Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-04-2016 Ran by Ultimate Shred (2016-04-15 14:29:39) Running from C:\Users\Ultimate Shred\Desktop Windows 10 Home Version 1511 (X64) (2016-02-16 11:09:56) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-16444868-77617992-154200752-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-16444868-77617992-154200752-503 - Limited - Disabled) Guest (S-1-5-21-16444868-77617992-154200752-501 - Limited - Disabled) Ultimate Shred (S-1-5-21-16444868-77617992-154200752-1001 - Administrator - Enabled) => C:\Users\Ultimate Shred ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB} FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.) Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.) Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.) Components (x32 Version: 1.0.023.00 - Lenovo) Hidden Driver and Application Installation (HKLM-x32\...\{6EC299C6-074C-4529-8D5F-2798584BB27B}) (Version: 2.02.0803 - Lenovo) Google Chrome (HKU\S-1-5-21-16444868-77617992-154200752-1001\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.) Intel(R) Chipset Device Software (x32 Version: 10.1.1.7 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation) Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation) iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.) Lenovo Accelerator Application (HKLM-x32\...\{10672FE6-3D50-4F79-B0C7-A5573A5D415D}) (Version: 2.2.0.0701 - Lenovo) Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo) Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 2.0.9.0 - Lenovo) Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.8231 - CyberLink Corp.) Lenovo Power2Go (x32 Version: 6.0.8231 - CyberLink Corp.) Hidden Lenovo PowerDVD12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5320.55 - CyberLink Corp.) Lenovo PowerDVD12 (x32 Version: 12.0.5320.55 - CyberLink Corp.) Hidden Lenovo QuickOptimizer (HKLM\...\{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}) (Version: 1.0.022.00 - Lenovo) Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.4212 - CyberLink Corp.) Lenovo Rescue System (Version: 4.0.0.4212 - CyberLink Corp.) Hidden Lenovo Solution Center (HKLM\...\{E442BFFD-8406-4C6D-BE7E-0CF6E61EE363}) (Version: 3.2.004.00 - Lenovo) Lenovo System Interface Foundation (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.054.00 - Lenovo) Manual (HKLM-x32\...\{693F92E5-37D1-46B7-A0D6-19A74A2FD0EC}) (Version: 1.00.0701 - Lenovo) McAfee LiveSafe - Internet Security (HKLM-x32\...\MSC) (Version: 14.0.7086 - McAfee, Inc.) McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.187 - McAfee, Inc.) Metric Collection SDK (x32 Version: 1.1.0012.00 - Lenovo Group Limited) Hidden Metric Collection SDK 35 (x32 Version: 1.2.0010.00 - Lenovo Group Limited) Hidden Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.6769.2015 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) NVIDIA Graphics Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.62 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation) NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6729.1012 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.6729.1012 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6729.1012 - Microsoft Corporation) Hidden REACHit (HKLM-x32\...\{4532E4C5-C84D-4040-A044-ECFCC5C6995B}) (Version: 2.5.004.8 - Lenovo) REALTEK Bluetooth Filter Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AD}) (Version: 1.3.868.060315 - REALTEK Semiconductor Corp.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.31213 - Realtek Semiconductor Corp.) Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.1.505.2015 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7525 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0269 - REALTEK Semiconductor Corp.) SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.5.5.0 - Lenovo) Windows Driver Package - NVIDIA (nvlddmkm) Display (07/22/2015 10.18.13.5362) (HKLM\...\81C36D5B443FFB6F528F76BD424D750C53ADF10E) (Version: 07/22/2015 10.18.13.5362 - NVIDIA) Windows Driver Package - NVIDIA Corporation (NVHDA) MEDIA (04/16/2015 1.3.34.3) (HKLM\...\E1EF4D4E1E41BA85DB6DA51424B73AE1B3F0056A) (Version: 04/16/2015 1.3.34.3 - NVIDIA Corporation) Windows Driver Package - Realtek (rt640x64) Net (05/05/2015 10.001.0505.2015) (HKLM\...\6A304520C2F25CD034E477A379C47308AA84A2DC) (Version: 05/05/2015 10.001.0505.2015 - Realtek) Windows Driver Package - Realtek Semiconduct Corp. (RTSUER) USB (05/11/2015 6.3.9600.31213) (HKLM\...