Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help Request--MBAM finds trojan, then slows down and freezes. [Closed]


  • This topic is locked This topic is locked

#1
Lazarus Long

Lazarus Long

    Member

  • Member
  • PipPip
  • 17 posts

Noticed my laptop was getting a bit laggy so I opened up the Task Manager. I saw a process called PresentationSettings using about half my RAM and gobbling up CPU cycles. I could not end the process, so I ran MBAM. It started and updated itself no problem, and after a few minutes, it detected an object called Trojan.Agent.EV, which it listed in c:\Users\(my name)\AppData\Roaming\Microsoft\Windows\IEUpdate\PresentationSettings.exe. But then it slowed down and after being stuck for several hours scanning a desktop wallpaper image file, I shut down the computer and rebooted into the old OS (The laptop has two OS partitions and dual boots XP and Windows 7) and ran MBAM again, selecting the other partition for the scan. The same thing happened, so I shut down and removed the hard drive. I popped it into a drive dock on another computer and ran MBAM on it, selecting the drive from the laptop and scanning it. The same thing happened again--found the object, slowed down, then finally stopped making progress, although this time I do not know what fileit is hanging on because MBAM only reports the names of the files it is scanning if you are scanning the drive you are running MBAM from for some reason. I attempted navigating to and searching for the file in the folder identified by MBAM, but it does not appear in the Explorer navigation window, and if I Search I can find the folder but it is empty.

 

I would appreciate any help you can offer; you guys were great when I asked for help with a virus a few years ago.

 

I am also curious--is it easier or harder to get rid of an infection if you are connecting the infected drive with an external dock to an uninfected machine, versus running the infected device itself while trying to fix it? Also, is there a great risk of the infection jumping from the infected drive to another computer if you connect the infected drive externally? Are there special steps I should take to prevent this?


Edited by Lazarus Long, 01 September 2014 - 09:51 PM.

  • 0

Advertisements


#2
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Welcome back to the board :)

 

Let's take a look with OTL and see what we see.
 

51a5d669693dd-icon_OTL.png Scan with OTL

Please download OTL by OldTimer and save the file to your desktop.

  • Right-click on 51a5d669693dd-icon_OTL.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Make sure that Scan All Users, LOP check and Purity check are ticked.
  • For 64-bit systems only - make sure that Include 64-bit option is also ticked.
  • Sections Processes, Modules, Services, Drivers, Standard Registry are set to Use Safelist.
  • Section Extra Registry is also set to Use Safelist.
  • Under the Custom Scans/Fixes bar in the box paste in the following:
    BASESERVICES
    
    /md5start
    
    rpcss.dll
    
    /md5stop
    
    
  • Push Run Scan and wait patiently.
  • Two notepad windows will be opened after this run: OTL.txt (maximized) and Extras.txt (minimized).

Please include the content of both logfiles in your next reply.

 


  • 0

#3
Lazarus Long

Lazarus Long

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Thanks for the quick response, can this procedure be done with the hard drive in a dock and running from another computer's OS, or should I put the hard drive back in the laptop and boot into it to perform this procedure?


  • 0

#4
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
It would be best to boot the drive and run otl from that drive. Usually, unless the boot drive has an infection rendering it unbootable or something really nasty, there's little upside to isolating the HD and booting elsewhere. Some of our tools only run from the boot drive.
  • 0

#5
Lazarus Long

Lazarus Long

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

CONTENTS OF OTL.TXT:

 

OTL logfile created on: 9/2/2014 8:37:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mr. Collison\Desktop
 Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 0.52 Gb Available Physical Memory | 25.91% Memory free
3.98 Gb Paging File | 2.28 Gb Available in Paging File | 57.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 292.97 Gb Total Space | 215.52 Gb Free Space | 73.56% Space Free | Partition Type: NTFS
Drive D: | 292.97 Gb Total Space | 125.91 Gb Free Space | 42.98% Space Free | Partition Type: NTFS
Drive F: | 59.46 Gb Total Space | 8.75 Gb Free Space | 14.72% Space Free | Partition Type: NTFS
 
Computer Name: BLACKBOOK | User Name: Mr. Collison | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/09/02 20:33:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mr. Collison\Desktop\OTL.exe
PRC - [2014/07/14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/07/14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/03/19 15:20:14 | 001,696,976 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
PRC - [2014/03/19 15:20:14 | 001,106,128 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
PRC - [2014/03/04 05:17:13 | 000,100,352 | RHS- | M] () -- C:\Users\Mr. Collison\AppData\Roaming\Microsoft\Windows\IEUpdate\PresentationSettings.exe
PRC - [2012/11/22 22:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/09/05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/07/25 08:10:12 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/07/14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/07/14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2013/12/19 01:41:02 | 030,814,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2013/08/22 01:17:49 | 002,407,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\spool\drivers\w32x86\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/06/19 11:52:54 | 000,176,512 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe -- (NINetworkDiscovery)
SRV - [2013/06/12 11:16:48 | 000,380,720 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2013/06/12 11:07:34 | 000,063,792 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Windows\System32\lktsrv.exe -- (lkTimeSync)
SRV - [2013/06/12 10:57:48 | 000,053,544 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Windows\System32\lkads.exe -- (lkClassAds)
SRV - [2013/06/11 00:15:50 | 000,083,768 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files\MAX\nimxs.exe -- (mxssvr)
SRV - [2013/06/08 07:45:44 | 000,057,680 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\NI WebServer\SystemWebServer.exe -- (NISystemWebServer)
SRV - [2013/06/08 07:44:54 | 000,057,696 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe -- (NIApplicationWebServer)
SRV - [2013/06/07 19:45:34 | 000,090,440 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\nisvcloc\nisvcloc.exe -- (NiSvcLoc)
SRV - [2013/05/27 00:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/11 11:48:20 | 000,260,976 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe -- (nimDNSResponder)
SRV - [2012/06/07 23:42:14 | 000,680,624 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)
SRV - [2012/05/18 14:25:58 | 000,139,488 | ---- | M] (OPC Foundation) [Disabled | Stopped] -- C:\Windows\System32\Opcenum.exe -- (OpcEnum)
SRV - [2011/10/13 06:03:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/10/27 10:43:38 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Disabled | Stopped] -- C:\Windows\System32\lkcitdl.exe -- (LkCitadelServer)
SRV - [2010/08/02 11:00:00 | 001,427,688 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - [2014/09/01 18:19:45 | 000,074,456 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2014/05/28 18:32:12 | 000,029,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xb1usb.sys -- (xb1usb)
DRV - [2013/10/01 20:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/08/23 10:46:55 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2012/08/23 10:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 10:41:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012/06/11 22:23:54 | 000,122,752 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tinspusb.sys -- (USBTINSP)
DRV - [2011/11/04 21:34:56 | 000,019,552 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cvintdrv.sys -- (cvintdrv)
DRV - [2011/07/20 02:54:06 | 000,047,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV - [2011/07/19 23:12:22 | 000,225,280 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btmhsf.sys -- (btmhsf)
DRV - [2010/11/20 17:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 17:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010/11/20 17:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010/11/20 17:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 17:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 17:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 17:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 17:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 17:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/10/05 16:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/13 20:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 20:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 18:02:47 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E)
DRV - [2009/01/13 19:13:52 | 000,049,160 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/01/13 19:13:44 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/01/13 19:13:28 | 000,029,192 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/01/13 19:13:20 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2008/04/08 15:59:28 | 000,010,752 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASUSACPI.SYS -- (AsusACPI)
DRV - [2000/07/24 01:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\BRPAR.SYS -- (BrPar)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-359023775-2666766653-863409172-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
IE - HKU\S-1-5-21-359023775-2666766653-863409172-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-359023775-2666766653-863409172-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-359023775-2666766653-863409172-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 63 96 7B A4 5A 89 CC 01  [binary data]
IE - HKU\S-1-5-21-359023775-2666766653-863409172-1000\..\SearchScopes,DefaultScope = {1864DCF9-2BD0-43C6-993E-3D16357A079D}
IE - HKU\S-1-5-21-359023775-2666766653-863409172-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKU\S-1-5-21-359023775-2666766653-863409172-1000\..\SearchScopes\{1864DCF9-2BD0-43C6-993E-3D16357A079D}: "URL" = http://www.google.co...Page={startPage}
IE - HKU\S-1-5-21-359023775-2666766653-863409172-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.65.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.65.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
 
 
 
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-21-359023775-2666766653-863409172-1000..\Run: [PresentationSettings] C:\Users\Mr. Collison\AppData\Roaming\Microsoft\Windows\IEUpdate\PresentationSettings.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-359023775-2666766653-863409172-1000..\RunOnce: [PresentationSettings] C:\Users\Mr. Collison\AppData\Roaming\Microsoft\Windows\IEUpdate\PresentationSettings.exe ()
O4 - Startup: C:\Users\Mr. Collison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PresentationSettings.lnk = C:\Users\Mr. Collison\AppData\Roaming\Microsoft\Windows\IEUpdate\PresentationSettings.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O7 - HKU\S-1-5-21-359023775-2666766653-863409172-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Run = "C:\Users\Mr. Collison\AppData\Roaming\Microsoft\Windows\IEUpdate\PresentationSettings.exe" ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.247.15.53 66.189.0.100 24.217.0.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = vassar.tisd
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2152BF67-3F04-4FD8-A1CD-BADD1F1A9E90}: DhcpNameServer = 24.247.15.53 66.189.0.100 24.217.0.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6207A881-526A-4917-9CFE-D3B9515E94D6}: DhcpNameServer = 24.247.15.53 66.189.0.100 24.217.0.5
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/08/09 10:50:00 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1b2931b4-2de3-11e4-927e-0023543c2d86}\Shell - "" = AutoRun
O33 - MountPoints2\{1b2931b4-2de3-11e4-927e-0023543c2d86}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 360 Days ==========
 
