﻿Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-12-2014
Ran by Dukan at 2014-12-27 20:19:44
Running from C:\Users\Dukan\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Dropbox (HKU\S-1-5-21-4232791037-752211120-959289193-1002\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Evernote v. 5.8.1 (HKLM-x32\...\{4FD2D1C8-8636-11E4-9D21-00163E98E7D6}) (Version: 5.8.1.6061 - Evernote Corp.)
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
f.lux (HKU\S-1-5-21-4232791037-752211120-959289193-1002\...\Flux) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{BF3CCE21-3BD9-498B-ADFC-EE9D1E3C1564}) (Version: 1.1.6.1 - Hewlett-Packard Company)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 8.1.1 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 34.0.5 (x86 cs) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 cs)) (Version: 34.0.5 - Mozilla)
Spotify (HKU\S-1-5-21-4232791037-752211120-959289193-1002\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
UpdateChecker (HKU\S-1-5-21-4232791037-752211120-959289193-1002\...\Popajar, inc UpdateChecker) (Version:  - Popajar, inc) <==== ATTENTION
Winamp Detector Plug-in (HKU\S-1-5-21-4232791037-752211120-959289193-1002\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows 7 Default Setting (HKLM-x32\...\{5BF8E079-D6E2-4323-B794-75152371122A}) (Version: 1.0.1.6 - Hewlett-Packard Company)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (12/16/2009 6.2.0.9414) (HKLM\...\7E38E30BB92ED94B21CF062A7386554CBA991FEB) (Version: 12/16/2009 6.2.0.9414 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4232791037-752211120-959289193-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Dukan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4232791037-752211120-959289193-1002_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-4232791037-752211120-959289193-1002_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-4232791037-752211120-959289193-1002_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-4232791037-752211120-959289193-1002_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-4232791037-752211120-959289193-1002_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-4232791037-752211120-959289193-1002_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-4232791037-752211120-959289193-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dukan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4232791037-752211120-959289193-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dukan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4232791037-752211120-959289193-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dukan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4232791037-752211120-959289193-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dukan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4232791037-752211120-959289193-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dukan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4232791037-752211120-959289193-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dukan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4232791037-752211120-959289193-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dukan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4232791037-752211120-959289193-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dukan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00277141-CCBB-45C3-B8FE-310FD96F7E62} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-15] (Adobe Systems Incorporated)
Task: {25E27085-A446-40C3-8864-386B18E079B7} - System32\Tasks\{9E61E915-2FA6-48C9-938A-EC5BC1267517} => C:\Users\Dukan\Documents\Medicine\BOOKS_PROGRAMS\Anatomia\Sobotta\SOBOTTA.EXE [1998-09-01] ()
Task: {283F79C2-C08B-4682-83A6-DA54D38F7B62} - System32\Tasks\{1A5F276F-B75F-4AE3-B82D-384E5FAB4C02} => C:\Users\Dukan\Documents\Medicine\BOOKS_PROGRAMS\Anatomia\Sobotta\SOBOTTA.EXE [1998-09-01] ()
Task: {293D799E-B3C5-43F1-8CE1-1DF2FEAE18ED} - System32\Tasks\{CB10DEDF-F87F-4B6E-87D0-6C42ED3DB770} => C:\Users\Dukan\Documents\Medicine\BOOKS_PROGRAMS\Anatomia\Sobotta\SOBOTTA.EXE [1998-09-01] ()
Task: {2AABA8A8-FF4F-46BC-8FDD-0DB22B48830C} - System32\Tasks\WpsUpdateTask_Dukan => C:\Program Files (x86)\Kingsoft\Kingsoft Presentation\office6\wpsupdate.exe [2011-11-03] (Zhuhai Kingsoft Office-software Co.,Ltd)
