Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01 Ran by Nicole (2016-01-11 12:55:51) Running from C:\Users\Nicole\Desktop\FRST Program Windows 10 Home (X64) (2015-12-06 18:40:21) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3710058852-312542076-3770498964-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3710058852-312542076-3770498964-503 - Limited - Disabled) Guest (S-1-5-21-3710058852-312542076-3770498964-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3710058852-312542076-3770498964-1003 - Limited - Enabled) Nicole (S-1-5-21-3710058852-312542076-3770498964-1001 - Administrator - Enabled) => C:\Users\Nicole ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ESET NOD32 Antivirus 8.0 (Enabled - Out of date) {19259FAE-8396-A113-46DB-15B0E7DFA289} AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: ESET NOD32 Antivirus 8.0 (Enabled - Out of date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-3710058852-312542076-3770498964-1001\...\uTorrent) (Version: 3.4.2.38913 - BitTorrent Inc.) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) Active@ DVD Eraser v 1.1 (HKLM-x32\...\Active@ DVD Eraser v 1.1) (Version: - ) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated) Adobe Flash Player 20 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated) Aimersoft DVD Creator(Build 3.0.0) (HKLM-x32\...\Aimersoft DVD Creator_is1) (Version: - Aimersoft Software) Any Video Converter Ultimate 5.8.0 (HKLM-x32\...\Any Video Converter Ultimate_is1) (Version: - Any-Video-Converter.com) Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach) ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS) ASUS RT-N56U Wireless Router Utilities (HKLM-x32\...\{BB5FCB34-F3DE-4FA1-A92F-F66563D280B0}) (Version: 4.2.8.0 - ASUS) ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.5 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.01.0003 - ASUS) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0039 - ASUS) Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team) AVS Disc Creator 5.2 (HKLM-x32\...\AVS Disc Creator_is1) (Version: 5.2.3.533 - Online Media Technologies Ltd.) AVS Video Converter 9.1 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 9.1.3.572 - Online Media Technologies Ltd.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.4.60 - Conexant) CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: - Foolish IT LLC) CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: - ) Device Setup (HKLM-x32\...\{1F07F2C7-596F-4F34-B805-2C61A3E50E5A}) (Version: 1.0.18 - ASUSTek Computer Inc.) DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink) DVDFab 9.1.9.5 (28/03/2015) (HKLM-x32\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.) emWave2 (HKLM-x32\...\emWave23.3.0.7385) (Version: 3.3.0.7385 - Heartmath Inc.) ESET NOD32 Antivirus (HKLM\...\{5F2AE448-CD4B-40BD-B245-5F0CD06A09B0}) (Version: 8.0.319.0 - ESET, spol s r. o.) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Express Zip File Compression (HKLM-x32\...\ExpressZip) (Version: 2.33 - NCH Software) FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version: - Image-Line) FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line) Foxit PhantomPDF (HKLM-x32\...\{045A0488-55C1-45B1-9992-4B4134904D61}) (Version: 7.0.59.127 - Foxit Software Inc.) HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.0.30.219 - Hewlett-Packard Company) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation) IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.2.1.116 - IObit) iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.) Kits Configuration Installer (x32 Version: 8.59.25584 - Microsoft) Hidden Machina of the Planet Tree -Planet Ruler- (HKLM-x32\...\Machina of the Planet Tree -Planet Ruler-_is1) (Version: - ) Malwarebytes Anti-Exploit version 1.07.1.1015 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.07.1.1015 - Malwarebytes) Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation) Microsoft Visio Professional 2013 - en-us (HKLM\...\VisioProRetail - en-us) (Version: 15.0.4779.1002 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation) Moon Planting Matrix (HKLM-x32\...\{B1FCFDBC-C876-4909-A26A-40AF94A24DEC}) (Version: 1.2.9 - Divine Inspirations) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) NVIDIA GeForce Experience 2.8.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.8.1.21 - NVIDIA Corporation) NVIDIA Graphics Driver 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.43 - NVIDIA Corporation) NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4779.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden Opera Stable 34.0.2036.25 (HKLM-x32\...