Untitled

OTL logfile created on: 1/21/2017 8:23:22 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Download\Wala
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.47 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 71.11% Memory free
6.93 Gb Paging File | 5.85 Gb Available in Paging File | 84.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 172.69 Gb Total Space | 129.74 Gb Free Space | 75.13% Space Free | Partition Type: NTFS
Drive D: | 292.97 Gb Total Space | 173.06 Gb Free Space | 59.07% Space Free | Partition Type: NTFS
Drive E: | 7.21 Gb Total Space | 4.16 Gb Free Space | 57.66% Space Free | Partition Type: FAT32

Computer Name: INTER-X | User Name: STAR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - D:\Download\Wala\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Garena Plus\ggdllhost.exe ()
PRC - C:\Windows\SysWOW64\SASrv.exe (Conexant Systems, Inc.)
PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - C:\Program Files (x86)\Garena Plus\ggspawn.dll ()
MOD - C:\Program Files (x86)\Garena Plus\ggdllhost.exe ()


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:[b]64bit:[/b] - (CxAudMsg) -- C:\Windows\SysNative\CxAudMsg64.exe (Conexant Systems Inc.)
SRV:[b]64bit:[/b] - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (PAExec) -- C:\Windows\PAExec.exe (Power Admin LLC)
SRV - (tbaseprovisioning) -- C:\Windows\SysWOW64\tbaseprovisioning.exe (Advanced Micro Devices, Inc.)
SRV - (SAService) -- C:\Windows\SysWOW64\SASrv.exe (Conexant Systems, Inc.)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Windows (R) Win 7 DDK provider)
SRV - (ZAtheros Bt and Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:[b]64bit:[/b] - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:[b]64bit:[/b] - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:[b]64bit:[/b] - (amdpsp) -- C:\Windows\SysNative\drivers\amdpsp.sys (Advanced Micro Devices, Inc. )
DRV:[b]64bit:[/b] - (amdkmcsp) -- C:\Windows\SysNative\drivers\amdkmcsp.sys (Advanced Micro Devices, Inc. )
DRV:[b]64bit:[/b] - (APXACC) -- C:\Windows\SysNative\drivers\appexDrv.sys (AppEx Networks Corporation)
DRV:[b]64bit:[/b] - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:[b]64bit:[/b] - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Qualcomm Atheros)
DRV:[b]64bit:[/b] - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Qualcomm Atheros)
DRV:[b]64bit:[/b] - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Qualcomm Atheros)
DRV:[b]64bit:[/b] - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Qualcomm Atheros)
DRV:[b]64bit:[/b] - (btath_avdt) -- C:\Windows\SysNative\drivers\btath_avdt.sys (Qualcomm Atheros)
DRV:[b]64bit:[/b] - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Qualcomm Atheros)
DRV:[b]64bit:[/b] - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Qualcomm Atheros)
DRV:[b]64bit:[/b] - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Qualcomm Atheros)
DRV:[b]64bit:[/b] - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:[b]64bit:[/b] - (rtsuvc) -- C:\Windows\SysNative\drivers\rtsuvc.sys (Realtek Semiconductor Corp.)
DRV:[b]64bit:[/b] - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Qualcomm Atheros Communications, Inc.)
DRV:[b]64bit:[/b] - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\RtsUVStor.sys (Realtek Semiconductor Corp.)
DRV:[b]64bit:[/b] - (amdkmpfd) -- C:\Windows\SysNative\drivers\amdkmpfd.sys (Advanced Micro Devices, Inc.)
DRV:[b]64bit:[/b] - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:[b]64bit:[/b] - (amdxhc) -- C:\Windows\SysNative\drivers\amdxhc.sys (Advanced Micro Devices, INC.)
DRV:[b]64bit:[/b] - (amdhub30) -- C:\Windows\SysNative\drivers\amdhub30.sys (Advanced Micro Devices, INC.)
DRV:[b]64bit:[/b] - (Revoflt) -- C:\Windows\SysNative\drivers\revoflt.sys (VS Revo Group)
DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:[b]64bit:[/b] - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:[b]64bit:[/b] - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (HWiNFO32) -- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS (REALiX(tm))
DRV - (ISODrive) -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


[color=#E56717]========== Standard Registry (All) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.countryCode: "ID"
FF - prefs.js..browser.search.hiddenOneOffs: "Yahoo,Bing,Twitter"
FF - prefs.js..browser.search.region: "ID"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:50.1.0
FF - user.js - File not found

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)


[2016/11/08 12:32:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\STAR\AppData\Roaming\Mozilla\Extensions
[2017/01/15 14:00:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\STAR\AppData\Roaming\Mozilla\Firefox\Profiles\wjkodrl9.default\extensions
[2017/01/15 13:28:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions

[color=#E56717]========== Chrome  ==========[/color]

CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\STAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcnofaichneijfbkdkghmhjjbepjmble\1.22_0\
CHR - Extension: No name found = C:\Users\STAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\gagfkmknmijppikpcikmbbkdkhggcmge\1.115_0\
CHR - Extension: No name found = C:\Users\STAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgblnfidahcdcjddiepkckcfdhpknnjh\1.384_0\
CHR - Extension: No name found = C:\Users\STAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh\3.9.0_0\
CHR - Extension: No name found = C:\Users\STAR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5516.1005.0.3_0\

O1 HOSTS File: ([2016/12/12 01:46:05 | 000,000,826 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:[b]64bit:[/b] - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - No CLSID value found.
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" (Qualcomm®Atheros®)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:[b]64bit:[/b] - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 180.250.13.50 180.250.13.54
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF9EC984-A0B1-467B-9AA2-297EE3E264ED}: DhcpNameServer = 180.250.13.50 180.250.13.54
O18:[b]64bit:[/b] - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:[b]64bit:[/b] - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No CLSID value found.
O29:[b]64bit:[/b] - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:[b]64bit:[/b] - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2017/01/09 15:51:14 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{305234bf-74f8-11e6-ac09-507b9d50ce90}\Shell - "" = AutoRun
O33 - MountPoints2\{305234bf-74f8-11e6-ac09-507b9d50ce90}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{69961ff1-983d-11e6-9507-3052cb63af2e}\Shell - "" = AutoRun
O33 - MountPoints2\{69961ff1-983d-11e6-9507-3052cb63af2e}\Shell\AutoRun\command - "" = E:\Lenovo_Suite.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2017/01/20 15:37:06 | 000,000,000 | ---D | C] -- C:\Users\STAR\Documents\KONAMI
[2017/01/20 15:09:18 | 000,000,000 | ---D | C] -- C:\ProgramData\KONAMI
[2017/01/20 15:09:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KONAMI
[2017/01/20 14:57:05 | 000,000,000 | ---D | C] -- C:\Users\STAR\Documents\TecmoKoei
[2017/01/20 14:57:05 | 000,000,000 | ---D | C] -- C:\Users\STAR\Documents\NFS Most Wanted
[2017/01/20 14:57:05 | 000,000,000 | ---D | C] -- C:\Users\STAR\Documents\My Games
[2017/01/20 14:55:15 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2017/01/20 14:50:44 | 000,000,000 | ---D | C] -- C:\Users\STAR\Documents\Bluetooth Folder
[2017/01/19 21:50:41 | 000,000,000 | ---D | C] -- C:\Users\STAR\AppData\Local\FSOFT_Installer_Company_E
[2017/01/19 20:31:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Logs
[2017/01/19 20:31:09 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2017/01/17 20:04:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Qualcomm Atheros
[2017/01/17 20:04:06 | 004,060,672 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys
[2017/01/17 20:04:06 | 004,060,672 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys
[2017/01/17 20:04:06 | 000,000,000 | ---D | C] -- C:\Windows\Options
[2017/01/17 20:03:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Qualcomm Atheros
[2017/01/15 23:20:47 | 000,594,432 | ---- | C] (Realtek Semiconductor Corp. ) -- C:\Windows\SysNative\Rtlihvs.dll
[2017/01/15 23:20:41 | 000,454,360 | ---- | C] (Realtek) -- C:\Windows\SwUSB.exe
[2017/01/15 13:28:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2017/01/13 19:34:42 | 000,000,000 | ---D | C] -- C:\Users\STAR\AppData\Local\CEF
[2017/01/13 19:18:22 | 000,992,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ucrtbase.dll
[2017/01/13 19:18:22 | 000,921,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ucrtbase.dll
[2017/01/10 21:07:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\USB 7908 Wheel
[2017/01/10 21:05:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2017/01/10 21:05:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\USB Vibration
[2017/01/01 14:10:55 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2017/01/01 11:41:20 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2017/01/01 11:41:20 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2017/01/01 09:05:39 | 005,503,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2017/01/01 09:05:39 | 003,963,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2017/01/01 09:05:39 | 003,908,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2017/01/01 09:05:39 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2017/01/01 09:05:38 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2017/01/01 09:05:38 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2017/01/01 09:02:37 | 000,304,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EOSNotify.exe
[2016/12/31 18:52:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2016/12/31 18:51:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2016/12/31 18:50:11 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbonRes.dll
[2016/12/31 18:50:11 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbonRes.dll
[2016/12/31 18:50:10 | 003,860,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbon.dll
[2016/12/31 18:50:10 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbon.dll
[2016/12/31 18:48:08 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2016/12/31 18:48:08 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2016/12/31 18:48:07 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2016/12/31 18:48:07 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2016/12/31 18:48:07 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2016/12/31 18:48:06 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2016/12/31 18:48:06 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2016/12/31 18:06:40 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2016/12/31 18:06:40 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2016/12/31 18:06:40 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2016/12/31 18:06:34 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2016/12/31 18:06:34 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2016/12/31 18:06:34 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2016/12/31 18:06:29 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2016/12/31 18:06:29 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2016/12/31 17:53:31 | 000,000,000 | ---D | C] -- C:\Users\STAR\AppData\Local\Windows Live