Task: {3510B14E-5424-4974-957F-A4DD64373FB6} - System32\Tasks\HPCeeScheduleForDukan => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05] (Hewlett-Packard)
Task: {465F49B6-B1F3-4B91-8A42-BDD82C3FF61B} - System32\Tasks\{8D943CD5-7552-4821-BD33-494312E1FCEF} => C:\Users\Dukan\Documents\Medicine\BOOKS_PROGRAMS\Anatomia\Sobotta\SOBOTTA.EXE [1998-09-01] ()
Task: {4C14B5A7-DC89-44DC-A800-8179C9386D8C} - System32\Tasks\{3F4F70DE-1D34-458B-A057-0B6C105810EC} => pcalua.exe -a C:\Users\Dukan\AppData\Local\Temp\WinampPluginSetup_2.1.0.9.exe -d "C:\Program Files (x86)\Last.fm" -c /SILENT /DIR="C:\PROGRA~2\Winamp\plugins\"
Task: {4E95095F-67B6-46A0-AE6D-352DD694862A} - System32\Tasks\{18850964-53C5-42B9-BE69-E8282418F1F7} => C:\Users\Dukan\Documents\Medicine\BOOKS_PROGRAMS\Anatomia\Sobotta\SOBOTTA.EXE [1998-09-01] ()
Task: {558B2A86-BB80-4F75-A023-C39890D1FB47} - System32\Tasks\{676094B5-5228-4664-8C3F-DECEB18A8998} => C:\Users\Dukan\Documents\Medicine\BOOKS_PROGRAMS\Anatomia\Sobotta\SOBOTTA.EXE [1998-09-01] ()
Task: {5D4D5F79-4C6A-47E6-A46F-9B9546DD0D28} - System32\Tasks\{1F48B99B-BC0C-4948-A509-8B4C2C3A8CE2} => C:\Users\Dukan\Documents\Medicine\BOOKS_PROGRAMS\Anatomia\Sobotta\SOBOTTA.EXE [1998-09-01] ()
Task: {635745D6-BDC7-4D6D-A2E5-BC99382CBA44} - System32\Tasks\{572BFC87-E027-4C21-B8C0-A8429370F31D} => C:\Users\Dukan\Documents\Medicine\BOOKS_PROGRAMS\Anatomia\Sobotta\SOBOTTA.EXE [1998-09-01] ()
Task: {77954293-1ABA-4A33-99A8-DFDBBFEE895D} - System32\Tasks\{4982B1D5-86EA-48F6-B279-E303FF9F15F1} => C:\Users\Dukan\Documents\Medicine\BOOKS_PROGRAMS\Anatomia\Sobotta\SOBOTTA.EXE [1998-09-01] ()
Task: {79BD34F1-542D-4DB0-B878-547EA5E401F3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7BB898F5-A6E3-4D38-A53D-9B35361D3B03} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-03-24] (Hewlett-Packard)
Task: {80DCE080-B8CE-4B68-BB2C-B581EB0D2265} - System32\Tasks\{C50B4355-EEDF-4CF9-97B5-83204B69AD7E} => C:\Users\Dukan\Documents\Medicine\BOOKS_PROGRAMS\Anatomia\Sobotta\SOBOTTA.EXE [1998-09-01] ()
Task: {882845E9-F013-489C-9CB2-1033B910FFE5} - System32\Tasks\{949BC9AB-7EA4-4FE5-B383-52798A5BEC59} => C:\Users\Dukan\Documents\Medicine\BOOKS_PROGRAMS\Anatomia\Sobotta\SOBOTTA.EXE [1998-09-01] ()
Task: {90461BCC-DFA1-416C-BE40-168B5E33E1BE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-31] (Google Inc.)
Task: {904DCE12-A6DE-4F36-9CAA-C1D4B8E8303C} - System32\Tasks\{0F90D004-E80F-42D1-AC5E-9798F56C0154} => C:\Users\Dukan\Documents\Medicine\BOOKS_PROGRAMS\Anatomia\Sobotta\SOBOTTA.EXE [1998-09-01] ()
Task: {A3D2D8F5-4F43-473C-AECF-9BFA9976A91E} - System32\Tasks\{AA2E0730-8FD9-495E-A40A-857996FE0096} => C:\Users\Dukan\Documents\Medicine\BOOKS_PROGRAMS\Anatomia\Sobotta\SOBOTTA.EXE [1998-09-01] ()
Task: {A6DF38E2-3DD9-47CD-8E8C-2FF1CC7E3260} - System32\Tasks\{B9DB93EB-767D-4FA5-BFDE-7F1FD773CEF9} => C:\Users\Dukan\Documents\Medicine\BOOKS_PROGRAMS\Anatomia\Sobotta\SOBOTTA.EXE [1998-09-01] ()
Task: {BF20E3F1-30E9-4498-8AB5-B508E257F792} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {C30B5BF4-30CC-4CE6-852D-292D8243A077} - System32\Tasks\{9E9A3978-14A6-4271-91E0-66D9D8662A0B} => C:\Users\Dukan\Documents\Medicine\BOOKS_PROGRAMS\Anatomia\Sobotta\SOBOTTA.EXE [1998-09-01] ()
Task: {CD2DD02D-A82D-4096-8371-367A05C345DF} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-11-22] (AVAST Software)
Task: {D28F6B9C-C856-4D1B-90E9-000ADA354214} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {E739B41C-578F-4912-B921-79A7D049B96D} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-03-24] (Hewlett-Packard)
Task: {EE7DD8AE-8C23-42E8-A743-49207ED86472} - System32\Tasks\{E6F025CF-8E97-40A7-9F27-F49565F7478C} => C:\Users\Dukan\Documents\Medicine\BOOKS_PROGRAMS\Anatomia\Sobotta\SOBOTTA.EXE [1998-09-01] ()
Task: {F163FF05-B736-4A73-BABA-D3FD124EB98C} - System32\Tasks\{49711D39-55F7-4271-A48B-EC42FA1CB5D0} => C:\Users\Dukan\Documents\Medicine\BOOKS_PROGRAMS\Anatomia\Sobotta\SOBOTTA.EXE [1998-09-01] ()
Task: {FBCF6FCA-BB74-4AA3-B0C3-FEC8836DD861} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-31] (Google Inc.)
Task: {FE85DBCE-116C-445B-98B4-16D8A463C44F} - System32\Tasks\{33997D30-E398-41A7-984E-74033493ED18} => C:\Users\Dukan\Documents\Medicine\BOOKS_PROGRAMS\Anatomia\Sobotta\SOBOTTA.EXE [1998-09-01] ()
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForDukan.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\windows\Tasks\WpsUpdateTask_Dukan.job => C:\Program Files (x86)\Kingsoft\Kingsoft Presentation\office6\wpsupdate.exe

