Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2014 01 Ran by THE USER at 2014-11-25 08:37:41 Running from C:\Users\THE USER\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-4250544765-2864251858-613005650-1000\...\uTorrent) (Version: 3.4.2.32691 - BitTorrent Inc.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated) Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.) Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Archeage (HKLM-x32\...\Glyph Archeage) (Version: - Trion Worlds, Inc.) avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform) CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version: - ) CryptoPrevent v6.1.0 (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: - Foolish IT LLC) Curse Client (HKU\S-1-5-21-4250544765-2864251858-613005650-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dell Photo AIO Printer 966 (HKLM\...\Dell Photo AIO Printer 966) (Version: - Dell, Inc.) Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) Freemake Video Converter version 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation) Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.) Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.) iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.) Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle) Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games) League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.3 - Paramount Software (UK) Ltd.) Macrium Reflect Free Edition (Version: 5.3.7134 - Paramount Software (UK) Ltd.) Hidden Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Easy Assist v2 (HKLM-x32\...\{326957C7-83FD-4550-A59A-849B7B4297DE}) (Version: 8.1.6416.0 - Microsoft Corporation) Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 33.1.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT) Nero 7 Essentials (HKLM-x32\...\{55A960A6-0CAC-4EBB-9D7E-199545391033}) (Version: 7.02.5702 - Nero AG) NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation) NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation) NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation) NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation) NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation) NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.) PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.88.617.2014 - Realtek) RIFT (HKLM-x32\...\Glyph RIFT) (Version: - Trion Worlds, Inc.) Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C1300}) (Version: 12.19.0.112 - APN, LLC) <==== ATTENTION SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.) Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform) SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden System Requirements Lab CYRI (HKLM-x32\...\{943A8D28-80D6-41DC-AE94-81FEB42041BF}) (Version: 4.5.1.0 - Husdawg, LLC) Unchecky v0.2.15 (HKLM-x32\...\Unchecky) (Version: 0.2.15 - RaMMicHaeL) Unity Web Player (HKLM-x32\...\UnityWebPlayer) (Version: 2.1.0f5_16147 - Unity Technologies ApS) Unity Web Player (HKU\S-1-5-21-4250544765-2864251858-613005650-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.) Watchtower Library 2012 - English (HKLM-x32\...\{11B5A3EB-8B76-46A9-A4B7-1C1FF5A3AAFD}) (Version: 14.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation) Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH) World of Warcraft Beta (HKLM-x32\...\World of Warcraft Beta) (Version: - Blizzard Entertainment) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-4250544765-2864251858-613005650-1000_Classes\CLSID\{9cb23f04-cacc-44ba-87a7-5c306d633c18}\InprocServer32 -> C:\Windows\SYSTEM32\dfshim.dll (Microsoft Corporation) ==================== Restore Points ========================= 14-11-2014 20:50:27 Scheduled Checkpoint 17-11-2014 00:00:02 Windows Backup 20-11-2014 14:59:32 Windows Update 20-11-2014 15:11:11 Windows Update 21-11-2014 08:00:12 Windows Update 24-11-2014 00:00:09 Windows Backup ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2014-07-29 14:25 - 00001943 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com 0.0.0.0 media.opencandy.com 0.0.0.0 cdn.opencandy.com 0.0.0.0 tracking.opencandy.com 0.0.0.0 api.opencandy.com 0.0.0.0 installer.betterinstaller.com 0.0.0.0 installer.filebulldog.com 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net 0.0.0.0 inno.bisrv.com 0.0.0.0 nsis.bisrv.com 0.0.0.0 cdn.file2desktop.com 0.0.0.0 cdn.goateastcach.us 0.0.0.0 cdn.guttastatdk.us 0.0.0.0 cdn.inskinmedia.com 0.0.0.0 cdn.insta.oibundles2.com 0.0.0.0 cdn.insta.playbryte.com 0.0.0.0 cdn.llogetfastcach.us 0.0.0.0 cdn.montiera.com 0.0.0.0 cdn.msdwnld.com 0.0.0.0 cdn.mypcbackup.com 0.0.0.0 cdn.ppdownload.com 0.0.0.0 cdn.riceateastcach.us 0.0.0.0 cdn.shyapotato.us 0.0.0.0 cdn.solimba.com 0.0.0.0 cdn.tuto4pc.com 0.0.0.0 cdn.appround.biz 0.0.0.0 cdn.bigspeedpro.com 0.0.0.0 cdn.bispd.com There are 4 more lines. ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {048BA182-32E7-4279-AF68-7F71AD624546} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] () Task: {173EE2A8-D06C-46F8-80B7-F399FC1CB0D4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4250544765-2864251858-613005650-1000Core => C:\Users\THE USER\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-23] (Google Inc.) Task: {373638A6-0601-45A1-93E2-61FCEEE0BF6E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd) Task: {39EAB1F8-C550-4DB6-B0F4-A57A27183D63} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated) Task: {501807E8-8693-47DB-9AA5-D0E77581A01F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-30] (AVAST Software) Task: {5D0D6414-1BDD-43BE-963C-9704FA4F3E64} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4250544765-2864251858-613005650-1000UA => C:\Users\THE USER\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-08] (Facebook Inc.) Task: {5D73351A-F272-4901-B5E3-26DC86A1059A} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {6482A205-33F4-41B8-A9BE-743FDB2278A6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4250544765-2864251858-613005650-1000UA => C:\Users\THE USER\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-23] (Google Inc.) Task: {662B8E08-E7A6-494C-BCF5-E67DA7432155} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe Task: {86CE7BAD-E6D5-467D-8EA4-F2F2441BD7DB} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {87852F44-2AA6-47D6-B39C-8527B9704A5D} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation) Task: {87B30E62-400B-4883-8FB8-A88C0119CF09} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft) Task: {9EC2930A-9F0D-4702-995C-23E12A4FADFA} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {A4BF340D-D2EA-4B91-84AF-B7DCC4B4FD30} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {A83059E2-F788-4175-B8A6-D1FA4623119F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-10] (Google Inc.) Task: {D7063848-1152-45FD-8309-30CC464028E2} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4250544765-2864251858-613005650-1000Core => C:\Users\THE USER\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-08] (Facebook Inc.) Task: {DFA70867-C19E-4E03-B652-2A9A9718CC73} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {DFCF5923-D22F-4CEC-ADF4-B56234067539} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-10] (Google Inc.) Task: {F874BE3E-AD50-4D12-B9D3-10463DAAA619} - System32\Tasks\{DB19FAA6-E11A-48C1-A056-944BA0D391E5} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-10-01] (Skype Technologies S.A.) Task: {FC9A4E16-6A5A-4D78-97CF-752DD4C63744} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4250544765-2864251858-613005650-1000Core.job => C:\Users\THE USER\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4250544765-2864251858-613005650-1000UA.job => C:\Users\THE USER\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4250544765-2864251858-613005650-1000Core.job => C:\Users\THE USER\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4250544765-2864251858-613005650-1000UA.job => C:\Users\THE USER\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-11-18 03:03 - 2014-07-02 13:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-10-18 12:02 - 2006-10-20 00:39 - 00146432 _____ () C:\Windows\system32\spool\PRTPROCS\x64\dlcqdrpp.dll 2006-08-08 15:21 - 2006-08-08 15:21 - 00732160 _____ () C:\Windows\system32\dlcqdrs.dll 2006-09-06 05:12 - 2006-09-06 05:12 - 00064512 _____ () C:\Windows\system32\dlcqcfg.dll 2006-08-14 16:32 - 2006-08-14 16:32 - 00025088 _____ () C:\Windows\system32\dlcqcaps.dll 2006-05-09 09:10 - 2006-05-09 09:10 - 00054784 _____ () C:\Windows\system32\dlcqcnv4.dll 2014-10-18 12:02 - 2007-06-29 10:47 - 00292080 _____ () C:\Program Files (x86)\Dell Photo AIO Printer 966\dlcqmon.exe 2014-10-18 12:02 - 2007-06-29 10:48 - 00304368 _____ () C:\Program Files (x86)\Dell Photo AIO Printer 966\memcard.exe 2014-07-30 20:40 - 2014-07-30 20:40 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll 2014-11-24 15:58 - 2014-11-24 15:58 - 02903552 _____ () C:\Program Files\AVAST Software\Avast\defs\14112401\algo.dll 2014-11-25 08:35 - 2014-11-25 08:35 - 02903552 _____ () C:\Program Files\AVAST Software\Avast\defs\14112500\algo.dll 2014-10-18 12:02 - 2006-08-08 14:54 - 00278528 _____ () C:\Program Files (x86)\Dell Photo AIO Printer 966\dlcqscw.dll 2014-10-18 12:02 - 2006-09-06 05:12 - 00077824 _____ () C:\Program Files (x86)\Dell Photo AIO Printer 966\dlcqcfg.dll 2014-10-18 12:02 - 2006-06-09 01:39 - 00143360 _____ () C:\Program Files (x86)\Dell Photo AIO Printer 966\dlcqdrec.dll 2014-07-30 20:40 - 2014-07-30 20:40 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-11-19 16:32 - 2014-11-19 16:32 - 26065408 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5293\libcef.dll 2014-11-19 16:32 - 2014-11-19 16:32 - 00739840 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5293\libGLESv2.dll 2014-11-19 16:32 - 2014-11-19 16:32 - 00907264 