[2014/09/02 20:33:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mr. Collison\Desktop\OTL.exe
[2014/08/31 12:03:30 | 000,000,000 | ---D | C] -- C:\Users\Mr. Collison\Desktop\ExamView Class Lists 2014
[2014/08/29 21:34:29 | 000,000,000 | ---D | C] -- C:\Users\Mr. Collison\AppData\Local\Temp
[2014/08/28 04:43:45 | 002,352,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/08/25 20:21:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother HL-5040
[2014/08/25 20:21:27 | 000,049,152 | ---- | C] (brother Industries Ltd) -- C:\Windows\System32\BRVPDNTA.DLL
[2014/08/25 20:21:26 | 000,176,128 | ---- | C] (brother Industries, Ltd) -- C:\Windows\System32\Brdiag2.exe
[2014/08/25 20:21:26 | 000,073,728 | ---- | C] (Brother Industries Ltd) -- C:\Windows\System32\BRRBTOOL.EXE
[2014/08/25 20:21:26 | 000,049,152 | ---- | C] (brother industries, ltd  ) -- C:\Windows\System32\BRVPD95A.DLL
[2014/08/25 20:21:24 | 000,019,537 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BRPAR.SYS
[2014/08/25 20:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\Brownie
[2014/08/25 20:18:31 | 000,163,840 | ---- | C] (Brother Industries, Ltd) -- C:\Windows\System32\BRSP203A.DLL
[2014/08/25 20:18:31 | 000,163,840 | ---- | C] (Brother Industries, Ltd) -- C:\Windows\System32\BRSP103A.DLL
[2014/08/25 20:18:31 | 000,102,400 | ---- | C] (Brother Industries,ltd) -- C:\Windows\System32\BRSP203A.EXE
[2014/08/25 20:18:31 | 000,102,400 | ---- | C] (Brother Industries,ltd) -- C:\Windows\System32\BRSP103A.EXE
[2014/08/25 20:18:31 | 000,081,920 | ---- | C] (brother Industries Ltd) -- C:\Windows\System32\BRSPLWMK.DLL
[2014/08/25 20:18:31 | 000,077,824 | ---- | C] (Brother Industries, Ltd) -- C:\Windows\System32\BRSPL2KB.DLL
[2014/08/25 20:18:29 | 000,180,224 | ---- | C] (brother) -- C:\Windows\System32\PDRVINST.DLL
[2014/08/25 20:18:28 | 000,081,920 | ---- | C] (brother) -- C:\Windows\System32\BrWebIns.dll
[2014/08/25 20:18:28 | 000,065,536 | ---- | C] (brother) -- C:\Windows\System32\BRWEBUP.EXE
[2014/08/25 20:18:25 | 000,000,000 | ---D | C] -- C:\Program Files\Brother
[2014/08/25 20:18:17 | 000,304,128 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2014/08/25 08:38:49 | 002,425,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2014/08/25 08:38:49 | 000,045,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2014/08/25 08:37:32 | 000,581,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2014/08/25 08:37:32 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2014/08/25 08:37:32 | 000,036,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2014/08/25 08:37:13 | 000,179,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2014/08/25 08:37:13 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2014/08/21 22:46:52 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2014/08/21 22:46:52 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS
[2014/08/21 22:44:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2014/08/21 13:39:50 | 000,000,000 | ---D | C] -- C:\Users\Mr. Collison\AppData\Roaming\e-academy Inc
[2014/08/21 13:39:50 | 000,000,000 | ---D | C] -- C:\Users\Mr. Collison\AppData\Local\e-academy Inc
[2014/08/20 18:29:18 | 000,000,000 | ---D | C] -- C:\Users\Mr. Collison\Desktop\OneDrive-2014-08-18
[2014/08/18 08:30:36 | 000,000,000 | ---D | C] -- C:\Users\Mr. Collison\Desktop\Study Guides
[2014/08/12 22:50:33 | 000,099,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2014/08/12 22:50:27 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2014/08/12 22:50:19 | 000,619,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2014/08/12 22:50:13 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2014/08/12 22:13:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDYAK.DLL
[2014/08/12 22:13:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTAT.DLL
[2014/08/12 22:13:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDRU1.DLL
[2014/08/12 22:13:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBASH.DLL
[2014/08/12 22:13:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDRU.DLL
[2014/08/12 21:37:21 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014/08/12 21:37:21 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014/08/12 21:37:20 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2014/08/12 21:37:19 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014/08/12 21:37:19 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/08/12 21:37:18 | 000,307,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2014/08/12 21:37:18 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/08/12 21:37:18 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/08/12 21:37:17 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/08/12 21:37:17 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/08/12 21:37:17 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/08/12 21:37:14 | 002,001,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/08/12 21:37:13 | 000,663,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/08/12 21:37:13 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/08/12 21:37:12 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/08/12 21:37:11 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014/08/12 21:37:10 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014/08/12 21:37:05 | 000,239,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/08/12 21:37:04 | 000,438,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/08/12 21:36:57 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2014/08/12 21:36:55 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2014/08/12 21:36:50 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014/08/12 21:36:49 | 004,204,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/08/12 21:35:40 | 001,805,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2014/08/12 21:35:40 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2014/08/12 21:35:40 | 000,101,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2014/08/12 21:35:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2014/08/12 21:34:42 | 000,219,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2014/08/12 21:34:41 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2014/08/07 20:22:23 | 000,000,000 | ---D | C] -- C:\Users\Mr. Collison\AppData\Local\Skype
[2014/08/07 20:21:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/08/07 20:21:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2014/07/30 22:43:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2014/07/30 22:42:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2014/07/30 09:50:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2014/07/30 09:49:56 | 000,000,000 | ---D | C] -- C:\Users\Mr. Collison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logitech Touch Mouse Server
[2014/07/30 09:49:55 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Touch Mouse Server
[2014/07/19 08:00:06 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/07/19 07:59:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/07/19 07:59:12 | 000,074,456 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/07/19 07:59:12 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/07/19 07:59:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/07/16 14:24:58 | 000,000,000 | ---D | C] -- C:\Users\Mr. Collison\Documents\Naturalsoft
[2014/07/15 16:07:52 | 000,000,000 | ---D | C] -- C:\Users\Mr. Collison\AppData\Roaming\Oracle
[2014/07/15 16:07:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/07/15 16:07:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2014/07/15 16:07:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2014/07/15 16:06:57 | 000,272,808 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2014/07/15 16:06:05 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2014/07/15 16:06:05 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2014/07/15 16:06:05 | 000,096,680 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2014/07/15 16:06:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/07/15 16:05:27 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2014/07/10 15:11:38 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2014/07/10 15:07:27 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2014/07/10 15:07:13 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2014/07/10 10:36:58 | 000,000,000 | ---D | C] -- C:\Users\Mr. Collison\Desktop\TRIG
[2014/07/09 22:41:51 | 000,000,000 | ---D | C] -- C:\Users\Mr. Collison\AppData\Local\Logitech
[2014/07/09 22:26:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2014/07/09 22:26:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2014/07/09 22:26:10 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2014/07/03 09:06:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2014/07/03 08:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Xbox One Controller for Windows
[2014/07/03 08:32:21 | 000,068,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2014/06/27 22:06:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2014/06/27 22:06:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2014/06/27 22:06:13 | 000,187,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2014/06/27 22:04:36 | 002,742,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2014/06/27 22:04:36 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RdpGroupPolicyExtension.dll
[2014/06/05 08:05:05 | 000,000,000 | ---D | C] -- C:\ProgramData\GroupPolicy
[2014/06/03 21:47:34 | 000,000,000 | ---D | C] -- C:\Users\Mr. Collison\Desktop\Robotics May 31
[2014/05/28 18:32:12 | 001,629,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfCoInstaller01011.dll
[2014/05/28 18:32:12 | 000,029,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\xb1usb.sys
[2014/05/26 17:49:58 | 000,000,000 | R--D | C] -- C:\Users\Mr. Collison\AppData\Roaming\Brother
[2014/05/18 18:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2014/05/18 18:21:01 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2014/05/18 18:21:00 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2014/05/18 18:20:59 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\objsel.dll
[2014/05/18 18:20:58 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cngprovider.dll
[2014/05/18 18:20:58 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adprovider.dll
[2014/05/18 18:20:58 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\capiprovider.dll
[2014/05/18 18:20:58 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapiprovider.dll
[2014/05/18 18:20:58 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
[2014/05/18 18:20:57 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wincredprovider.dll
[2014/05/18 18:20:56 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2014/05/18 18:20:48 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2014/05/18 18:20:48 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2014/05/13 07:50:37 | 000,000,000 | ---D | C] -- C:\Users\Mr. Collison\AppData\Local\Samantha FCS
[2014/05/13 07:45:44 | 000,000,000 | ---D | C] -- C:\Users\Mr. Collison\Documents\Samantha FCS
[2014/05/13 07:45:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samantha Field Control System
[2014/05/13 07:45:32 | 000,000,000 | ---D | C] -- C:\Program Files\Samantha Field Control System
[2014/05/12 14:47:40 | 000,000,000 | ---D | C] -- C:\Users\Mr. Collison\Desktop\tech codes
[2014/04/28 18:55:57 | 000,000,000 | --SD | C] -- C:\Windows\System32\CompatTel
[2014/04/23 21:42:14 | 000,000,000 | -HSD | C] -- C:\found.000
[2014/04/15 07:54:12 | 000,000,000 | -HSD | C] -- C:\Users\Mr. Collison\AppData\Local\EmieUserList
[2014/04/15 07:54:12 | 000,000,000 | -HSD | C] -- C:\Users\Mr. Collison\AppData\Local\EmieSiteList
[2014/04/15 02:34:10 | 001,070,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCTL.OCX
[2014/04/14 04:30:11 | 000,149,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2014/04/14 04:30:11 | 000,027,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2014/04/14 04:30:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iologmsg.dll
[2014/04/10 15:49:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone
[2014/03/26 20:11:21 | 000,000,000 | ---D | C] -- C:\Users\Mr. Collison\AppData\Local\Flixster
[2014/03/26 20:11:15 | 000,000,000 | ---D | C] -- C:\Users\Mr. Collison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flixster
[2014/03/26 20:09:58 | 000,000,000 | ---D | C] -- C:\Users\Mr. Collison\AppData\Local\Apps
[2014/03/26 20:09:57 | 000,000,000 | ---D | C] -- C:\Users\Mr. Collison\AppData\Local\Deployment
[2014/03/22 22:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digital Copy
[2014/03/22 22:26:46 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Copy
[2014/03/19 15:20:22 | 000,862,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr110.dll
[2014/03/19 15:20:22 | 000,534,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp110.dll
[2014/03/19 15:20:22 | 000,251,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vccorlib110.dll
[2014/03/19 13:43:14 | 000,000,000 | ---D | C] -- C:\Program Files\Sketchpad
[2014/03/16 15:19:30 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2014/02/14 00:07:22 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2014/02/14 00:07:18 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2014/02/14 00:07:17 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2014/02/14 00:07:16 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll
[2014/02/14 00:07:16 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll
[2014/02/14 00:07:16 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2014/02/14 00:07:15 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2014/02/14 00:07:14 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdvidcrl.dll
[2014/02/14 00:07:14 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2014/02/14 00:07:14 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe
[2014/02/13 23:31:39 | 000,792,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWorkspace.dll
[2014/02/13 23:31:02 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2014/02/13 23:31:02 | 001,987,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2014/02/13 23:27:19 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2014/02/13 23:27:18 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2014/02/13 23:27:18 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2014/02/13 23:27:18 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2014/02/13 23:27:18 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2014/02/13 23:27:18 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2014/02/13 23:27:18 | 000,390,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2014/02/13 23:27:18 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2014/02/13 23:27:18 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2014/01/15 22:20:10 | 000,240,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2014/01/15 22:18:50 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2014/01/15 22:18:50 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2014/01/07 08:52:06 | 002,212,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\coin95ip.dll
[2014/01/02 18:32:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TETRIX Getting Started Guide
[2014/01/02 18:29:02 | 000,000,000 | ---D | C] -- C:\Program Files\TETRIX Getting Started Guide
[2014/01/02 16:07:03 | 000,000,000 | ---D | C] -- C:\Users\Mr. Collison\Documents\LabVIEW Data
[2014/01/02 15:47:58 | 000,000,000 | ---D | C] -- C:\Program Files\Network Browser
[2014/01/02 14:58:26 | 000,000,000 | ---D | C] -- C:\Users\Mr. Collison\AppData\Local\National Instruments
[2014/01/02 14:34:18 | 000,000,000 | ---D | C] -- C:\Program Files\RT Images
[2014/01/02 14:20:09 | 000,000,000 | ---D | C] -- C:\Program Files\NI-DAQ
[2014/01/02 14:12:07 | 000,000,000 | ---D | C] -- C:\Program Files\LabVIEW 2012
[2014/01/02 14:10:14 | 000,000,000 | ---D | C] -- C:\Program Files\DataSocket
[2014/01/02 14:09:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\cvirte
[2014/01/02 14:08:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules
[2014/01/02 14:08:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\National Instruments
[2014/01/02 14:08:28 | 000,000,000 | ---D | C] -- C:\Program Files\MAX
[2014/01/02 14:06:22 | 000,000,000 | ---D | C] -- C:\Program Files\_Legal Information
[2014/01/02 13:16:42 | 000,000,000 | ---D | C] -- C:\ProgramData\IVI Foundation
[2014/01/02 13:16:41 | 000,000,000 | ---D | C] -- C:\Program Files\National Instruments
[2014/01/02 13:16:41 | 000,000,000 | ---D | C] -- C:\Program Files\IVI Foundation
[2014/01/02 13:14:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ROBOTC
[2014/01/02 13:13:30 | 000,000,000 | ---D | C] -- C:\Program Files\RobotC
[2014/01/02 13:09:31 | 000,000,000 | ---D | C] -- C:\Users\Mr. Collison\AppData\Local\Downloaded Installations
[2013/12/24 13:53:37 | 000,000,000 | ---D | C] -- C:\Users\Mr. Collison\Desktop\2012 Photo Book
[2013/12/23 10:29:55 | 000,000,000 | ---D | C] -- C:\Users\Mr. Collison\AppData\Roaming\Mozilla
[2013/12/23 10:29:53 | 000,000,000 | ---D | C] -- C:\Users\Mr. Collison\Documents\LEGO Creations
[2013/12/23 10:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO MINDSTORMS NXT 2.0
[2013/12/23 10:27:03 | 000,000,000 | ---D | C] -- C:\Program Files\LEGO Software
[2013/12/23 10:25:16 | 000,000,000 | ---D | C] -- C:\ProgramData\National Instruments
[2013/12/22 18:15:18 | 000,000,000 | ---D | C] -- C:\Users\Mr. Collison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013/12/15 00:27:29 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2013/12/15 00:23:20 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013/12/15 00:23:10 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2013/12/15 00:21:52 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2013/12/15 00:21:52 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
[2013/12/12 16:48:20 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Phone
[2013/12/12 16:45:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Applications
[2013/12/10 14:47:30 | 000,000,000 | ---D | C] -- C:\Users\Mr. Collison\AppData\Local\Adobe
[2013/12/09 08:48:33 | 000,000,000 | ---D | C] -- C:\usr
[2013/12/02 00:27:05 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2013/11/25 18:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2013/11/25 18:31:01 | 000,000,000 | ---D | C] -- C:\Users\Mr. Collison\AppData\Roaming\HP
[2013/11/25 18:26:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2013/11/25 18:22:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2013/11/25 18:22:16 | 000,000,000 | ---D | C] -- C:\Windows\hpojl411
[2013/11/25 18:21:44 | 000,125,952 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\hpf3l101.dll
[2013/11/25 18:21:08 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2013/11/25 18:18:43 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2013/11/25 18:18:32 | 000,267,624 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids01.dll
[2013/11/25 18:18:31 | 000,378,216 | ---- | C] (Hewlett Packard) -- C:\Windows\System32\hppldcoi.dll
[2013/11/17 09:15:02 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsIntl.dll
[2013/11/17 09:15:02 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013/11/17 09:15:02 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/11/17 09:15:02 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/11/17 09:15:02 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013/11/17 09:15:02 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013/11/17 09:15:02 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013/11/17 09:15:02 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013/11/17 09:15:02 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013/11/17 09:15:02 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/11/17 09:15:02 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013/11/17 09:15:01 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/11/17 09:15:01 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013/11/17 09:15:01 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/11/17 09:15:01 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013/11/17 09:15:01 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013/11/17 09:15:01 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013/11/17 09:15:01 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013/11/17 09:15:01 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013/11/17 09:15:01 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013/11/16 22:29:20 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2013/11/16 22:29:12 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshwfp.dll
[2013/11/16 22:29:12 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2013/11/03 12:58:03 | 000,000,000 | ---D | C] -- C:\Users\Mr. Collison\Documents\Finale Files
[2013/11/03 12:58:02 | 000,000,000 | ---D | C] -- C:\Users\Mr. Collison\AppData\Roaming\MakeMusic
[2013/11/03 12:56:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Finale NotePad 2012
[2013/11/03 12:56:24 | 000,000,000 | ---D | C] -- C:\Program Files\Finale NotePad 2012
[2013/11/03 12:56:23 | 000,000,000 | ---D | C] -- C:\ProgramData\MakeMusic
[2013/11/03 12:56:03 | 000,000,000 | ---D | C] -- C:\PSFONTS
[2013/10/31 13:30:18 | 000,096,616 | ---- | C] (National Instruments Corporation) -- C:\Windows\System32\nireportgenlauncher.dll
[2013/10/31 13:28:06 | 000,065,536 | ---- | C] (National Instruments) -- C:\Windows\System32\niroot.nce
[2013/10/31 13:22:04 | 000,709,448 | ---- | C] (National Instruments Corporation) -- C:\Windows\System32\nisysapi.dll
[2013/10/19 23:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/10/19 23:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\PassMark
[2013/10/19 20:45:29 | 000,000,000 | ---D | C] -- C:\Program Files\HRC Hotkey Resolution Changer
[2013/10/18 11:47:48 | 000,459,776 | ---- | C] (National Instruments Corporation) -- C:\Windows\System32\nisyscfg.dll
[2013/10/18 00:28:34 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013/10/18 00:28:34 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2013/10/18 00:28:33 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2013/10/18 00:28:33 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013/10/18 00:28:11 | 000,434,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavengeui.dll
[2013/10/18 00:27:57 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdh.dll
[2013/10/18 00:27:46 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2013/10/18 00:27:46 | 000,025,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2013/10/18 00:27:45 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013/10/18 00:27:44 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013/10/18 00:27:35 | 000,133,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2013/10/18 00:13:14 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013/10/18 00:13:14 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/10/18 00:13:14 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/10/18 00:13:14 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/10/18 00:13:14 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/10/18 00:13:14 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/10/18 00:13:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/10/18 00:13:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/10/18 00:13:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/10/18 00:13:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/10/18 00:13:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/10/18 00:13:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/10/18 00:13:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/10/18 00:13:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/10/18 00:13:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/10/18 00:13:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/10/18 00:13:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/10/18 00:13:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/10/18 00:13:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/10/18 00:13:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/10/18 00:13:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/10/18 00:13:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/10/18 00:13:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/10/18 00:13:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/10/18 00:13:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/10/18 00:13:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/10/18 00:13:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/10/18 00:13:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/10/18 00:13:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/10/18 00:13:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/09/11 22:21:54 | 000,863,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr110_clr0400.dll
[2013/09/11 22:21:54 | 000,501,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp110_clr0400.dll
[2013/09/11 22:21:54 | 000,028,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aspnet_counters.dll
[2013/09/11 22:21:54 | 000,018,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr100_clr0400.dll
 