[2016/12/31 17:53:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2016/12/25 12:43:00 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2016/12/25 12:36:22 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2016/12/25 12:35:02 | 000,000,000 | ---D | C] -- C:\Users\STAR\AppData\Roaming\Macromedia
[8 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2017/01/21 19:59:26 | 000,016,944 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2017/01/21 19:59:26 | 000,016,944 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2017/01/21 19:59:24 | 000,783,218 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2017/01/21 19:59:24 | 000,661,894 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2017/01/21 19:59:24 | 000,121,730 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2017/01/21 19:52:13 | 016,563,698 | ---- | M] () -- C:\Windows\SysWow64\rootpa.e2e
[2017/01/21 19:52:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2017/01/21 19:52:02 | 2790,547,456 | -HS- | M] () -- C:\hiberfil.sys
[2017/01/21 13:27:42 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\spu_storage.bin
[2017/01/20 19:02:09 | 000,001,760 | ---- | M] () -- C:\Users\STAR\Desktop\settings - Shortcut.lnk
[2017/01/20 15:30:50 | 000,001,745 | ---- | M] () -- C:\Users\STAR\Desktop\pes2013 - Shortcut.lnk
[2017/01/19 17:52:50 | 000,007,606 | ---- | M] () -- C:\Users\STAR\AppData\Local\Resmon.ResmonCfg
[2017/01/18 11:56:37 | 000,000,526 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2017/01/15 13:45:48 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2017/01/15 13:28:06 | 000,001,143 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2017/01/13 19:18:19 | 000,992,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ucrtbase.dll
[2017/01/13 19:18:19 | 000,921,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ucrtbase.dll
[2017/01/13 19:11:41 | 000,000,359 | ---- | M] () -- C:\Users\STAR\Desktop\Recycle Bin - Shortcut.lnk
[2017/01/12 15:15:30 | 000,001,362 | ---- | M] () -- C:\Users\STAR\Desktop\AIMP3 - Shortcut.lnk
[2017/01/09 08:27:59 | 000,000,755 | ---- | M] () -- C:\Users\STAR\Desktop\SBK2001 - Shortcut.lnk
[2017/01/01 16:00:13 | 000,412,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2016/12/31 19:07:51 | 000,001,305 | ---- | M] () -- C:\Users\STAR\Desktop\Movie Maker.lnk
[2016/12/31 18:52:16 | 000,000,020 | ---- | M] () -- C:\Windows\¸õ'
[2016/12/25 12:55:42 | 000,000,923 | ---- | M] () -- C:\Users\STAR\Desktop\Adobe InDesign CC 2015.lnk
[2016/12/23 22:21:11 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2016/12/23 22:21:11 | 000,000,942 | ---- | M] () -- C:\Users\Public\Desktop\AMD Quick Stream.lnk
[2016/12/23 22:21:11 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[8 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2017/01/20 19:02:09 | 000,001,760 | ---- | C] () -- C:\Users\STAR\Desktop\settings - Shortcut.lnk
[2017/01/20 15:30:50 | 000,001,745 | ---- | C] () -- C:\Users\STAR\Desktop\pes2013 - Shortcut.lnk
[2017/01/17 20:04:06 | 000,643,699 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf
[2017/01/17 20:04:06 | 000,091,822 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat
[2017/01/15 23:20:41 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2017/01/15 23:20:41 | 000,044,760 | ---- | C] () -- C:\Windows\runSW.exe
[2017/01/15 13:28:06 | 000,001,143 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2017/01/13 21:20:14 | 000,007,606 | ---- | C] () -- C:\Users\STAR\AppData\Local\Resmon.ResmonCfg
[2017/01/13 19:11:41 | 000,000,359 | ---- | C] () -- C:\Users\STAR\Desktop\Recycle Bin - Shortcut.lnk
[2017/01/12 15:15:30 | 000,001,362 | ---- | C] () -- C:\Users\STAR\Desktop\AIMP3 - Shortcut.lnk
[2017/01/09 08:27:59 | 000,000,755 | ---- | C] () -- C:\Users\STAR\Desktop\SBK2001 - Shortcut.lnk
[2016/12/31 19:07:51 | 000,001,305 | ---- | C] () -- C:\Users\STAR\Desktop\Movie Maker.lnk
[2016/12/31 18:56:12 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2016/12/31 18:56:05 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2016/12/31 18:52:15 | 000,000,020 | ---- | C] () -- C:\Windows\¸õ'
[2016/12/25 12:55:42 | 000,000,923 | ---- | C] () -- C:\Users\STAR\Desktop\Adobe InDesign CC 2015.lnk
[2016/12/25 12:42:45 | 000,000,923 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CC 2015.lnk
[2016/12/25 12:36:15 | 000,001,526 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
[2016/11/16 18:49:40 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2016/09/27 04:05:17 | 000,000,021 | ---- | C] () -- C:\Windows\SysWow64\Config.ini
[2016/08/16 11:09:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2016/08/14 22:31:20 | 000,000,526 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2016/08/12 20:55:33 | 000,758,128 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2016/03/21 20:54:22 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2016/03/21 20:54:22 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2016/03/21 20:49:46 | 000,186,368 | ---- | C] () -- C:\Windows\SysWow64\GameManager32.dll
[2016/03/21 20:49:44 | 000,145,408 | ---- | C] () -- C:\Windows\SysWow64\atieah32.exe
[2016/03/21 20:49:42 | 000,189,952 | ---- | C] () -- C:\Windows\SysWow64\amdgfxinfo32.dll
[2016/03/21 20:44:14 | 000,174,592 | ---- | C] () -- C:\Windows\SysWow64\hsa-thunk.dll
[2016/02/10 05:20:18 | 000,002,473 | ---- | C] () -- C:\Windows\SysWow64\tbaseprovisioning.exe.config

