Additional scan result of Farbar Recovery Scan Tool (x64) Version:06-01-2015 Ran by Lori (2016-01-06 20:35:00) Running from C:\Users\Lori\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2012-08-03 22:10:24) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3227488530-1666802016-3989171195-500 - Administrator - Disabled) Guest (S-1-5-21-3227488530-1666802016-3989171195-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-3227488530-1666802016-3989171195-1002 - Limited - Enabled) Kevin (S-1-5-21-3227488530-1666802016-3989171195-1003 - Administrator - Enabled) => C:\Users\Kevin Lori (S-1-5-21-3227488530-1666802016-3989171195-1001 - Administrator - Enabled) => C:\Users\Lori ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ThreatTrack Security VIPRE (Enabled - Up to date) {BC4CE0B2-D6B5-59A2-9E54-9AA2C7DBE398} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: ThreatTrack Security VIPRE (Enabled - Up to date) {072D0156-F08F-562C-A4E4-A1D0BC5CA925} FW: ThreatTrack Security VIPRE (Enabled) {84776197-9CDA-58FA-B50B-33973908A4E3} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated) Adobe Flash Player 19 ActiveX (HKLM-x32\...\{70F0F88A-387B-40EB-93BD-9877DB9D668D}) (Version: 19.0.0.207 - Adobe Systems Incorporated) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated) Adobe Shockwave Player 12.2 (HKLM-x32\...\{E38C529D-DD73-4002-8489-E09CEBD9BF32}) (Version: 12.2.0.162 - Adobe Systems, Inc) Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.) Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.4.0 - Asmedia Technology) ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.24 - ASUS) ASUS FancyStart (HKLM-x32\...\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}) (Version: 1.1.1 - ASUSTeK Computer Inc.) ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.2 - ASUS) ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.29 - ASUS) ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.7 - ASUS) ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.2.1 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0041 - ASUS) ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.25 - ASUS) ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.) AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.9.157 - ASUSTEK) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0015 - ASUS) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform) Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation) Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation) Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation) Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.6) (Version: 5.0.1.6 - Coupons.com Incorporated) CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.) CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2926 - CyberLink Corp.) CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Digital Coupon Printer (HKLM-x32\...\{2CDD20A5-DFDE-4AC0-97DD-F60B1196BF98}) (Version: 3.50.0.0 - Hopster, Inc. an Inmar company) DIRECTV Player (HKLM-x32\...\{43D1B973-3D12-42ba-9E6E-56A8FEFF5250}) (Version: 8.0 - DIRECTV) Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION) Epson Event Manager (HKLM-x32\...\{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}) (Version: 3.01.0000 - Seiko Epson Corporation) Epson E-Web Print (HKLM-x32\...\{896667C8-53F8-47B8-B6B0-B113B10F05BC}) (Version: 1.20.0000 - SEIKO EPSON CORPORATION) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON XP-400 Series Printer Uninstall (HKLM\...\EPSON XP-400 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION) Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS) Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft) Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\{D325A4AE-0EAB-3726-912C-6D0A56A95505}) (Version: 47.0.2526.106 - Google, Inc.) Google Update Helper (x32 Version: 1.3.21.79 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden Heimdal Agent (HKLM-x32\...\{51BEF1D4-A3FA-4B18-829C-3876018F501A}) (Version: 2.0.29 - Heimdal Security) iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.) InstantOn for NB (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 2.2.0 - ASUS) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2559 - Intel Corporation) Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.) Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 1.1.500.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 43.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 43.0.3 (x64 en-US)) (Version: 43.0.3 - Mozilla) Mozilla Firefox 43.