Visit to the homeland and get the honor of working on parents computer which seems to have a number of issues. I went through and uninstalled lots of things with crazy names. All seems to be away except for this Astromenda which continues to stick around. The computer seems awful laggy and takes sometime to boot. I'm not certain if they have a boot disk and it would probably be faster to design a new operating system by the time it would be located in this house.
Thank you for your assistance!
Thank you for your assistance!
Code:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17239
Run by Garland at 20:24:39 on 2014-09-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4003.1996 [GMT -6:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\ProgramData\IePluginServices\PluginService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\SupTab\HpUI.exe
C:\Program Files (x86)\SupTab\Loader32.exe
C:\Program Files (x86)\SupTab\Loader64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files\005\mtgaotushb64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://astromenda.com/?f=1&a=ast_cmi_14_36_ff&cd=2XzuyEtN2Y1L1Qzu0EtDyCzyzyyD0CyBzy0FtAtAtCtDzyyBtN0D0Tzu0SzyyBzytN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCzy0EtB0E0FzzyCtGzytByDtDtGtAzy0B0BtG0C0F0E0CtGyC0DtC0D0AyE0EyEyBtAzzyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0Ezy0E0F0EtByDtG0Azz0EtCtGyEyE0E0CtG0AtDzzyCtG0Ezz0C0CyD0CyC0EtA0ByEyC2Q&cr=161822531&ir=
uSearch Bar = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
uSearch Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
uDefault_Page_URL = hxxp://www.istart123.com/?type=hp&ts=1407698409&from=tugs&uid=HitachiXHDS721050CLA662_JP1570HR2R188K2R188KX
mStart Page = hxxp://www.istart123.com/?type=hp&ts=1407698409&from=tugs&uid=HitachiXHDS721050CLA662_JP1570HR2R188K2R188KX
mSearch Bar = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
mSearch Page = hxxp://www.istart123.com/web/?type=ds&ts=1407698409&from=tugs&uid=HitachiXHDS721050CLA662_JP1570HR2R188K2R188KX&q={searchTerms}
mDefault_Page_URL = hxxp://www.istart123.com/?type=hp&ts=1407698409&from=tugs&uid=HitachiXHDS721050CLA662_JP1570HR2R188K2R188KX
mDefault_Search_URL = hxxp://www.istart123.com/web/?type=ds&ts=1407698409&from=tugs&uid=HitachiXHDS721050CLA662_JP1570HR2R188K2R188KX&q={searchTerms}
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=US&userid=272c0aa4-263d-4398-533e-6229a7d8346a&searchtype=ds&q={searchTerms}&installDate=03/02/2014
mWinlogon: Userinit = userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - <orphaned>
BHO: {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} -
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: {ccb24e92-62c4-4c53-95d2-65f9eed476bc} - <orphaned>
BHO: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - <orphaned>
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -
BHO: {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - <orphaned>
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
uRun: [Driver Support] C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe /applicationMode:systemTray /showWelcome:false