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/14 11:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009/07/14 08:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/14 08:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 08:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 08:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 08:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]

[2016/12/11 12:47:39 | 000,000,000 | ---D | M] -- C:\Users\STAR\AppData\Roaming\AIMP3
[2016/09/24 17:17:00 | 000,000,000 | ---D | M] -- C:\Users\STAR\AppData\Roaming\BANDISOFT
[2016/10/02 18:59:16 | 000,000,000 | ---D | M] -- C:\Users\STAR\AppData\Roaming\DMCache
[2016/11/15 07:32:06 | 000,000,000 | ---D | M] -- C:\Users\STAR\AppData\Roaming\Foxit Software
[2016/10/02 20:38:48 | 000,000,000 | ---D | M] -- C:\Users\STAR\AppData\Roaming\Garena
[2017/01/18 13:19:45 | 000,000,000 | ---D | M] -- C:\Users\STAR\AppData\Roaming\GarenaPlus
[2016/08/14 21:33:46 | 000,000,000 | ---D | M] -- C:\Users\STAR\AppData\Roaming\library_dir
[2016/08/22 22:53:26 | 000,000,000 | ---D | M] -- C:\Users\STAR\AppData\Roaming\Milestone
[2016/09/14 21:15:03 | 000,000,000 | ---D | M] -- C:\Users\STAR\AppData\Roaming\Smadav
[2016/11/27 19:57:16 | 000,000,000 | ---D | M] -- C:\Users\STAR\AppData\Roaming\Sony
[2016/08/22 22:53:22 | 000,000,000 | ---D | M] -- C:\Users\STAR\AppData\Roaming\Steam

[color=#E56717]========== Purity Check ==========[/color]


< End of report >
OTL Extras logfile created on: 1/21/2017 8:23:22 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Download\Wala
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.47 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 71.11% Memory free
6.93 Gb Paging File | 5.85 Gb Available in Paging File | 84.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 172.69 Gb Total Space | 129.74 Gb Free Space | 75.13% Space Free | Partition Type: NTFS
Drive D: | 292.97 Gb Total Space | 173.06 Gb Free Space | 59.07% Space Free | Partition Type: NTFS
Drive E: | 7.21 Gb Total Space | 4.16 Gb Free Space | 57.66% Space Free | Partition Type: FAT32