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.3 (x86 en-US)) (Version: 43.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.3 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) myBitCast 1.0.0.3 (HKLM\...\myBitCast) (Version: 1.0.0.3 - ASUS Cloud Corporation) NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.18.00 - NETGEAR Inc.) OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation) P@H-Protocol (HKLM-x32\...\{14F936AB-5D31-410E-A4E2-70AE504712F2}) (Version: 3.0.8.6 - Valassis) Photobucket Backup (HKLM-x32\...\{06BA6321-B6FC-4A36-8571-B642404D22B6}) (Version: 1.0.5.2168 - Photobucket) QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.40 - Ralink) ReadySHARE Vault (HKLM-x32\...\ReadySHARE Vault) (Version: 3.0 - Genie9) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6454 - Realtek Semiconductor Corp.) Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.0.0.4 - Synopsys ) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.6.0 - Synaptics Incorporated) VIPRE Internet Security (HKLM-x32\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 9.0.1.4 - ThreatTrack Security Inc.) VIPRE Internet Security (x32 Version: 9.0.1.4 - ThreatTrack Security, Inc.) Hidden Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.0 - ASUS) Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {14117EE6-7740-4FCD-B82C-2C6F689961FF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-06-01] (Piriform Ltd) Task: {25CD732B-8159-480A-A361-D8AEAA9B8D02} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-29] (Google Inc.) Task: {29450FDE-88F1-43CF-85FB-2D37AEAF537B} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-14] (Adobe Systems Incorporated) Task: {31F06778-5715-4A8D-80E1-158178D07FC7} - \RGames Updater -> No File <==== ATTENTION Task: {3D4E6189-6586-4876-B4E2-2F167B4A003E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated) Task: {3DBB3379-C087-4AF2-AC3E-EB25B152E683} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation) Task: {4694A421-2AFF-46A5-AAF0-8751CD69BD15} - System32\Tasks\{4283809D-B8EA-446C-A2B1-D0363064B4EC} => pcalua.exe -a C:\Users\Lori\Downloads\winsdk_web.exe -d C:\Users\Lori\Downloads Task: {4B603C5E-1951-4E99-82A7-5493A727B773} - \Apple\AppleSoftwareUpdate -> No File <==== ATTENTION Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto Task: {60857047-DB66-4A3A-B27C-418FD69913DB} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Device Center\itype.exe [2012-06-26] (Microsoft Corporation) Task: {627A4AF6-29C3-4FEE-A2A2-63701DF36CE9} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Device Center\ipoint.exe [2012-06-26] (Microsoft Corporation) Task: {7F12BF8A-F3D3-45E8-959B-9FB86821E432} - \ASUS P4G -> No File <==== ATTENTION Task: {88A39CD7-6E9B-4305-A7F4-9ED28AC40566} - \ASUS SmartLogon Console Sensor -> No File <==== ATTENTION Task: {91755DCA-2A97-448D-BC6B-3B89DF6FD251} - \ASUS Live Update -> No File <==== ATTENTION Task: {95DF5B45-C562-486A-A834-D8837A00F02B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-29] (Google Inc.) Task: {A5B09C30-519C-408D-9668-3855DE6FFE00} - \RunGadgetController -> No File <==== ATTENTION Task: {C36BFB74-120C-4EF1-99DC-D5BA61726B41} - \ATKOSD2 -> No File <==== ATTENTION Task: {D021CD12-9171-463F-8C4A-C6EE6B9D85EA} - System32\Tasks\VIPRE Upgrade Task => C:\PROGRAM FILES\COMMON FILES\AV\ThreatTrack Security VIPRE\Upgrade.exe [2015-08-14] (ThreatTrack Security Inc.) Task: {D560F855-B782-48B8-AF50-65A97C2E4775} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation) Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc Task: {E5926F87-CD8A-4EF5-9CFB-B4E8E4867C30} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => C:\Program Files\Microsoft Device Center\devicecenter.exe [2012-06-26] (Microsoft) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\RGames Updater.job => C:\Users\Lori\AppData\Local\RivalGaming\Updater.