\8B76AD3EEC17650CAFD6EEFD418B2454C10BC71B) (Version: 05/11/2015 6.3.9600.31213 - Realtek Semiconduct Corp.) Windows Driver Package - Realtek Semiconductor Corp. (RtkBtFilter) Bluetooth (06/11/2015 1.3.868.3) (HKLM\...\604A7B07184AD24892732BED4543610976632257) (Version: 06/11/2015 1.3.868.3 - Realtek Semiconductor Corp.) Windows Driver Package - Realtek Semiconductor Corp. (RTWlanE) Net (07/09/2015 2023.14.0615.2015) (HKLM\...\5D078DEFD18360A7A64D38392C9F1007DC86AE23) (Version: 07/09/2015 2023.14.0615.2015 - Realtek Semiconductor Corp.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-16444868-77617992-154200752-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Ultimate Shred\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-16444868-77617992-154200752-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Ultimate Shred\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-16444868-77617992-154200752-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ultimate Shred\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {16F146D5-62FC-42E9-80E4-026A174B0246} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-03-25] (Lenovo) Task: {43697786-F89B-431E-BD74-63B07C7E7893} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-01-27] (McAfee, Inc.) Task: {46C89691-FD82-4D09-90F5-C6263A44BD0C} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo) Task: {48FA7BA2-D0D6-4E22-8B53-A313AFF4C522} - System32\Tasks\Lenovo\SHUpdate => C:\Program Files (x86)\Lenovo\SHAREit\ShareitUpdater.exe [2015-07-12] () Task: {511793F6-33DB-43E0-9482-35D364CCD720} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-01-27] (McAfee, Inc.) Task: {722C905B-002D-4F84-A5D3-135FCF1F0C99} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-16444868-77617992-154200752-1001UA => C:\Users\Ultimate Shred\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-16] (Google Inc.) Task: {93ED11DC-F9E3-42AD-9893-DA5302CE9790} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-01-25] (Lenovo) Task: {998BA38C-26BF-4F0D-82F8-3D6FFB645A89} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2016-01-03] (McAfee, Inc.) Task: {9B9DF393-A97E-4437-A96F-EC638156D76C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-03-24] (Microsoft Corporation) Task: {A3CE3689-215C-4CD1-AAD9-4DD026232066} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => control iMControllerService 128 Task: {A6C232E7-5388-4FF4-A775-12D93C46A9F7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {A9A7D734-295C-4A74-B23A-8B2D0297680D} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-03-25] (Lenovo) Task: {AA600ABA-1761-4CDE-B00E-EE3ECF07EA8B} - System32\Tasks\McAfee\McAfee Idle Detection Task Task: {AA67DE1B-8656-47AE-9768-A5ED6EFC94BA} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-01-25] (Lenovo) Task: {AE33FD56-9D9B-46FB-9912-99E19DDC9415} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent Task: {B7C0FDC7-7D2C-413A-A441-16B3BEBF3024} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-04-13] (Microsoft Corporation) Task: {BABE1B2C-7459-4D9F-AABC-4D5688D4AE17} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2016-01-25] (Lenovo) Task: {C7E1A7D9-0673-4E2C-A136-4BDFC8BFBB6F} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe [2015-05-19] (CyberLink Corp.) Task: {D3CD708F-493C-4B99-96C3-830AB71D6FC2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-16444868-77617992-154200752-1001Core => C:\Users\Ultimate Shred\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-16] (Google Inc.) Task: {D4F67FD7-5939-4590-9F14-FF12DF6C2C55} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2016-02-15] (Lenovo) Task: {E123C83E-9174-4ECD-8727-557989642DBB} - System32\Tasks\Lenovo\SHPrompt => C:\Program Files (x86)\Lenovo\SHAREit\ShareitPrompt.exe [2015-07-12] () Task: {FC129C2A-7D08-477A-88FF-F7730B11C329} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-03-24] (Microsoft Corporation) Task: {FEB44BC3-C36D-480E-8A3A-F4076907D7A7} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_TVSUUpdateTask => add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32 (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-16444868-77617992-154200752-1001Core.job => C:\Users\Ultimate Shred\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-16444868-77617992-154200752-1001UA.job => C:\Users\Ultimate Shred\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 00:18 - 2015-10-30 00:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-02-16 03:52 - 2015-07-22 18:10 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-09-29 03:19 - 2015-09-29 03:19 - 00024312 _____ () C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe 2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2016-02-17 17:37 - 2016-03-24 17:28 - 00172232 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll 2015-09-29 03:17 - 2011-08-16 20:46 - 00032768 _____ () C:\Windows\jmesoft\Service.exe 2015-09-29 03:19 - 2015-09-29 03:19 - 00226216 _____ () C:\Program Files\update\UpdateAgent.exe 2016-04-12 17:09 - 2016-03-29 03:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-01-15 16:24 - 2016-01-15 16:24 - 00043976 _____ () C:\Program Files\Lenovo\QuickOptimizer\LNBPrismAssistInf.dll 2016-04-12 17:09 - 2016-03-29 03:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-03-11 17:12 - 2016-04-10 06:14 - 08919240 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll 2016-02-16 08:23 - 2016-02-16 08:24 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2016-02-16 04:44 - 2016-02-16 04:44 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-04-12 17:08 - 2016-04-01 20:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-04-12 17:08 - 2016-04-01 20:26 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll 2016-04-12 17:09 - 2016-04-01 20:03 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-04-12 17:09 - 2016-04-01 19:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-04-12 17:09 - 2016-04-01 19:59 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-04-12 17:09 - 2016-04-01 20:02 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-09-29 03:17 - 2011-08-16 20:46 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe 2016-03-28 15:46 - 2016-03-28 15:46 - 00016896 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2016-03-28 15:46 - 2016-03-28 15:46 - 17535488 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2016-03-03 10:03 - 2016-03-03 10:04 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll 2016-02-16 08:23 - 2016-02-16 08:24 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-02-16 08:23 - 2016-02-16 08:24 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2009-12-04 16:59 - 2009-12-04 16:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll 2009-12-04 17:04 - 2009-12-04 17:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll 2015-09-29 03:17 - 2011-05-17 13:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll 2015-07-10 23:37 - 2015-07-10 23:37 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2016-04-07 11:01 - 2016-04-06 03:04 - 01675928 _____ () C:\Users\Ultimate Shred\AppData\Local\Google\Chrome\Application\49.0.2623.112\libglesv2.dll 2016-04-07 11:01 - 2016-04-06 03:04 - 00086168 _____ () C:\Users\Ultimate Shred\AppData\Local\Google\Chrome\Application\49.0.2623.112\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-07-10 04:04 - 2015-07-10 04:02 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-16444868-77617992-154200752-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ultimate Shred\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{34dbea90-2236-47b8-b1e3-679681754866}.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{52EB1131-B8FB-4881-89AE-F66437C218C4}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoPortal\Lenovo.Portal.exe FirewallRules: [{8A0AE0ED-663F-422D-93E2-C52A9F300C6B}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe FirewallRules: [{4F65A369-C892-4CD9-B648-96B12A800F75}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe FirewallRules: [{351E4B41-1181-4A27-9724-715E061F0C3B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{D6EA7D14-92DE-4CC1-9C7F-AD822F26139C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{3E74234C-D579-4CFC-BA69-0BEFF9DEAF35}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{DE481A5C-9CB2-4862-9210-8B23DCA8A7BA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{A016498B-88AD-437F-993B-3BB203CF839D}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe FirewallRules: [{EF13C835-64A6-4E9A-8C75-2BA125AA66BF}] => (Allow) C:\Program Files\iTunes\iTunes.exe ==================== Restore Points ========================= 01-04-2016 06:58:35 McAfee Vulnerability Scanner 09-04-2016 10:04:24 Scheduled Checkpoint 13-04-2016 08:57:33 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/15/2016 06:54:14 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (04/14/2016 02:50:29 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program chrome.exe version 49.0.2623.112 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1948 Start Time: 01d1967e284c15a5 Termination Time: 4294967295 Application Path: C:\Users\Ultimate Shred\AppData\Local\Google\Chrome\Application\chrome.exe Report Id: e53f6854-028a-11e6-9bce-3052cba85a67 Faulting package