========== Files - Modified Within 360 Days ==========
 
[2014/09/02 20:39:50 | 000,022,208 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/02 20:39:50 | 000,022,208 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/02 20:33:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mr. Collison\Desktop\OTL.exe
[2014/09/02 20:23:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/09/02 20:19:39 | 1603,723,264 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/01 18:19:53 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/09/01 18:19:45 | 000,074,456 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/09/01 18:18:59 | 000,000,023 | ---- | M] () -- C:\Windows\Brownie.ini
[2014/09/01 04:44:44 | 000,001,227 | ---- | M] () -- C:\Users\Mr. Collison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PresentationSettings.lnk
[2014/08/31 12:03:14 | 000,001,492 | ---- | M] () -- C:\Users\Mr. Collison\AppData\Roaming\evmanage.prf
[2014/08/30 21:55:06 | 000,004,052 | ---- | M] () -- C:\Users\Mr. Collison\AppData\Roaming\evpro32.prf
[2014/08/30 21:54:59 | 000,028,785 | ---- | M] () -- C:\Users\Mr. Collison\Desktop\ABS Test B.tst
[2014/08/30 21:53:01 | 000,028,368 | ---- | M] () -- C:\Users\Mr. Collison\Desktop\ABS Test A.tst
[2014/08/28 08:18:19 | 000,013,864 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/08/28 08:17:28 | 000,493,848 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/08/27 21:23:34 | 009,050,539 | ---- | M] () -- C:\Users\Mr. Collison\Desktop\cccurrcomp_tea2.pdf
[2014/08/27 20:07:24 | 001,809,080 | ---- | M] () -- C:\Users\Mr. Collison\Desktop\CCSSI_Mathematics_Appendix_A.pdf
[2014/08/27 08:36:51 | 000,746,030 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2014/08/27 08:36:51 | 000,745,770 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2014/08/27 08:36:51 | 000,743,812 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2014/08/27 08:36:51 | 000,740,672 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2014/08/27 08:36:51 | 000,740,360 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2014/08/27 08:36:51 | 000,729,332 | ---- | M] () -- C:\Windows\System32\prfh0816.dat
[2014/08/27 08:36:51 | 000,724,914 | ---- | M] () -- C:\Windows\System32\perfh019.dat
[2014/08/27 08:36:51 | 000,714,194 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2014/08/27 08:36:51 | 000,697,522 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2014/08/27 08:36:51 | 000,684,068 | ---- | M] () -- C:\Windows\System32\perfh00E.dat
[2014/08/27 08:36:51 | 000,669,154 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2014/08/27 08:36:51 | 000,664,034 | ---- | M] () -- C:\Windows\System32\perfh01D.dat
[2014/08/27 08:36:51 | 000,662,650 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/08/27 08:36:51 | 000,656,996 | ---- | M] () -- C:\Windows\System32\perfh01F.dat
[2014/08/27 08:36:51 | 000,607,302 | ---- | M] () -- C:\Windows\System32\perfh008.dat
[2014/08/27 08:36:51 | 000,509,728 | ---- | M] () -- C:\Windows\System32\perfh006.dat
[2014/08/27 08:36:51 | 000,494,828 | ---- | M] () -- C:\Windows\System32\perfh014.dat
[2014/08/27 08:36:51 | 000,481,816 | ---- | M] () -- C:\Windows\System32\perfh00B.dat
[2014/08/27 08:36:51 | 000,479,328 | ---- | M] () -- C:\Windows\System32\perfh001.dat
[2014/08/27 08:36:51 | 000,428,738 | ---- | M] () -- C:\Windows\System32\perfh012.dat
[2014/08/27 08:36:51 | 000,417,092 | ---- | M] () -- C:\Windows\System32\perfh011.dat
[2014/08/27 08:36:51 | 000,401,336 | ---- | M] () -- C:\Windows\System32\prfh0404.dat
[2014/08/27 08:36:51 | 000,392,658 | ---- | M] () -- C:\Windows\System32\perfh00D.dat
[2014/08/27 08:36:51 | 000,384,264 | ---- | M] () -- C:\Windows\System32\prfh0804.dat
[2014/08/27 08:36:51 | 000,171,616 | ---- | M] () -- C:\Windows\System32\perfc00E.dat
[2014/08/27 08:36:51 | 000,158,816 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2014/08/27 08:36:51 | 000,156,214 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2014/08/27 08:36:51 | 000,153,444 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2014/08/27 08:36:51 | 000,153,248 | ---- | M] () -- C:\Windows\System32\prfc0816.dat
[2014/08/27 08:36:51 | 000,151,184 | ---- | M] () -- C:\Windows\System32\perfc019.dat
[2014/08/27 08:36:51 | 000,149,922 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2014/08/27 08:36:51 | 000,149,458 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2014/08/27 08:36:51 | 000,147,998 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2014/08/27 08:36:51 | 000,147,188 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2014/08/27 08:36:51 | 000,142,816 | ---- | M] () -- C:\Windows\System32\perfc01D.dat
[2014/08/27 08:36:51 | 000,141,768 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2014/08/27 08:36:51 | 000,140,342 | ---- | M] () -- C:\Windows\System32\perfc01F.dat
[2014/08/27 08:36:51 | 000,122,486 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/08/27 08:36:51 | 000,122,442 | ---- | M] () -- C:\Windows\System32\perfc011.dat
[2014/08/27 08:36:51 | 000,120,726 | ---- | M] () -- C:\Windows\System32\perfc012.dat
[2014/08/27 08:36:51 | 000,119,934 | ---- | M] () -- C:\Windows\System32\prfc0804.dat
[2014/08/27 08:36:51 | 000,115,432 | ---- | M] () -- C:\Windows\System32\prfc0404.dat
[2014/08/27 08:36:51 | 000,111,470 | ---- | M] () -- C:\Windows\System32\perfc008.dat
[2014/08/27 08:36:51 | 000,101,862 | ---- | M] () -- C:\Windows\System32\perfc00B.dat
[2014/08/27 08:36:51 | 000,099,000 | ---- | M] () -- C:\Windows\System32\perfc006.dat
[2014/08/27 08:36:51 | 000,095,746 | ---- | M] () -- C:\Windows\System32\perfc014.dat
[2014/08/27 08:36:51 | 000,095,114 | ---- | M] () -- C:\Windows\System32\perfc001.dat
[2014/08/27 08:36:51 | 000,085,100 | ---- | M] () -- C:\Windows\System32\perfc00D.dat
[2014/08/25 20:21:45 | 000,000,410 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2014/08/25 20:21:45 | 000,000,052 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[2014/08/25 20:21:44 | 000,000,184 | ---- | M] () -- C:\Windows\System32\brsvc01a.bsi
[2014/08/25 20:21:35 | 000,002,107 | ---- | M] () -- C:\Users\Public\Desktop\HL-5040 Interactive Help.lnk
[2014/08/25 20:21:34 | 000,011,604 | ---- | M] () -- C:\Windows\HL-5040.INI
[2014/08/25 20:21:34 | 000,000,145 | ---- | M] () -- C:\Windows\BRVIDEO.INI
[2014/08/25 20:21:34 | 000,000,040 | ---- | M] () -- C:\Windows\BRDIAG.INI
[2014/08/25 20:21:34 | 000,000,000 | ---- | M] () -- C:\Windows\opt_5040.ini
[2014/08/25 20:21:34 | 000,000,000 | ---- | M] () -- C:\Windows\BROHL504.INI
[2014/08/25 20:21:34 | 000,000,000 | ---- | M] () -- C:\Windows\brmx2001.ini
[2014/08/25 20:19:47 | 000,000,030 | ---- | M] () -- C:\Windows\System32\BRSS01A.ini
[2014/08/22 20:42:53 | 002,352,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/08/21 22:46:42 | 000,039,100 | ---- | M] () -- C:\Windows\Ascd_tmp.ini
[2014/08/21 22:44:17 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2014/08/21 13:39:51 | 000,003,189 | ---- | M] () -- C:\Users\Mr. Collison\Desktop\Shortcut to SecureDownloadManager.exe.lnk
[2014/08/18 16:31:07 | 000,487,635 | ---- | M] () -- C:\Users\Mr. Collison\Desktop\OneDrive-2014-08-18.zip
[2014/07/31 19:16:34 | 000,307,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2014/07/25 09:04:40 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/07/25 09:03:54 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014/07/25 08:34:49 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/07/25 08:33:08 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014/07/25 08:30:32 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2014/07/25 08:18:49 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/07/25 08:17:33 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/07/25 08:12:35 | 000,438,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/07/25 08:10:15 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/07/25 08:10:12 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014/07/25 08:08:47 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014/07/25 08:06:47 | 004,204,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/07/25 07:59:29 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014/07/25 07:52:19 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/07/25 07:43:16 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2014/07/25 07:36:30 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/07/25 07:29:33 | 000,239,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/07/25 07:13:12 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/07/25 07:09:25 | 000,663,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/07/25 07:07:49 | 002,001,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/07/25 07:07:10 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2014/07/25 06:09:19 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014/07/15 22:46:02 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2014/07/15 16:05:35 | 000,096,680 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2014/07/15 16:05:34 | 000,272,808 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2014/07/15 16:05:34 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2014/07/15 16:05:34 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2014/07/08 21:29:32 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KBDYAK.DLL
[2014/07/08 21:29:32 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KBDTAT.DLL
[2014/07/08 21:29:32 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KBDRU1.DLL
[2014/07/08 21:29:32 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KBDRU.DLL
[2014/07/08 21:29:31 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KBDBASH.DLL
[2014/07/03 08:23:00 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_xb1usb_01011.Wdf
[2014/06/30 18:14:53 | 000,008,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2014/06/17 21:51:32 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2014/06/15 21:44:49 | 000,219,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2014/06/15 21:40:20 | 000,107,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2014/06/06 02:16:07 | 000,035,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2014/06/03 05:30:10 | 000,101,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2014/06/03 05:29:50 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2014/06/03 05:29:40 | 001,805,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2014/05/30 03:52:41 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2014/05/28 18:32:12 | 001,629,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfCoInstaller01011.dll
[2014/05/28 18:32:12 | 000,029,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\xb1usb.sys
[2014/05/16 17:28:13 | 000,001,378 | ---- | M] () -- C:\Users\Mr. Collison\Documents\joystick.c
[2014/05/14 12:23:42 | 000,045,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2014/05/14 12:23:42 | 000,036,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2014/05/14 12:23:38 | 000,581,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2014/05/14 12:17:15 | 002,425,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2014/05/14 12:17:10 | 000,092,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2014/05/14 09:23:04 | 000,179,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2014/05/14 09:17:14 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2014/05/12 07:26:08 | 000,051,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/05/12 07:25:54 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/05/09 03:06:23 | 000,369,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2014/05/09 03:04:12 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2014/05/08 05:06:54 | 002,742,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2014/05/08 05:06:54 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RdpGroupPolicyExtension.dll
[2014/05/06 15:39:56 | 000,000,409 | ---- | M] () -- C:\Users\Mr. Collison\Documents\NLeach001.c
[2014/04/24 09:25:15 | 000,000,027 | ---- | M] () -- C:\Users\Mr. Collison\Documents\NewFile_Template001.c
[2014/04/15 02:34:10 | 001,070,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCTL.OCX
[2014/04/11 22:12:09 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2014/04/04 22:24:55 | 000,187,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2014/03/31 09:35:10 | 000,231,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2014/03/26 10:25:14 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2014/03/26 10:25:14 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2014/03/19 15:20:22 | 000,862,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr110.dll
[2014/03/19 15:20:22 | 000,534,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp110.dll
[2014/03/19 15:20:22 | 000,251,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vccorlib110.dll
[2014/03/09 17:47:43 | 000,099,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2014/03/09 17:47:42 | 000,619,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2014/03/04 05:20:11 | 003,969,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2014/03/04 05:20:11 | 003,914,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2014/03/04 05:17:38 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wincredprovider.dll
[2014/03/04 05:17:19 | 000,538,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\objsel.dll
[2014/03/04 05:17:08 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dpapiprovider.dll
[2014/03/04 05:17:08 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
[2014/03/04 05:17:07 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cngprovider.dll
[2014/03/04 05:17:06 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\capiprovider.dll
[2014/03/04 05:17:05 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\adprovider.dll
[2014/02/20 15:32:20 | 000,000,991 | ---- | M] () -- C:\Users\Mr. Collison\Documents\The Loop.c
[2014/02/10 16:07:47 | 000,000,634 | ---- | M] () -- C:\Users\Mr. Collison\Documents\Test Robot File1.c
[2014/02/07 19:53:07 | 000,000,059 | ---- | M] () -- C:\Users\Mr. Collison\Documents\NewFile_Template002.c
[2014/02/03 22:07:53 | 000,149,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2014/02/03 22:07:41 | 000,027,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2014/02/03 22:00:39 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iologmsg.dll
[2014/01/28 22:06:47 | 000,381,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2014/01/15 19:25:08 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_point32_01011.Wdf
[2014/01/07 08:52:06 | 002,212,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\coin95ip.dll
[2014/01/02 18:58:59 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_xusb21_01007.Wdf
