OTL Extras logfile created on: 9/4/2017 2:52:44 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Waseem Latif\Desktop 64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.18763) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 11.98 Gb Total Physical Memory | 9.60 Gb Available Physical Memory | 80.14% Memory free 14.36 Gb Paging File | 11.76 Gb Available in Paging File | 81.90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 167.68 Gb Total Space | 115.03 Gb Free Space | 68.60% Space Free | Partition Type: NTFS Drive D: | 97.56 Gb Total Space | 96.86 Gb Free Space | 99.29% Space Free | Partition Type: NTFS Drive E: | 135.23 Gb Total Space | 51.11 Gb Free Space | 37.80% Space Free | Partition Type: NTFS Computer Name: WASEEM | User Name: Waseem Latif | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3339458376-1377831628-129463769-1001\SOFTWARE\Classes\] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade] "UpgradeTime" = [binary data] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade] "UpgradeTime" = Reg Error: Unknown registry data type -- File not found [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02D07AFA-089F-4E88-85EB-CBB749E7075F}" = lport=138 | protocol=17 | dir=in | app=system | "{0F2FDC93-2F63-4424-9261-B776640EACDD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{16575F7E-D6D6-435F-897C-8F7901DFECA1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2F8CEB1B-8236-433D-989D-07CC33D84C87}" = rport=138 | protocol=17 | dir=out | app=system | "{307CC911-F07E-461F-BBAE-85C3C4855E10}" = lport=2869 | protocol=6 | dir=in | app=system | "{3329AD34-FAF7-40E4-9C07-45CE1D2FE168}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{38829A20-7C8C-4E31-ADFC-3E855576A0EC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3B0FDBD3-592E-4AC3-9DDA-CDAE49AE7BF6}" = lport=445 | protocol=6 | dir=in | app=system | "{3EC8915B-B564-4273-9F04-A0437C7F41F9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4640EFAD-2AAE-4FEC-A847-BAAB9F9A975A}" = lport=10243 | protocol=6 | dir=in | app=system | "{4C4F9ECC-B24C-4023-A4FD-67F10405CA15}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6BD39B1C-D019-46A5-876B-BCB2CCF8622B}" = rport=137 | protocol=17 | dir=out | app=system | "{6F0607FA-D5AE-4170-A14E-F36E17B17587}" = rport=139 | protocol=6 | dir=out | app=system | "{746D6658-757E-4160-AEC1-A2BEFC5056CA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{831D809C-4742-4D5E-AB71-40110105BCC8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8A599CEF-9F76-4B08-AC65-556624956A11}" = lport=139 | protocol=6 | dir=in | app=system | "{A92D9BF1-4BB8-4F2D-B8AB-37F09888F90A}" = lport=137 | protocol=17 | dir=in | app=system | "{BB602DB8-1E4A-4579-93F8-A3C0B4288212}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | "{C2DEC1F2-8301-43ED-A997-FDF968924ED2}" = rport=10243 | protocol=6 | dir=out | app=system | "{C4F37198-3A83-4E6E-AC81-22655901D417}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E4BBD6EF-ADF5-402B-8E47-CB363249D4D1}" = lport=8318 | protocol=6 | dir=in | name=techsmith camtasia 9 | "{E57CBF5B-8CDE-4AA1-9192-CD364EC6F9DC}" = rport=445 | protocol=6 | dir=out | app=system | "{EF972BCC-240C-47BA-8F52-C229A56A3834}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0435FF17-DA1D-4B01-BA18-E2FB7B21F222}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9600.16384_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | "{09618992-1CFD-431C-B518-2FB2C6D94880}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{100AF9B4-FEE1-41B7-B4C4-4B4795EDEA19}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{1A62BB5A-41E8-40B8-8181-1827E12C91AF}" = dir=in | app=c:\program files\windows kms activator ultimate 2017 v3.4\windows kms activator ultimate 2017 v3.4.exe | "{2698B90A-1F96-49CD-9280-26E4110619C0}" = protocol=6 | dir=out | app=c:\users\waseem latif\appdata\roaming\utorrent\utorrent.exe | "{287A6DF3-944C-4443-8857-B99A163087DA}" = protocol=6 | dir=in | app=c:\users\waseem latif\appdata\roaming\utorrent\utorrent.exe | "{2AEBDDE2-F653-445A-8302-ED670CC703CC}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9600.16384_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | "{2EE7A409-FBE8-486F-8046-074AB88B8AAD}" = dir=in | name=skype | "{34447036-5780-45A6-BC89-D6E981C809FC}" = protocol=6 | dir=in | app=c:\program files\kmspico\kmseldi.exe | "{346DA7B3-0528-49F2-A2FC-3797AA039EC8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3727A1F3-2EA2-4DB8-A082-A238C0072D79}" = protocol=17 | dir=out | app=c:\users\waseem latif\appdata\roaming\utorrent\utorrent.exe | "{38B5A5A6-2A51-4233-8D47-5CC7B7986061}" = dir=out | name=@{microsoft.bingsports_3.0.1.174_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | "{3C7AD32F-3431-43AA-BB40-CBE4A28673E1}" = dir=out | name=@{microsoft.bingfinance_3.0.1.174_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | "{3DE80094-BF40-47B9-92DB-50E11B868936}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn | "{53717554-C010-4652-BB83-206C4AC2DDEC}" = dir=out | name=core networking - system ip core | "{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{5532AB0F-A906-4259-8F72-652D1E50DE2A}" = dir=in | app=c:\program files\windows kms activator ultimate 2017 v3.3\windows kms activator ultimate 2017 v3.3.exe | "{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect | "{566C4CA7-1AEE-4114-9139-9CA8003225F9}" = dir=out | name=@{microsoft.zunemusic_2.2.41.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | "{567D1D79-5E49-427E-A774-E0E6C22584A7}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.1.176_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} | "{5F10638E-3E9F-459C-85A5-E10727EE9CB1}" = dir=out | app=%programfiles%\techsmith\camtasia 9\camtasiastudio.exe | "{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect | "{6115739C-DA42-4E70-A441-24D4AD0D14C2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{6EBE6F08-87AE-4298-BFB6-CD14F4800C20}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{72B6DA22-93DE-4198-A3E1-454CFCCD75A4}" = protocol=6 | dir=in | app=c:\users\waseem latif\appdata\roaming\utorrent\utorrent.exe | "{758500CC-456C-44FE-9E8C-72AB3164F637}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{790CEC47-0FDD-4674-B091-5BB361718B0A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{7D171E2D-3079-48DE-A12E-ADAC1F6AEE16}" = dir=out | name=@{microsoft.bingnews_3.0.1.174_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | "{7E3A1CDD-4486-4ED6-B87B-5CC953515D90}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{8061A924-09D0-4939-82AD-3DE332249824}" = protocol=17 | dir=in | app=c:\program files\kmspico\kmseldi.exe | "{84C112E1-281C-424D-A9FF-643D3B1364D2}" = protocol=17 | dir=in | app=c:\users\waseem latif\appdata\roaming\utorrent\utorrent.exe | "{8AEB2DCF-5436-422D-9F10-3F529C727507}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{8FFE06D3-4AFE-4E3E-81DA-855D32453D6C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9A90180B-A645-480C-BEB6-FC74B6B6BDE1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{9BA14BD0-FC06-4B8C-AB8A-FB76E6CF310F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{A135DBCC-2710-415F-9F25-26804250311F}" = dir=in | name=core networking - system ip core | "{A2AEB805-E080-4971-A603-4C18547B0DB3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A34BD945-B687-4E2E-9B07-1371EAA80885}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{AAB6C56E-69E9-4580-A94C-23690F4FD8E2}" = protocol=17 | dir=in | app=c:\program files\kmspico\autopico.exe | "{AD0841EA-BCD3-4F75-9944-7BB2ED4E6749}" = dir=out | app=%programfiles% (x86)\toon boom animation\toon boom studio 7.1\tbs.exe | "{AEE8ABFE-812B-4941-B96E-EB4BD5D03CF9}" = dir=out | app=%programfiles%\techsmith\camtasia 9\camrecorder.exe | "{AFAFA0C9-9E49-425A-A557-86B43F1FF287}" = dir=out | name=@{microsoft.bingtravel_3.0.1.174_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | "{B730548E-59C6-4AFF-88AA-5FA0117E2813}" = dir=out | name=skype | "{BDD59DB2-0D9D-455F-AE97-ED1E84555AA9}" = dir=out | name=@{microsoft.zunevideo_2.2.41.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | "{C36DB74B-B4A2-4D22-8350-9EDB66751545}" = dir=out | name=@{microsoft.bingmaps_2.0.2009.2356_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | "{C50C8D43-362D-4972-BCF3-53AE5888CB02}" = protocol=17 | dir=in | app=c:\users\waseem latif\appdata\roaming\utorrent\utorrent.exe | "{C6DE8DCF-EC10-4F85-869C-12C4FD063EDE}" = protocol=6 | dir=out | app=system | "{C83459C0-08BF-4FD2-B068-61BF2E7DE886}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{CD11D787-9F17-42D3-B28F-0C13F0E9CFBF}" = dir=out | name=@{microsoft.bingweather_3.0.1.174_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | "{CFBD9AF9-0952-4BC0-853A-C003D2D960AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{D4D86D46-16B7-4FBD-A43C-9FCA4EA9F946}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn | "{DABF2001-C5BF-4AA0-B27A-922E551D5D6A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn | "{E036C00C-238F-4846-8EE0-070D246BF9C3}" = dir=in | app=c:\program files (x86)\bluestacks\hd-plus-service.exe | "{E9AC5307-39E6-4124-A0F8-831BD0321BB8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{EAFBDE15-2945-47AF-8130-B753D0972BA4}" = protocol=6 | dir=in | app=c:\program files\kmspico\autopico.exe | "{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn | "{F5054088-35D1-4D71-88F1-2905937D22FE}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.1.177_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} | "{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client | "{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client | "{FB589339-BD08-4CF1-883C-F489A86FDB95}" = dir=out | name=windows_ie_ac_001 | "{FC9FC88C-B37C-4632-A0D7-1077188A34BB}" = dir=out | name=@{microsoft.xboxlivegames_2.0.20.