==================== Loaded Modules (whitelisted) =============

2010-06-06 15:20 - 2010-06-06 15:20 - 00065344 _____ () C:\windows\System32\PDFreDirectMon64.dll
2010-04-20 16:10 - 2010-04-20 16:10 - 00100352 _____ () c:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2014-11-22 19:26 - 2014-11-22 19:26 - 00388208 _____ () C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxDDU.dll
2014-11-22 19:26 - 2014-11-22 19:26 - 05851328 _____ () C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxRT.dll
2012-08-31 21:01 - 2011-12-05 11:18 - 02181632 _____ () C:\Program Files (x86)\7-PDF\7-PDF Maker\7p64.dll
2010-04-05 19:15 - 2010-04-05 19:15 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HardwareAccess.dll
2010-04-05 19:15 - 2010-04-05 19:15 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HPCommon.XmlSerializers.dll
2010-04-05 19:15 - 2010-04-05 19:15 - 00055352 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\Graphs.dll
2012-11-30 03:06 - 2012-11-30 03:06 - 01263512 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2010-04-05 19:12 - 2010-04-05 19:12 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2010-04-05 19:11 - 2010-04-05 19:11 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-04-05 19:12 - 2010-04-05 19:12 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2014-11-22 19:26 - 2014-11-22 19:26 - 04495336 _____ () C:\Program Files\Alwil Software\Avast5\ng\vbox\x86\VBoxRT-x86.dll
2014-12-27 20:06 - 2014-12-27 20:06 - 02908160 _____ () C:\Program Files\Alwil Software\Avast5\defs\14122701\algo.dll
2012-11-30 03:07 - 2012-11-30 03:07 - 00100248 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-11-22 19:26 - 2014-11-22 19:27 - 38562088 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Dukan\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2014-12-27 20:07 - 2014-12-27 20:07 - 00043008 _____ () c:\users\dukan\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpikjmne.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Dukan\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Dukan\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Dukan\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-12-17 15:11 - 2014-12-17 15:11 - 00439304 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2014-12-17 15:11 - 2014-12-17 15:11 - 00321032 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2014-12-10 19:29 - 2014-12-10 19:29 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-4232791037-752211120-959289193-500 - Administrator - Disabled)
Dukan (S-1-5-21-4232791037-752211120-959289193-1002 - Administrator - Enabled) => C:\Users\Dukan
Guest (S-1-5-21-4232791037-752211120-959289193-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-4232791037-752211120-959289193-1004 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: StorLib bus (virtual storages support)
Description: StorLib bus (virtual storages support)
Class Guid: {1378e71b-ab4d-4348-af26-cba56b12969e}
Manufacturer: SugarSync
Service: SSCBFS3
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/27/2014 08:13:08 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (12/27/2014 08:13:08 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (12/26/2014 06:03:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/EE869387FFFD8349AB5AD14322588789A457B012.crt> with error: This operation returned because the timeout period expired.
.