uRun: [PC Driver Kit] C:\Program Files (x86)\PC Driver Kit\PCDKLauncher.exe
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [Driver Detective] C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe /applicationMode:systemTray /showWelcome:false
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [fst_us_199] <no file>
StartupFolder: C:\Users\Garland\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PRICEP~1.LNK - C:\Program Files (x86)\PricePeep\PricePeepUpdater.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} -
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: NameServer = 192.168.2.1 192.168.10.1 216.166.168.2 192.168.2.1
TCP: Interfaces\{5A3F774F-3AEA-407A-A88A-E1DD07B69F3E} : DHCPNameServer = 192.168.2.1 192.168.10.1 216.166.168.2 192.168.2.1
TCP: Interfaces\{F32E21B1-C5C3-4D47-BF3A-D23A98B6B646}\37861677 : DHCPNameServer = 192.168.2.1 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-mStart Page = hxxp://www.istart123.com/?type=hp&ts=1407698409&from=tugs&uid=HitachiXHDS721050CLA662_JP1570HR2R188K2R188KX
x64-mSearch Page = hxxp://www.istart123.com/web/?type=ds&ts=1407698409&from=tugs&uid=HitachiXHDS721050CLA662_JP1570HR2R188K2R188KX&q={searchTerms}
x64-mDefault_Page_URL = hxxp://www.istart123.com/?type=hp&ts=1407698409&from=tugs&uid=HitachiXHDS721050CLA662_JP1570HR2R188K2R188KX
x64-mDefault_Search_URL = hxxp://www.istart123.com/web/?type=ds&ts=1407698409&from=tugs&uid=HitachiXHDS721050CLA662_JP1570HR2R188K2R188KX&q={searchTerms}
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: {93DBF2BB-A2B3-4683-A92E-57E60751F346} - <orphaned>
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Garland\AppData\Roaming\Mozilla\Firefox\Profiles\gndlhmsx.default\
FF - prefs.js: browser.search.defaulturl - hxxps://search.yahoo.com/yhs/search
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/yhs/search
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Users\Garland\AppData\Roaming\Mozilla\Firefox\Profiles\gndlhmsx.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll
FF - plugin: C:\Users\Garland\AppData\Roaming\Mozilla\Firefox\Profiles\gndlhmsx.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npPitPlugin.dll
FF - plugin: C:\Users\Garland\AppData\Roaming\Mozilla\Firefox\Profiles\gndlhmsx.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
FF - plugin: C:\Users\Garland\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.astrmndasr.hmpg - true
FF - user.js: extensions.astrmndasr.hmpgUrl - hxxp://astromenda.com/?f=1&a=ast_cmi_14_36_ff&cd=2XzuyEtN2Y1L1Qzu0EtDyCzyzyyD0CyBzy0FtAtAtCtDzyyBtN0D0Tzu0SzyyBzytN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCzy0EtB0E0FzzyCtGzytByDtDtGtAzy0B0BtG0C0F0E0CtGyC0DtC0D0AyE0EyEyBtAzzyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0Ezy0E0F0EtByDtG0Azz0EtCtGyEyE0E0CtG0AtDzzyCtG0Ezz0C0CyD0CyC0EtA0ByEyC2Q&cr=161822531&ir=
FF - user.js: extensions.astrmndasr.dfltSrch - true
FF - user.js: extensions.astrmndasr.srchPrvdr - Astromenda
FF - user.js: extensions.astrmndasr.dnsErr - true
FF - user.js: extensions.astrmndasr_i.newTab - true