[2013/12/24 19:09:41 | 001,987,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013/12/10 14:48:14 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/12/10 14:48:14 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/12/03 22:03:20 | 000,423,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2013/12/03 22:03:20 | 000,087,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2013/12/03 22:03:20 | 000,087,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2013/12/03 22:03:08 | 000,428,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2013/12/03 22:02:06 | 000,390,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2013/12/03 21:54:14 | 000,510,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2013/12/03 21:54:10 | 000,594,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2013/12/03 21:54:09 | 000,572,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2013/12/03 21:54:06 | 000,508,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2013/11/26 21:13:46 | 000,284,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2013/11/26 21:13:33 | 000,006,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2013/11/26 07:11:29 | 000,240,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2013/11/26 04:16:50 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013/11/25 18:30:46 | 000,144,088 | ---- | M] () -- C:\Windows\hpwins30.dat
[2013/11/23 14:26:20 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013/11/17 09:15:02 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsIntl.dll
[2013/11/17 09:15:02 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013/11/17 09:15:02 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/11/17 09:15:02 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/11/17 09:15:02 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013/11/17 09:15:02 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013/11/17 09:15:02 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013/11/17 09:15:02 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013/11/17 09:15:02 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013/11/17 09:15:02 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/11/17 09:15:02 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013/11/17 09:15:02 | 000,016,284 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013/11/17 09:15:01 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/11/17 09:15:01 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013/11/17 09:15:01 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/11/17 09:15:01 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013/11/17 09:15:01 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013/11/17 09:15:01 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013/11/17 09:15:01 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013/11/17 09:15:01 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013/11/17 09:15:01 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013/11/03 12:56:44 | 000,001,105 | ---- | M] () -- C:\Users\Mr. Collison\Application Data\Microsoft\Internet Explorer\Quick Launch\Finale NotePad 2012.lnk
[2013/10/31 13:30:18 | 000,096,616 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\nireportgenlauncher.dll
[2013/10/31 13:28:06 | 000,065,536 | ---- | M] (National Instruments) -- C:\Windows\System32\niroot.nce
[2013/10/31 13:22:04 | 000,709,448 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\nisysapi.dll
[2013/10/18 11:47:48 | 000,459,776 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\nisyscfg.dll
[2013/10/11 22:03:08 | 000,656,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nshwfp.dll
[2013/10/11 22:01:25 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2013/10/11 21:15:48 | 000,126,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2013/10/03 21:58:50 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2013/10/03 21:49:41 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
[2013/10/03 21:17:08 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2013/10/01 23:02:38 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\es-ES\tsusbflt.sys.mui
[2013/10/01 23:02:28 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ko-KR\tsusbflt.sys.mui
[2013/10/01 23:01:48 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\tsusbflt.sys.mui
[2013/10/01 23:01:41 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\tsusbflt.sys.mui
[2013/10/01 23:01:40 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\tsusbflt.sys.mui
[2013/10/01 23:01:40 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\tsusbflt.sys.mui
[2013/10/01 23:01:37 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-CN\tsusbflt.sys.mui
[2013/10/01 23:01:25 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\tsusbflt.sys.mui
[2013/10/01 23:01:05 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ru-RU\tsusbflt.sys.mui
[2013/10/01 22:59:53 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-HK\tsusbflt.sys.mui
[2013/10/01 22:46:11 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
[2013/10/01 20:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2013/10/01 20:32:40 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2013/10/01 20:30:38 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2013/10/01 20:14:58 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll
[2013/10/01 20:14:20 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll
[2013/10/01 19:58:48 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2013/10/01 19:45:04 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2013/10/01 19:08:10 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdvidcrl.dll
[2013/10/01 19:00:15 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe
[2013/10/01 18:53:46 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2013/09/24 21:57:53 | 000,792,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSWorkspace.dll
[2013/09/11 22:21:54 | 000,863,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr110_clr0400.dll
[2013/09/11 22:21:54 | 000,501,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp110_clr0400.dll
[2013/09/11 22:21:54 | 000,028,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aspnet_counters.dll
[2013/09/11 22:21:54 | 000,018,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr100_clr0400.dll
 
========== Files Created - No Company Name ==========
 
[2014/08/30 21:54:58 | 000,028,785 | ---- | C] () -- C:\Users\Mr. Collison\Desktop\ABS Test B.tst
[2014/08/30 21:52:59 | 000,028,368 | ---- | C] () -- C:\Users\Mr. Collison\Desktop\ABS Test A.tst
[2014/08/29 20:51:08 | 000,001,227 | ---- | C] () -- C:\Users\Mr. Collison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PresentationSettings.lnk
[2014/08/27 21:23:23 | 009,050,539 | ---- | C] () -- C:\Users\Mr. Collison\Desktop\cccurrcomp_tea2.pdf
[2014/08/27 20:07:22 | 001,809,080 | ---- | C] () -- C:\Users\Mr. Collison\Desktop\CCSSI_Mathematics_Appendix_A.pdf
[2014/08/25 20:21:44 | 000,000,184 | ---- | C] () -- C:\Windows\System32\brsvc01a.bsi
[2014/08/25 20:21:35 | 000,002,107 | ---- | C] () -- C:\Users\Public\Desktop\HL-5040 Interactive Help.lnk
[2014/08/25 20:21:34 | 000,000,145 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2014/08/25 20:21:34 | 000,000,040 | ---- | C] () -- C:\Windows\BRDIAG.INI
[2014/08/25 20:21:34 | 000,000,023 | ---- | C] () -- C:\Windows\Brownie.ini
[2014/08/25 20:21:34 | 000,000,000 | ---- | C] () -- C:\Windows\opt_5040.ini
[2014/08/25 20:21:34 | 000,000,000 | ---- | C] () -- C:\Windows\BROHL504.INI
[2014/08/25 20:21:34 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2014/08/25 20:21:26 | 000,077,824 | ---- | C] () -- C:\Windows\System32\BROSNMP.DLL
[2014/08/25 20:21:26 | 000,026,624 | ---- | C] () -- C:\Windows\System32\BRGSRC32.DLL
[2014/08/25 20:21:26 | 000,004,608 | ---- | C] () -- C:\Windows\System32\BRGSRC16.DLL
[2014/08/25 20:21:20 | 000,011,604 | ---- | C] () -- C:\Windows\HL-5040.INI
[2014/08/25 20:19:47 | 000,000,030 | ---- | C] () -- C:\Windows\System32\BRSS01A.ini
[2014/08/21 22:44:17 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2014/08/21 22:44:02 | 000,039,100 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2014/08/21 13:39:51 | 000,003,189 | ---- | C] () -- C:\Users\Mr. Collison\Desktop\Shortcut to SecureDownloadManager.exe.lnk
[2014/08/18 16:31:06 | 000,487,635 | ---- | C] () -- C:\Users\Mr. Collison\Desktop\OneDrive-2014-08-18.zip
[2014/07/03 08:23:00 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_xb1usb_01011.Wdf
[2014/06/05 07:59:45 | 000,013,864 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/04/30 15:04:31 | 000,000,409 | ---- | C] () -- C:\Users\Mr. Collison\Documents\NLeach001.c
[2014/04/24 09:46:16 | 000,001,378 | ---- | C] () -- C:\Users\Mr. Collison\Documents\joystick.c
[2014/03/19 13:45:01 | 000,000,981 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GSP 4.06.lnk
[2014/02/14 16:09:07 | 000,000,991 | ---- | C] () -- C:\Users\Mr. Collison\Documents\The Loop.c
[2014/02/07 19:53:07 | 000,000,059 | ---- | C] () -- C:\Users\Mr. Collison\Documents\NewFile_Template002.c
[2014/02/07 16:08:00 | 000,000,634 | ---- | C] () -- C:\Users\Mr. Collison\Documents\Test Robot File1.c
[2014/02/06 16:04:25 | 000,000,027 | ---- | C] () -- C:\Users\Mr. Collison\Documents\NewFile_Template001.c
[2014/01/15 19:25:08 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_point32_01011.Wdf
[2014/01/02 18:58:59 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_xusb21_01007.Wdf
[2014/01/02 15:43:35 | 000,000,856 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NI MAX.lnk
[2014/01/02 14:45:17 | 000,000,895 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\National Instruments LabVIEW 2012 for LEGO MINDSTORMS.lnk
[2014/01/02 14:20:42 | 000,000,875 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\National Instruments LabVIEW 2012 SP1.lnk
[2013/11/25 18:26:11 | 000,001,347 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2013/11/25 18:19:12 | 000,144,088 | ---- | C] () -- C:\Windows\hpwins30.dat
[2013/11/25 18:19:12 | 000,000,682 | ---- | C] () -- C:\Windows\hpwmdl30.dat
[2013/11/17 09:15:02 | 000,016,284 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013/11/03 12:56:44 | 000,001,105 | ---- | C] () -- C:\Users\Mr. Collison\Application Data\Microsoft\Internet Explorer\Quick Launch\Finale NotePad 2012.lnk
[2013/05/24 14:32:30 | 000,000,244 | ---- | C] () -- C:\Windows\System32\nirpc.ini
[2011/11/03 14:17:51 | 000,001,492 | ---- | C] () -- C:\Users\Mr. Collison\AppData\Roaming\evmanage.prf
[2011/10/28 14:26:45 | 000,004,052 | ---- | C] () -- C:\Users\Mr. Collison\AppData\Roaming\evpro32.prf
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 21:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 17:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014/08/21 13:39:50 | 000,000,000 | ---D | M] -- C:\Users\Mr. Collison\AppData\Roaming\e-academy Inc
[2013/11/03 12:58:02 | 000,000,000 | ---D | M] -- C:\Users\Mr. Collison\AppData\Roaming\MakeMusic
[2014/07/15 16:07:52 | 000,000,000 | ---D | M] -- C:\Users\Mr. Collison\AppData\Roaming\Oracle
[2013/04/30 10:08:40 | 000,000,000 | ---D | M] -- C:\Users\Mr. Collison\AppData\Roaming\Texas Instruments
[2013/04/30 08:02:54 | 000,000,000 | ---D | M] -- C:\Users\Mr. Collison\AppData\Roaming\TI-Nspire
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV - [2009/07/13 21:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2013/02/27 00:49:16 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009/07/13 21:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2010/11/20 17:29:08 | 000,585,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010/11/20 17:29:12 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2014/04/11 22:11:22 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2012/07/04 17:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2013/07/09 00:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2010/11/20 17:29:12 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2010/11/20 17:29:12 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2011/03/03 01:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/07/13 21:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/07/13 21:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009/07/13 21:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2010/11/20 17:29:07 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/07/13 21:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009/07/13 21:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009/07/13 21:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009/07/13 21:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2012/10/03 12:42:26 | 000,242,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009/07/13 21:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2011/05/24 06:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2012/02/11 01:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2014/04/11 22:11:22 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009/07/13 21:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2010/11/20 17:29:24 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010/11/20 17:29:12 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009/07/13 21:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2014/04/11 22:11:22 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/07/13 21:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/11/20 17:29:07 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010/11/20 17:29:12 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2010/11/20 17:29:21 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010/11/20 17:29:07 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/13 21:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2012/05/01 00:44:12 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2010/11/20 17:29:12 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2010/11/20 17:29:07 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2010/11/20 17:29:07 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2010/11/20 17:29:49 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2013/05/27 00:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/20 17:29:11 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2010/11/20 17:29:06 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2010/11/20 17:29:41 | 000,463,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2010/11/20 17:29:20 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/07/13 21:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2014/05/14 12:23:32 | 001,973,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2010/11/20 17:29:20 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/13 21:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2010/11/20 17:29:07 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)
 