full name: Faulting package-relative application ID: Error: (04/13/2016 08:57:44 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (04/12/2016 11:30:13 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program chrome.exe version 49.0.2623.112 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1770 Start Time: 01d194e5e7e2e8f9 Termination Time: 4294967295 Application Path: C:\Users\Ultimate Shred\AppData\Local\Google\Chrome\Application\chrome.exe Report Id: 9773a2c4-00dc-11e6-9bce-3052cba85a67 Faulting package full name: Faulting package-relative application ID: Error: (04/11/2016 06:49:26 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (04/09/2016 10:04:36 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (04/08/2016 09:53:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.10586.122, time stamp: 0x56cc0133 Faulting module name: Windows.UI.Xaml.dll, version: 10.0.10586.71, time stamp: 0x5699d8e0 Exception code: 0xc000027b Fault offset: 0x00000000006fce8b Faulting process id: 0x2a84 Faulting application start time: 0xShellExperienceHost.exe0 Faulting application path: ShellExperienceHost.exe1 Faulting module path: ShellExperienceHost.exe2 Report Id: ShellExperienceHost.exe3 Faulting package full name: ShellExperienceHost.exe4 Faulting package-relative application ID: ShellExperienceHost.exe5 Error: (04/04/2016 10:04:28 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program chrome.exe version 49.0.2623.110 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: bdc Start Time: 01d18e93b828353c Termination Time: 4294967295 Application Path: C:\Users\Ultimate Shred\AppData\Local\Google\Chrome\Application\chrome.exe Report Id: 491a5870-fa87-11e5-9bce-3052cba85a67 Faulting package full name: Faulting package-relative application ID: Error: (04/01/2016 06:58:37 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (03/31/2016 05:56:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . System errors: ============= Error: (04/15/2016 02:08:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (04/15/2016 06:54:54 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: 1053mcpltsvcUnavailable{20966775-18A4-4299-B8E3-772C336B52A7} Error: (04/15/2016 06:54:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The McAfee Platform Services service failed to start due to the following error: %%1053 Error: (04/15/2016 06:54:54 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect. Error: (04/15/2016 06:54:54 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: 1053mcpltsvcUnavailable{20966775-18A4-4299-B8E3-772C336B52A7} Error: (04/15/2016 06:54:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The McAfee Platform Services service failed to start due to the following error: %%1053 Error: (04/15/2016 06:54:54 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect. Error: (04/15/2016 06:54:53 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: 1053mcpltsvcUnavailable{20966775-18A4-4299-B8E3-772C336B52A7} Error: (04/15/2016 06:54:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The McAfee Platform Services service failed to start due to the following error: %%1053 Error: (04/15/2016 06:54:53 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect. CodeIntegrity: =================================== Date: 2016-04-14 15:23:09.955 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-13 11:09:48.068 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-10 06:17:15.241 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-01 05:04:15.798 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-23 11:06:59.284 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-13 09:33:42.609 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-11 17:13:32.135 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-11 16:53:25.879 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-11 04:00:09.804 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-02 11:52:47.965 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz Percentage of memory in use: 50% Total physical RAM: 12236.19 MB Available physical RAM: 6095.64 MB Total Virtual: 14092.19 MB Available Virtual: 7432.5 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:899.67 GB) (Free:859.73 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (Creative Suite 2) (CDROM) (Total:0.3 GB) (Free:0 GB) CDFS Drive e: (STORE N GO) (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 4AC500F5) Partition: GPT. ======================================================== Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================