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5293\platforms\qwindows.dll 2014-11-19 16:32 - 2014-11-19 16:32 - 00130048 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5293\libEGL.dll 2014-11-19 16:32 - 2014-11-19 16:32 - 00020992 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5293\imageformats\qgif.dll 2014-11-19 16:32 - 2014-11-19 16:32 - 00021504 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5293\imageformats\qico.dll 2014-11-19 16:32 - 2014-11-19 16:32 - 00205312 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5293\imageformats\qjpeg.dll 2014-11-19 16:32 - 2014-11-19 16:32 - 00225792 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5293\imageformats\qmng.dll 2014-11-19 16:32 - 2014-11-19 16:32 - 00015872 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5293\imageformats\qsvg.dll 2014-11-19 16:32 - 2014-11-19 16:32 - 00312832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5293\imageformats\qtiff.dll 2014-11-19 16:32 - 2014-11-19 16:32 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5293\qml\QtQuick.2\qtquick2plugin.dll 2014-11-19 16:32 - 2014-11-19 16:32 - 00054272 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5293\qml\QtQuick\Layouts\qquicklayoutsplugin.dll 2014-11-19 16:32 - 2014-11-19 16:32 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5293\qml\QtQml\Models.2\modelsplugin.dll 2014-10-27 08:02 - 2014-10-27 08:02 - 16832176 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll 2014-07-16 13:50 - 2014-07-15 04:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll 2014-07-16 13:50 - 2014-07-15 04:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll 2014-07-16 13:50 - 2014-07-15 04:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll 2014-07-16 13:50 - 2014-07-15 04:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll 2014-07-16 13:50 - 2014-07-15 04:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:05F547A9 AlternateDataStreams: C:\ProgramData\TEMP:28819F45 AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F AlternateDataStreams: C:\ProgramData\TEMP:373E1720 AlternateDataStreams: C:\ProgramData\TEMP:5C0940F1 AlternateDataStreams: C:\ProgramData\TEMP:751D6870 AlternateDataStreams: C:\ProgramData\TEMP:7D288858 AlternateDataStreams: C:\ProgramData\TEMP:A2B3764A AlternateDataStreams: C:\ProgramData\TEMP:B6E6C4EA AlternateDataStreams: C:\ProgramData\TEMP:CEE4A457 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Users^THE USER^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: CCleaner => "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO MSCONFIG\startupreg: Facebook Update => "C:\Users\THE USER\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver MSCONFIG\startupreg: GameXN GO => "C:\ProgramData\GameXN\GameXNGO.exe" /startup MSCONFIG\startupreg: Google Update => "C:\Users\THE USER\AppData\Local\Google\Update\GoogleUpdate.exe" /c MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: NCUpdateHelper => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: uTorrent => "C:\Users\THE USER\AppData\Roaming\uTorrent\updates\3.4.2_32691.exe" /MINIMIZED MSCONFIG\startupreg: Viber => "C:\Users\THE USER\AppData\Local\Viber\Viber.exe" StartMinimized ========================= Accounts: ========================== Administrator (S-1-5-21-4250544765-2864251858-613005650-500 - Administrator - Disabled) Guest (S-1-5-21-4250544765-2864251858-613005650-501 - Limited - Disabled) THE USER (S-1-5-21-4250544765-2864251858-613005650-1000 - Administrator - Enabled) => C:\Users\THE USER ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/25/2014 08:34:26 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: CurseClient.exe, version: 4.0.0.10, time stamp: 0x5436d39d Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x5315a05a Exception code: 0xe0434f4d Fault offset: 0x000000000000940d Faulting process id: 0x%9 Faulting application start time: 0xCurseClient.exe0 Faulting application path: CurseClient.exe1 Faulting module path: CurseClient.exe2 Report Id: CurseClient.exe3 Error: (11/23/2014 02:13:33 PM) (Source: SignInAssistant) (EventID: 0) (User: ) Description: StartService failed with hr = 0x80070422 Error: (11/22/2014 11:48:39 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: CurseClient.exe, version: 4.0.0.10, time stamp: 0x5436d39d Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x5315a05a Exception code: 0xe0434f4d Fault offset: 0x000000000000940d Faulting process id: 0x%9 Faulting application start time: 0xCurseClient.exe0 Faulting application path: CurseClient.exe1 Faulting module path: CurseClient.exe2 Report Id: CurseClient.exe3 Error: (11/21/2014 01:10:31 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: CurseClient.exe, version: 4.0.0.10, time stamp: 0x5436d39d Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x5315a05a Exception code: 0xe0434f4d Fault offset: 0x000000000000940d Faulting process id: 0x%9 Faulting application