FF - user.js: extensions.astrmndasr.newTabUrl - hxxp://astromenda.com/?f=2&a=ast_cmi_14_36_ff&cd=2XzuyEtN2Y1L1Qzu0EtDyCzyzyyD0CyBzy0FtAtAtCtDzyyBtN0D0Tzu0SzyyBzytN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCzy0EtB0E0FzzyCtGzytByDtDtGtAzy0B0BtG0C0F0E0CtGyC0DtC0D0AyE0EyEyBtAzzyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0Ezy0E0F0EtByDtG0Azz0EtCtGyEyE0E0CtG0AtDzzyCtG0Ezz0C0CyD0CyC0EtA0ByEyC2Q&cr=161822531&ir=
FF - user.js: extensions.astrmndasr.tlbrSrchUrl - hxxp://astromenda.com/?f=3&a=ast_cmi_14_36_ff&cd=2XzuyEtN2Y1L1Qzu0EtDyCzyzyyD0CyBzy0FtAtAtCtDzyyBtN0D0Tzu0SzyyBzytN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCzy0EtB0E0FzzyCtGzytByDtDtGtAzy0B0BtG0C0F0E0CtGyC0DtC0D0AyE0EyEyBtAzzyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0Ezy0E0F0EtByDtG0Azz0EtCtGyEyE0E0CtG0AtDzzyCtG0Ezz0C0CyD0CyC0EtA0ByEyC2Q&cr=161822531&ir=&q=
FF - user.js: extensions.astrmndasr.id - E06995C79F331097
FF - user.js: extensions.astrmndasr.instlDay - 16318
FF - user.js: extensions.astrmndasr.vrsn -
FF - user.js: extensions.astrmndasr.vrsni -
FF - user.js: extensions.astrmndasr_i.vrsnTs - 16:58:10
FF - user.js: extensions.astrmndasr.prtnrId - WSE_Astromenda
FF - user.js: extensions.astrmndasr.prdct - astrmndasr
FF - user.js: extensions.astrmndasr.aflt - ast_cmi_14_36_ff
FF - user.js: extensions.astrmndasr_i.smplGrp - none
FF - user.js: extensions.astrmndasr.tlbrId -
FF - user.js: extensions.astrmndasr.instlRef - 142905_a
FF - user.js: extensions.astrmndasr.dfltLng -
FF - user.js: extensions.astrmndasr.appId - {9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}
FF - user.js: extensions.astrmndasr.excTlbr - false
FF - user.js: extensions.astrmndasr.cr - 161822531
FF - user.js: extensions.astrmndasr.cd - 2XzuyEtN2Y1L1Qzu0EtDyCzyzyyD0CyBzy0FtAtAtCtDzyyBtN0D0Tzu0SzyyBzytN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCzy0EtB0E0FzzyCtGzytByDtDtGtAzy0B0BtG0C0F0E0CtGyC0DtC0D0AyE0EyEyBtAzzyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0Ezy0E0F0EtByDtG0Azz0EtCtGyEyE0E0CtG0AtDzzyCtG0Ezz0C0CyD0CyC0EtA0ByEyC2Q
FF - user.js: extensions.astrmndasr.AL - 4
.
============= SERVICES / DRIVERS ===============
.
R1 {9a9157bb-003e-4fef-8bd1-c09bc4586a28}Gw64;{9a9157bb-003e-4fef-8bd1-c09bc4586a28}Gw64;C:\Windows\System32\drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}Gw64.sys [2014-8-15 61632]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2014-7-23 438616]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 IePluginServices;IePlugin Services;C:\ProgramData\IePluginServices\PluginService.exe -service --> C:\ProgramData\IePluginServices\PluginService.exe -service [?]
R2 mtgaotushb64;mtgaotushb64;C:\Program Files\005\mtgaotushb64.exe run options=01110010050000000000000000000000 sourceguid=0F467D68-149F-43B9-A30F-62DA8D197FC3 --> C:\Program Files\005\mtgaotushb64.exe run options=01110010050000000000000000000000 sourceguid=0F467D68-149F-43B9-A30F-62DA8D197FC3 [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-7-5 1874016]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-5-16 533096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService --> C:\Program Files (x86)\PDF Complete\pdfsvc.exe [?]