Computer Name: INTER-X | User Name: STAR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10D05D5F-24A2-4C06-AAC1-DDF01E1EA21D}" = rport=138 | protocol=17 | dir=out | app=system |
"{35AF9DA6-616F-401B-BFD5-601AAD9A96D5}" = rport=139 | protocol=6 | dir=out | app=system |
"{39D28322-42F5-4506-8E54-C25876C1A201}" = lport=445 | protocol=6 | dir=in | app=system |
"{4E77837C-2652-4626-A92A-D8CEC0380723}" = lport=137 | protocol=17 | dir=in | app=system |
"{5A5C9964-0A1E-4B72-9CCD-18E9DC902363}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A364244F-01E2-4B75-BEDD-998C3FF73333}" = lport=139 | protocol=6 | dir=in | app=system |
"{C144D56E-6B4B-47A7-A328-A79A76A0A252}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C4E43DC3-30B0-4CF8-8211-034D0FD5E601}" = rport=445 | protocol=6 | dir=out | app=system |
"{D6A52E2F-9EDE-44FD-A7DF-08DCF3F46AF6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{D87982B4-983F-44D3-958B-DE4FCFDBEB35}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DD4C8CDC-AA97-4A44-A1B2-6D9B075A0F89}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E7FE149E-7BEF-450C-92E2-56144FF0404E}" = rport=137 | protocol=17 | dir=out | app=system |
"{F3EEA665-84DD-49FD-B5BD-33B1025B55EF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F7C9F9B9-3551-48B1-B4AF-00F656F511E1}" = lport=138 | protocol=17 | dir=in | app=system |
"{FC1F8285-27E8-4CB7-B3C8-7967F6A58895}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{085BE3C0-DBC6-4B07-8820-A4FFB9590FA9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{15E2BE85-CBFF-4BBF-A7D8-20377582515B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1A81B0E1-AC36-4B91-8316-2D09BEB87533}" = dir=in | app=c:\program files (x86)\formatfactory\formatfactory.exe |
"{1DFA6AC4-F282-45D7-99CB-E335F36A9CE3}" = dir=in | app=c:\program files (x86)\formatfactory\formatfactory.exe |
"{2E2DE798-6C81-4EC4-A4E4-724CD6F1A681}" = dir=in | app=c:\program files (x86)\formatfactory\ffmodules\encoder\doc\ebookcodec.exe |
"{384DDD15-CB28-4A4E-A4A1-3FEC355DFADC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{3C4A2A2D-C2C0-46AF-9E97-9AF077BA0F26}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5EE6998B-E7FA-4E63-8959-73C1515A9A38}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8612CC40-E149-4900-A270-F0DD2E85DFE2}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{8A49F839-9EAC-40F0-AFFA-6E69AC888BB7}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{A5C3257C-63BF-484E-99D6-7AE9D7F3F0E4}" = dir=in | app=c:\program files (x86)\formatfactory\ffmodules\package\ptinstonline.exe |
"{AD29D1FA-BF6D-46CD-9C21-B9AF9B9BC782}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BC6E7806-448A-49B0-AC06-3D3914D5D9B5}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C26DF17C-3928-4695-9D14-6B304C1BC079}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{DCB2E38F-8AD5-477A-858D-2F21F0046002}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E395444F-7F83-4285-B2C5-41876382D946}" = dir=in | app=c:\program files (x86)\formatfactory\ffmodules\encoder\doc\ebookcodec.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02896948-D46A-3B60-9700-2A2BD94B729E}" = Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.23725 False
"{02A39130-2CF3-30CA-8623-30F6071A4221}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{04918523-F4D6-EABC-54A8-C66B575E3F92}" = Catalyst Control Center Next Localization PL
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable - x64 8.0.56336 False
"{092D3585-7D69-E4E2-09CF-01112B1FEDCA}" = Catalyst Control Center Next Localization DE
"{0D3E9E15-DE7A-300B-96F1-B4AF12B96488}" = Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.23026 False
"{12A2F80A-9598-FF88-3299-4B34C49950E3}" = Catalyst Control Center Next Localization SV
"{18B55E30-984B-99A6-8F1A-8450EF4046E1}" = Catalyst Control Center Next Localization HU
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219
"{1DEF7544-8B09-EB60-5A62-18DDFD4DAD7B}" = Catalyst Control Center Next Localization DA
"{26EDA845-F642-9AEF-5CA3-F71B61171B84}" = Catalyst Control Center Next Localization TH
"{2DFD8316-9EF1-3210-908C-4CB61961C1AC}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.0 False
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 False
"{2F2039FD-8F16-C88F-8A17-5C5CF388401C}" = Catalyst Control Center Next Localization CHS
"{30BB8D4E-ED05-EBB8-16C4-E3081753B473}" = Catalyst Control Center Next Localization ES
"{3300B9C3-E57A-97E5-8C3A-C5ADDBEB7200}" = AMD Wireless Display v3.0
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 False
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 False
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 False
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 False
"{51D587F8-761D-1615-7E03-38C690EFEE77}" = AMD Install Manager
"{52E56CE8-7EE5-9E6D-76A0-B11C8CAD6A16}" = Catalyst Control Center Next Localization FI
"{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 False
"{5CBC7592-303E-3F1B-AB4A-41BEE3D23391}" = Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.23829 False
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{632072AD-805F-7B17-596F-5A0A2E24CC50}" = Catalyst Control Center Next Localization BR
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.1.7
"{68016585-4209-40EC-A3F8-5A5B0DD72BDC}" = AMD Radeon Settings
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable - x64 8.0.59192 False
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable - x64 8.0.50727.42 False
"{705287FE-F66C-8B2E-2144-BF20E3646B9E}" = Catalyst Control Center Next Localization RU
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 False
"{78ACE60E-0CB7-4935-BCD4-F33422105607}" = AMD Settings - Branding
"{7B50D081-E670-3B43-A460-0E2CDB5CE984}" = Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.23918
"{80E64FDE-029B-11E2-A955-F04DA23A5C58}" = MSVCRT Redists
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 False
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.5570 False
"{8A825D0E-A918-6140-BAEE-CFCE939FDBD2}" = Catalyst Control Center Next Localization IT
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{91415F19-4C22-3609-A105-92ED3522D83C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 False
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{94BFDEF9-D91D-4B5D-8A60-08514C7191AF}" = AMD Steady Video Plug-In
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DDE7A62-EC12-E773-4ED3-E813CADCEA64}" = Catalyst Control Center Next Localization JA
"{A1C31BA5-5438-3A07-9EEE-A5FB2D0FDE36}" = Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.23506 False
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 False
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable - x64 8.0.51011 False
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 False
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000
"{AF4EC442-E1ED-31F1-B082-16F34FD6A97B}" = Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.23829 False
"{B0B194F8-E0CE-33FE-AA11-636428A4B73D}" = Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.23506 False
"{B4DBE717-BFB3-94BA-478C-032CA537D232}" = Catalyst Control Center Next Localization TR
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 Redistributable - x64 8.0.50727.4053 False
"{B877D0F8-BE30-EB1F-CA98-14FC7D24B7C6}" = Catalyst Control Center Next Localization CHT
"{BBBE35B2-9349-3C48-BD3D-F574B17C7924}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218 False
"{BC958BD2-5DAC-3862-BB1A-C1BE0790438D}" = Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.23026 False
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"{D04659D1-EB2D-3DE5-A833-837A623CCCF7}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.0 False
"{D283CABB-2896-B7CE-07FF-E7AD3D4290B5}" = Catalyst Control Center Next Localization FR
"{D716F34D-48F3-6EA4-0F9D-B45FC4DBB8E1}" = Catalyst Control Center Next Localization NO
"{D93AC9C8-B6CF-391E-BD2F-48AF4727476C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30411 False
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 Redistributable - x64 10.0.30319 False
"{DC50AC79-764F-6844-D818-755DC1994385}" = Catalyst Control Center Next Localization CS
"{DFFEB619-5455-3697-B145-243D936DB95B}" = Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.23918
"{E83CF0B0-CDBB-7F1B-E287-3E8C94B2B43D}" = AMD Drag and Drop Transcoding
"{E903B978-A3E0-FB72-B6F1-CA73A645988A}" = Catalyst Control Center Next Localization NL
"{E993B27E-AB21-3C44-A472-39F1AD3CC78C}" = Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.23725 False
"{E9EED4AE-682B-4501-9574-D09A21717599}_is1" = AMD Quick Stream
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148.0 False
"{f0cbd694-71ce-4391-9690-5da93b2f0445}" = Microsoft Visual C++ 2005 Redistributable - x64 8.0.57102 False
"{f45b48a7-f616-4211-b927-17cab6a96613}" = Microsoft Visual C++ 2005 Redistributable - x64 8.0.58298 False
"{F73A10DC-3F0E-6EFF-6A0D-DD78866196A6}" = Catalyst Control Center Next Localization KO
"{FE015140-7E94-2E3A-9BF2-FA952DEF7950}" = Catalyst Control Center Next Localization EL
"AMD Catalyst Install Manager" = AMD Install Manager
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"VLC media player" = VLC media player