start time: 0xCurseClient.exe0 Faulting application path: CurseClient.exe1 Faulting module path: CurseClient.exe2 Report Id: CurseClient.exe3 Error: (11/21/2014 00:20:36 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: CurseClient.exe, version: 4.0.0.10, time stamp: 0x5436d39d Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x5315a05a Exception code: 0xe0434f4d Fault offset: 0x000000000000940d Faulting process id: 0x%9 Faulting application start time: 0xCurseClient.exe0 Faulting application path: CurseClient.exe1 Faulting module path: CurseClient.exe2 Report Id: CurseClient.exe3 Error: (11/20/2014 01:48:15 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: CurseClient.exe, version: 4.0.0.10, time stamp: 0x5436d39d Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x5315a05a Exception code: 0xe0434f4d Fault offset: 0x000000000000940d Faulting process id: 0x%9 Faulting application start time: 0xCurseClient.exe0 Faulting application path: CurseClient.exe1 Faulting module path: CurseClient.exe2 Report Id: CurseClient.exe3 Error: (11/20/2014 00:57:40 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: CurseClient.exe, version: 4.0.0.10, time stamp: 0x5436d39d Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x5315a05a Exception code: 0xe0434f4d Fault offset: 0x000000000000940d Faulting process id: 0x%9 Faulting application start time: 0xCurseClient.exe0 Faulting application path: CurseClient.exe1 Faulting module path: CurseClient.exe2 Report Id: CurseClient.exe3 Error: (11/20/2014 00:16:10 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: CurseClient.exe, version: 4.0.0.10, time stamp: 0x5436d39d Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x5315a05a Exception code: 0xe0434f4d Fault offset: 0x000000000000940d Faulting process id: 0x%9 Faulting application start time: 0xCurseClient.exe0 Faulting application path: CurseClient.exe1 Faulting module path: CurseClient.exe2 Report Id: CurseClient.exe3 Error: (11/20/2014 10:13:20 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: CurseClient.exe, version: 4.0.0.10, time stamp: 0x5436d39d Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x5315a05a Exception code: 0xe0434f4d Fault offset: 0x000000000000940d Faulting process id: 0x%9 Faulting application start time: 0xCurseClient.exe0 Faulting application path: CurseClient.exe1 Faulting module path: CurseClient.exe2 Report Id: CurseClient.exe3 Error: (11/19/2014 04:30:55 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: CurseClient.exe, version: 4.0.0.10, time stamp: 0x5436d39d Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x5315a05a Exception code: 0xe0434f4d Fault offset: 0x000000000000940d Faulting process id: 0x%9 Faulting application start time: 0xCurseClient.exe0 Faulting application path: CurseClient.exe1 Faulting module path: CurseClient.exe2 Report Id: CurseClient.exe3 System errors: ============= Error: (11/24/2014 03:55:04 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 8:00:53 PM on ‎11/‎23/‎2014 was unexpected. Error: (11/22/2014 11:45:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Macrium Reflect Image Mounting Service service terminated unexpectedly. It has done this 1 time(s). Error: (11/22/2014 11:45:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The NVIDIA Streamer Service service terminated unexpectedly. It has done this 1 time(s). Error: (11/22/2014 11:45:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The NVIDIA Network Service service terminated unexpectedly. It has done this 1 time(s). Error: (11/22/2014 11:45:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The dlcq_device service terminated unexpectedly. It has done this 1 time(s). Error: (11/22/2014 11:45:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Skype Click to Call PNR Service service terminated unexpectedly. It has done this 1 time(s). Error: (11/22/2014 11:45:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Skype Click to Call Updater service terminated unexpectedly. It has done this 1 time(s). Error: (11/22/2014 11:45:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s). Error: (11/22/2014 11:45:30 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (11/22/2014 11:45:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s). Microsoft Office Sessions: ========================= ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz Percentage of memory in use: 42% Total physical RAM: 4094.49 MB Available physical RAM: 2372.2 MB Total Pagefile: 8187.16 MB Available Pagefile: 6298.14 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:192.67 GB) NTFS Drive e: (Seagate Expansion Drive) (Fixed) (Total:2794.51 GB) (Free:2377.08 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 213FA3EE) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS) Attempted reading MBR returned 0 bytes. Could not read MBR for disk 1. ==================== End Of Log ============================