\Opera 34.0.2036.25) (Version: 34.0.2036.25 - Opera Software) Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.) Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version: - ) PeerBlock 1.1 (r518) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.518 - PeerBlock, LLC) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications) Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) QuickBooks (x32 Version: 19.0.4007.1091 - Intuit Canada Limited) Hidden QuickBooks Premier: Retail Edition 2010 (HKLM-x32\...\{69CAC0F3-5CA1-4AFB-8DF9-BD982998B36F}) (Version: 19.0.4007.1091 - Intuit Canada Limited) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.21243 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.29.314.2014 - Realtek) Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.) Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft) SHIELD Streaming (Version: 4.1.0250 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.8.1.21 - NVIDIA Corporation) Hidden Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation) Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.103 - Skype Technologies S.A.) StudioTax 2012 (HKLM-x32\...\{83B7264E-A772-419B-8656-A1AD5C32D432}) (Version: 8.0.6.3 - BHOK IT Consulting) StudioTax 2013 (HKLM-x32\...\{28B28C36-EB35-44CB-9396-C994E927ABA7}) (Version: 9.1.11.1 - BHOK IT Consulting) StudioTax 2014 (HKLM-x32\...\{2EF6F96B-39E8-42AB-9338-25F801615CD8}) (Version: 10.0.13.1 - BHOK IT Consulting) SupportSoft Assisted Service (HKLM-x32\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft) Tipard Walkman Video Converter 6.1.50 (HKLM-x32\...\{148E1C03-9ED1-4194-845E-159DE3ABC6A1}_is1) (Version: - ) Unchecky v0.4.2 (HKLM-x32\...\Unchecky) (Version: 0.4.2 - RaMMicHaeL) Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{9F6B3627-AF9E-40A5-AAD5-3497C4327616}) (Version: - Microsoft) VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN) WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.0.496 - ASUS Cloud Corporation) Windows Driver Package - ASUS (ATP) Mouse (06/17/2015 6.0.0.66) (HKLM\...\1EFB54678773735560B565BE7FA6F2BCC557EE21) (Version: 06/17/2015 6.0.0.66 - ASUS) Windows Software Development Kit (HKLM-x32\...\{363a2c1e-637f-45ce-933b-5a5463efd945}) (Version: 8.59.29750 - Microsoft Corporation) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS) WinX DVD Copy Pro 3.6.4 (HKLM\...\WinX DVD Copy Pro_is1) (Version: - Digiarty Software,Inc.) WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E9}) (Version: 19.5.11475 - WinZip Computing, S.L. ) WPT Redistributables (x32 Version: 8.59.29750 - Microsoft) Hidden WPTx64 (x32 Version: 8.59.29722 - Microsoft) Hidden Zan Image Printer (HKLM\...\zvprt50) (Version: - ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3710058852-312542076-3770498964-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Nicole\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0198EDDA-50C9-4043-91FF-BA10CE7D0546} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard) Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto Task: {2E25C4B4-6639-48D5-B965-3FC45DE8D9D9} - System32\Tasks\Opera scheduled Autoupdate 1449881493 => C:\Program Files (x86)\Opera\launcher.exe [2015-12-04] (Opera Software) Task: {346A2358-43A1-4831-B03F-176809137239} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe Task: {34ABDD7D-5EC9-4285-A962-66E3671FBF55} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2014-09-02] (ASUSTek Computer Inc.) Task: {44BC47FE-C3CC-429E-A5AE-7C35B1CC70EE} - System32\Tasks\{813BEEC4-B47C-4699-83E2-298AEB1C537F} => pcalua.exe -a C:\Users\Nicole\Desktop\VoiceTrap.DX\VoiceTrapX20.exe -d C:\Users\Nicole\Desktop\VoiceTrap.DX Task: {45A47C7F-A2E6-415B-8A13-D151F209EF37} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-09] (Microsoft Corporation) Task: {4EFD0039-EEE2-4B8C-8E20-101D6C6E51C9} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.) Task: {54BD8075-72DF-41A6-B6B8-B519BF47F0FF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-27] (Microsoft Corporation) Task: {5BD38DBA-2698-47D3-99D9-D8D43FE2FD3E} - System32\Tasks\Uninstaller_SkipUac_Nicole => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-12-24] (IObit) Task: {5FB47C19-5BBC-449B-B930-7010584F9622} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_267_pepper.exe [2016-01-02] (Adobe Systems Incorporated) Task: {636A5AE5-03FA-43F0-9354-F59A64C47C8D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {6E6874BC-B887-493A-AA6B-9394B61F7D51} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-27] (Microsoft Corporation) Task: {7CA1C9C3-7C5C-4C9A-8727-DF1FB0AFF032} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-02] (Adobe Systems Incorporated) Task: {82CBBDA3-180A-457F-B61B-1F610596AF79} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-04-02] (ASUS) Task: {87C5F5E9-D15E-4D96-8313-BC3F76996578} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK Task: {98B52B59-55A1-4A33-A094-E4676C61E990} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation) Task: {BF2B3D0F-D0D0-48D3-AEB9-C9FA7B31ED97} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.) Task: {C81A0AF8-A9FC-4622-BF94-7B1AE7864813} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation) Task: {DDA79EC7-7A0B-4596-BC16-92E98774E71D} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] () Task: {E8572983-88DD-43F3-908B-019B4129D9FD} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_267_pepper.exe Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Nicole.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 00:18 - 2015-10-30 00:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2015-12-06 11:04 - 2015-12-16 07:54 - 00126256 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-03-05 18:03 - 2012-03-11 14:56 - 00086608 _____ () C:\WINDOWS\System32\cpwmon64.dll 2015-02-13 03:20 - 2015-02-13 03:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-05-15 15:26 - 2015-05-15 15:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2015-03-05 18:26 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2015-12-21 20:18 - 2015-12-08 18:52 - 00217720 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll 2015-12-06 11:54 - 2015-12-06 11:54 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2015-12-06 11:54 - 2015-12-06 11:54 - 02653816 _____ () C:\Windows\System32\CoreUIComponents.dll 2015-12-06 11:54 - 2015-12-06 11:54 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2015-10-27 12:33 - 2015-09-01 09:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2015-12-19 11:31 - 2015-12-06 20:33 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2015-12-17 08:53 - 2015-12-17 08:54 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2015-10-30 00:18 - 2015-10-30 00:18 - 02100064 _____ () C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe 2015-12-19 11:31 - 2015-12-06 21:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2015-12-19 11:31 - 2015-12-06 21:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2015-10-30 00:18 - 2015-10-30 00:18 - 00257024 _____ () C:\Windows\System32\mtfserver.dll 2015-10-30 00:18 - 2015-10-30 00:18 - 00227328 _____ () C:\Windows\System32\mtf.dll 2015-12-19 11:31 - 2015-12-06 20:37 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2015-12-19 11:31 - 2015-12-06 20:34 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2015-12-19 11:31 - 2015-12-06 20:36 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2014-04-02 15:46 - 2014-04-02 15:46 - 00018992 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDColorEnhance.dll 2014-04-02 15:46 - 2014-04-02 15:46 - 00117248 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll 2014-04-02 15:46 - 2014-04-02 15:46 - 00037936 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll 2014-04-02 15:46 - 2014-04-02 15:46 - 00020528 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDRegammaAndGamut.dll 2015-06-01 17:29 - 2015-12-08 18:53 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2015-12-11 17:51 - 2015-12-04 00:18 - 61547128 _____ () C:\Program Files (x86)\Opera\34.0.2036.25\opera.dll 2015-12-11 17:51 - 2015-12-04 00:18 - 01983096 _____ () C:\Program Files (x86)\Opera\34.0.2036.25\libglesv2.dll 2015-12-11 17:51 - 2015-12-04 00:18 - 00081528 _____ () C:\Program Files (x86)\Opera\34.0.2036.25\libegl.dll 2014-11-21 18:19 - 2013-12-09 16:26 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2015-12-17 08:53 - 2015-12-17 08:54 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2015-12-17 08:53 - 2015-12-17 08:54 - 21845504 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2016-01-10 16:42 - 2015-12-23 16:27 - 00355616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl 2016-01-10 16:42 - 2015-12-23 16:27 - 00190240 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl 2016-01-10 16:42 - 2015-12-23 16:27 - 00057632 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl 2016-01-10 16:42 - 2015-12-23 16:27 - 00629536 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll 2015-04-29 18:50 - 2015-04-29 18:50 - 00520192 _____ () C:\Program Files\WinZip\adxloader.dll 2015-10-30 00:18 - 2015-10-30 00:18 - 00227328 _____ () C:\Windows\SYSTEM32\mtf.dll 2013-04-27 09:24 - 2013-04-27 09:24 - 00071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 06:25 - 2016-01-10 15:46 - 00003489 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 0.0.0.0.0 127.0.0.1 0.0.0.0.0 127.0.0.1 0.0.0.0.0 127.0.0.1 0.0.0.0.0 127.0.0.1 0.0.0.0.0 127.0.0.1 