<  >
[2009/07/14 00:53:46 | 000,032,622 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/14 00:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
 
< MD5 for: RPCSS.DLL  >
[2010/11/20 17:29:12 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\System32\rpcss.dll
[2010/11/20 17:29:12 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:BC359956

< End of report >

 

CONTENTS OF EXTRAS.TXT:

 

OTL Extras logfile created on: 9/2/2014 8:37:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mr. Collison\Desktop
 Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 0.52 Gb Available Physical Memory | 25.91% Memory free
3.98 Gb Paging File | 2.28 Gb Available in Paging File | 57.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 292.97 Gb Total Space | 215.52 Gb Free Space | 73.56% Space Free | Partition Type: NTFS
Drive D: | 292.97 Gb Total Space | 125.91 Gb Free Space | 42.98% Space Free | Partition Type: NTFS
Drive F: | 59.46 Gb Total Space | 8.75 Gb Free Space | 14.72% Space Free | Partition Type: NTFS
 
Computer Name: BLACKBOOK | User Name: Mr. Collison | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 522
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]
"FPS-LLMNR-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-28548|[email protected],-28549|[email protected],-28502|
"FPS-ICMP6-ERQ-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=128:*|[email protected],-28545|[email protected],-28547|[email protected],-28502|
"FPS-ICMP4-ERQ-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=1|ICMP4=8:*|[email protected],-28543|[email protected],-28547|[email protected],-28502|
"FPS-RPCSS-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=RPC-EPMap|Svc=Rpcss|[email protected],-28539|[email protected],-28542|[email protected],-28502|
"FPS-SpoolSvc-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|[email protected],-28535|[email protected],-28538|[email protected],-28502|
"FPS-NB_Datagram-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=138|App=System|[email protected],-28527|[email protected],-28530|[email protected],-28502|
"FPS-NB_Name-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=137|App=System|[email protected],-28519|[email protected],-28522|[email protected],-28502|
"FPS-SMB-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=445|App=System|[email protected],-28511|[email protected],-28514|[email protected],-28502|
"FPS-NB_Session-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=139|App=System|[email protected],-28503|[email protected],-28506|[email protected],-28502|
"WMI-ASYNC-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%systemroot%\system32\wbem\unsecapp.exe|[email protected],-34256|[email protected],-34257|[email protected],-34251|
"WMI-WINMGMT-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|[email protected],-34254|[email protected],-34255|[email protected],-34251|
"WMI-RPCSS-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|[email protected],-34252|[email protected],-34253|[email protected],-34251|
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05EBDF9A-46DF-4AF8-B6C3-A1FBCAFBACC1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{063460A5-9E04-49CE-9DF6-162BCAB3D4AF}" = rport=138 | protocol=17 | dir=out | app=system |
"{0A121211-0364-4BAF-A94E-663FD63A403B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0AAFDE4D-CE1B-4ADB-A684-B0BE1D30B690}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{27B739F5-F3B7-404D-8387-A78A029E549E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2A177210-F5ED-484C-8945-B7EE84393D4E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2B089916-F3A9-47B3-B9E0-7678682B4754}" = lport=139 | protocol=6 | dir=in | app=system |
"{2C619D73-82EC-4051-A684-C0A0AF558196}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3465AB42-B684-4654-A727-218AFF6A91D7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{41CCF5D1-8DFC-474B-9815-31706CA13585}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{47618F3F-F5DA-4E4D-B71B-18D2294174BB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{485ED129-02E8-4C77-AD42-301948C551B1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{69BC0706-33E3-4F50-92BF-2CFAB63CD886}" = lport=138 | protocol=17 | dir=in | app=system |
"{6FF9E990-CBEE-494B-96AF-316C40C3F4EF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7AA7C43D-E7F3-469D-A96F-9D3443BB9B00}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7B4A57D2-702F-49A5-BFAD-0845877D07A3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{883ECDB5-BD3D-4BF3-91DB-8DF47C4E8605}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8A3BB187-468E-4D84-9792-02A814D0A23C}" = lport=3580 | protocol=17 | dir=in | app=c:\program files\national instruments\shared\nisvcloc\nisvcloc.exe |
"{8AAFDEF8-9F84-4754-896D-AD1FBB1A004B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9404BBDA-FC05-4DB6-8A60-8FED08F8D54F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{A031D135-3E6F-45E3-9032-24BC230C4E76}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A50C3127-82A9-4835-9553-4A12A69C193B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A896DAC0-D6DE-4FDF-8A00-FB5F01475FD3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A9C2A7E2-75FE-4C61-8B15-6FCD44513AE3}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\national instruments\shared\mdns responder\nimdnsresponder.exe |
"{B77AD30D-7054-4C82-B55A-D85596A385FC}" = lport=445 | protocol=6 | dir=in | app=system |
"{B958C2C6-11BE-45ED-8E6D-2BEB18900282}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C17A0872-CB25-47C8-99EF-684EAD516763}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C3DA11E8-0AA9-4EE6-91EB-F3C58F13737F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CACBEBA0-862B-4779-9068-65C9FAE1A403}" = rport=445 | protocol=6 | dir=out | app=system |
"{CD4A55A3-AC69-4910-B11D-11764353D2A1}" = lport=3581-3582 | protocol=17 | dir=in | app=c:\program files\national instruments\shared\ni webserver\systemwebserver.exe |
"{D0D7C613-7C26-4650-A52F-310B06637BE2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D60EF03E-C512-42CD-9811-BFC4B7F8BB2B}" = lport=137 | protocol=17 | dir=in | app=system |
"{D6FDD5C8-A18A-4EC9-BDA6-527C9B8AA578}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DBBC3F37-7BB6-4586-8332-D478F5361C22}" = rport=137 | protocol=17 | dir=out | app=system |
"{DF58609B-7294-4D7B-8E9A-A4EABA727F0B}" = lport=3580 | protocol=6 | dir=in | app=c:\program files\national instruments\shared\nisvcloc\nisvcloc.exe |
"{E1C1D864-9462-4B26-BD21-4E8D119594A0}" = rport=139 | protocol=6 | dir=out | app=system |
"{E9F3CA92-CAD3-46F6-BDA4-C9D733553497}" = lport=3581-3582 | protocol=6 | dir=in | app=c:\program files\national instruments\shared\ni webserver\systemwebserver.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F5CADF-C54B-42AD-8427-9A024170B41C}" = protocol=6 | dir=in | app=c:\users\mr. collison\appdata\roaming\microsoft\windows\ieupdate\presentationsettings.exe |
"{03FBBEA1-4840-4823-AF82-3E565C8BD992}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0681138F-673D-4CFB-BAD0-B583E4F7B2E2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{14915F41-9D45-4BD5-8E99-08DBF6B52D42}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{19C975B5-485E-484B-A213-E471635FD787}" = protocol=6 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe |
"{1C7DC0E4-FB11-47C1-B0C1-3ADC6EE6AE14}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{1E477A3E-23E3-4D11-9A18-D221536D5A3E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{219333B8-F9EF-4286-99A8-C6E718EC2264}" = protocol=58 | dir=out | [email protected],-28546 |
"{22EC3136-CADE-4416-9D77-F40268D55AD2}" = protocol=6 | dir=in | app=c:\program files\national instruments\shared\ni webserver\applicationwebserver.exe |
"{25A23A25-39EF-4692-8482-3E3452A72A1D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2725CF69-3893-45E8-8B47-2509FAC63E34}" = protocol=6 | dir=out | app=system |
"{27644700-7C30-48DC-85FB-7DA62AE8CD22}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{3B848BF1-A2CB-49D8-BEDD-6E15C4BDB929}" = protocol=17 | dir=in | app=c:\program files\national instruments\shared\ni webserver\applicationwebserver.exe |
"{3CCE950C-F28F-4497-BB57-0D991ACF4F07}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{484C4E1A-4DE2-448E-A511-EB9A7CF0F3F7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{52402839-0A16-4518-838C-3D321E34A3E2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{5A9B8FD8-EB46-4786-B10E-CF491B1952C1}" = protocol=17 | dir=in | app=c:\program files\samantha field control system\samofcs.exe |
"{68CF2F95-A1F0-468C-8735-D6BB11D8B1E9}" = protocol=17 | dir=in | app=c:\users\mr. collison\appdata\roaming\microsoft\windows\ieupdate\presentationsettings.exe |
"{8D8E6F2C-8C53-4E3B-811A-4788A591C918}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9BDD2AD1-D511-4D4D-930C-F76A7C602909}" = protocol=58 | dir=in | [email protected],-28545 |
"{9D7BFD9D-3185-4AFE-B58B-15B034AF1C2A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A32D2B1B-711F-47E5-8DF4-57DF12321237}" = protocol=17 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe |
"{A335E094-21DE-4A56-A0DC-48624BBFA9D2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A6ED9A00-B7C1-4010-82AE-11E0E56B80A9}" = protocol=1 | dir=in | [email protected],-28543 |
"{B18E18F2-46E0-4AFB-A1FB-20A7AFFA3D3F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{CFB49E01-BB6C-464C-AD88-4B7E2ACD6949}" = protocol=1 | dir=out | [email protected],-28544 |
"{D2AB3659-EF2F-4638-8132-A25E87F7CBFB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D40756BE-110A-4120-8E4B-3D345F6DE104}" = protocol=6 | dir=in | app=c:\program files\samantha field control system\samofcs.exe |