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2014-10-15 17:24 - 2013-08-29 02:08 - 00163328 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl 2014-10-15 17:24 - 2013-08-01 04:36 - 00045568 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSLogging.gtl 2014-10-15 17:24 - 2013-08-29 02:08 - 00209920 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\Settings.gtl 2014-10-15 17:24 - 2013-08-01 04:36 - 00089600 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSEncryption.gtl 2014-10-15 17:24 - 2013-08-29 02:08 - 00490496 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSIndexDB.gtl 2014-10-15 17:24 - 2012-02-02 04:16 - 00740864 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\sqlite3.gtl 2014-10-15 17:24 - 2013-02-03 06:40 - 00011264 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\RWLock.gtl 2014-10-15 17:24 - 2013-08-29 02:08 - 00710144 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSBackupManager.gtl 2014-10-15 17:24 - 2013-08-29 02:08 - 00370688 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSWatcher4.gtl 2014-10-15 17:24 - 2013-08-29 02:08 - 00332800 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\OnlineHandler.gtl 2013-02-03 04:21 - 2013-02-03 04:21 - 00045056 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\pcre.dll 2013-02-03 04:21 - 2013-02-03 04:21 - 00097792 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\pcrebase.dll 2014-10-15 17:24 - 2013-08-29 02:08 - 00054784 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSLogManager.gtl 2014-10-15 17:24 - 2013-08-29 02:08 - 00087040 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\QueueManager.gtl 2014-10-15 17:24 - 2013-02-03 06:40 - 00010752 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\VSSEngine_Proxy.gtl 2014-10-15 17:24 - 2013-08-01 04:36 - 00058368 _____ () C:\Program Files\NETGEAR\ReadySHARE Vault\GSLibrariesManager.gtl 2015-09-29 13:08 - 2015-09-29 13:08 - 00160768 _____ () C:\Program Files (x86)\VIPRE\unrar.dll 2015-12-03 19:09 - 2015-06-26 02:13 - 00184184 _____ () C:\Program Files (x86)\VIPRE\Definitions\libBase64.dll 2015-12-03 19:09 - 2015-06-26 02:13 - 00175992 _____ () C:\Program Files (x86)\VIPRE\Definitions\libMachoUniv.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBPIMSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WebExaminer => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WebProxy => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3227488530-1666802016-3989171195-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lori\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: Adobe Licensing Console => 2 MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AFBAgent => 2 MSCONFIG\Services: Apple Mobile Device Service => 2 MSCONFIG\Services: ASLDRService => 2 MSCONFIG\Services: ASUS InstantOn => 2 MSCONFIG\Services: ATKGFNEXSrv => 2 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: CouponPrinterService => 2 MSCONFIG\Services: ENAgent => 2 MSCONFIG\Services: EpsonCustomerParticipation => 2 MSCONFIG\Services: EpsonScanSvc => 2 MSCONFIG\Services: EPSON_PM_RPCV4_04 => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: iPod Service => 3 MSCONFIG\Services: LMS => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: NETGEARGenieDaemon => 3 MSCONFIG\Services: UNS => 2 MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: Digital Coupon Print Driver => "C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe" MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch MSCONFIG\startupreg: NETGEARGenie => "C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{C0590ADF-92EC-43D3-9E17-09DBE85F6C57}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{5A91AC63-3975-4121-8662-306E9525B30E}] => (Allow) LPort=2869 FirewallRules: [{3702CCD1-6B24-47C3-B746-E9B7B12D39F8}] => (Allow) LPort=1900 FirewallRules: [{D6FE0EBA-88A3-4C70-9983-045FA617FF33}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{12B16596-73B6-4E60-B731-1DD065A9719C}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{7037B1D5-6B60-4CEA-B1F1-69F4E2B0738D}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe FirewallRules: [{0A390B3D-D392-4D7D-8943-312F537ED62C}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe FirewallRules: [TCP Query User{0F4C42DE-2465-4FCA-97B3-E47575DBBD49}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [UDP Query User{3557DD8B-7C27-4F77-923A-246D7F63A24E}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [TCP Query User{36DC0AB3-DBCB-467E-8109-E9AFA60C07CB}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [UDP Query User{D8DB2542-11C6-4E53-A2F4-6C630564B2A7}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [{EEB6F671-ED65-4B77-835A-A1E6D93D169C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{6E41CCBE-5A3E-4006-8AA5-63F6B8005ACA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{D7034B2E-FE29-4655-9121-5BFDD0FEA822}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{0CA64345-F041-41BB-A2DE-D29A4D2D9071}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [TCP Query