014-03-22 13:58 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-03 07:50 - 2013-04-10 23:21 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-05-30 08:12 - 2014-01-24 08:48 - 00000796 _____ () C:\Users\W4RKN1T3\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-05-30 08:10 - 2014-05-30 08:10 - 01272912 _____ (BitTorrent Inc.) C:\Users\W4RKN1T3\Downloads\uTorrent(1).exe
2014-05-30 01:07 - 2014-06-03 07:50 - 01715176 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-05-30 01:07 - 2014-06-03 07:50 - 01291232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-05-30 01:07 - 2013-11-15 20:11 - 01279480 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-05-30 01:07 - 2013-11-15 20:11 - 01122312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-05-29 00:56 - 2013-12-09 13:20 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-05-29 00:52 - 2009-07-14 07:08 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

Some content of TEMP:
====================
C:\Users\W4RKN1T3\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-28 05:41

==================== End Of Log ============================

 

I'm about to run the ESET and I will post the logs for that once it is complete.



#14 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:37 PM

Posted 28 June 2014 - 02:50 PM

OK I will wait for the ESET Log ...

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#15 Ender1981

Ender1981
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 28 June 2014 - 04:06 PM

Hi Machiavelli

 

Here is the ESET log file as promised

 

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=14e3c19841740e468d4cc7ef796d2a27
# engine=18929
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-28 08:58:04
# local_time=2014-06-28 10:58:04 (+0200, South Africa Standard Time)
# country="South Africa"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 23814 10667801 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 17172 156439217 0 0
# scanned=531123
# found=22
# cleaned=0
# scan_time=8245
sh=FAECAF5ED22E5435B9D177C34EB9A649CD868AE7 ft=1 fh=f94ce5b1d9f02a3f vn="a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application" ac=I fn="C:\FRST\Quarantine\C\Users\W4RKN1T3\AppData\Local\Temp\uttFE67.tmp.exe.xBAD"
sh=B9A96D9AE94C4B42CA5499933F6DF218B3903768 ft=1 fh=966b3592656dc188 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe"
sh=8DF7986DC4B9EEB9E6BB7A5BFB53C99C8C275616 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\Users\W4RKN1T3\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx"
sh=9C505E97497198E217C60139437C0672B550FFE8 ft=1 fh=76b9da700df5f7e7 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="C:\Users\W4RKN1T3\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\380JUVS8\APISupport[1].dll"
sh=9B75624241E5B59AD9297E807E93FDF82B031F17 ft=1 fh=e0ca0a37c4baf528 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="C:\Users\W4RKN1T3\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TC020LJ\APISupport[1].dll"
sh=3A782B84BC7D1D8528E71B2232F8FE49803EC957 ft=1 fh=132cd345fbfd626a vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\Users\W4RKN1T3\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8JEMT03A\MiniSP[1].dll"
sh=064FBE5308860B8006DA18BF78F080B4B848AB58 ft=1 fh=83e04a5795d661ca vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\Users\W4RKN1T3\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KLJ4R3JS\MiniSP[1].dll"
sh=9C505E97497198E217C60139437C0672B550FFE8 ft=1 fh=76b9da700df5f7e7 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="C:\Users\W4RKN1T3\AppData\Local\TB\APISupport\APISupport.dll"
sh=9B75624241E5B59AD9297E807E93FDF82B031F17 ft=1 fh=e0ca0a37c4baf528 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="C:\Users\W4RKN1T3\AppData\Local\TB\APISupport\APISupport.old"
sh=3A782B84BC7D1D8528E71B2232F8FE49803EC957 ft=1 fh=132cd345fbfd626a vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\Users\W4RKN1T3\AppData\Local\TB\APISupport\MiniSP_1.0.2.133\MiniSP.dll"
sh=064FBE5308860B8006DA18BF78F080B4B848AB58 ft=1 fh=83e04a5795d661ca vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\Users\W4RKN1T3\AppData\Local\TB\APISupport\MiniSP_1.0.2.152\MiniSP.dll"
sh=34FF8E2D281CBFECE71100A04C0FF4436818382E ft=1 fh=7b66b1ed06cb1b80 vn="a variant of Win64/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Users\W4RKN1T3\AppData\LocalLow\uTorrentControl_v6\hk64tbuTor.dll"
sh=AE7B8F3BB6E040CE20B02DE558471FAA4C58386E ft=1 fh=6a41a8d0046fd7b4 vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\Users\W4RKN1T3\AppData\LocalLow\uTorrentControl_v6\hktbuTor.dll"
sh=87BE5F13318AC3BA3F403A73E332E1784304C21D ft=1 fh=3e5cd6b65c184efc vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\Users\W4RKN1T3\AppData\LocalLow\uTorrentControl_v6\ldrtbuTor.dll"
sh=1E6279D9317A709616211812CCA5AB8B26EB4AB2 ft=1 fh=dd2582521ac42eea vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\Users\W4RKN1T3\AppData\LocalLow\uTorrentControl_v6\tbuTor.dll"
sh=7EF1CA17E9835CBBA989D1F2CFEF4B794D928D13 ft=1 fh=c7fc25b20d8e6134 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Users\W4RKN1T3\Downloads\ccsetup320.exe"
sh=60C77FF66F63F585FCE95C78FF44B513E2AAB9F9 ft=1 fh=17494879e4339ab3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\W4RKN1T3\Downloads\ccsetup400.exe"
sh=2FEC2BB06C11B711B37E7D1BAC0004F8F25A4C7B ft=1 fh=9586b0754c97a9e0 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\W4RKN1T3\Downloads\ccsetup401.exe"
sh=DD6E088E22874B283348A15DB5159C7B20CC6D22 ft=1 fh=fe9dda6ca79832a6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\W4RKN1T3\Downloads\ccsetup407.exe"
sh=C662A89E2318810A6012EF702A9C39F6E0AC3B36 ft=1 fh=e8789dd77b481b56 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\W4RKN1T3\Downloads\ccsetup411.exe"
sh=9E882BA1FA222850F5A8799D0FAED3E8CFCFDA9E ft=1 fh=8bcb023684658a87 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\W4RKN1T3\Downloads\file-repair-setup.exe"
sh=393BA758A9A668CF199606C2DA3D028FB4809574 ft=1 fh=8852912e32564913 vn="a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application" ac=I fn="E:\PC\Software\Nero\Setupx.exe"
 

 

Please let me know if I need to do anything else






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users