"{D8CC1C1F-A4C4-4086-94EC-DFEF9D309FA8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{E7D4250C-1D7B-4D0D-883C-ECBA96F9D4C8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{E9CABC31-853E-4068-9B73-5B5705454E10}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F6DF5C35-1F44-4534-9D0B-8EF9E10C4B65}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FA79E637-91BA-4AE3-BA70-CE13F119EBF6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{FF7AAF06-433F-4084-8D37-4AEE0311BE33}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{2D2341B3-4387-47FC-BF23-26B2627B5847}C:\program files\common files\ti shared\jre\3.2.0\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\common files\ti shared\jre\3.2.0\bin\java.exe |
"TCP Query User{A378FB32-25C6-4EFB-B5EE-AC21EB940203}C:\program files\ti education\ti-nspire student software\ti-nspire student software.exe" = protocol=6 | dir=in | app=c:\program files\ti education\ti-nspire student software\ti-nspire student software.exe |
"TCP Query User{D1B378A4-CBF1-41AB-9E97-13AC0AB3DFF0}C:\program files\ti education\ti-nspire computer link\ti-nspire computer link.exe" = protocol=6 | dir=in | app=c:\program files\ti education\ti-nspire computer link\ti-nspire computer link.exe |
"TCP Query User{D6192C94-A734-4E39-85CD-3861778D813E}C:\program files\samantha field control system\samofcs.exe" = protocol=6 | dir=in | app=c:\program files\samantha field control system\samofcs.exe |
"UDP Query User{55EA1A5D-7C9C-4C1C-9917-87EB7A68B489}C:\program files\samantha field control system\samofcs.exe" = protocol=17 | dir=in | app=c:\program files\samantha field control system\samofcs.exe |
"UDP Query User{9959AD5B-4D3C-427A-881D-905AEDF338C0}C:\program files\ti education\ti-nspire student software\ti-nspire student software.exe" = protocol=17 | dir=in | app=c:\program files\ti education\ti-nspire student software\ti-nspire student software.exe |
"UDP Query User{CE52FD50-0B88-4F83-B2DF-AB380968477C}C:\program files\ti education\ti-nspire computer link\ti-nspire computer link.exe" = protocol=17 | dir=in | app=c:\program files\ti education\ti-nspire computer link\ti-nspire computer link.exe |
"UDP Query User{E1191329-6DC1-4D2D-9777-DDACA08B14D7}C:\program files\common files\ti shared\jre\3.2.0\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\common files\ti shared\jre\3.2.0\bin\java.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0116B9DA-810A-4365-83F9-CAEE89CA4011}" = NI LabVIEW 2012 SP1 (32-bit)
"{0221F866-270F-489E-B90C-533479052978}" = NI LabVIEW 2012 SP1 MeasAppChm File
"{029CDA70-36C3-4493-942A-07DAF42407F2}" = NI LabVIEW 2012 SP1 (32-bit)
"{03A1A333-9900-4233-AD71-C5C418AC1143}" = NI System API .NET 5.5.1
"{03CB43E6-CCF8-4567-BDFF-92BE83ED0808}" = NI LabVIEW 2012 SP1 (32-bit)
"{06897ACD-84E1-4F9E-8848-3E3BF27D2D99}" = NI LabVIEW 2012 SP1 Run-Time Engine Non-English Support.
"{075CA8A9-25A1-4EA7-885C-8A92AED7DB3A}" = NI LabWindows/CVI Run-Time Engine 2010 SP1 (Updated)
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0ACDC0EE-6CD2-4BF1-BE31-F99889062AB8}" = NI LabVIEW 2012 SP1 Deployable License
"{0AF8A008-7141-40DD-BB99-10B7F0C4769A}" = NI GMP Windows 32-bit Installer 13.0.0
"{0C41D003-E38E-4C8A-BA67-AFF061E27F3F}" = Microsoft Mouse and Keyboard Center
"{0CC267F9-EE19-38B3-B6D9-C2B5A16ECCB3}" = Microsoft .NET Framework 4.5.1 (DAN)
"{0FD812C9-3BBE-4CC5-A43C-B7304E3EC581}" = NI Web Pipeline 2.0.1
"{123F4E9B-80E6-3A84-BDD4-3CB3AC59ABF0}" = Microsoft .NET Framework 4.5.1 (CSY)
"{12968295-60D5-4D9C-A96C-BD7921D2C001}" = NI Variable Engine LabVIEW 2012 Support
"{1325DEDB-4EA5-45EF-85A7-A01D58BB9420}" = NI-DAQmx/LabVIEW shared documentation 9.5.5
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{152BD41F-56CE-3CA7-8B3C-5A1ACC994C1F}" = Microsoft .NET Framework 4.5.1 (CHS)
"{19223D91-93DF-3928-B697-60D606D2D64E}" = Microsoft .NET Framework 4.5.1 (FIN)
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{1A91D86E-3124-3574-A4BF-406761265CFA}" = Microsoft .NET Framework 4.5.1 (NLD)
"{1CBC5EDA-E3A3-469B-B19C-F2DAE9B2A56F}" = NI LabVIEW 2012 SP1 f5
"{1D78A81A-58D9-46F7-BFF6-ADF7247803F9}" = NI LabVIEW Run-Time Engine 2011 SP1
"{1F7F5330-D1C5-49D8-85A3-75E29C2434FE}" = NI mDNS Responder 2.2.0
"{20871666-D3F9-492C-AB4C-A903509970B0}" = NI Launcher
"{2117D272-3C6E-3EA5-9728-2C58C9D41407}" = Microsoft .NET Framework 4.5.1 (KOR)
"{231D0E11-0313-49FD-95CE-1D0264C7F1F5}" = NI Math Kernel Libraries
"{26A24AE4-039D-4CA4-87B4-2F03217065FF}" = Java 7 Update 65
"{27451D67-C7FE-48F5-A7AF-7885CD0D115C}" = NI LabVIEW 2012 Help
"{27E496C1-45E5-4AE9-B9BE-47F663130258}" = NI LabVIEW 2012 SP1 LEGO® MINDSTORMS® NXT Module
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2B1D39F8-477A-4B40-B062-F5E0C4D42B9B}" = NI LabWindows/CVI 2010 SP1 Low-Level Driver (Original)
"{2CB15350-C073-4A5B-A706-59E1F69DE11C}" = NI Xalan Delay Load 1.10.2
"{2D7BEBFE-EDD6-45C1-BF6B-67EA7E3DDC0C}" = NI Network Browser 5.5.0
"{2DD33997-3C3E-4517-9D98-0CC5802D6D53}" = NI Curl 13.0.0
"{2DD64FD3-64E6-4198-9E3B-41686C4048CA}" = NI Web-Based Configuration and Monitoring 2013
"{2E0255F5-4643-310D-80C4-444C412C705F}" = Microsoft .NET Framework 4.5.1 (PTG)
"{2F05CC40-BD08-42B3-AC6E-6E740B344729}" = HP Officejet 100 Mobile L411
"{2F64AB3D-540C-44FF-ABB6-6A2E6CF8B8A5}" = NI Instrument IO Assistant for LabVIEW 2012 32-bit
"{3052016F-D1AE-481C-80FF-196021C9892B}" = Microsoft Xbox One Controller for Windows
"{31495D38-0A7A-3D27-845B-9210E6ED8CFE}" = Microsoft .NET Framework 4.5.1 (PTB)
"{3246360A-10B4-4604-8C84-609F526A9A74}" = NI LabVIEW 2012 Search
"{32A4CF00-9FAC-47c8-9B37-91CC23815D64}" = L411
"{32D5858D-5BCE-407A-93CD-897E867ABA51}" = Reset NI Config 5.5.0
"{32DC9901-C13F-4573-B302-F9D7647D6A85}" = NI Measurement & Automation Explorer 5.5.1
"{33995342-4401-4E4F-B0D0-891C5E80FF81}" = NI LabVIEW Compare Utility 12.0.0
"{37CBF405-7780-4D61-BA64-048229E7CAEE}" = NI Registration Wizard
"{38300A40-AB90-444D-A823-17EB95A5C731}" = NI NI LabVIEW 2011 SP1 Run-Time Engine Non-English Support
"{38A5CA5C-6FAF-3D66-B4A5-4F3A223BAB43}" = Microsoft .NET Framework 4.5.1 (NOR)
"{3BCD0085-B478-48B3-8323-77E8BD493062}" = Microsoft Silverlight 5.1
"{3C717C2C-A9F4-4236-A539-89592B0652A7}" = NI LabVIEW 2012 Run-Time Engine Web Server
"{3F0B4C33-6958-43B9-8493-C6E6D4A3565B}" = NI USI 2.0.0
"{4159DD60-49C1-4323-A1A5-FB060CBA35C5}" = NI Measurement Studio Recipe Processor
"{416B50BB-64CE-46C5-81A6-7F842CC35CDC}" = NI LabVIEW MAX XML
"{41B35F90-3A28-4166-AD05-F4C977D0D729}" = TI-Nspire™ Student Software
"{41F6CA61-82CB-4615-9A97-252C5D58FA4B}" = NI LabWindows/CVI Run-Time Engine 2010 SP1
"{4280A3DA-A99A-48ED-9E63-0B77256CB21F}" = NI LabVIEW 2012 SP1 License
"{428B6473-1A49-4EF8-A18B-650B623FACCC}" = NI LabVIEW 2012 SP1 Deployment Framework
"{45CD454E-EA23-466B-8AB8-2F3002C7D532}" = NI Search Shared
"{4715FD0B-2BCA-4A00-94AC-96E06E582F3B}" = NI LabVIEW 2012 Help File
"{4845B7A3-DDC3-44F9-A7DB-C50C94017129}" = NI Web Application Server 13.0
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{49F05354-04F7-4AE4-8434-9E7B5462C727}" = NI DN 2.0 SP1 installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B877FC6-F44C-4B39-B0B6-CE15ADC63997}" = NI VC2005MSMs x86
"{4C280606-F07F-4BF4-80D1-CBEEC51A866C}" = WIF Core Dependencies Windows 5.5.0
"{5385644F-E8EE-4AB4-AA3F-A0D0E9468893}" = NI Remote Provider for MAX 5.5.1
"{58793BC5-EBCE-4e86-9ED2-2410A738AEEB}" = L411_Software_Min
"{59161FE3-94D0-3B65-B9A0-60F896F6F3D8}" = Microsoft .NET Framework 4.5.1 (HUN)
"{5A6C68D9-FDCB-4675-A95A-CD908D103614}" = NI TDM Streaming 2.4
"{5AC89079-83AB-42F1-89F1-20C4EAC505BD}" = NI LabVIEW 2012 SP1 Variable Web Service
"{5AEBB67E-812E-43BC-B029-CD83DBA7CE30}" = NI LabWindows/CVI 2010 SP1 Code Generator
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5B7EDCF8-E6AD-4E99-972C-34BF1F07B349}" = LEGO MINDSTORMS NXT Software v2.0
"{5CC95D76-A798-4722-AE76-E494D9664907}" = NI .NET Framework 4.0
"{5F71448B-88EB-4357-9A98-8658D4C49C48}" = Windows Phone app for desktop
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{6246AACB-D78A-4563-B76E-34C722A8A715}" = NI System Web Server 13.0
"{629F38D9-30E4-4B8B-83B2-9CF7CB5BEF9E}" = L411_Help
"{6317BB68-0331-355B-864F-A92A26952B22}" = Microsoft .NET Framework 4.5.1 (ITA)
"{63495F25-850C-4127-8BA6-1DFD5144723C}" = NI Trace Engine
"{63B92EB0-446C-3778-9E6B-C1BE202FE44F}" = Microsoft .NET Framework 4.5.1 (JPN)
"{646550E5-F469-410B-9721-01E3DCAFA7D2}" = NI Portable Configuration 5.5.0
"{64AC136D-2DA3-43D6-ADB1-BBE21191B283}" = NI LabVIEW Run-Time Engine Interop 2012 SP1
"{68044F4C-00EA-44D0-84E6-AC29FC5FAA12}" = NI LabVIEW Run-Time Engine 2012 SP1 f5
"{69D447B3-1B3F-42A9-9605-A8533BE06D17}" = NI System Web Server Base 13.0.0
"{6B9F789C-1D28-44D5-BCCE-7CCDBFB14B79}" = NI LabVIEW Run-Time Engine Interop 2011
"{6C1D47CC-682C-4673-8CA8-DEE659628599}" = LEGO MINDSTORMS NXT Migration Package
"{6CB3DA3D-C753-423D-AB3B-670C5C2FE6C4}" = NI Authentication 13.0.0
"{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call
"{6DCB11A2-D051-4FF2-BCE0-2248032DE850}" = NI LabVIEW 2012 Scripting Code Generator
"{74DBB98D-B4A7-4DD9-9E13-C51FDB1105D0}" = NI LabWindows/CVI 2010 SP1 Low-Level Driver (Updated)
"{768F22DC-2D20-4F52-A9A1-5E231FB7F752}" = Logitech Gaming Software 5.04
"{7888F38C-E534-473D-B029-562173EEA2C8}" = NI-Mesa
"{792B5ADD-F3A9-473A-9140-B0C8BC03C9FE}" = NI LabVIEW Merge Utility 2012 SP1
"{79A2388A-6FCC-404D-A860-8D2F74844821}" = NI VIPM Helper 2012
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.18
"{7C6869BF-6CBE-4CB0-8869-2743B419343C}" = NI LabVIEW 2011 Real-Time NBFifo
"{7C6E8511-653C-46CB-887B-B8823D7E42CA}" = NI LabVIEW 2012 SP1 (32-bit)
"{7CD40E13-3D17-4982-891F-B57D5DFD54E7}" = NI MetaSuite Installer