User{E1D0062F-625E-4B2E-B32D-9A4023D20EBB}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe FirewallRules: [UDP Query User{5739503A-C066-487C-9887-9D759A9A4A7D}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe FirewallRules: [TCP Query User{B1FC643C-966A-4253-8414-6B8088789846}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe FirewallRules: [UDP Query User{46ADAC8F-BE2B-4E63-BEB8-B63ED7E9A7E7}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe FirewallRules: [TCP Query User{34EA9996-2BED-48F5-8507-6534EAAF56F2}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe FirewallRules: [UDP Query User{BB707DD4-1F8B-4AA0-B36B-4A15A7668A6F}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe FirewallRules: [{4611AB0B-8233-4E5E-B9A6-217854B903F6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{588C7BF3-C94C-4887-A195-7E7A54F5C516}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{9E0C484E-C7CF-4273-A94F-75062F85E3FA}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{F2974660-5722-4943-81A8-0D8B0FF3EC4A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{681E00E9-333D-499F-B7C3-16CABF31BD1C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{9488C064-15E4-4E54-B20E-9DA81ADF30FA}] => (Allow) LPort=15600 FirewallRules: [{ACCF4843-33B9-4DB0-88F2-0B2179289A79}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{D49AFB5B-676B-4EFA-8370-68C65AA9D2A6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{88D8BC9F-544C-49BE-94A5-1BFEAE1DFFDF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{6789DD00-F7E5-41BA-9759-DCF945CF8251}] => (Allow) C:\Users\Lori\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe FirewallRules: [{6E14539C-7A3C-470C-8283-578F2C69153C}] => (Allow) C:\Users\Lori\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe ==================== Restore Points ========================= 25-12-2015 12:30:46 Scheduled Checkpoint 26-12-2015 15:10:18 Windows Software Development Kit - Windows 10.0.10586.15 29-12-2015 12:06:58 Installed Software Updater 29-12-2015 15:23:18 Installed Heimdal Agent 29-12-2015 15:26:10 Installed Heimdal Agent 29-12-2015 20:59:14 Installed Heimdal Agent 30-12-2015 07:50:03 Removed RevTraxPrintMyCoupon 30-12-2015 13:46:31 Removed Software Updater 30-12-2015 13:56:34 Removed Software Updater ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/06/2016 08:09:45 PM) (Source: HeimdalSecureDNS) (EventID: 0) (User: ) Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object. at ‍‫‌‬‏‏‪‮‍‬‍‌‬‭‮‎‬​‎‏‪‫‍‬‎‮.​‪‎‮‬​‌‏​‍‮‎‎‍‫‫‌‭‮‌‪‮‪‪‮‮(Int32 ) at ‍‫‌‬‏‏‪‮‍‬‍‌‬‭‮‎‬​‎‏‪‫‍‬‎‮.‍‫‪‮‎‍‬​‮‎‭‌‏‮‬‭‎‮‪‍​​‎‪​‏‮(String[] ) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (01/01/2016 08:26:43 AM) (Source: HeimdalSecureDNS) (EventID: 0) (User: ) Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object. at ‍‫‌‬‏‏‪‮‍‬‍‌‬‭‮‎‬​‎‏‪‫‍‬‎‮.​‪‎‮‬​‌‏​‍‮‎‎‍‫‫‌‭‮‌‪‮‪‪‮‮(Int32 ) at ‍‫‌‬‏‏‪‮‍‬‍‌‬‭‮‎‬​‎‏‪‫‍‬‎‮.‍‫‪‮‎‍‬​‮‎‭‌‏‮‬‭‎‮‪‍​​‎‪​‏‮(String[] ) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (12/31/2015 07:31:11 PM) (Source: HeimdalSecureDNS) (EventID: 0) (User: ) Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object. at ‍‫‌‬‏‏‪‮‍‬‍‌‬‭‮‎‬​‎‏‪‫‍‬‎‮.​‪‎‮‬​‌‏​‍‮‎‎‍‫‫‌‭‮‌‪‮‪‪‮‮(Int32 ) at ‍‫‌‬‏‏‪‮‍‬‍‌‬‭‮‎‬​‎‏‪‫‍‬‎‮.‍‫‪‮‎‍‬​‮‎‭‌‏‮‬‭‎‮‪‍​​‎‪​‏‮(String[] ) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (12/31/2015 07:05:10 AM) (Source: HeimdalSecureDNS) (EventID: 0) (User: ) Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object. at ‍‫‌‬‏‏‪‮‍‬‍‌‬‭‮‎‬​‎‏‪‫‍‬‎‮.​‪‎‮‬​‌‏​‍‮‎‎‍‫‫‌‭‮‌‪‮‪‪‮‮(Int32 ) at ‍‫‌‬‏‏‪‮‍‬‍‌‬‭‮‎‬​‎‏‪‫‍‬‎‮.‍‫‪‮‎‍‬​‮‎‭‌‏‮‬‭‎‮‪‍​​‎‪​‏‮(String[] ) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (12/30/2015 01:28:46 PM) (Source: MsiInstaller) (EventID: 1013) (User: Lori-PC) Description: Product: Software Updater -- Newer version of this software is already installed. Error: (12/30/2015 06:58:38 AM) (Source: HeimdalSecureDNS) (EventID: 0) (User: ) Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object. at ‍‫‌‬‏‏‪‮‍‬‍‌‬‭‮‎‬​‎‏‪‫‍‬‎‮.​‪‎‮‬​‌‏​‍‮‎‎‍‫‫‌‭‮‌‪‮‪‪‮‮(Int32 ) at ‍‫‌‬‏‏‪‮‍‬‍‌‬‭‮‎‬​‎‏‪‫‍‬‎‮.‍‫‪‮‎‍‬​‮‎‭‌‏‮‬‭‎‮‪‍​​‎‪​‏‮(String[] ) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (12/29/2015 10:08:00 PM) (Source: MsiInstaller) (EventID: 1013) (User: Lori-PC) Description: Product: Software Updater -- Newer version of this software is already installed. Error: (12/29/2015 10:00:24 PM) (Source: MsiInstaller) (EventID: 1013) (User: Lori-PC) Description: Product: Software Updater -- Newer version of this software is already installed. Error: (12/29/2015 09:53:12 PM) (Source: MsiInstaller) (EventID: 1013) (User: Lori-PC) Description: Product: Software Updater -- Newer version of this software is already installed. Error: (12/29/2015 09:46:52 PM) (Source: HeimdalSecureDNS) (EventID: 0) (User: ) Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object. at ‍‫‌‬‏‏‪‮‍‬‍‌‬‭‮‎‬​‎‏‪‫‍‬‎‮.