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148.0 False
"{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}" = Windows Live UX Platform
"{01db25f3-1b76-4d97-88c8-1c90634d88fb}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 False
"{050d4fc8-5d48-4b8f-8972-47c82c46020f}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 False Eng
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.58299 False
"{07AAB66E-4718-422D-9218-4AFB3C922A71}" = Photo Gallery
"{0f12c81f-93ef-46ec-bc94-d952c1a775d4}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 False
"{1045AB6F-6151-3634-8C2C-EE308AA1A6A7}" = Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23506 False
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 False Eng
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 Redistributable - x86 10.0.30319 False
"{1a63c099-febd-4eaf-83ad-a82ea4fdac49}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
"{1ADB5065-6053-412D-9E6C-8A62FE6704B8}" = AyoDance
"{1BBDD6C0-ED6F-43C3-8A9C-84E3249A5615}" = Twin USB Vibration Gamepad
"{1C8C353D-498B-3B8B-A3DC-41519413F733}" = Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23725 False
"{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}" = Windows Live Photo Common
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 False
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 False Eng
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros Client Installation Program
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 False
"{3039577D-975E-42fc-89FC-2F1FF42F3FCA}_is1" = Aiseesoft HD Video Converter 8.2.6
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 False Eng
"{35459b22-19a6-44ec-8d34-27eb3131acac}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 False
"{38F03569-A636-4CF3-BDDE-032C8C251304}" = Movie Maker
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 False
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 False
"{41C61308-6CFD-4D54-AB6A-7136ED08A18E}" = Windows Live Communications Platform
"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = USB Vibration Joystick
"{4AA8C8A9-FEE7-5FD6-FCCA-4A89CC9EC9D3}" = OEM Application Profile
"{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.0 False
"{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 False
"{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}" = Realtek Card Reader
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 False
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{615bc16d-60f5-482e-91b3-b51d8130963b}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 False
"{6522F5F9-411B-4513-A75B-CEA00395F032}" = Windows Live UX Platform Language Pack
"{659CB81C-B54E-4DF1-B618-F35777393A54}" = Windows Live Installer
"{65AD78AD-D23D-3A1E-9305-3AE65CD522C2}" = Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23506 False
"{66B5819D-DE70-42BE-B40F-978FBA12452E}" = Windows Live Essentials
"{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}" = LenovoUtility
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 False
"{6c95b50e-cb5a-4a1f-a7b4-8a6004f8dd6a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 False
"{6e8f74e0-43bd-4dce-8477-6ff6828acc07}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 False Eng
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.56336 False
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.4053 False
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.59193 False
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.5570 False
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8BE670DF-EA47-3A15-88CC-00FFCA1FFA12}" = Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23829 False
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 False Eng
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{9436D9AB-3BB9-3A1B-84AE-6F29B2098BD0}" = Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23725 False
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 False Eng
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 False
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.51011 False
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 False Eng
"{a2199617-3609-410f-a8e8-e8806c73545b}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}" = Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23026 False
"{A483F88A-41E9-45B2-AAC9-A823DD9B4873}" = PS TO PC CONVERTER
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.42 False
"{AC768037-7079-4658-AC24-2897650E0ABE}" = Energy Manager
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}" = Windows Live PIMT Platform
"{b55f7208-e02b-4828-ac78-59c73ddf5bc7}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
"{B5FC62F5-A367-37A5-9FD2-A6E137C0096F}" = Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23918
"{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{BD9CFD69-EB91-354E-9C98-D439E6091932}" = Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23918
"{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}" = Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23026 False
"{C2523AE6-F335-4D0B-BC15-1C07E4ACE629}" = Pro Evolution Soccer 2013
"{C992FFE0-AC32-4FA9-BC9A-F1637B9E655D}" = Photo Gallery
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 False Eng
"{CAA0F57A-BA8C-4AD8-AA03-F32B0E4F5623}" = Photo Common
"{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}" = Windows Live SOXE
"{D1495983-5903-358E-8C91-62A6731C1ED6}" = Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23829 False
"{D1893000-EA77-493C-8DDD-E262436E959B}" = Windows Live SOXE Definitions
"{D5778AE9-6376-4CE6-AD4A-8712F4EC3302}" = USB Force Wheel
"{d8fea624-4f2c-432d-9a54-6eee9cd1a77e}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.57103 False
"{DBFD0312-6E55-1014-8952-E78D43BC0147}" = Adobe InDesign CC 2015
"{DCB46B42-723F-350E-B18A-449BC6C21636}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.0 False
"{DD67BE4B-7E62-4215-AFA3-F123A800A389}" = Movie Maker
"{dde2682b-961a-41ea-8d44-6005991b7947}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 False
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}" = Lenovo EasyCamera
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 False
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 False
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 False
"{E9CE0867-D39A-F2BE-C328-D1FCC32EED4D}" = AMD Settings
"{f0080ca2-80ae-4958-b6eb-e8fa916d744a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219
"{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 False Eng
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 False
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 False
"AIMP3" = AIMP3
"Bandicam" = Bandicam
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FormatFactory" = FormatFactory 3.9.5.0
"Foxit Reader_is1" = Foxit Reader 5.0
"im" = Garena+
"InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}" = LenovoUtility
"InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}" = Energy Manager
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.2.1.1043
"MotoGP 15_is1" = MotoGP 15
"Mozilla Firefox 50.1.0 (x86 en-US)" = Mozilla Firefox 50.1.0 (x86 en-US)
"UltraISO_is1" = UltraISO Premium V9.36
"Uplay" = Uplay
"WinLiveSuite" = Windows Live Essentials

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 1/20/2017 4:35:17 AM | Computer Name = Inter-X | Source = Application Error | ID = 1000
Description = Faulting application name: tbaseprovisioning.exe, version: 1.0.0.0,
 time stamp: 0x56b4dcb7  Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385,
 time stamp: 0x4a5bdbdf  Exception code: 0xe0434352  Fault offset: 0x0000b727  Faulting
 process id: 0x140  Faulting application start time: 0x01d272f81a29db8b  Faulting application
 path: C:\Windows\SysWOW64\tbaseprovisioning.exe  Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report
 Id: 5e40dbe7-deeb-11e6-8777-3052cb63af2e

Error - 1/20/2017 6:03:11 AM | Computer Name = Inter-X | Source = Application Error | ID = 1000
Description = Faulting application name: pes2013.exe, version: 1.4.0.0, time stamp:
 0x515cba25  Faulting module name: ntdll.dll, version: 6.1.7600.16385, time stamp:
 0x4a5bdb3b  Exception code: 0xc0000005  Fault offset: 0x0002de64  Faulting process id:
 0x268  Faulting application start time: 0x01d272fb99bf86e0  Faulting application path:
 C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013\pes2013.exe  Faulting module
 path: C:\Windows\SysWOW64\ntdll.dll  Report Id: a6263460-def7-11e6-8777-3052cb63af2e

Error - 1/20/2017 7:42:46 AM | Computer Name = Inter-X | Source = .NET Runtime | ID = 1026
Description =

Error - 1/20/2017 7:42:59 AM | Computer Name = Inter-X | Source = Application Error | ID = 1000
Description = Faulting application name: tbaseprovisioning.exe, version: 1.0.0.0,
 time stamp: 0x56b4dcb7  Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385,
 time stamp: 0x4a5bdbdf  Exception code: 0xe0434352  Fault offset: 0x0000b727  Faulting
 process id: 0x148  Faulting application start time: 0x01d273125142817a  Faulting application
 path: C:\Windows\SysWOW64\tbaseprovisioning.exe  Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report
 Id: 971441c9-df05-11e6-8234-3052cb63af2e

Error - 1/20/2017 7:43:19 AM | Computer Name = Inter-X | Source = Windows Search Service | ID = 1019
Description =

Error - 1/21/2017 1:16:44 AM | Computer Name = Inter-X | Source = .NET Runtime | ID = 1026
Description =

Error - 1/21/2017 1:16:55 AM | Computer Name = Inter-X | Source = Application Error | ID = 1000
Description = Faulting application name: tbaseprovisioning.exe, version: 1.0.0.0,
 time stamp: 0x56b4dcb7  Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385,
 time stamp: 0x4a5bdbdf  Exception code: 0xe0434352  Fault offset: 0x0000b727  Faulting
 process id: 0x144  Faulting application start time: 0x01d273a58dfd4039  Faulting application
 path: C:\Windows\SysWOW64\tbaseprovisioning.exe  Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report
 Id: d27cfd20-df98-11e6-9084-3052cb63af2e

Error - 1/21/2017 1:20:34 AM | Computer Name = Inter-X | Source = Windows Search Service | ID = 1019
Description =

Error - 1/21/2017 8:52:13 AM | Computer Name = INTER-X | Source = .NET Runtime | ID = 1026
Description =

Error - 1/21/2017 8:52:25 AM | Computer Name = Inter-X | Source = Application Error | ID = 1000
Description = Faulting application name: tbaseprovisioning.exe, version: 1.0.0.0,
 time stamp: 0x56b4dcb7  Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385,
 time stamp: 0x4a5bdbdf  Exception code: 0xe0434352  Fault offset: 0x0000b727  Faulting
 process id: 0x148  Faulting application start time: 0x01d273e52f89b39e  Faulting application
 path: C:\Windows\SysWOW64\tbaseprovisioning.exe  Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report
 Id: 74664631-dfd8-11e6-9030-3052cb63af2e

[ System Events ]
Error - 1/21/2017 1:16:47 AM | Computer Name = Inter-X | Source = Service Control Manager | ID = 7003
Description = The Net.Tcp Listener Adapter service depends the following service:
 was. This service might not be installed.

Error - 1/21/2017 1:16:53 AM | Computer Name = Inter-X | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   cdrom

Error - 1/21/2017 1:16:55 AM | Computer Name = Inter-X | Source = RemoteAccess | ID = 20152
Description = The currently configured authentication provider failed to load and
 initialize successfully. The requested name is valid, but no data of the requested
 type was found.

Error - 1/21/2017 1:16:55 AM | Computer Name = Inter-X | Source = Service Control Manager | ID = 7034
Description = The tbaseprovisioning service terminated unexpectedly.  It has done
 this 1 time(s).

Error - 1/21/2017 1:16:57 AM | Computer Name = Inter-X | Source = Service Control Manager | ID = 7024
Description = The Routing and Remote Access service terminated with service-specific
 error %%11004.

Error - 1/21/2017 8:52:16 AM | Computer Name = Inter-X | Source = Service Control Manager | ID = 7003
Description = The Net.Msmq Listener Adapter service depends the following service:
 msmq. This service might not be installed.

Error - 1/21/2017 8:52:16 AM | Computer Name = Inter-X | Source = Service Control Manager | ID = 7003
Description = The Net.Pipe Listener Adapter service depends the following service:
 was. This service might not be installed.

Error - 1/21/2017 8:52:16 AM | Computer Name = Inter-X | Source = Service Control Manager | ID = 7003
Description = The Net.Tcp Listener Adapter service depends the following service:
 was. This service might not be installed.

Error - 1/21/2017 8:52:22 AM | Computer Name = Inter-X | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   cdrom

Error - 1/21/2017 8:52:25 AM | Computer Name = Inter-X | Source = Service Control Manager | ID = 7034
Description = The tbaseprovisioning service terminated unexpectedly.  It has done
 this 1 time(s).


< End of report >