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | "{FD9FE210-FF05-4C17-91E7-EED9B81C3E37}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "TCP Query User{EB8A4566-2112-46C7-9600-D44F2833F4DB}C:\windows\installer\{9713256c-d29d-9ad7-b841-164d97f0492c}\syshost.exe" = protocol=6 | dir=in | app=c:\windows\installer\{9713256c-d29d-9ad7-b841-164d97f0492c}\syshost.exe | "UDP Query User{69A13560-BBF0-4682-9429-93B166D34684}C:\windows\installer\{9713256c-d29d-9ad7-b841-164d97f0492c}\syshost.exe" = protocol=17 | dir=in | app=c:\windows\installer\{9713256c-d29d-9ad7-b841-164d97f0492c}\syshost.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1D09B594-C8B5-4CF1-B927-41D9A487799C}" = Camtasia 9 "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{3B4AB7BA-0734-4547-9604-3FCC40873B3D}" = ESET NOD32 Antivirus "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 340.52 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 340.52 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 340.52 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 141.24 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI" = NVIDIA WMI 2.18.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "GoogleInputFramework" = Google Input Tools "GoogleInputUrdu" = Google Input Urdu "HitmanPro37" = HitmanPro 3.7 "KMSpico_is1" = KMSpico v9.2.3 "VLC media player" = VLC media player [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00ce4b8c-0138-4743-b0b8-379b2715eb44}" = Camtasia 9 "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1" = Lightshot-5.4.0.10 "{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support "{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}" = QuickTime 7 "BlueStacks" = BlueStacks 3 "Google Chrome" = Google Chrome "Internet Download Manager" = Internet Download Manager "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "WinRAR archiver" = WinRAR 5.50 (32-bit) [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-3339458376-1377831628-129463769-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "uTorrent" = µTorrent [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 8/31/2017 2:58:30 PM | Computer Name = waseem | Source = Perflib | ID = 1008 Description = Error - 8/31/2017 3:06:52 PM | Computer Name = waseem | Source = Perflib | ID = 1008 Description = Error - 8/31/2017 3:06:52 PM | Computer Name = waseem | Source = Perflib | ID = 1008 Description = Error - 8/31/2017 3:06:52 PM | Computer Name = waseem | Source = Perflib | ID = 1008 Description = Error - 8/31/2017 3:06:52 PM | Computer Name = waseem | Source = Perflib | ID = 1008 Description = Error - 8/31/2017 3:06:52 PM | Computer Name = waseem | Source = PerfNet | ID = 2004 Description = Error - 8/31/2017 3:06:52 PM | Computer Name = waseem | Source = Perflib | ID = 1008 Description = Error - 9/1/2017 4:39:50 AM | Computer Name = waseem | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error - 9/1/2017 5:05:39 AM | Computer Name = waseem | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error - 9/1/2017 6:18:26 PM | Computer Name = waseem | Source = Application Error | ID = 1000 Description = Faulting application name: GoogleInputHandler.exe, version: 1.1.4.19, time stamp: 0x583682e5 Faulting module name: GoogleInputHandler.exe, version: 1.1.4.19, time stamp: 0x583682e5 Exception code: 0xc0000005 Fault offset: 0x0005f184 Faulting process id: 0x15a8 Faulting application start time: 0x01d323703b7e7440 Faulting application path: C:\Program Files (x86)\Google\Google Input Tools\GoogleInputHandler.exe Faulting module path: C:\Program Files (x86)\Google\Google Input Tools\GoogleInputHandler.exe Report Id: 79584cc6-8f63-11e7-8258-18a90517e572 Faulting package full name: Faulting package-relative application ID: [ System Events ] Error - 9/4/2017 5:50:12 PM | Computer Name = waseem | Source = DCOM | ID = 10000 Description = Error - 9/4/2017 5:52:05 PM | Computer Name = waseem | Source = DCOM | ID = 10000 Description = Error - 9/4/2017 5:52:05 PM | Computer Name = waseem | Source = DCOM | ID = 10000 Description = Error - 9/4/2017 5:52:25 PM | Computer Name = waseem | Source = DCOM | ID = 10000 Description = Error - 9/4/2017 5:52:25 PM | Computer Name = waseem | Source = DCOM | ID = 10000 Description = Error - 9/4/2017 5:53:21 PM | Computer Name = waseem | Source = DCOM | ID = 10000 Description = Error - 9/4/2017 6:00:39 PM | Computer Name = waseem | Source = DCOM | ID = 10000 Description = Error - 9/4/2017 6:01:00 PM | Computer Name = waseem | Source = DCOM | ID = 10000 Description = Error - 9/4/2017 6:01:02 PM | Computer Name = waseem | Source = DCOM | ID = 10000 Description = Error - 9/4/2017 6:01:02 PM | Computer Name = waseem | Source = DCOM | ID = 10000 Description = < End of report >