​‪‎‮‬​‌‏​‍‮‎‎‍‫‫‌‭‮‌‪‮‪‪‮‮(Int32 ) at ‍‫‌‬‏‏‪‮‍‬‍‌‬‭‮‎‬​‎‏‪‫‍‬‎‮.‍‫‪‮‎‍‬​‮‎‭‌‏‮‬‭‎‮‪‍​​‎‪​‏‮(String[] ) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) System errors: ============= Error: (01/06/2016 08:16:20 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Windows Time service terminated with the following error: %%5 Error: (01/06/2016 08:16:20 PM) (Source: Microsoft-Windows-Time-Service) (EventID: 46) (User: NT AUTHORITY) Description: The time service encountered an error and was forced to shut down. The error was: 0x80070005: Access is denied. Error: (01/06/2016 08:16:20 PM) (Source: Microsoft-Windows-Time-Service) (EventID: 54) (User: NT AUTHORITY) Description: The time service encountered an error while refreshing its configuration in the registry and cannot start. The error was: ºccess is denied. (0x80070005) Error: (01/06/2016 08:10:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (01/01/2016 08:49:27 AM) (Source: Application Popup) (EventID: 56) (User: ) Description: Driver USB returned invalid ID for a child device (201507261120000000000691). Error: (01/01/2016 08:27:29 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (12/31/2015 07:31:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (12/31/2015 07:05:40 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (12/30/2015 06:59:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The WebProxy service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 200 milliseconds: Restart the service. Error: (12/30/2015 06:59:34 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) CodeIntegrity: =================================== Date: 2015-10-06 08:02:11.772 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Lori\recovered\appid_3.sys because the set of per-page image hashes could not be found on the system. Date: 2015-10-06 08:02:11.694 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Lori\recovered\appid_3.sys because the set of per-page image hashes could not be found on the system. Date: 2015-10-06 08:02:11.616 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Lori\recovered\appid_3.sys because the set of per-page image hashes could not be found on the system. Date: 2015-10-06 08:02:11.538 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Lori\recovered\appid_3.sys because the set of per-page image hashes could not be found on the system. Date: 2015-10-06 08:01:55.470 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Lori\recovered\appidapi_5.dll because the set of per-page image hashes could not be found on the system. Date: 2015-10-06 08:01:55.392 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Lori\recovered\appidapi_5.dll because the set of per-page image hashes could not be found on the system. Date: 2015-10-06 08:01:55.282 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Lori\recovered\appidapi_5.dll because the set of per-page image hashes could not be found on the system. Date: 2015-10-06 08:01:55.189 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Lori\recovered\appidapi_5.dll because the set of per-page image hashes could not be found on the system. Date: 2015-10-06 08:01:54.830 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Lori\recovered\appidapi_8.dll because the set of per-page image hashes could not be found on the system. Date: 2015-10-06 08:01:54.752 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Lori\recovered\appidapi_8.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Celeron(R) CPU B820 @ 1.70GHz Percentage of memory in use: 34% Total physical RAM: 4000.13 MB Available physical RAM: 2600.57 MB Total Virtual: 9998.33 MB Available Virtual: 8374.98 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:119.24 GB) (Free:68.78 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (DATA) (Fixed) (Total:153.76 GB) (Free:153.66 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 0ED6495C) Partition 1: (Not Active) - (Size=25 GB) - (Type=1C) Partition 2: (Active) - (Size=100 MB) - (Type=27) Partition 3: (Not Active) - (Size=119.2 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=153.8 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================