S2 UNS;Intel(R) Management and Security Application User Notification Service;"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" --> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [?]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-14 111616]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-8-1 158976]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-1-29 36720]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2014-1-27 16152]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-20 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-09-05 23:43:24 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{65EFBBFC-BD91-4768-B0D5-6D6EA8DAF7CA}\offreg.dll
2014-09-05 22:58:15 -------- d-----w- C:\Users\Garland\AppData\Roaming\WSE_Astromenda
2014-09-05 22:57:43 -------- dc-h--w- C:\ProgramData\~1
2014-09-05 22:48:50 -------- d-----w- C:\Users\Garland\AppData\Roaming\Roxio Log Files
2014-09-05 22:47:00 -------- d-----w- C:\Program Files (x86)\predm
2014-09-05 22:41:18 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2014-09-05 09:52:40 11319192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{65EFBBFC-BD91-4768-B0D5-6D6EA8DAF7CA}\mpengine.dll
2014-08-27 18:53:25 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-27 18:53:24 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-27 18:53:24 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-21 03:24:11 2620928 ----a-w- C:\Windows\System32\wucltux.dll
2014-08-21 03:23:58 97792 ----a-w- C:\Windows\System32\wudriver.dll
2014-08-21 03:23:58 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
2014-08-21 03:23:47 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-08-21 03:23:47 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2014-08-21 03:23:47 198600 ----a-w- C:\Windows\System32\wuwebv.dll
2014-08-21 03:23:47 179656 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2014-08-19 17:11:57 -------- d-----w- C:\Users\Garland\AppData\Roaming\ap_logs
2014-08-19 17:11:30 631608 ----a-w- C:\Users\Garland\AppData\Local\nsf9ACB.tmp
2014-08-19 15:59:41 -------- d-----w- C:\ProgramData\PastaLeads
2014-08-19 15:59:34 -------- d-----w- C:\Program Files\Common Files\PastaLeads
2014-08-19 15:59:32 -------- d-----w- C:\Program Files\005
2014-08-19 15:58:41 -------- d-----w- C:\Users\Garland\AppData\Local\SearchProtect
2014-08-15 15:55:46 61632 ----a-w- C:\Windows\System32\drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}Gw64.sys
2014-08-15 09:01:32 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-08-15 09:01:32 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-08-15 09:01:32 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-08-15 09:01:32 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-08-15 09:01:30 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-08-15 09:01:30 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-08-15 09:01:12 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-15 09:01:12 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-08-15 04:25:42 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-08-15 04:25:42 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-08-15 04:25:41 529920 ----a-w- C:\Windows\System32\aepdu.dll
2014-08-15 04:25:41 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-08-10 20:32:53 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-10 20:32:53 -------- d-----w- C:\Program Files\iTunes
2014-08-10 20:32:53 -------- d-----w- C:\Program Files\iPod
2014-08-10 20:32:53 -------- d-----w- C:\Program Files (x86)\iTunes
2014-08-10 20:31:25 -------- d-----w- C:\Program Files (x86)\Bonjour
2014-08-10 20:24:56 -------- d-----w- C:\Users\Garland\AppData\Local\freeSOFTtoday
2014-08-10 19:21:07 -------- d-----w- C:\ProgramData\IePluginServices
2014-08-10 19:20:56 -------- d-----w- C:\Program Files (x86)\SupTab
2014-08-10 19:20:50 -------- d-----w- C:\ProgramData\WindowsMangerProtect
2014-08-10 18:38:17 -------- d-----w- C:\Program Files (x86)\Garmin
2014-08-07 19:03:07 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2014-08-07 19:02:58 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2014-08-07 19:02:57 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2014-08-07 19:02:57 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-08-07 18:22:59 -------- d-----w- C:\ProgramData\PC Drivers HeadQuarters
.
==================== Find3M ====================
.
2014-08-07 18:36:45 16152 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys
2014-08-06 01:14:10 20328 ----a-w- C:\Windows\System32\roboot64.exe
2014-08-05 15:20:00 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-07-25 14:02:12 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-07-25 14:01:41 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-07-25 13:30:30 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-07-25 13:28:35 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-07-25 13:25:45 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-07-25 13:04:40 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-07-25 13:00:25 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-07-25 12:59:28 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-07-25 12:47:25 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-07-25 12:33:08 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15 5824512 ----a-w- C:\Windows\System32\jscript9.dll
2014-07-25 12:28:05 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:10:15 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-07-25 12:08:47 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-07-25 11:43:16 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29 2087936 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-07-25 11:39:25 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49 2001920 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06 2266624 ----a-w- C:\Windows\System32\wininet.dll
2014-07-25 10:05:23 1792512 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-07-16 02:46:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-07-08 21:17:34 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-08 21:17:34 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-07-08 21:17:27 11204096 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-16 02:10:19 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
.
============= FINISH: 20:25:00.59 ===============