"{7FB07065-F547-448A-A1C3-1F2EF5EB834F}" = NI LabWindows/CVI 2010 SP1 Network Variable Library
"{7FE3CB02-218D-31DD-BFD8-50C35968E3A8}" = Microsoft .NET Framework 4.5.1 (HEB)
"{80607FF9-64B0-49D5-B132-D35048FF26AF}" = NI LabVIEW 2012 SP1 (32-bit)
"{80FB7EBE-F006-41D4-A288-FA960645E6C0}" = NI DataSocket 5.0
"{83B3A70F-FB14-4920-AD9C-EA0E79F4EC28}" = NI LabVIEW 2012 SP1 (32-bit)
"{83F16758-CDCB-42B7-BEAF-E1EB7187D8B7}" = NI Uninstaller
"{843AA365-C682-4540-9E7C-9B9A10C6A539}" = NI Error Reporting Interface Installer 5.5
"{85534DA2-32DB-47AE-92FA-994A81AB9794}" = NI LabVIEW for LEGO MINDSTORMS Mode
"{87392509-BFBD-4780-9170-E0106DB472DF}" = NI SSL Support
"{88BF0782-7316-34EA-AEBE-3A8757B656DA}" = Microsoft .NET Framework 4.5.1 (SVE)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0163EA-16B5-469C-94AD-08677AD43B57}" = NI Customer Experience Improvement Program
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FBAA717-6C1C-4BA1-B446-AA5118BA6401}" = NI Update Service 2.3
"{8FF8CB08-4E26-4425-9032-BE381589E25A}" = NI Example Finder 12.0
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9125CF98-08A9-41AA-96B9-A7A7A255E3DC}" = NI-RPC 4.4.0f0
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1025" = Microsoft .NET Framework 4.5.1 (العربية)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029" = Microsoft .NET Framework 4.5.1 (čeština)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1030" = Microsoft .NET Framework 4.5.1 (dansk)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.1 (Deutsch)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1032" = Microsoft .NET Framework 4.5.1 (Ελληνικά)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1035" = Microsoft .NET Framework 4.5.1 (suomi)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036" = Microsoft .NET Framework 4.5.1 (Français)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1037" = Microsoft .NET Framework 4.5.1 (עברית)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1038" = Microsoft .NET-keretrendszer 4.5.1 (magyar)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040" = Microsoft .NET Framework 4.5.1 (Italiano)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1041" = Microsoft .NET Framework 4.5.1 (日本語)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1042" = Microsoft .NET Framework 4.5.1(한국어)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043" = Microsoft .NET Framework 4.5.1 (Nederlands)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1044" = Microsoft .NET Framework 4.5.1, norsk språkpakke
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045" = Microsoft .NET Framework 4.5.1 (Polski)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046" = Microsoft .NET Framework 4.5.1 (Português do Brasil)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1049" = Microsoft .NET Framework 4.5.1 (Русский)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1053" = Microsoft .NET Framework 4.5.1 (svenska)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1055" = Microsoft .NET Framework 4.5.1 (Türkçe)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 2052" = Microsoft .NET Framework 4.5.1 (简体中文)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 2070" = Microsoft .NET Framework 4.5.1 (Português)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082" = Microsoft .NET Framework 4.5.1 (español)
"{93A70920-9479-394E-88C6-33DD0CFE85D3}" = Microsoft .NET Framework 4.5.1 (ARA)
"{94AEBDCC-159F-4CBB-ABDE-B16483D2CF6C}" = NI LabWindows/CVI 2010 SP1 Analysis Library
"{977DF45A-471F-41AE-AD4D-A10BE1BF26C6}" = ROBOTC for MINDSTORMS
"{987B27DC-3F0E-46C9-BC49-73E4CE38D992}" = NI LabVIEW 2012 Manuals
"{9BA528A0-F33B-4162-993A-538CF56A005E}" = Math Kernel Libraries
"{9CD98CEE-3271-4F0E-9C06-75A1EE9E103F}" = NI TDM Excel Add-In 3.4
"{9CF01499-669E-472A-89E3-54CC30C4FDBB}" = NI-RPC 4.4.0f0 for Phar Lap ETS
"{9E871D09-064D-3BC9-963B-3AB8ABE1273D}" = Microsoft .NET Framework 4.5.1 (DEU)
"{A05EFB3F-19E2-4F9E-8380-BE095CCF0BE4}" = NI Logos XT Support
"{A06A7065-FCA1-4D3C-BE65-2837ACCB135D}" = NI LabWindows/CVI 2010 SP1 TDM Streaming Library
"{A0D847A9-A042-48F9-A108-FA3BF96B9D6F}" = NI SLCP 1.0
"{A1E8BAD0-F70C-443B-B061-793E7D1B2B69}" = NI Service Locator 13.0
"{A1ECF9FD-832D-4351-B4AC-62F847EE7A80}" = NI Logos LabVIEW 2012 Support
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A3C5BD04-8542-48D4-A44D-B97A07F4A624}" = NI LabVIEW 2012 SP1 (32-bit)
"{A6025DDF-67EF-4B5D-8365-907295F5D469}" = NI Software Provider for MAX 5.5.0
"{A68CCA86-A2CC-41EF-A9F0-50C5FAA9A04C}" = NI Assistant Framework
"{A825EA53-8075-4AA4-90EC-11B617B0CE91}" = NI SSL LabVIEW 2012 SP1 Support
"{ACC9DFD9-9DC5-4507-8469-E8A8F5035B9C}" = NI Assistant Framework LabVIEW Code Generator 2012
"{AE20D525-5D10-475F-9115-963DB67D49DF}" = NI System State Publisher
"{B0BFD4AC-7EAF-4D29-9283-3C75820EDD8B}" = NI System API Windows 32-bit 5.5.1
"{B10F4C64-BA34-4AFB-9F33-C957DD85D8C3}_is1" = TETRIX Getting Started Guide version 1.0
"{B14A6357-1829-319C-ABCD-55B4FA6E59F3}" = Microsoft .NET Framework 4.5.1 (RUS)
"{B3137CC2-0CC4-4763-B38A-AC0ACEE27740}" = NI-RPC 4.3.0f0 for Phar Lap ETS
"{B4A772D4-ED42-4484-8C0E-663A52D07A2F}" = NI LabVIEW 2012 Real-Time NBFifo
"{BCC373FE-227D-46D9-827F-05BA296E2602}" = NI LabVIEW Web Server for Run-Time Engine
"{BD2F664A-73A8-3ECE-977D-0239A55EEA65}" = Microsoft .NET Framework 4.5.1 (ELL)
"{BD47258F-E4D7-4510-BDB8-F67867028B29}" = NI MAX Remote Configuration Installer 5.5.1
"{BE104AA6-FBE4-4CF7-AB45-1B7B2DCD8115}" = NI LabVIEW Web Services Runtime
"{BF17A82F-FA8B-47CC-A748-49BDB16C50C2}" = NI LabVIEW 2012 SP1 (32-bit)
"{C03C3B2C-6CA6-4134-8E5E-3381D6B19407}" = NI LabVIEW 2012 Simulation
"{C0B7C804-B89F-47F7-91CC-21ACDC7D7AAC}" = TI-Nspire™ Computer Link
"{C507986C-A83D-3F09-9099-5E1AF20BE648}" = Microsoft .NET Framework 4.5.1 (FRA)
"{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}" = System Requirements Lab for Intel
"{C83B8B35-C2C4-3302-9A6E-C2AF1A59E8D6}" = Microsoft .NET Framework 4.5.1 (PLK)
"{C9A0D47F-9A68-4917-868C-79E384E4DEE6}" = NI Help Assistant 2.0
"{CA533BA0-E6F9-4349-B0EC-ABDEB0481E77}" = NI Logos 5.5
"{CA60F87F-6684-4801-9722-146AFB25AE6F}" = NI System API Client for WIF 5.5.1
"{CD1B8388-94B6-4EFB-9E68-BA1B60E9CF47}" = NI System Configuration Runtime 5.5.1
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CDA6B5D1-7CB2-4FD1-98DD-5EF80648A9EB}" = NI LabVIEW 2012 SP1 (32-bit)
"{CFF1C12E-8A62-41D3-8B51-15BFC9DD345C}" = NI ActiveX Container
"{D0BE2A62-3687-4C15-8F8C-7BEA91E4376B}" = NI LabVIEW 2012 SP1 Web Server
"{D3444C07-3CC3-367E-A074-2DD00A7FDD7F}" = Microsoft .NET Framework 4.5.1 (ESN)
"{D426844E-2735-4881-BD41-29F7530FA06C}" = NI Remote PXI Provider for MAX 5.5.0
"{D4A4D0AF-60BA-4F7D-8B19-18DEB457209E}" = NI System Configuration 5.5.1 LabVIEW Support
"{D505442F-3CB1-3B2D-8FB4-35833672E24A}" = Microsoft .NET Framework 4.5.1 (TRK)
"{D537CC45-9D58-4890-88C0-82684360269C}" = NI LabVIEW MINDSTORMS Competition Toolkit 2013-2014
"{D59EF91D-313B-4234-82D6-879D20FC418A}" = NI License Manager
"{D70FB770-BE91-4A1C-942B-F2F7C3BFB2C7}" = LEGO MINDSTORMS NXT - English Language Pack
"{DB641CBD-EDCC-4AA9-9135-4655E6E17F03}" = NI System API Web-Service 32-bit 5.5.1
"{DB974CAC-E29F-4F36-9343-6B589DF80593}" = NI MXS 5.5.0
"{DEC25D81-2317-47F6-8B26-D54A939DA1EE}" = NI LabVIEW C Interface
"{DF549FB9-B94F-4B8D-B007-39281EDB9A52}" = NI Error Reporting 2013
"{DFEB5AEC-611E-466F-A072-956751A66880}" = NI SSL LabVIEW RTE 2012 SP1 Support
"{E040B65B-8683-4228-8C33-D44A141E40EA}" = Secure Download Manager
"{E1D60C68-016C-4951-8C1F-52E24DFE7836}" = NI CodeSignAPI
"{E28C7E0F-364F-40DD-9971-D71402AA7DE3}" = NI System Configuration LV2012 Support 5.5.1
"{E6068691-1FBC-4EF0-87E8-609CDB32038A}" = NI Xerces Delay Load 2.7.3
"{E84997A1-4D6F-4C0B-B60D-F85B360D2666}" = NI VC2008MSMs x86
"{EA289B2D-80CE-486A-935D-FC3F088AB5C7}" = NI LabVIEW 2013 Real-Time Error Dialog
"{EA9650DD-039A-4D72-8967-0FEEFDFB36B0}" = NI Variable Engine 2.6.0
"{F2273FA7-117C-43D7-BD59-00B025535442}" = NI VC2010SP1MSMs x86
"{F240B5F1-74DD-4DAD-BDCE-092A9A3471C5}" = NI EulaDepot
"{F278392D-547E-4E67-AD1C-2576C2852B50}" = NI Measurement Studio ComponentWorks 3D Graph
"{F37CC885-1E37-4F2A-93F3-7F1E1EEBBEBB}" = NI LabVIEW Broker
"{F3B2DE70-22EF-43C1-9175-7489296752AE}_is1" = Samantha Field Control System 3.0.6
"{F45CE5E8-4A60-4292-8FD5-1807DFEBE221}" = NI LabWindows/CVI 2010 LabVIEW DLL Builder
"{F582F87C-AF54-462A-858C-1B886973B3C5}" = NI Distributed System Manager 2012
"{F5F0BFAE-3F87-40BA-9279-DE7621579CF8}" = NI OPC Support
"{FA07F113-167B-488D-8C77-CE554BE7EDF5}" = NI MDF Support
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FA2B75F7-6037-4C34-9F3B-3E4320C4CC61}" = LEGO MINDSTORMS NXT Driver
"{FC89B79E-AE5F-495F-A2B5-4469E5E2E284}" = NI Network Discovery 5.5
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Award Maker 2001" = Award Maker 2001
"Brother HL-5040" = Brother HL-5040
"CCleaner" = CCleaner
"Digital Copy" = Digital Copy
"ExamView Pro" = ExamView Assessment Suite
"Finale NotePad 2012" = Finale NotePad 2012
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"NI Uninstaller" = National Instruments Software
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Sketchpad" = Sketchpad
"Yahoo! Widget Engine" = Yahoo! Widgets
"YInstHelper" = Yahoo! Install Manager
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-359023775-2666766653-863409172-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"404b9336c7552828" = Flixster
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 5/23/2014 10:05:06 AM | Computer Name = BlackBook | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...authrootstl.cab>
 with error: The data is invalid.  .
 