Error: (12/26/2014 05:07:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt> with error: This operation returned because the timeout period expired.
.

Error: (12/26/2014 03:29:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (12/26/2014 03:29:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (12/26/2014 03:03:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: adwcleaner_4.106.exe, version: 4.1.0.6, time stamp: 0x5496eddb
Faulting module name: adwcleaner_4.106.exe, version: 4.1.0.6, time stamp: 0x5496eddb
Exception code: 0xc0000005
Fault offset: 0x00020ce1
Faulting process id: 0x1904
Faulting application start time: 0xadwcleaner_4.106.exe0
Faulting application path: adwcleaner_4.106.exe1
Faulting module path: adwcleaner_4.106.exe2
Report Id: adwcleaner_4.106.exe3

Error: (12/25/2014 06:16:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program PartitionWizard.exe version 8.1.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 191c

Start Time: 01d020643a9559ca

Termination Time: 2

Application Path: C:\Program Files (x86)\MiniTool Partition Wizard Home Edition 8.1.1\PartitionWizard.exe

Report Id:

Error: (12/25/2014 05:54:16 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (12/25/2014 05:54:16 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.


System errors:
=============
Error: (12/27/2014 08:06:23 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Type with the following error: 
%%5

Error: (12/27/2014 08:06:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Util EnhanceEmpire service failed to start due to the following error: 
%%2

Error: (12/27/2014 08:06:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update EnhanceEmpire service failed to start due to the following error: 
%%2

Error: (12/27/2014 08:05:49 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.

Error: (12/27/2014 01:33:13 AM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.

Error: (12/26/2014 03:42:59 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007045d: Windows 7 Service Pack 1 for x64-based Systems (KB976932).

Error: (12/26/2014 03:23:34 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Type with the following error: 
%%5

Error: (12/26/2014 03:23:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Util EnhanceEmpire service failed to start due to the following error: 
%%2

Error: (12/26/2014 03:23:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update EnhanceEmpire service failed to start due to the following error: 
%%2

Error: (12/26/2014 03:22:39 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.


Microsoft Office Sessions:
=========================
Error: (12/27/2014 08:13:08 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (12/27/2014 08:13:08 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (12/26/2014 06:03:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/EE869387FFFD8349AB5AD14322588789A457B012.crtThis operation returned because the timeout period expired.

Error: (12/26/2014 05:07:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crtThis operation returned because the timeout period expired.

Error: (12/26/2014 03:29:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (12/26/2014 03:29:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (12/26/2014 03:03:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: adwcleaner_4.106.exe4.1.0.65496eddbadwcleaner_4.106.exe4.1.0.65496eddbc000000500020ce1190401d0211453d05f73C:\Users\Dukan\Desktop\adwcleaner_4.106.exeC:\Users\Dukan\Desktop\adwcleaner_4.106.exeed93eeed-8d07-11e4-9950-1cc1deb40a0a

Error: (12/25/2014 06:16:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: PartitionWizard.exe8.1.0.1191c01d020643a9559ca2C:\Program Files (x86)\MiniTool Partition Wizard Home Edition 8.1.1\PartitionWizard.exe

Error: (12/25/2014 05:54:16 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (12/25/2014 05:54:16 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5 CPU M 450 @ 2.40GHz
Percentage of memory in use: 53%
Total physical RAM: 3887.43 MB
Available physical RAM: 1818.71 MB
Total Pagefile: 7773 MB
Available Pagefile: 5304.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:448.47 GB) (Free:90 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.48 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: AEDA26BE)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=448.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)

==================== End Of Log ============================