0.0.0.0.0 127.0.0.1 0.0.0.0.0 127.0.0.1 0.0.0.0.0 127.0.0.1 0.0.0.0.0 127.0.0.1 m.fr.a2dfp.net 127.0.0.1 mfr.a2dfp.net 127.0.0.1 ad.a8.net 127.0.0.1 asy.a8ww.net 127.0.0.1 static.a-ads.com 127.0.0.1 atlas.aamedia.ro 127.0.0.1 abcstats.com 127.0.0.1 ad4.abradio.cz 127.0.0.1 a.abv.bg 127.0.0.1 adserver.abv.bg 127.0.0.1 adv.abv.bg 127.0.0.1 bimg.abv.bg 127.0.0.1 ca.abv.bg 127.0.0.1 www2.a-counter.kiev.ua 127.0.0.1 track.acclaimnetwork.com 127.0.0.1 accuserveadsystem.com 127.0.0.1 www.accuserveadsystem.com 127.0.0.1 achmedia.com 127.0.0.1 csh.actiondesk.com 127.0.0.1 ads.activepower.net 127.0.0.1 app.activetrail.com There are 82 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3710058852-312542076-3770498964-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 192.168.1.254 - 75.153.176.9 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: SEVPNCLIENT => 2 HKLM\...\StartupApproved\StartupFolder: => "QuickBooks Update Agent.lnk" HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "DelaypluginInstall" HKLM\...\StartupApproved\Run32: => "Intuit SyncManager" HKLM\...\StartupApproved\Run32: => "iSkysoft Helper Compact.exe" HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe" HKLM\...\StartupApproved\Run32: => "Aimersoft Helper Compact.exe" HKU\S-1-5-21-3710058852-312542076-3770498964-1001\...\StartupApproved\Run: => "DAEMON Tools Pro Agent" HKU\S-1-5-21-3710058852-312542076-3770498964-1001\...\StartupApproved\Run: => "OneDrive" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{CE3EE810-A1A2-4360-BB64-E3404CA0EC66}C:\users\nicole\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\nicole\appdata\roaming\utorrent\utorrent.exe FirewallRules: [UDP Query User{91F83C06-157A-4860-B309-624EA73C58DA}C:\users\nicole\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\nicole\appdata\roaming\utorrent\utorrent.exe FirewallRules: [{3C34237E-721D-4680-AB0C-96C8B8BD6682}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{DC7F33AA-7345-47C1-98DA-45DF0C6532D0}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{075410F5-B00D-45E3-989B-F7C8C9434F77}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{6BEFE866-BE2B-43AB-9CAA-61A50CBABC5D}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [TCP Query User{ABF1A054-FB81-449B-9DAC-44C28AF1B8B3}C:\windows\system32\runtimebroker.exe] => (Block) C:\windows\system32\runtimebroker.exe FirewallRules: [UDP Query User{ABD9AD28-4364-4A50-8C56-9709AD7E7DB1}C:\windows\system32\runtimebroker.exe] => (Block) C:\windows\system32\runtimebroker.exe FirewallRules: [TCP Query User{6D1AC70F-7B71-4F56-810F-2F056C24B6B7}C:\windows\system32\runtimebroker.exe] => (Block) C:\windows\system32\runtimebroker.exe FirewallRules: [UDP Query User{2F26B6A5-7DE0-4EEA-B8F9-51D32A1DEC24}C:\windows\system32\runtimebroker.exe] => (Block) C:\windows\system32\runtimebroker.exe FirewallRules: [{FE99752E-5F4A-4389-B3DB-598D1E9DF52D}] => (Allow) E:\RouterSetup\QISWizard.exe FirewallRules: [{B44F9117-BA0E-45BD-8D91-EB2539B0DAB4}] => (Allow) E:\RouterSetup\QISWizard.exe FirewallRules: [{64B5E6F0-D2BE-484F-B056-09BA5DB6ABE9}] => (Allow) C:\Program Files (x86)\ASUS\RT-N56U Wireless Router Utilities\Discovery.exe FirewallRules: [{DDA177EC-AC1D-4DC9-8774-18FA2CCAE80C}] => (Allow) C:\Program Files (x86)\ASUS\RT-N56U Wireless Router Utilities\Discovery.exe FirewallRules: [{C7BE7CD8-6BFE-4496-9B65-3F67F96C47F6}] => (Allow) C:\Program Files (x86)\ASUS\RT-N56U Wireless Router Utilities\Rescue.exe FirewallRules: [{68093332-2696-4B45-855D-FA2D1315D54C}] => (Allow) C:\Program Files (x86)\ASUS\RT-N56U Wireless Router Utilities\Rescue.exe FirewallRules: [{FC6AC59E-F835-458C-9B71-79FBF04DD39D}] => (Allow) C:\Program Files (x86)\ASUS\RT-N56U Wireless Router Utilities\QISWizard.exe FirewallRules: [{2FE193B2-8258-40E4-B849-0FEC4A70AE06}] => (Allow) C:\Program Files (x86)\ASUS\RT-N56U Wireless Router Utilities\QISWizard.exe FirewallRules: [{95A9AF2B-2A72-41A5-B04D-7581D608821B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{3E5E4B2B-0EE0-4AB5-9F63-F553A0834E9C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{651809A3-4CEE-422C-BAA5-523F95DFB8F8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{6FEB9974-68EB-47E8-8ACD-9363C246C427}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{33724E8A-AC44-4379-8C2B-A53E0809B3FB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{F5F4C3FC-19BB-42AF-8AF7-71E51CC228AC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{2232FA94-333D-4288-9657-A8C2012E9758}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe ==================== Restore Points ========================= 27-12-2015 13:08:25 Scheduled Checkpoint 04-01-2016 09:21:23 Installed HP Support Solutions Framework ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/11/2016 08:51:20 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1188 Error: (01/11/2016 08:51:20 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1188 Error: (01/11/2016 08:51:20 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/11/2016 08:51:12 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1140 Error: (01/11/2016 08:51:12 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1140 Error: (01/11/2016 08:51:12 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/10/2016 08:22:04 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (01/10/2016 04:04:58 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 2.3.125.0, time stamp: 0x5612a56b Faulting module name: ntdll.dll, version: 10.0.10586.20, time stamp: 0x5654262a Exception code: 0xc0000374 Fault offset: 0x000dc089 Faulting process id: 0x1ec0 Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Faulting package full name: mbam.exe4 Faulting package-relative application ID: mbam.exe5 Error: (01/10/2016 03:39:54 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program explorer.exe version 10.0.10586.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 15a8 Start Time: 01d147ceaa5356d2 Termination Time: 60000 Application Path: C:\Windows\explorer.exe Report Id: c6e4f4c3-b7ea-11e5-82cf-f0795907df78 Faulting package full name: Faulting package-relative application ID: Error: (01/10/2016 01:00:17 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe_OneSyncSvc_6943b, version: 10.0.10586.0, time stamp: 0x5632d7ba Faulting module name: SYNCUTIL.dll, version: 10.0.10586.0, time stamp: 0x5632d59c Exception code: 0xe0464645 Fault offset: 0x00000000000160d0 Faulting process id: 0x25f0 Faulting application start time: 0xsvchost.exe_OneSyncSvc_6943b0 Faulting application path: svchost.exe_OneSyncSvc_6943b1 Faulting module path: svchost.exe_OneSyncSvc_6943b2 Report Id: svchost.exe_OneSyncSvc_6943b3 Faulting package full name: svchost.exe_OneSyncSvc_6943b4 Faulting package-relative application ID: svchost.exe_OneSyncSvc_6943b5 System errors: ============= Error: (01/10/2016 09:51:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (01/10/2016 04:06:51 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: The ScRegSetValueExW call failed for DeleteFlag with the following error: %%5 Error: (01/10/2016 04:06:51 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: The ScRegSetValueExW call failed for DeleteFlag with the following error: %%5 Error: (01/10/2016 04:06:51 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: The ScRegSetValueExW call failed for DeleteFlag with the following error: %%5 Error: (01/10/2016 03:49:51 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: {784E29F4-5EBE-4279-9948-1E8FE941646D} Error: (01/10/2016 03:45:57 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 3:18:58 PM on ‎1/‎10/‎2016 was unexpected. Error: (01/10/2016 03:44:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_6943b service to connect. Error: (01/10/2016 03:44:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_6943b service to connect. Error: (01/10/2016 03:44:21 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Data Storage_6943b service, but this action failed with the following error: %%1056 Error: (01/10/2016 03:44:14 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: {7006698D-2974-4091-A424-85DD0B909E23} CodeIntegrity: =================================== Date: 2016-01-06 19:40:07.081 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-29 17:00:49.449 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-29 15:52:00.806 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-19 21:22:23.307 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-13 15:23:02.362 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-11 17:37:57.613 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-10 16:05:36.917 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-10 14:41:21.680 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-06 17:35:43.640 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-06 11:26:16.659 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz Percentage of memory in use: 39% Total physical RAM: 12171.01 MB Available physical RAM: 7335.73 MB Total Virtual: 12939.01 MB Available Virtual: 7019.79 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:279.45 GB) (Free:26.99 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (Data) (Fixed) (Total:398.07 GB) (Free:374.15 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 698.6 GB) (Disk ID: BC9EED00) Partition: GPT. ==================== End of Addition.txt ============================