Error - 5/23/2014 10:05:06 AM | Computer Name = BlackBook | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...authrootstl.cab>
 with error: The data is invalid.  .
 
Error - 5/23/2014 10:05:06 AM | Computer Name = BlackBook | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...authrootstl.cab>
 with error: The data is invalid.  .
 
Error - 5/23/2014 10:09:27 AM | Computer Name = BlackBook | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...authrootstl.cab>
 with error: The data is invalid.  .
 
Error - 5/23/2014 10:09:27 AM | Computer Name = BlackBook | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...authrootstl.cab>
 with error: The data is invalid.  .
 
Error - 5/23/2014 10:09:31 AM | Computer Name = BlackBook | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...authrootstl.cab>
 with error: The data is invalid.  .
 
Error - 5/23/2014 10:09:31 AM | Computer Name = BlackBook | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...authrootstl.cab>
 with error: The data is invalid.  .
 
Error - 5/23/2014 10:09:31 AM | Computer Name = BlackBook | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...authrootstl.cab>
 with error: The data is invalid.  .
 
Error - 5/23/2014 10:09:31 AM | Computer Name = BlackBook | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...authrootstl.cab>
 with error: The data is invalid.  .
 
Error - 5/23/2014 10:09:32 AM | Computer Name = BlackBook | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...authrootstl.cab>
 with error: The data is invalid.  .
 
Error - 5/23/2014 10:09:32 AM | Computer Name = BlackBook | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...authrootstl.cab>
 with error: The data is invalid.  .
 
Error - 5/23/2014 10:09:32 AM | Computer Name = BlackBook | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...authrootstl.cab>
 with error: The data is invalid.  .
 
Error - 5/23/2014 10:09:32 AM | Computer Name = BlackBook | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...authrootstl.cab>
 with error: The data is invalid.  .
 
Error - 5/23/2014 2:17:20 PM | Computer Name = BlackBook | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 11.0.9600.17041 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 147c    Start
 Time: 01cf76b3219f9802    Termination Time: 20    Application Path: C:\Program Files\Internet
 Explorer\iexplore.exe    Report Id:  
 
Error - 5/24/2014 1:16:46 PM | Computer Name = BlackBook | Source = WinMgmt | ID = 10
Description =
 
Error - 5/26/2014 8:35:33 AM | Computer Name = BlackBook | Source = WinMgmt | ID = 10
Description =
 
Error - 5/26/2014 5:06:22 PM | Computer Name = BlackBook | Source = WinMgmt | ID = 10
Description =
 
Error - 5/27/2014 7:40:09 AM | Computer Name = BlackBook | Source = WinMgmt | ID = 10
Description =
 
[ Media Center Events ]
Error - 4/16/2014 7:34:20 AM | Computer Name = BlackBook | Source = MCUpdate | ID = 0
Description = 7:34:06 AM - Error connecting to the internet.  7:34:07 AM -     Unable
 to contact server.. 
 
Error - 4/16/2014 8:38:24 AM | Computer Name = BlackBook | Source = MCUpdate | ID = 0
Description = 8:38:23 AM - Error connecting to the internet.  8:38:24 AM -     Unable
 to contact server.. 
 
Error - 4/16/2014 8:38:58 AM | Computer Name = BlackBook | Source = MCUpdate | ID = 0
Description = 8:38:31 AM - Error connecting to the internet.  8:38:31 AM -     Unable
 to contact server.. 
 
[ System Events ]
Error - 9/1/2014 4:40:28 PM | Computer Name = BlackBook.vassar.tisd | Source = volsnap | ID = 393245
Description = The shadow copies of volume C: were aborted during detection.
 
Error - 9/1/2014 4:40:52 PM | Computer Name = BlackBook.vassar.tisd | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
 in domain VASSAR due to the following:   %%1311    This may lead to authentication problems.
 Make sure that this  computer is connected to the network. If the problem persists,
please
 contact your domain administrator.        ADDITIONAL INFO    If this computer is a domain controller
 for the specified domain, it  sets up the secure session to the primary domain controller
 emulator in the specified  domain. Otherwise, this computer sets up the secure session
 to any domain controller  in the specified domain.
 
Error - 9/1/2014 4:40:52 PM | Computer Name = BlackBook.vassar.tisd | Source = Service Control Manager | ID = 7002
Description = The BrPar service depends on the Parallel arbitrator group and no
member of this group started.
 
Error - 9/1/2014 4:40:54 PM | Computer Name = BlackBook.vassar.tisd | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   cdrom
 
Error - 9/2/2014 8:23:24 PM | Computer Name = BlackBook.vassar.tisd | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
 in domain VASSAR due to the following:   %%1311    This may lead to authentication problems.
 Make sure that this  computer is connected to the network. If the problem persists,
please
 contact your domain administrator.        ADDITIONAL INFO    If this computer is a domain controller
 for the specified domain, it  sets up the secure session to the primary domain controller
 emulator in the specified  domain. Otherwise, this computer sets up the secure session
 to any domain controller  in the specified domain.
 
Error - 9/2/2014 8:23:24 PM | Computer Name = BlackBook.vassar.tisd | Source = Service Control Manager | ID = 7002
Description = The BrPar service depends on the Parallel arbitrator group and no
member of this group started.
 
Error - 9/2/2014 8:23:28 PM | Computer Name = BlackBook.vassar.tisd | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   cdrom
 
Error - 9/2/2014 8:23:55 PM | Computer Name = BlackBook.vassar.tisd | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
 to a domain controller. This may be a transient condition. A success message would
 be generated once the machine gets connected to the domain controller and Group
 Policy has succesfully processed. If you do not see a success message for several
 hours, then contact your administrator.
 
Error - 9/2/2014 8:26:43 PM | Computer Name = BlackBook.vassar.tisd | Source = TermService | ID = 1067
Description =
 
Error - 9/2/2014 8:35:41 PM | Computer Name = BlackBook.vassar.tisd | Source = DCOM | ID = 10010
Description =
 
 
< End of report >
 


  • 0

#6
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

I don't see anything overly troubling. Yes, a few clean up items and we will address those.

 

Have a look here at some information on PresentationSetting. If you don't neeed it, you can always shut if off per the instructions at the page located in the link.

 

Now, just a bit of warning. Dual Boot OS's can be a useful and good options. Lots of upside when you need backward compatability, etc. However, trouble when one starts to mix one OS with the other. i.e. I'm booting "A", but running so code located on "B". Most often not an issue. However, when issues do appear, they are odd and often difficult to trouble shoot. I draw your attention to the bottom of the OTL Extras log in the Errors section. Some of them are just Domain issues and nothing untoward. Others seem to hint to me locational difficulties from mixing OS components. i.e. each OS component arguing it's validity to the other until both time out. To quote your Screen Name's words "Don't try to have the last word. You just might get it". A lesson two warring Operating Systems need to learn. My advice, with XP and 7, boot to 7 and stay there. I loved XP too, but we have to move on, right :thumbsup:  

 

Ok, let's clean up a few things and see where we are. Make sure you turn off Presentation Setting before doing the scans, that's if you decided to turn it off at all.

 

adwcleaner_new.png Scan with AdwCleaner
 
Please download AdwCleaner by Xplode and save the file to your desktop.
 
  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and click Scan.
  • Upon completion, click Report. A log (AdwCleaner[R*].txt) will open.
 
Please include the contents of that file in your reply.
 

JRTbythisisu.png Fix with Junkware Removal Tool
 
Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
 
  • Right-click on JRTbythisisu.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.
 
Please include the contents of that file in your reply.
 
Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.
 
51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
createsrpoint;

process;

services-list;

systemspecs;

startupall;

skipfix-iedefaults;

firefoxlook;

chromelook;

filesrcm;

installedprogs;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.
 
To summarize, you'll posting back the OTL Moved File log, adwCleaner log, JRT log and ZOEK log.
 
And, let me know how the computer is working too. 20x20xsmile.png.pagespeed.ic.CwSpBGGvqN.

 


  • 0

#7
Lazarus Long

Lazarus Long

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Thanks for the quick response! I won't be able to try this out until I get home from work tonight, but I am looking forward to it.

 

I du usually boot into and run from the 7 partition. Still have a few programs in the XP partition that I need to use for work (Award maker, etc.) and do not have installation disks to install them in 7. Plus a few old, cherished games that I cannot bear the thought of never playing again.

 

I have tried deactivating PresentationSettings but it keeps reappearing in my Task Manager. I have never, ever used the program for anything before and I cannot recall it ever appearing in Task Manager until just these past few days that I have been experiencing problems.

 

Thanks again, and I will post the requested results tonight (probably pretty late, so don't wait up for me).


  • 0

#8
Lazarus Long

Lazarus Long

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Well, darn. When I booted into 7, screen was dark for a while, then the white "Windows is Loading Files" progress bar went across the bottom of the screen, then the Startup Repair routine began running. It claims to be repairing disk errors and says it may take over an hour to complete. I hope it is OK to let this thing run...I am scared to interrupt it, but then again I am scared that it might be doing insane damage. Guess I will have to see what happens...


  • 0

#9
Lazarus Long

Lazarus Long

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Now it says "The file or directory d:\Windows is corrupt and unreadable. Please run the Chkdisk utility." Any advice on how to proceed? Should I boot into the other OS and run Chkdisk from there? Should I take out the hard drive, dock it to a working computer, and run chkdisk there? Or something else? I have tried booting into 7 twice and gotten this same result both times.


  • 0

#10
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Now it says "The file or directory d:\Windows is corrupt and unreadable. Please run the Chkdisk utility." Any advice on how to proceed?

 

With the caveat of, "I'm not much of a Hardware guy. Just a lowly Malware guy" I make the following comments. Yes, I would run the CHKDSK utility and hope that it puts things to right.

 

I believe that you're seeing evidence right now as to why I don't like to jockey these drives around and dock and undock them. This kind of thing worked in the old days of W9? and NT/XP, but doesn't work so well these days.

 

 

 

Should I boot into the other OS and run Chkdisk from there? Should I take out the hard drive, dock it to a working computer, and run chkdisk there? Or something else? I have tried booting into 7 twice and gotten this same result both times.

 

It would not be my suggest to do any of these. If CHKDSK doesn't fix the problem, the I would run StartUp Repair three times in a row (regardless of what it says it fixed, etc.) then if it's still not working, Open a Topic here in the Windows Vista/7 Forum.


  • 0

#11
Lazarus Long

Lazarus Long

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Yeah it might be looking like I will have to head over there. It went through the chkdisk overnight. This morning it looked like it had finished that and gone through the startup repair by itself, and was claiming to have fixed stuff and asking to be rebooted. Rebooting took me to OS selection, I let it go into 7, then it hung on a dark screen and I had to go to work. Now I am home, and it said it was repaired and to remove any new hardware and reboot. I didn't have any new hardware, but I unplugged the USB mouse and extra monitor and rebooted. Now back to the dark screen. If it comes back to life in the next day or two and I am able to run your fixes above in 7, I will do so and report back.


  • 0

#12
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Has there been any progress? Are you going to open a Hardware topic and should I close this one?


  • 0

#13
Lazarus Long

Lazarus Long

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Still trying to get it to boot. Not able to spend a lot of time at it right now because of work and family. I appreciate your help, but I may not be able to do much with it in the next several days. If you want me to just bump this back up when I get something going, I will do that. Or if you prefer, you can close it and I will start a new one if I get some progress. Thanks again!
 


  • 0

#14
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

When you have time, I can coach you through booting from a USB thumb drive and we can try to see what's going on with your hard drive.

 

In the mean time, I'll close the topic. When you have time, just PM me or any Admin and we'll re-open it or you can open a new topic. Your choice :)


  • 0

#15
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP