Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't turn windows 8 firewall on


  • This topic is locked This topic is locked
33 replies to this topic

#1 luniz7

luniz7

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 29 June 2013 - 03:25 AM

The kid was on the computer last week and I just recently got an error saying that windows firewall wasn't on.  Looks like he installed some torrent stuff and downloaded some crap. Probably a virus.  Now I am unable to turn windows firewall on at all now.  I've tried starting it manually through services.msc with no luck. I did install a firewall since I was unable to use the windows firewall to help keep my computer protected. 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.21.2
Run by luniz_000 at 2:16:03 on 2013-06-29
Microsoft Windows 8 Pro with Media Center  6.2.9200.0.1252.1.1033.18.3999.725 [GMT -6:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus Free Edition *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Bitdefender Antivirus Free Edition *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Classic Shell\ClassicShellService.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Box Sync\BoxSyncHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Box Sync\BoxSync.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
C:\Users\luniz_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe
C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\notepad.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Pandora\Pandora.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
C:\Program Files (x86)\Cobian Backup 11\Cobian.exe
C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe
BHO: E-Web Print: {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: ASUS Browser Extension x86: {78234974-0C4B-4111-BDEB-D9A104418771} - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x86\BrowserExtension.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: E-Web Print: {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - 
EB: E-Web Print: {A60C1DC7-64B3-4AD9-8E67-035D11B8B2B0} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
uRun: [0E861B2BABCBD52C3492BD48DFB3AEA1A05C8A84._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [gbrspcontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
StartupFolder: C:\Users\LUNIZ_~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\luniz_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\BOXSYN~1.LNK - C:\Program Files\Box Sync\BoxSync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\STARTG~1.LNK - C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe
mPolicies-System: DisableCAD = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{9EF4351C-8428-4C1C-B6B0-34FC7008C663} : NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{9EF4351C-8428-4C1C-B6B0-34FC7008C663} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9EF4351C-8428-4C1C-B6B0-34FC7008C663}\355727675696C6C616E636563253230333 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9EF4351C-8428-4C1C-B6B0-34FC7008C663}\35F636B6D4F6E6B65697D27657563747 : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.33.1
TCP: Interfaces\{9EF4351C-8428-4C1C-B6B0-34FC7008C663}\4497E65687 : DHCPNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{9EF4351C-8428-4C1C-B6B0-34FC7008C663}\65562796A7F6E602D494649443531303C4024403446402355636572756 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9EF4351C-8428-4C1C-B6B0-34FC7008C663}\65562796A7F6E602D494649443531303C4026413932302355636572756 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-mStart Page = about:blank
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-BHO: ASUS Browser Extension x64: {78234974-0C4B-4111-BDEB-D9A104418772} - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x64\BrowserExtension64.dll
x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll
x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-Run: [ASUSQuickGesture(x86)] C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
x64-Run: [ASUSTPLoader(x64)] C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
x64-Run: [ASUSQuickGesture(x64)] C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [BtTray] "C:\Program Files (x86)\Bluetooth Suite\BtTray.exe"
x64-Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [BoxSyncHelper] "C:\Program Files\Box Sync\BoxSyncHelper.exe"
x64-mPolicies-System: DisableCAD = dword:1
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
x64-IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\Windows\System32\Drivers\avc3.sys [2013-5-29 718840]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [2013-5-29 121928]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\Drivers\cmderd.sys [2013-6-18 23168]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\Drivers\cmdguard.sys [2013-6-18 713776]
R1 cmdhlp;COMODO Internet Security Helper Driver;C:\Windows\System32\Drivers\cmdhlp.sys [2013-6-18 37560]
R1 gzflt;gzflt;C:\Windows\System32\Drivers\gzflt.sys [2013-5-29 148696]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-10-9 219776]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [2013-6-29 67584]
R2 CLPSLauncher;COMODO LPS Launcher;C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [2013-4-17 70344]
R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2013-6-20 2095752]
R2 GeekBuddyRSP;GeekBuddyRSP Service;C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2013-4-17 1851088]
R2 gzserv;Bitdefender Antivirus Free Edition;C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [2013-6-28 59592]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-4-5 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-4-5 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-4-5 168384]
R2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-10-9 323584]
R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\Drivers\AiCharger.sys [2012-12-4 17152]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\Windows\System32\Drivers\btath_flt.sys [2012-11-11 88728]
R3 ATP;ASUS PS/2 Port Input Device;C:\Windows\System32\Drivers\AsusTP.sys [2012-9-11 56704]
R3 avckf;avckf;C:\Windows\System32\Drivers\avckf.sys [2013-5-29 593144]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\Windows\System32\Drivers\btath_bus.sys [2012-11-11 33944]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\Drivers\btath_hcrp.sys [2012-11-11 178840]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\Drivers\btath_lwflt.sys [2012-11-11 76952]
R3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2012-11-11 576152]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\Drivers\FLxHCIc.sys [2012-7-18 246568]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\Drivers\FLxHCIh.sys [2012-7-18 76584]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\Drivers\RtsUVStor.sys [2012-11-11 315536]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
S3 BthA2DP;Bluetooth Stereo;C:\Windows\System32\Drivers\BthA2DP.sys [2013-3-13 117632]
S3 BthHFAud;Bluetooth Hands-Free;C:\Windows\System32\Drivers\BthHfAud.sys [2013-3-13 30720]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2012-11-11 29696]
S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-6-18 158936]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudbus.sys [2012-9-19 102368]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;C:\Windows\System32\Drivers\silabenm.sys [2013-2-12 27336]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;C:\Windows\System32\Drivers\silabser.sys [2013-2-12 71680]
S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-25 117248]
S3 WSDScan;WSD Scan Support;C:\Windows\System32\Drivers\WSDScan.sys [2012-11-16 23552]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
.
=============== Created Last 30 ================
.
2013-06-29 07:46:57 -------- d-----w- C:\Program Files (x86)\Cobian Backup 11
2013-06-29 05:05:03 47368 ----a-w- C:\Windows\SysWow64\certsentry.dll
2013-06-29 05:03:39 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2013-06-29 05:03:39 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2013-06-29 05:02:56 -------- d-s---w- C:\ProgramData\Shared Space
2013-06-29 05:02:38 -------- d-----w- C:\Program Files\COMODO
2013-06-29 05:02:30 -------- d-----w- C:\ProgramData\COMODO
2013-06-29 05:02:19 -------- d-----w- C:\Program Files (x86)\Common Files\COMODO
2013-06-29 05:02:07 -------- d-----w- C:\Users\luniz_000\AppData\Local\Comodo
2013-06-29 05:02:02 56072 ----a-w- C:\Windows\System32\certsentry.dll
2013-06-29 05:01:45 -------- d-----w- C:\Program Files (x86)\Comodo
2013-06-29 05:01:37 -------- d-----w- C:\ProgramData\Comodo Downloader
2013-06-29 04:48:18 -------- d-----w- C:\Windows\System32\catroot2
2013-06-29 03:56:40 -------- d-----w- C:\Windows\SysWow64\wbem\Performance
2013-06-29 03:50:03 -------- d-----w- C:\RegBackup
2013-06-29 03:15:49 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2013-06-29 02:55:31 144384 ----a-w- C:\Windows\System32\tssdisai.dll
2013-06-24 22:09:29 1300992 ----a-w- C:\Windows\System32\gdi32.dll
2013-06-24 22:09:28 1022464 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-06-22 00:53:45 382536 ----a-w- C:\Windows\System32\drivers\trufos.sys
2013-06-21 15:44:07 888320 ----a-w- C:\Windows\System32\autochk.exe
2013-06-21 15:44:07 793088 ----a-w- C:\Windows\SysWow64\autochk.exe
2013-06-21 15:44:07 542208 ----a-w- C:\Windows\System32\untfs.dll
2013-06-21 15:44:07 482816 ----a-w- C:\Windows\SysWow64\untfs.dll
2013-06-19 23:55:20 13644288 ----a-w- C:\Windows\System32\Windows.UI.Xaml.dll
2013-06-19 23:55:14 10788864 ----a-w- C:\Windows\SysWow64\Windows.UI.Xaml.dll
2013-06-19 23:55:09 1332736 ----a-w- C:\Windows\System32\sysmain.dll
2013-06-19 23:55:09 1131520 ----a-w- C:\Windows\System32\AppXDeploymentServer.dll
2013-06-19 23:55:08 10116096 ----a-w- C:\Windows\System32\twinui.dll
2013-06-19 23:55:03 427520 ----a-w- C:\Windows\System32\drivers\rdbss.sys
2013-06-19 23:55:03 1483776 ----a-w- C:\Windows\System32\VSSVC.exe
2013-06-19 01:16:34 -------- d-----w- C:\sh4ldr
2013-06-19 01:16:34 -------- d-----w- C:\Program Files (x86)\Enigma Software Group
2013-06-19 01:16:21 -------- d-----w- C:\Windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP
2013-06-18 22:16:18 37560 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2013-06-18 22:16:16 713776 ----a-w- C:\Windows\System32\drivers\cmdguard.sys
2013-06-18 22:16:16 23168 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2013-06-18 22:15:50 43216 ----a-w- C:\Windows\System32\cmdcsr.dll
2013-06-18 22:15:48 437688 ----a-w- C:\Windows\System32\guard64.dll
2013-06-18 22:15:48 348584 ----a-w- C:\Windows\SysWow64\guard32.dll
2013-06-18 22:15:40 45784 ----a-w- C:\Windows\System32\cmdkbd64.dll
2013-06-18 22:15:40 344792 ----a-w- C:\Windows\System32\cmdvrt64.dll
2013-06-18 22:15:36 40664 ----a-w- C:\Windows\SysWow64\cmdkbd32.dll
2013-06-18 22:15:36 278232 ----a-w- C:\Windows\SysWow64\cmdvrt32.dll
2013-06-12 03:36:36 -------- d-----w- C:\Users\luniz_000\AppData\Roaming\SUPERAntiSpyware.com
2013-06-12 03:36:24 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-06-12 03:36:24 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-06-12 02:40:22 -------- d-----w- C:\TorrentStream
2013-06-12 02:40:20 -------- d-----w- C:\Users\luniz_000\AppData\Roaming\.Torrent Stream
2013-06-12 02:37:56 -------- d-----w- C:\Program Files (x86)\MSSOAP
2013-06-12 02:37:56 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap
2013-06-12 02:37:37 -------- d-----w- C:\Program Files (x86)\Webroot
2013-06-12 02:36:26 -------- d-----w- C:\Users\luniz_000\AppData\Roaming\TorrentStream
2013-06-12 02:25:59 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-07 13:06:09 -------- d-----w- C:\Program Files\Enigma Software Group
2013-06-07 13:05:44 -------- d-----w- C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP
2013-06-07 13:05:44 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-06-07 05:50:08 -------- d-----w- C:\Users\luniz_000\AppData\Roaming\uTorrent
2013-06-07 05:12:26 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-07 05:06:02 -------- d-----w- C:\Program Files\DivX
2013-06-07 05:05:55 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
2013-06-07 05:04:37 -------- d-----w- C:\Program Files (x86)\DivX
2013-06-07 05:02:55 -------- d-----w- C:\ProgramData\DivX
.
==================== Find3M  ====================
.
2013-06-07 05:12:09 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-06-07 05:12:09 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-04 22:09:22 78200 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-04 22:09:22 693112 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-30 04:41:59 718840 ----a-w- C:\Windows\System32\drivers\avc3.sys
2013-05-30 04:41:58 593144 ----a-w- C:\Windows\System32\drivers\avckf.sys
2013-05-30 04:41:58 261056 ----a-w- C:\Windows\System32\drivers\avchv.sys
2013-05-30 04:41:58 148696 ----a-w- C:\Windows\System32\drivers\gzflt.sys
2013-05-15 22:37:03 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
2013-05-15 22:35:49 53760 ----a-w- C:\Windows\System32\UXInit.dll
2013-05-14 13:14:01 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-14 09:23:31 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-04 07:58:17 120736 ----a-w- C:\Windows\System32\AuthHost.exe
2013-05-04 07:45:29 2233600 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-05-04 07:34:17 446720 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS
2013-05-04 07:34:17 213248 ----a-w- C:\Windows\System32\drivers\UCX01000.SYS
2013-05-04 07:34:15 284416 ----a-w- C:\Windows\System32\drivers\spaceport.sys
2013-05-04 06:59:56 39424 ----a-w- C:\Windows\System32\wuapp.exe
2013-05-04 06:59:36 812544 ----a-w- C:\Windows\System32\Magnify.exe
2013-05-04 06:59:25 98304 ----a-w- C:\Windows\System32\wudriver.dll
2013-05-04 06:59:25 251904 ----a-w- C:\Windows\System32\WUSettingsProvider.dll
2013-05-04 06:59:25 141824 ----a-w- C:\Windows\System32\wuwebv.dll
2013-05-04 06:59:24 1619968 ----a-w- C:\Windows\System32\wucltux.dll
2013-05-04 06:58:54 328192 ----a-w- C:\Windows\System32\ubpm.dll
2013-05-04 06:58:49 173568 ----a-w- C:\Windows\System32\storewuauth.dll
2013-05-04 06:58:48 330240 ----a-w- C:\Windows\System32\stobject.dll
2013-05-04 06:58:28 93696 ----a-w- C:\Windows\System32\psmsrv.dll
2013-05-04 06:58:02 470528 ----a-w- C:\Windows\System32\netprofmsvc.dll
2013-05-04 06:58:02 151552 ----a-w- C:\Windows\System32\netprofm.dll
2013-05-04 06:58:01 169984 ----a-w- C:\Windows\System32\netplwiz.dll
2013-05-04 06:57:59 17408 ----a-w- C:\Windows\System32\muifontsetup.dll
2013-05-04 06:57:46 560640 ----a-w- C:\Windows\System32\mfmp4srcsnk.dll
2013-05-04 06:57:31 820736 ----a-w- C:\Windows\System32\gpprefcl.dll
2013-05-04 06:57:15 501760 ----a-w- C:\Windows\System32\DevicePairing.dll
2013-05-04 06:57:05 179712 ----a-w- C:\Windows\System32\bisrv.dll
2013-05-04 06:57:05 122368 ----a-w- C:\Windows\System32\biwinrt.dll
2013-05-04 06:57:04 389120 ----a-w- C:\Windows\System32\BCP47Langs.dll
2013-05-04 06:57:04 2305024 ----a-w- C:\Windows\System32\authui.dll
2013-05-04 06:57:00 708096 ----a-w- C:\Windows\System32\AppXDeploymentExtensions.dll
2013-05-04 06:56:53 419840 ----a-w- C:\Windows\System32\intl.cpl
2013-05-04 04:58:34 34304 ----a-w- C:\Windows\SysWow64\wuapp.exe
2013-05-04 04:58:14 758784 ----a-w- C:\Windows\SysWow64\Magnify.exe
2013-05-04 04:58:02 83968 ----a-w- C:\Windows\SysWow64\wudriver.dll
2013-05-04 04:58:02 125952 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2013-05-04 04:57:39 8857088 ----a-w- C:\Windows\SysWow64\twinui.dll
2013-05-04 04:57:39 247296 ----a-w- C:\Windows\SysWow64\ubpm.dll
2013-05-04 04:57:35 303616 ----a-w- C:\Windows\SysWow64\stobject.dll
2013-05-04 04:57:16 18432 ----a-w- C:\Windows\SysWow64\npmproxy.dll
2013-05-04 04:57:04 151040 ----a-w- C:\Windows\SysWow64\netplwiz.dll
2013-05-04 04:57:04 115712 ----a-w- C:\Windows\SysWow64\netprofm.dll
2013-05-04 04:57:02 14336 ----a-w- C:\Windows\SysWow64\muifontsetup.dll
2013-05-04 04:56:48 411136 ----a-w- C:\Windows\SysWow64\mfmp4srcsnk.dll
2013-05-04 04:56:35 582144 ----a-w- C:\Windows\SysWow64\gpprefcl.dll
2013-05-04 04:56:14 449536 ----a-w- C:\Windows\SysWow64\DevicePairing.dll
2013-05-04 04:56:06 92160 ----a-w- C:\Windows\SysWow64\biwinrt.dll
2013-05-04 04:56:05 309760 ----a-w- C:\Windows\SysWow64\BCP47Langs.dll
2013-05-04 04:56:05 2035712 ----a-w- C:\Windows\SysWow64\authui.dll
2013-05-04 04:55:58 389632 ----a-w- C:\Windows\SysWow64\intl.cpl
2013-05-04 04:51:38 14848 ----a-w- C:\Windows\System32\rars.rs
2013-05-04 04:48:33 83968 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2013-05-04 04:48:26 27648 ----a-w- C:\Windows\System32\drivers\hidusb.sys
2013-05-04 04:10:47 14848 ----a-w- C:\Windows\SysWow64\rars.rs
2013-04-28 22:30:55 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-04-28 22:30:12 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-04-28 22:28:33 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-04-28 22:28:29 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2013-04-27 05:20:12 733184 ----a-w- C:\Windows\System32\win32spl.dll
2013-04-23 23:13:53 1013248 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-04-23 23:12:44 1569792 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-04-23 23:12:44 109056 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-04-23 22:56:35 1255936 ----a-w- C:\Windows\System32\certutil.exe
2013-04-23 22:55:48 68096 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-04-23 22:55:48 1889280 ----a-w- C:\Windows\System32\crypt32.dll
2013-04-23 22:55:48 141312 ----a-w- C:\Windows\System32\cryptnet.dll
2013-04-16 02:34:44 1455368 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-13 05:56:35 444416 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-11 06:40:48 6987528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-04-09 05:33:02 489576 ----a-w- C:\Windows\System32\AudioEng.dll
2013-04-09 05:33:02 446792 ----a-w- C:\Windows\System32\AudioSes.dll
2013-04-09 05:33:02 253544 ----a-w- C:\Windows\System32\audiodg.exe
2013-04-09 05:20:02 86280 ----a-w- C:\Windows\System32\kdnet.dll
2013-04-09 05:20:02 306952 ----a-w- C:\Windows\System32\kd_02_10ec.dll
2013-04-09 05:18:05 77960 ----a-w- C:\Windows\System32\kdvm.dll
2013-04-09 05:17:57 1829408 ----a-w- C:\Windows\System32\ntdll.dll
2013-04-09 04:52:07 816128 ----a-w- C:\Windows\System32\SearchIndexer.exe
2013-04-09 04:52:07 373760 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2013-04-09 04:52:07 197120 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2013-04-09 04:52:07 126464 ----a-w- C:\Windows\System32\Robocopy.exe
2013-04-09 04:52:06 804352 ----a-w- C:\Windows\System32\RecoveryDrive.exe
2013-04-09 04:51:51 367616 ----a-w- C:\Windows\System32\conhost.exe
2013-04-09 04:51:45 523264 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2013-04-09 04:51:41 99840 ----a-w- C:\Windows\System32\wscsvc.dll
2013-04-09 04:51:41 456704 ----a-w- C:\Windows\System32\wpncore.dll
2013-04-09 04:51:17 595456 ----a-w- C:\Windows\System32\Windows.Networking.dll
2013-04-09 04:51:17 391168 ----a-w- C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll
2013-04-09 04:51:03 3552768 ----a-w- C:\Windows\System32\tquery.dll
2013-04-09 04:50:53 414720 ----a-w- C:\Windows\System32\GenuineCenter.dll
2013-04-09 04:50:39 422400 ----a-w- C:\Windows\System32\schannel.dll
2013-04-09 04:50:39 1285632 ----a-w- C:\Windows\System32\schedsvc.dll
2013-04-09 04:50:03 96256 ----a-w- C:\Windows\System32\mssprxy.dll
.
============= FINISH:  2:17:23.55 ===============

Edited by luniz7, 29 June 2013 - 03:52 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:18 PM

Posted 04 July 2013 - 03:30 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/499574 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,968 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:18 PM

Posted 08 July 2013 - 04:27 PM

Greetings luniz7 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me some time to review the information you have provided and I will reply as soon as possible.

What I would like you to know is Windows 8 issues are a bit more difficult to resolve. That is because we have relatively little long term experience with the new operating system and some of our current tools are not compatible with Windows 8. However, together we will do our best with what we have.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,968 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:18 PM

Posted 08 July 2013 - 05:05 PM

Greetings,

Thank you again for your patience.

There are several things we need to consider and do in this first post.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Spybot S&D No Longer Recommended

--------------------

MVPS.org is no longer recommending Spybot S&D due to poor testing results. (scroll down on the web site and read under Freeware Antispyware Products)

I strongly recommend uninstalling Spybot Search & Destroy. The presence of this program can make cleaning your computer more difficult.

If you choose to uninstall please go to Start, Control Panel, Add/Remove Programs (or Programs and Features) and uninstall the program.

===================================================

Multiple Antivirus Programs

-------------------

I do not recommend that you have more than one anti virus product installed on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please remove all but one of the Antivirus programs currently on your computer, even if only one is running. You can do this via Add/Remove Programs, or Programs and Features in the Control Panel. Because of the Firewall component I would like you to remove Comodo, at least for now.

Reboot your computer after removal and check your firewall status.

===================================================

Farbar's Service Scanner

--------------------
  • Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • Press Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
===================================================

Virustotal Online Virus Scanner

--------------------
  • Please go to Virustotal
  • Select Choose File
  • Navigate to the following file (if multiple files then one at a time), double click on it so the file name is populated, then click Scan it!
  • IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.

C:\Windows\SysWow64\rars.rs

  • Once completed, highlight the information in the address bar and copy then paste the link in your reply
virustotal.jpg

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FSS log
  • Virustotal link
  • How is your computer running/Firewall?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 luniz7

luniz7
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 08 July 2013 - 07:35 PM

Thanks for the help!  I've ran the programs as you advised and here are the results.  I uninstalled the uTorrent, spybot s&d, and super anit spyware.  I left only bit defender.  I am still unable to turn the firewall on.

 

Farbar Service Scanner Version: 08-07-2013
Ran by luniz_000 (administrator) on 08-07-2013 at 18:19:41
Running from "C:\Users\luniz_000\Desktop"
Microsoft Windows 8 Pro with Media Center  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
 
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-06-11 20:26] - [2013-05-04 01:45] - 2233600 ____A (Microsoft Corporation) D750CE2A52F1B95E654CF2904C88EF1F
 
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2013-06-19 17:55] - [2013-05-04 00:59] - 1483776 ____A (Microsoft Corporation) D0C69E44BC1E1D4AD290FD84104623D8
 
C:\Windows\System32\wscsvc.dll
[2013-05-23 16:23] - [2013-04-08 22:51] - 0099840 ____A (Microsoft Corporation) 012CFE7F0F95266F554EE3B91EE2128A
 
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2013-06-19 17:55] - [2013-05-04 00:59] - 3241472 ____A (Microsoft Corporation) BE302BABE45EC05995F8DC66E37BBB3D
 
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2013-06-11 20:26] - [2013-04-23 16:55] - 0068096 ____A (Microsoft Corporation) AFA426B0E7975CEB21F8B6711EFA8945
 
C:\Program Files\Windows Defender\MpSvc.dll
[2013-03-20 19:19] - [2013-01-28 17:08] - 1555920 ____A (Microsoft Corporation) 905601FFF40D8DA9FA82CBE77D1F5EB1
 
C:\Program Files\Windows Defender\MsMpEng.exe
[2013-03-20 19:19] - [2013-01-28 19:57] - 0014920 ____A (Microsoft Corporation) 473B9548568BA927ACE0B77EC208A561
 
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****
 
 
 
VirusTotal Scan
 

Edited by luniz7, 08 July 2013 - 07:40 PM.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,968 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:18 PM

Posted 08 July 2013 - 07:43 PM

It is my pleasure to help. Thanks for your quick reply.

That all looks good. I am going to have you run another scanner which provides a more detailed snapshot of your computer. Please do this for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Farbar log
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 luniz7

luniz7
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 08 July 2013 - 08:10 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-07-2013

Ran by luniz_000 (administrator) on 08-07-2013 19:06:17
Running from C:\Users\luniz_000\Downloads
Windows 8 Pro with Media Center (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.149\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.149\GoogleCrashHandler64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Box, Inc.) C:\Program Files\Box Sync\BoxSyncHelper.exe
(Box, Inc.) C:\Program Files\Box Sync\BoxSync.exe
(Dropbox, Inc.) C:\Users\luniz_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [ASUSQuickGesture(x86)] C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [20352 2012-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [ASUSTPLoader(x64)] C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe [169856 2012-09-11] (AsusTek)
HKLM\...\Run: [ASUSQuickGesture(x64)] C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe [22400 2012-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [13192848 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] "C:\Program Files (x86)\Bluetooth Suite\BtTray.exe" [765056 2012-10-09] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [127616 2012-10-09] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [BoxSyncHelper] "C:\Program Files\Box Sync\BoxSyncHelper.exe" [393216 2013-02-21] (Box, Inc.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,
HKCU\...\Run: [0E861B2BABCBD52C3492BD48DFB3AEA1A05C8A84._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service [825808 2013-06-14] (Google Inc.)
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [19603048 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Runonce: [Application Restart #0] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  --flag-switches-begin --enable-sync-favicons --enable-full-history-sync --sync-keystore-encryption --flag-switches-end --restore-last-session http://www.bleepingcomputer.com/forums/t/499574/cant-turn-windows-8-firewall-on/?view=getnewpost [x]
MountPoints2: {86610e6e-4d85-11e2-be72-0008ca873145} - "D:\TL-Bootstrap.exe" 
MountPoints2: {86610ec4-4d85-11e2-be72-0008ca873145} - "D:\setup.exe" -a
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Box Sync.lnk
ShortcutTarget: Box Sync.lnk -> C:\Program Files\Box Sync\BoxSync.exe (Box, Inc.)
Startup: C:\Users\luniz_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\luniz_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: ASUS Browser Extension x64 - {78234974-0C4B-4111-BDEB-D9A104418772} - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x64\BrowserExtension64.dll (ASUSTeK Computer Inc.)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ASUS Browser Extension x86 - {78234974-0C4B-4111-BDEB-D9A104418771} - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x86\BrowserExtension.dll (ASUSTeK Computer Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.ccaurora.edu/", "https://www.cuofco.org/", "hxxp://rootzwiki.com/news", "hxxp://forum.xda-developers.com/forumdisplay.php?s=d7d773c97ace234f8bdd522c1ec7a9b5&f=1708", "hxxp://denver.craigslist.org/", "hxxp://www.droid-life.com/", "hxxp://on.iptorrents.ru/indexipt.php", "hxxp://www.torrentday.com/index.php", "hxxp://torrentleech.org/", "https://199.217.117.6/", "hxxp://www.torrent-invites.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2013) - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\LUNIZ_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (HelloFax: 50 Free Fax Pages) - C:\Users\LUNIZ_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm\1.12_0
CHR Extension: (Google Search) - C:\Users\LUNIZ_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (MightyText - Send/Receive SMS Text Messages) - C:\Users\LUNIZ_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi\9.7_0
CHR Extension: (Dropbox Shortcut) - C:\Users\LUNIZ_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbelldokcfkkgejineadomjjcicgghbk\1.1_0
CHR Extension: (Chrome to Phone) - C:\Users\LUNIZ_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0
CHR Extension: (Gmail) - C:\Users\LUNIZ_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
 
==================== Services (Whitelisted) =================
 
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [219776 2012-10-09] (Qualcomm Atheros Commnucations)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [331776 2012-07-25] (Microsoft Corporation)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [59592 2013-06-28] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-28] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-10-09] (Atheros)
 
==================== Drivers (Whitelisted) ====================
 
R3 AiCharger; C:\Windows\SysWow64\DRIVERS\AiCharger.sys [17152 2012-01-30] (ASUSTek Computer Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [56704 2012-09-11] (ASUS Corporation)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-05-29] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-05-29] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-05-29] (Bitdefender SRL)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-10-09] (Qualcomm Atheros)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [117632 2013-02-02] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\System32\drivers\BthHfAud.sys [30720 2013-02-02] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 FLxHCIh; C:\Windows\System32\drivers\FLxHCIh.sys [76584 2012-07-18] (Fresco Logic)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-05-29] (BitDefender LLC)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-12-04] ( )
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-06-21] (BitDefender S.R.L.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-07-08 19:06 - 2013-07-08 19:06 - 00000000 ____D C:\FRST
2013-07-08 19:05 - 2013-07-08 19:05 - 01776219 ____A (Farbar) C:\Users\luniz_000\Downloads\FRST64.exe
2013-07-08 18:19 - 2013-07-08 18:30 - 00003537 ____A C:\Users\luniz_000\Desktop\FSS.txt
2013-07-08 18:17 - 2013-07-08 18:17 - 00356429 ____A (Farbar) C:\Users\luniz_000\Desktop\FSS.exe
2013-07-08 18:05 - 2013-07-08 18:05 - 00000000 ____D C:\Program Files\Classic Shell
2013-07-08 18:01 - 2013-07-08 18:02 - 08437760 ____A (IvoSoft) C:\Users\luniz_000\Downloads\ClassicShellSetup_3_6_8.exe
2013-07-04 00:01 - 2013-07-04 15:52 - 00000000 ____D C:\Users\luniz_000\Desktop\Monsters University 2013  + END SCENE TS XViD - JUSTiCE
2013-07-03 20:44 - 2013-07-03 20:44 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-03 20:44 - 2013-07-03 20:44 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-03 20:44 - 2013-07-03 20:44 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-03 20:44 - 2013-07-03 20:44 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-03 20:44 - 2013-07-03 20:44 - 00001858 ____A C:\Users\luniz_000\Desktop\CuteFTP 9.lnk
2013-07-03 20:44 - 2013-07-03 20:44 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-29 02:17 - 2013-06-29 02:17 - 00009430 ____A C:\Users\luniz_000\Desktop\attach.txt
2013-06-29 01:46 - 2013-06-29 01:47 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2013-06-28 23:05 - 2013-06-28 23:05 - 00047368 ____A (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2013-06-28 23:03 - 2013-06-28 23:03 - 01060864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2013-06-28 23:03 - 2013-06-28 23:03 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2013-06-28 23:02 - 2013-07-08 18:13 - 00000000 ____D C:\ProgramData\COMODO
2013-06-28 23:02 - 2013-06-28 23:05 - 00056072 ____A (COMODO CA Limited) C:\Windows\System32\certsentry.dll
2013-06-28 23:02 - 2013-06-28 23:02 - 00000000 ____D C:\Users\luniz_000\AppData\Local\Comodo
2013-06-28 23:01 - 2013-07-08 18:14 - 00000000 ____D C:\Program Files (x86)\Comodo
2013-06-28 21:56 - 2013-06-28 21:58 - 00848230 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-28 21:51 - 2013-06-28 21:51 - 00000207 ____A C:\Windows\tweaking.com-regbackup-DUSTIN-LAPTOP-Microsoft-Windows-8-Pro-with-Media-Center-(64-bit).dat
2013-06-28 21:50 - 2013-06-28 21:50 - 00000000 ____D C:\RegBackup
2013-06-28 21:25 - 2013-06-28 22:05 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-06-28 21:15 - 2013-06-28 21:15 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2013-06-28 20:56 - 2013-06-28 20:56 - 00440856 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-28 20:55 - 2013-05-15 16:35 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\tssdisai.dll
2013-06-24 16:09 - 2013-05-30 17:24 - 01257472 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-06-24 16:09 - 2013-05-30 17:08 - 00974848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-06-24 16:09 - 2013-05-23 17:01 - 01300992 ____A (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2013-06-24 16:09 - 2013-05-23 16:27 - 01022464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-06-21 18:53 - 2013-06-21 18:53 - 00382536 ____A (BitDefender S.R.L.) C:\Windows\System32\Drivers\trufos.sys
2013-06-21 09:44 - 2013-05-14 20:25 - 00888320 ____A (Microsoft Corporation) C:\Windows\System32\autochk.exe
2013-06-21 09:44 - 2013-05-14 20:25 - 00542208 ____A (Microsoft Corporation) C:\Windows\System32\untfs.dll
2013-06-21 09:44 - 2013-05-14 20:24 - 00793088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\autochk.exe
2013-06-21 09:44 - 2013-05-14 20:24 - 00482816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2013-06-20 19:17 - 2013-06-20 19:19 - 00002900 ____A C:\Windows\System32\lic2.xml19118
2013-06-19 17:55 - 2013-05-04 00:59 - 13644288 ____A (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll
2013-06-19 17:55 - 2013-05-04 00:59 - 03241472 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2013-06-19 17:55 - 2013-05-04 00:59 - 01483776 ____A (Microsoft Corporation) C:\Windows\System32\VSSVC.exe
2013-06-19 17:55 - 2013-05-04 00:58 - 10116096 ____A (Microsoft Corporation) C:\Windows\System32\twinui.dll
2013-06-19 17:55 - 2013-05-04 00:58 - 01332736 ____A (Microsoft Corporation) C:\Windows\System32\sysmain.dll
2013-06-19 17:55 - 2013-05-04 00:57 - 01131520 ____A (Microsoft Corporation) C:\Windows\System32\AppXDeploymentServer.dll
2013-06-19 17:55 - 2013-05-03 22:57 - 10788864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-06-19 17:55 - 2013-05-03 22:47 - 00427520 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdbss.sys
2013-06-19 17:54 - 2013-05-04 01:58 - 00120736 ____A (Microsoft Corporation) C:\Windows\System32\AuthHost.exe
2013-06-19 17:54 - 2013-05-04 01:34 - 00446720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\USBHUB3.SYS
2013-06-19 17:54 - 2013-05-04 01:34 - 00284416 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys
2013-06-19 17:54 - 2013-05-04 01:34 - 00213248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\UCX01000.SYS
2013-06-19 17:54 - 2013-05-04 01:30 - 00058312 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2013-06-19 17:54 - 2013-05-04 00:59 - 01619968 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2013-06-19 17:54 - 2013-05-04 00:59 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\Magnify.exe
2013-06-19 17:54 - 2013-05-04 00:59 - 00760320 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2013-06-19 17:54 - 2013-05-04 00:59 - 00251904 ____A (Microsoft Corporation) C:\Windows\System32\WUSettingsProvider.dll
2013-06-19 17:54 - 2013-05-04 00:59 - 00141824 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2013-06-19 17:54 - 2013-05-04 00:59 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2013-06-19 17:54 - 2013-05-04 00:59 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2013-06-19 17:54 - 2013-05-04 00:58 - 00470528 ____A (Microsoft Corporation) C:\Windows\System32\netprofmsvc.dll
2013-06-19 17:54 - 2013-05-04 00:58 - 00330240 ____A (Microsoft Corporation) C:\Windows\System32\stobject.dll
2013-06-19 17:54 - 2013-05-04 00:58 - 00328192 ____A (Microsoft Corporation) C:\Windows\System32\ubpm.dll
2013-06-19 17:54 - 2013-05-04 00:58 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\storewuauth.dll
2013-06-19 17:54 - 2013-05-04 00:58 - 00169984 ____A (Microsoft Corporation) C:\Windows\System32\netplwiz.dll
2013-06-19 17:54 - 2013-05-04 00:58 - 00151552 ____A (Microsoft Corporation) C:\Windows\System32\netprofm.dll
2013-06-19 17:54 - 2013-05-04 00:58 - 00093696 ____A (Microsoft Corporation) C:\Windows\System32\psmsrv.dll
2013-06-19 17:54 - 2013-05-04 00:57 - 02305024 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-06-19 17:54 - 2013-05-04 00:57 - 00820736 ____A (Microsoft Corporation) C:\Windows\System32\gpprefcl.dll
2013-06-19 17:54 - 2013-05-04 00:57 - 00708096 ____A (Microsoft Corporation) C:\Windows\System32\AppXDeploymentExtensions.dll
2013-06-19 17:54 - 2013-05-04 00:57 - 00560640 ____A (Microsoft Corporation) C:\Windows\System32\mfmp4srcsnk.dll
2013-06-19 17:54 - 2013-05-04 00:57 - 00501760 ____A (Microsoft Corporation) C:\Windows\System32\DevicePairing.dll
2013-06-19 17:54 - 2013-05-04 00:57 - 00389120 ____A (Microsoft Corporation) C:\Windows\System32\BCP47Langs.dll
2013-06-19 17:54 - 2013-05-04 00:57 - 00179712 ____A (Microsoft Corporation) C:\Windows\System32\bisrv.dll
2013-06-19 17:54 - 2013-05-04 00:57 - 00122368 ____A (Microsoft Corporation) C:\Windows\System32\biwinrt.dll
2013-06-19 17:54 - 2013-05-04 00:57 - 00017408 ____A (Microsoft Corporation) C:\Windows\System32\muifontsetup.dll
2013-06-19 17:54 - 2013-05-04 00:56 - 00419840 ____A (Microsoft Corporation) C:\Windows\System32\intl.cpl
2013-06-19 17:54 - 2013-05-03 22:58 - 00758784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Magnify.exe
2013-06-19 17:54 - 2013-05-03 22:58 - 00621056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-06-19 17:54 - 2013-05-03 22:58 - 00125952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-06-19 17:54 - 2013-05-03 22:58 - 00083968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-06-19 17:54 - 2013-05-03 22:58 - 00034304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-06-19 17:54 - 2013-05-03 22:57 - 08857088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-06-19 17:54 - 2013-05-03 22:57 - 00303616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2013-06-19 17:54 - 2013-05-03 22:57 - 00247296 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2013-06-19 17:54 - 2013-05-03 22:57 - 00151040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netplwiz.dll
2013-06-19 17:54 - 2013-05-03 22:57 - 00115712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netprofm.dll
2013-06-19 17:54 - 2013-05-03 22:57 - 00018432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\npmproxy.dll
2013-06-19 17:54 - 2013-05-03 22:57 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\muifontsetup.dll
2013-06-19 17:54 - 2013-05-03 22:56 - 02035712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-06-19 17:54 - 2013-05-03 22:56 - 00582144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2013-06-19 17:54 - 2013-05-03 22:56 - 00449536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairing.dll
2013-06-19 17:54 - 2013-05-03 22:56 - 00411136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2013-06-19 17:54 - 2013-05-03 22:56 - 00309760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\BCP47Langs.dll
2013-06-19 17:54 - 2013-05-03 22:56 - 00092160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\biwinrt.dll
2013-06-19 17:54 - 2013-05-03 22:55 - 00389632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2013-06-19 17:54 - 2013-05-03 22:51 - 00014848 ____A (Microsoft) C:\Windows\System32\rars.rs
2013-06-19 17:54 - 2013-05-03 22:48 - 00083968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2013-06-19 17:54 - 2013-05-03 22:48 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys
2013-06-19 17:54 - 2013-05-03 22:10 - 00014848 ____A (Microsoft) C:\Windows\SysWOW64\rars.rs
2013-06-19 17:54 - 2013-05-02 16:04 - 00386646 ____A C:\Windows\System32\ApnDatabase.xml
2013-06-18 19:16 - 2013-06-18 19:43 - 00000000 ____D C:\Windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP
2013-06-18 19:16 - 2013-06-18 19:43 - 00000000 ____D C:\sh4ldr
2013-06-18 19:16 - 2013-06-18 19:16 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group
2013-06-11 21:36 - 2013-06-11 21:36 - 00000000 ____D C:\Users\luniz_000\AppData\Roaming\SUPERAntiSpyware.com
2013-06-11 20:40 - 2013-06-28 23:25 - 00000000 ____D C:\Users\luniz_000\AppData\Roaming\.Torrent Stream
2013-06-11 20:39 - 2013-07-08 18:33 - 00007302 ____A C:\Windows\PFRO.log
2013-06-11 20:37 - 2013-06-11 20:37 - 00000000 ____D C:\Program Files (x86)\Webroot
2013-06-11 20:37 - 2013-06-11 20:37 - 00000000 ____D C:\Program Files (x86)\MSSOAP
2013-06-11 20:36 - 2013-06-28 23:14 - 00000000 ____D C:\Users\luniz_000\AppData\Roaming\TorrentStream
2013-06-11 20:26 - 2013-05-15 16:36 - 14320640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-11 20:26 - 2013-05-15 16:35 - 19230720 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-11 20:26 - 2013-05-04 01:45 - 02233600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-11 20:26 - 2013-04-28 16:27 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-11 20:26 - 2013-04-26 23:20 - 00733184 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-11 20:26 - 2013-04-23 17:13 - 01013248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-11 20:26 - 2013-04-23 17:12 - 01569792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-11 20:26 - 2013-04-23 17:12 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-11 20:26 - 2013-04-23 16:56 - 01255936 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-11 20:26 - 2013-04-23 16:55 - 01889280 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-11 20:26 - 2013-04-23 16:55 - 00141312 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-11 20:26 - 2013-04-23 16:55 - 00068096 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-11 20:26 - 2013-04-02 17:37 - 00025088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-11 20:26 - 2013-04-02 17:12 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-11 20:25 - 2013-05-15 16:37 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-06-11 20:25 - 2013-05-15 16:35 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\UXInit.dll
2013-06-11 20:25 - 2013-05-14 07:14 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-11 20:25 - 2013-05-14 03:23 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-11 20:25 - 2013-04-28 16:30 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-11 20:25 - 2013-04-28 16:30 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-11 20:25 - 2013-04-28 16:30 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-11 20:25 - 2013-04-28 16:30 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-11 20:25 - 2013-04-28 16:30 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-11 20:25 - 2013-04-28 16:30 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-11 20:25 - 2013-04-28 16:30 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-11 20:25 - 2013-04-28 16:28 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-11 20:25 - 2013-04-28 16:28 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-11 20:25 - 2013-04-28 16:28 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-11 20:25 - 2013-04-28 16:28 - 00915968 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
2013-06-11 20:25 - 2013-04-28 16:28 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-11 20:25 - 2013-04-28 16:28 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-11 20:25 - 2013-04-28 16:27 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-11 20:25 - 2013-04-28 16:27 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
 
==================== One Month Modified Files and Folders =======
 
2013-07-08 19:06 - 2013-07-08 19:06 - 00000000 ____D C:\FRST
2013-07-08 19:05 - 2013-07-08 19:05 - 01776219 ____A (Farbar) C:\Users\luniz_000\Downloads\FRST64.exe
2013-07-08 19:03 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\System32\sru
2013-07-08 18:37 - 2012-07-26 01:28 - 00848230 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-08 18:34 - 2013-04-17 18:51 - 00000000 ____D C:\Users\luniz_000\AppData\Roaming\Box Sync
2013-07-08 18:34 - 2012-11-11 11:07 - 00000000 ___RD C:\Users\luniz_000\Dropbox
2013-07-08 18:34 - 2012-11-11 11:03 - 00000000 ____D C:\Users\luniz_000\AppData\Roaming\Dropbox
2013-07-08 18:34 - 2012-11-11 01:50 - 00000928 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-08 18:34 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-07-08 18:33 - 2013-06-11 20:39 - 00007302 ____A C:\Windows\PFRO.log
2013-07-08 18:33 - 2013-06-07 07:29 - 01342471 ____A C:\Windows\WindowsUpdate.log
2013-07-08 18:33 - 2012-07-26 01:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-08 18:30 - 2013-07-08 18:19 - 00003537 ____A C:\Users\luniz_000\Desktop\FSS.txt
2013-07-08 18:17 - 2013-07-08 18:17 - 00356429 ____A (Farbar) C:\Users\luniz_000\Desktop\FSS.exe
2013-07-08 18:15 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\registration
2013-07-08 18:14 - 2013-06-28 23:02 - 00000000 ____D C:\Users\luniz_000\AppData\Local\Comodo
2013-07-08 18:14 - 2013-06-28 23:01 - 00000000 ____D C:\Program Files (x86)\Comodo
2013-07-08 18:13 - 2013-06-28 23:02 - 00000000 ____D C:\ProgramData\COMODO
2013-07-08 18:13 - 2012-07-25 23:26 - 00524288 __ASH C:\Windows\System32\config\BBI
2013-07-08 18:10 - 2012-11-11 01:50 - 00000932 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-08 18:06 - 2013-04-05 22:15 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-07-08 18:05 - 2013-07-08 18:05 - 00000000 ____D C:\Program Files\Classic Shell
2013-07-08 18:02 - 2013-07-08 18:01 - 08437760 ____A (IvoSoft) C:\Users\luniz_000\Downloads\ClassicShellSetup_3_6_8.exe
2013-07-08 18:01 - 2013-06-06 23:50 - 00000000 ____D C:\Users\luniz_000\AppData\Roaming\uTorrent
2013-07-05 21:01 - 2013-02-11 11:54 - 00000000 ____D C:\Users\luniz_000\AppData\Roaming\Skype
2013-07-04 15:52 - 2013-07-04 00:01 - 00000000 ____D C:\Users\luniz_000\Desktop\Monsters University 2013  + END SCENE TS XViD - JUSTiCE
2013-07-04 01:44 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-07-04 00:31 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\rescache
2013-07-03 20:44 - 2013-07-03 20:44 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-03 20:44 - 2013-07-03 20:44 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-03 20:44 - 2013-07-03 20:44 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-03 20:44 - 2013-07-03 20:44 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-03 20:44 - 2013-07-03 20:44 - 00001858 ____A C:\Users\luniz_000\Desktop\CuteFTP 9.lnk
2013-07-03 20:44 - 2013-07-03 20:44 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-03 20:44 - 2012-11-11 13:27 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-07-03 20:44 - 2012-11-11 13:27 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-29 02:17 - 2013-06-29 02:17 - 00009430 ____A C:\Users\luniz_000\Desktop\attach.txt
2013-06-29 02:00 - 2013-04-17 18:52 - 00000000 ____D C:\Users\luniz_000\Documents\My Box Files
2013-06-29 01:47 - 2013-06-29 01:46 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2013-06-29 00:22 - 2012-11-11 10:29 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-28 23:25 - 2013-06-11 20:40 - 00000000 ____D C:\Users\luniz_000\AppData\Roaming\.Torrent Stream
2013-06-28 23:14 - 2013-06-11 20:36 - 00000000 ____D C:\Users\luniz_000\AppData\Roaming\TorrentStream
2013-06-28 23:05 - 2013-06-28 23:05 - 00047368 ____A (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2013-06-28 23:05 - 2013-06-28 23:02 - 00056072 ____A (COMODO CA Limited) C:\Windows\System32\certsentry.dll
2013-06-28 23:03 - 2013-06-28 23:03 - 01060864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2013-06-28 23:03 - 2013-06-28 23:03 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2013-06-28 22:17 - 2013-03-23 20:35 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-06-28 22:17 - 2013-02-11 11:54 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-28 22:17 - 2013-02-11 11:54 - 00000000 ____D C:\ProgramData\Skype
2013-06-28 22:17 - 2012-11-16 21:13 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-06-28 22:17 - 2012-11-11 10:54 - 00000000 ____D C:\ProgramData\Atheros
2013-06-28 22:17 - 2012-07-26 02:12 - 00000000 ___RD C:\Windows\ToastData
2013-06-28 22:17 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\WinStore
2013-06-28 22:17 - 2012-07-26 02:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-06-28 22:17 - 2012-07-26 02:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-06-28 22:17 - 2012-07-25 23:38 - 00000000 ____D C:\Windows\SysWOW64\Dism
2013-06-28 22:17 - 2012-07-25 23:38 - 00000000 ____D C:\Windows\System32\Sysprep
2013-06-28 22:17 - 2012-07-25 23:38 - 00000000 ____D C:\Windows\System32\Dism
2013-06-28 22:17 - 2012-07-25 23:37 - 00000000 ____D C:\Windows\servicing
2013-06-28 22:05 - 2013-06-28 21:25 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-06-28 22:00 - 2012-07-25 23:26 - 00000203 ____A C:\Windows\win.ini
2013-06-28 21:58 - 2013-06-28 21:56 - 00848230 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-28 21:51 - 2013-06-28 21:51 - 00000207 ____A C:\Windows\tweaking.com-regbackup-DUSTIN-LAPTOP-Microsoft-Windows-8-Pro-with-Media-Center-(64-bit).dat
2013-06-28 21:50 - 2013-06-28 21:50 - 00000000 ____D C:\RegBackup
2013-06-28 21:15 - 2013-06-28 21:15 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2013-06-28 20:56 - 2013-06-28 20:56 - 00440856 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-28 09:34 - 2013-03-17 16:11 - 00000000 ____D C:\Users\luniz_000\AppData\Local\CrashDumps
2013-06-21 18:53 - 2013-06-21 18:53 - 00382536 ____A (BitDefender S.R.L.) C:\Windows\System32\Drivers\trufos.sys
2013-06-20 19:19 - 2013-06-20 19:17 - 00002900 ____A C:\Windows\System32\lic2.xml19118
2013-06-18 19:43 - 2013-06-18 19:16 - 00000000 ____D C:\Windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP
2013-06-18 19:43 - 2013-06-18 19:16 - 00000000 ____D C:\sh4ldr
2013-06-18 19:16 - 2013-06-18 19:16 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group
2013-06-18 19:16 - 2012-11-11 01:31 - 00000000 ____D C:\users\luniz_000
2013-06-12 17:20 - 2012-12-13 19:09 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 17:20 - 2012-11-11 12:18 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-11 21:36 - 2013-06-11 21:36 - 00000000 ____D C:\Users\luniz_000\AppData\Roaming\SUPERAntiSpyware.com
2013-06-11 20:41 - 2012-07-25 23:26 - 00000867 ____A C:\Windows\System32\Drivers\etc\hosts_bak_561
2013-06-11 20:37 - 2013-06-11 20:37 - 00000000 ____D C:\Program Files (x86)\Webroot
2013-06-11 20:37 - 2013-06-11 20:37 - 00000000 ____D C:\Program Files (x86)\MSSOAP
2013-06-11 20:26 - 2013-06-07 07:05 - 00000000 ____D C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-07-04 03:00
 
==================== End Of Log ============================

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-07-2013
Ran by luniz_000 at 2013-07-08 19:07:33
Running from C:\Users\luniz_000\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
   
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe AIR (x32 Version: 3.7.0.2090)
Adobe Reader XI (11.0.03) (x32 Version: 11.0.03)
ASUS Live Update (x32 Version: 3.1.9)
ASUS Smart Gesture (x32 Version: 1.0.32)
ASUS USB Charger Plus (x32 Version: 2.0.8)
ATK Package (x32 Version: 1.0.0023)
Bitdefender Antivirus Free Edition (Version: 1.0.16.1026)
Box Sync (64 bit) (Version: 3.4.20.0)
Cobian Backup 11 Gravity (x32)
CuteFTP 9 (x32 Version: 9.0.0)
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (x32)
Download Navigator (x32 Version: 3.4.1)
dows Driver Package - ASUS (ATP) Mouse  (08/27/2012 1.0.0.125) (Version: 08/27/2012 1.0.0.125)
Dropbox (HKCU Version: 2.0.22)
Epson Connect Printer Setup (x32 Version: 1.1.1)
Epson E-Web Print (x32 Version: 1.16.0000)
EPSON Printer Finder (x32 Version: 1.0.0)
EPSON Remote Print Uninstall
EPSON XP-400 Series Printer Uninstall
Fresco Logic USB3.0 Host Controller (Version: 3.5.74.0)
Google Chrome (x32 Version: 27.0.1453.116)
Google Update Helper (x32 Version: 1.3.21.145)
Intel® Processor Graphics (x32 Version: 9.17.10.2932)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Microsoft Access MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Access Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft DCF MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Excel MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Groove MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft InfoPath MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Lync MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Office 64-bit Components 2013 (Version: 15.0.4420.1017)
Microsoft Office OSM MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Office OSM UX MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Office Professional Plus 2013 (x32 Version: 15.0.4420.1017)
Microsoft Office Proofing (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - Español (x32 Version: 15.0.4420.1017)
Microsoft Office Shared 64-bit MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Shared MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Office Shared Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft OneNote MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Outlook MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft PowerPoint MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Publisher MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Word MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Mozilla Maintenance Service (x32 Version: 17.0.5)
Mozilla Thunderbird 17.0.5 (x86 en-US) (x32 Version: 17.0.5)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (x32 Version: 1.0.0.0)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017)
Pandora (x32 Version: 2.0.8)
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.212)
Qualcomm Atheros Client Installation Program (x32 Version: 10.0)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6710)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.8400.39030)
Remote Utilities - Viewer (x32 Version: 5.255.4002)
Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7 (x32 Version: 6.5.3)
Skype™ 6.5 (x32 Version: 6.5.158)
Update for Microsoft Access 2013 (KB2760350) 32-Bit Edition (x32)
Update for Microsoft Excel 2013 (KB2760339) 32-Bit Edition (x32)
Update for Microsoft Lync 2013 (KB2768004) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2726954) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2726961) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2737954) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2752025) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2752094) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2752101) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2760224) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2760538) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2767845) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2767860) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2768016) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2810010) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2810014) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2810017) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2810018) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2817320) 32-Bit Edition (x32)
Update for Microsoft OneNote 2013 (KB2760334) 32-Bit Edition (x32)
Update for Microsoft Outlook 2013 (KB2810015) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2013 (KB2726947) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2013 (KB2727013) 32-Bit Edition (x32)
Update for Microsoft SkyDrive Pro (KB2767865) 32-Bit Edition (x32)
Update for Microsoft SkyDrive Pro (KB2810019) 32-Bit Edition (x32)
Update for Microsoft Visio 2013 (KB2810008) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2013 (KB2768338) 32-Bit Edition (x32)
Update for Microsoft Word 2013 (KB2768007) 32-Bit Edition (x32)
Update for Microsoft Word 2013 (KB2768337) 32-Bit Edition (x32)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
 
==================== Restore Points  =========================
 
26-06-2013 03:36:55 Windows Update
29-06-2013 04:11:50 Restore Operation
04-07-2013 02:42:46 Installed CuteFTP 9
09-07-2013 00:03:05 Installed Classic Shell
 
==================== Hosts content: ==========================
 
2012-07-25 23:26 - 2013-06-28 22:01 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {025B3575-CA8B-4D3C-AFD6-6A8C2743E391} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {086215C1-7D17-47CD-B1AB-F5D73E507AAD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-25] (Microsoft Corporation)
Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-25] (Microsoft Corporation)
Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-25] (Microsoft Corporation)
Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
Task: {2D8F17C8-F8CC-4A69-9658-98DECEC5E09D} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update
Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask
Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Task: {3EE60550-8561-4425-951E-715992F698C8} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
Task: {4089FFFC-6CD2-4E09-9DD5-83798F18676D} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
Task: {46A6044C-738E-45B8-AE87-6E64628CAE17} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-11] (Google Inc.)
Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2012-07-25] (Microsoft Corporation)
Task: {491B4BCC-39A6-49C4-B411-D62377D6CDBB} - System32\Tasks\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync
Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Task: {52260FB1-6B3C-4A16-A288-0A217AB8E12E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe No File
Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
Task: {5F3D93E3-256D-4C38-A5C6-A4B1446CAE3A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe No File
Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-25] (Microsoft Corporation)
Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation)
Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Task: {72D47EAE-4D91-439B-965A-961F240F78C6} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-01-30] (ASUSTek Computer Inc.)
Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
Task: {8858C68C-BEA1-4D41-BCD3-93834B7DBED0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {8C6AD2FA-46BB-42CA-A0F5-7C5A1EABA3B9} - System32\Tasks\Google Updater and Installer => C:\Users\luniz_000\AppData\Local\Google\Update\GoogleUpdate.exe No File
Task: {917EE920-08AE-473E-B007-853B4AE78644} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Task: {A5F2EA7C-3074-416B-908E-1708348181A8} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-25] (Microsoft Corporation)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
Task: {B53BA669-7C8B-4A20-B523-D64D9AF7C607} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-22] (ASUSTeK Computer Inc.)
Task: {B5A9E7D7-D7BC-4AD1-B08A-0229780A388E} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-120177178-1771102289-89411079-1001
Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
Task: {BDEB1FA6-02B4-4ECF-88C4-66452B445C49} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\Windows\system32\sc.exe [2012-07-25] (Microsoft Corporation)
Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-25] (Microsoft Corporation)
Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Task: {D114E651-330F-4AC0-91A9-BEC5A3CF96A9} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Task: {E4CA6599-7B74-4E2C-986D-11D4EED9AF96} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-11] (Google Inc.)
Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-25] (Microsoft Corporation)
Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/08/2013 06:04:40 PM) (Source: Microsoft-Windows-RestartManager) (User: DUSTIN-LAPTOP)
Description: Application or service 'Windows Explorer' could not be shut down.
 
Error: (07/04/2013 01:39:55 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_wuauserv, version: 6.2.9200.16420, time stamp: 0x505a9a4e
Faulting module name: wbemprox.dll_unloaded, version: 0.0.0.0, time stamp: 0x501087d9
Exception code: 0xc0000005
Fault offset: 0x000007f8bdbd113f
Faulting process id: 0x544
Faulting application start time: 0xsvchost.exe_wuauserv0
Faulting application path: svchost.exe_wuauserv1
Faulting module path: svchost.exe_wuauserv2
Report Id: svchost.exe_wuauserv3
Faulting package full name: svchost.exe_wuauserv4
Faulting package-relative application ID: svchost.exe_wuauserv5
 
Error: (07/03/2013 09:37:54 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.2.9200.16433, time stamp: 0x50763312
Faulting module name: SHELL32.dll, version: 6.2.9200.16550, time stamp: 0x5136a2c8
Exception code: 0xc0000005
Fault offset: 0x0000000000004af9
Faulting process id: 0x%9
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5
 
Error: (06/29/2013 02:04:15 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {fa368fe3-4dea-4443-be23-811aef599f54}
 
Error: (06/29/2013 01:57:23 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {fa368fe3-4dea-4443-be23-811aef599f54}
 
Error: (06/28/2013 10:18:17 PM) (Source: System Restore) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80070005.
 
Error: (06/28/2013 10:14:53 PM) (Source: System Restore) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80070005.
 
Error: (06/28/2013 10:12:10 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1023.
 
Error: (06/28/2013 10:12:10 PM) (Source: ESENT) (User: )
Description: Catalog Database (1400) Catalog Database: Error -1023 (0xfffffc01) occurred while opening logfile C:\Windows\system32\CatRoot2\edb.log.
 
Error: (06/28/2013 10:12:10 PM) (Source: ESENT) (User: )
Description: Catalog Database (1400) Catalog Database: Error -1023 (0xfffffc01) occurred while opening logfile C:\Windows\system32\CatRoot2\edb.log.
 
 
System errors:
=============
Error: (07/08/2013 06:33:39 PM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall service terminated with the following service-specific error: 
%%5
 
Error: (07/08/2013 06:32:17 PM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall service terminated with the following service-specific error: 
%%5
 
Error: (07/08/2013 06:17:12 PM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall service terminated with the following service-specific error: 
%%5
 
Error: (07/08/2013 06:13:30 PM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall service terminated with the following service-specific error: 
%%5
 
Error: (07/08/2013 06:07:03 PM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall service terminated with the following service-specific error: 
%%5
 
Error: (07/08/2013 06:06:53 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 6:03:53 PM on ‎7/‎8/‎2013 was unexpected.
 
Error: (07/04/2013 01:42:01 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: 
%%1056
 
Error: (07/04/2013 01:41:00 AM) (Source: Service Control Manager) (User: )
Description: The Windows Update service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (07/04/2013 01:41:00 AM) (Source: Service Control Manager) (User: )
Description: The Windows Management Instrumentation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (07/04/2013 01:41:00 AM) (Source: Service Control Manager) (User: )
Description: The Themes service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (07/08/2013 06:04:40 PM) (Source: Microsoft-Windows-RestartManager)(User: DUSTIN-LAPTOP)
Description: 1C:\Windows\explorer.exeWindows Explorer0411732120
 
Error: (07/04/2013 01:39:55 AM) (Source: Application Error)(User: )
Description: svchost.exe_wuauserv6.2.9200.16420505a9a4ewbemprox.dll_unloaded0.0.0.0501087d9c0000005000007f8bdbd113f54401ce78686712af4fC:\Windows\system32\svchost.exewbemprox.dlleae83061-e47c-11e2-beac-0008ca873145
 
Error: (07/03/2013 09:37:54 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.2.9200.1643350763312SHELL32.dll6.2.9200.165505136a2c8c00000050000000000004af9
 
Error: (06/29/2013 02:04:15 AM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {fa368fe3-4dea-4443-be23-811aef599f54}
 
Error: (06/29/2013 01:57:23 AM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {fa368fe3-4dea-4443-be23-811aef599f54}
 
Error: (06/28/2013 10:18:17 PM) (Source: System Restore)(User: )
Description: Windows Update0x80070005
 
Error: (06/28/2013 10:14:53 PM) (Source: System Restore)(User: )
Description: Windows Update0x80070005
 
Error: (06/28/2013 10:12:10 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: -1023
 
Error: (06/28/2013 10:12:10 PM) (Source: ESENT)(User: )
Description: Catalog Database1400Catalog Database: C:\Windows\system32\CatRoot2\edb.log-1023 (0xfffffc01)
 
Error: (06/28/2013 10:12:10 PM) (Source: ESENT)(User: )
Description: Catalog Database1400Catalog Database: C:\Windows\system32\CatRoot2\edb.log-1023 (0xfffffc01)
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-07-08 18:07:30.760
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-08 18:07:12.415
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-08 18:01:15.035
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-08 17:28:33.936
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-05 22:06:18.674
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-05 21:00:47.272
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-05 10:05:18.455
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-04 19:59:17.075
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-04 19:45:31.252
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-04 15:58:50.342
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 36%
Total physical RAM: 3998.64 MB
Available physical RAM: 2522.4 MB
Total Pagefile: 4702.64 MB
Available Pagefile: 2719.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.75 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:110.9 GB) (Free:52.94 GB) NTFS (Disk=0 Partition=2)
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 13BA8FCF)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8 GB) - (Type=1C)
 
==================== End Of Log ============================


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,968 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:18 PM

Posted 09 July 2013 - 01:15 PM

Just wanted to let you know I am not ignoring you, just trying to figure out a workaround for the tools we normally use but are not compatible with Windows 8.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,968 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:18 PM

Posted 09 July 2013 - 03:09 PM

Greetings,

Please run this for me.

===================================================

Running a Batch (.bat) Script

-------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type Notepad and press enter
  • Copy and paste the following into the Notepad document:
@echo off
sc config mpsdrv start= demand
sc config MpsSvc start= auto
sc start MpsSvc
shutdown.exe /r /t 5
del %0
  • Click File, then Save As... .
  • Click Desktop on the left.
  • Under the Save as type dropdown, select All Files.
  • In the box File Name, input Firewall.bat.
  • Click Save.
  • Close the Notepad
  • Locate and double-click Firewall.bat on the desktop
  • A black CMD window will flash, then disappear
  • Your computer will automatically restart
  • Check your firewall status
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did the file process successfully?
  • Is your firewall functioning?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 luniz7

luniz7
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 09 July 2013 - 06:39 PM

The batch file worked as described.  The firewall is still not functioning.



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,968 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:18 PM

Posted 09 July 2013 - 06:59 PM

Thanks for trying. I am not sure if the following program will work on Windows 8 or not but please give it a shot.

===================================================

Running Getservices by Grinler

--------------------
  • Please download Getservices and save it in the C:\ directory
  • Unzip the folder to the C:\ directory
  • Double click the getservices folder
  • Double click the getservice MS-DOS Batch File
  • Select Run
  • A notepad document will open
  • Copy and paste the information in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Getservices log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 luniz7

luniz7
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 09 July 2013 - 07:08 PM

 
SERVICE_NAME: AdobeARMservice
DISPLAY_NAME: Adobe Acrobat Update Service
        TYPE               : 10  WIN32_OWN_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 1904
        FLAGS              : 
        DESCRIPTION        : Adobe Acrobat Updater keeps your Adobe software up to date.
 
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 0   IGNORE
        BINARY_PATH_NAME   : "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Adobe Acrobat Update Service
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: AeLookupSvc
DISPLAY_NAME: Application Experience
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 608
        FLAGS              : 
        DESCRIPTION        : Processes application compatibility cache requests for applications as they are launched
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 3   DEMAND_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k netsvcs
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Application Experience
        SERVICE_START_NAME : localSystem
 
SERVICE_NAME: Appinfo
DISPLAY_NAME: Application Information
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 608
        FLAGS              : 
        DESCRIPTION        : Facilitates the running of interactive applications with additional administrative privileges.  If this service is stopped, users will be unable to launch applications with the additional administrative privileges they may require to perform desired user tasks.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 3   DEMAND_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k netsvcs
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Application Information
        DEPENDENCIES       : RpcSs
                           : ProfSvc
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: ASLDRService
DISPLAY_NAME: ASLDR Service
        TYPE               : 10  WIN32_OWN_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 1600
        FLAGS              : 
        DESCRIPTION        : 
 
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
        LOAD_ORDER_GROUP   : ShellSvcGroup
        TAG                : 0
        DISPLAY_NAME       : ASLDR Service
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: AtherosSvc
DISPLAY_NAME: AtherosSvc
        TYPE               : 10  WIN32_OWN_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 1924
        FLAGS              : 
        DESCRIPTION        : Atheros BT Stack Service Agent
 
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 0   IGNORE
        BINARY_PATH_NAME   : C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : AtherosSvc
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: ATKGFNEXSrv
DISPLAY_NAME: ATKGFNEX Service
        TYPE               : 10  WIN32_OWN_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 1660
        FLAGS              : 
        DESCRIPTION        : 
 
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
        LOAD_ORDER_GROUP   : ShellSvcGroup
        TAG                : 0
        DISPLAY_NAME       : ATKGFNEX Service
        DEPENDENCIES       : ASMMAP64
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: AudioEndpointBuilder
DISPLAY_NAME: Windows Audio Endpoint Builder
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 356
        FLAGS              : 
        DESCRIPTION        : Manages audio devices for the Windows Audio service.  If this service is stopped, audio devices and effects will not function properly.  If this service is disabled, any services that explicitly depend on it will fail to start
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
        LOAD_ORDER_GROUP   : AudioGroup
        TAG                : 0
        DISPLAY_NAME       : Windows Audio Endpoint Builder
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: Audiosrv
DISPLAY_NAME: Windows Audio
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 1016
        FLAGS              : 
        DESCRIPTION        : Manages audio for Windows-based programs.  If this service is stopped, audio devices and effects will not function properly.  If this service is disabled, any services that explicitly depend on it will fail to start
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
        LOAD_ORDER_GROUP   : AudioGroup
        TAG                : 0
        DISPLAY_NAME       : Windows Audio
        DEPENDENCIES       : AudioEndpointBuilder
                           : RpcSs
                           : MMCSS
        SERVICE_START_NAME : NT AUTHORITY\LocalService
 
SERVICE_NAME: BFE
DISPLAY_NAME: Base Filtering Engine
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 1840
        FLAGS              : 
        DESCRIPTION        : The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
        LOAD_ORDER_GROUP   : NetworkProvider
        TAG                : 0
        DISPLAY_NAME       : Base Filtering Engine
        DEPENDENCIES       : RpcSs
                           : WfpLwfs
        SERVICE_START_NAME : NT AUTHORITY\LocalService
 
SERVICE_NAME: BITS
DISPLAY_NAME: Background Intelligent Transfer Service
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 608
        FLAGS              : 
        DESCRIPTION        : Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k netsvcs
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Background Intelligent Transfer Service
        DEPENDENCIES       : RpcSs
                           : EventSystem
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: BrokerInfrastructure
DISPLAY_NAME: Background Tasks Infrastructure Service
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 848
        FLAGS              : 
        DESCRIPTION        : Windows infrastructure service that controls which background tasks can run on the system.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k DcomLaunch
        LOAD_ORDER_GROUP   : COM Infrastructure
        TAG                : 0
        DISPLAY_NAME       : Background Tasks Infrastructure Service
        DEPENDENCIES       : RpcEptMapper
                           : DcomLaunch
                           : RpcSs
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: bthserv
DISPLAY_NAME: Bluetooth Support Service
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 996
        FLAGS              : 
        DESCRIPTION        : The Bluetooth service supports discovery and association of remote Bluetooth devices.  Stopping or disabling this service may cause already installed Bluetooth devices to fail to operate properly and prevent new devices from being discovered or associated.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 3   DEMAND_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k LocalService
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Bluetooth Support Service
        DEPENDENCIES       : RpcSs
        SERVICE_START_NAME : NT AUTHORITY\LocalService
 
SERVICE_NAME: cbVSCService11
DISPLAY_NAME: Cobian Backup 11 Volume Shadow Copy Requester
        TYPE               : 10  WIN32_OWN_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 1968
        FLAGS              : 
        DESCRIPTION        : 
 
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Cobian Backup 11 Volume Shadow Copy Requester
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: ClassicShellService
DISPLAY_NAME: Classic Shell Service
        TYPE               : 10  WIN32_OWN_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 1332
        FLAGS              : 
        DESCRIPTION        : Launches the start button after logon
 
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : "C:\Program Files\Classic Shell\ClassicShellService.exe"
        LOAD_ORDER_GROUP   : UIGroup
        TAG                : 0
        DISPLAY_NAME       : Classic Shell Service
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: CryptSvc
DISPLAY_NAME: Cryptographic Services
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 1524
        FLAGS              : 
        DESCRIPTION        : Provides three management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k NetworkService
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Cryptographic Services
        DEPENDENCIES       : RpcSs
        SERVICE_START_NAME : NT Authority\NetworkService
 
SERVICE_NAME: CscService
DISPLAY_NAME: Offline Files
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 356
        FLAGS              : 
        DESCRIPTION        : The Offline Files service performs maintenance activities on the Offline Files cache, responds to user logon and logoff events, implements the internals of the public API, and dispatches interesting events to those interested in Offline Files activities and changes in cache state.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
        LOAD_ORDER_GROUP   : ProfSvc_Group
        TAG                : 0
        DISPLAY_NAME       : Offline Files
        DEPENDENCIES       : RpcSs
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: DcomLaunch
DISPLAY_NAME: DCOM Server Process Launcher
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 848
        FLAGS              : 
        DESCRIPTION        : The DCOMLAUNCH service launches COM and DCOM servers in response to object activation requests. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the DCOMLAUNCH service running.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k DcomLaunch
        LOAD_ORDER_GROUP   : COM Infrastructure
        TAG                : 0
        DISPLAY_NAME       : DCOM Server Process Launcher
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: DeviceAssociationService
DISPLAY_NAME: Device Association Service
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 356
        FLAGS              : 
        DESCRIPTION        : Enables pairing between the system and wired or wireless devices.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Device Association Service
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: Dhcp
DISPLAY_NAME: DHCP Client
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 1016
        FLAGS              : 
        DESCRIPTION        : Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
        LOAD_ORDER_GROUP   : TDI
        TAG                : 0
        DISPLAY_NAME       : DHCP Client
        DEPENDENCIES       : NSI
                           : Tdx
                           : Afd
        SERVICE_START_NAME : NT Authority\LocalService
 
SERVICE_NAME: Dnscache
DISPLAY_NAME: DNS Client
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 1524
        FLAGS              : 
        DESCRIPTION        : The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k NetworkService
        LOAD_ORDER_GROUP   : TDI
        TAG                : 0
        DISPLAY_NAME       : DNS Client
        DEPENDENCIES       : Tdx
                           : nsi
        SERVICE_START_NAME : NT AUTHORITY\NetworkService
 
SERVICE_NAME: DPS
DISPLAY_NAME: Diagnostic Policy Service
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 1840
        FLAGS              : 
        DESCRIPTION        : The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components.  If this service is stopped, diagnostics will no longer function.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Diagnostic Policy Service
        SERVICE_START_NAME : NT AUTHORITY\LocalService
 
SERVICE_NAME: EventLog
DISPLAY_NAME: Windows Event Log
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 1016
        FLAGS              : 
        DESCRIPTION        : This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
        LOAD_ORDER_GROUP   : Event Log
        TAG                : 0
        DISPLAY_NAME       : Windows Event Log
        SERVICE_START_NAME : NT AUTHORITY\LocalService
 
SERVICE_NAME: EventSystem
DISPLAY_NAME: COM+ Event System
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 996
        FLAGS              : 
        DESCRIPTION        : Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k LocalService
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : COM+ Event System
        DEPENDENCIES       : rpcss
        SERVICE_START_NAME : NT AUTHORITY\LocalService
 
SERVICE_NAME: FontCache
DISPLAY_NAME: Windows Font Cache Service
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 996
        FLAGS              : 
        DESCRIPTION        : Optimizes performance of applications by caching commonly used font data. Applications will start this service if it is not already running. It can be disabled, though doing so will degrade application performance.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k LocalService
        LOAD_ORDER_GROUP   : AudioGroup
        TAG                : 0
        DISPLAY_NAME       : Windows Font Cache Service
        SERVICE_START_NAME : NT AUTHORITY\LocalService
 
SERVICE_NAME: gpsvc
DISPLAY_NAME: Group Policy Client
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 608
        FLAGS              : 
        DESCRIPTION        : The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is disabled.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k netsvcs
        LOAD_ORDER_GROUP   : ProfSvc_Group
        TAG                : 0
        DISPLAY_NAME       : Group Policy Client
        DEPENDENCIES       : RPCSS
                           : Mup
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: gzserv
DISPLAY_NAME: Bitdefender Antivirus Free Edition
        TYPE               : 10  WIN32_OWN_PROCESS
        STATE              : 4  RUNNING
                                (NOT_STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 880
        FLAGS              : 
        DESCRIPTION        : Bitdefender Antivirus Free Edition
 
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe /service
        LOAD_ORDER_GROUP   : System Reserved
        TAG                : 0
        DISPLAY_NAME       : Bitdefender Antivirus Free Edition
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: IKEEXT
DISPLAY_NAME: IKE and AuthIP IPsec Keying Modules
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 608
        FLAGS              : 
        DESCRIPTION        : The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers. IPsec is typically configured to use IKE or AuthIP; therefore, stopping or disabling the IKEEXT service might result in an IPsec failure and might compromise the security of the system. It is strongly recommended that you have the IKEEXT service running.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k netsvcs
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : IKE and AuthIP IPsec Keying Modules
        DEPENDENCIES       : BFE
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: iphlpsvc
DISPLAY_NAME: IP Helper
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 608
        FLAGS              : 
        DESCRIPTION        : Provides tunnel connectivity using IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. If this service is stopped, the computer will not have the enhanced connectivity benefits that these technologies offer.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k NetSvcs
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : IP Helper
        DEPENDENCIES       : RpcSS
                           : Tdx
                           : winmgmt
                           : tcpip
                           : nsi
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: LanmanServer
DISPLAY_NAME: Server
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 608
        FLAGS              : 
        DESCRIPTION        : Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k netsvcs
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Server
        DEPENDENCIES       : SamSS
                           : Srv
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: LanmanWorkstation
DISPLAY_NAME: Workstation
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 1524
        FLAGS              : 
        DESCRIPTION        : Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k NetworkService
        LOAD_ORDER_GROUP   : NetworkProvider
        TAG                : 0
        DISPLAY_NAME       : Workstation
        DEPENDENCIES       : Bowser
                           : MRxSmb10
                           : MRxSmb20
                           : NSI
        SERVICE_START_NAME : NT AUTHORITY\NetworkService
 
SERVICE_NAME: lmhosts
DISPLAY_NAME: TCP/IP NetBIOS Helper
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 1016
        FLAGS              : 
        DESCRIPTION        : Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
        LOAD_ORDER_GROUP   : TDI
        TAG                : 0
        DISPLAY_NAME       : TCP/IP NetBIOS Helper
        DEPENDENCIES       : NetBT
                           : Afd
        SERVICE_START_NAME : NT AUTHORITY\LocalService
 
SERVICE_NAME: LSM
DISPLAY_NAME: Local Session Manager
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 848
        FLAGS              : 
        DESCRIPTION        : Core Windows Service that manages local user sessions. Stopping or disabling this service will result in system instability.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k DcomLaunch
        LOAD_ORDER_GROUP   : COM Infrastructure
        TAG                : 0
        DISPLAY_NAME       : Local Session Manager
        DEPENDENCIES       : RpcEptMapper
                           : DcomLaunch
                           : RpcSs
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: MMCSS
DISPLAY_NAME: Multimedia Class Scheduler
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 608
        FLAGS              : 
        DESCRIPTION        : Enables relative prioritization of work based on system-wide task priorities. This is intended mainly for multimedia applications.  If this service is stopped, individual tasks resort to their default priority.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k netsvcs
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Multimedia Class Scheduler
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: Netman
DISPLAY_NAME: Network Connections
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 356
        FLAGS              : 
        DESCRIPTION        : Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 3   DEMAND_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Network Connections
        DEPENDENCIES       : RpcSs
                           : nsi
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: netprofm
DISPLAY_NAME: Network List Service
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 996
        FLAGS              : 
        DESCRIPTION        : Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 3   DEMAND_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k LocalService
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Network List Service
        DEPENDENCIES       : RpcSs
                           : nlasvc
        SERVICE_START_NAME : NT AUTHORITY\LocalService
 
SERVICE_NAME: NlaSvc
DISPLAY_NAME: Network Location Awareness
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 1524
        FLAGS              : 
        DESCRIPTION        : Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k NetworkService
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Network Location Awareness
        DEPENDENCIES       : NSI
                           : RpcSs
                           : TcpIp
                           : Dhcp
        SERVICE_START_NAME : NT AUTHORITY\NetworkService
 
SERVICE_NAME: nsi
DISPLAY_NAME: Network Store Interface Service
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 996
        FLAGS              : 
        DESCRIPTION        : This service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. Stopping this service will cause loss of network connectivity. If this service is disabled, any other services that explicitly depend on this service will fail to start.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k LocalService
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Network Store Interface Service
        DEPENDENCIES       : rpcss
                           : nsiproxy
        SERVICE_START_NAME : NT Authority\LocalService
 
SERVICE_NAME: PcaSvc
DISPLAY_NAME: Program Compatibility Assistant Service
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 356
        FLAGS              : 
        DESCRIPTION        : This service provides support for the Program Compatibility Assistant (PCA).  PCA monitors programs installed and run by the user and detects known compatibility problems. If this service is stopped, PCA will not function properly.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Program Compatibility Assistant Service
        DEPENDENCIES       : RpcSs
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: PlugPlay
DISPLAY_NAME: Plug and Play
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 848
        FLAGS              : 
        DESCRIPTION        : Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k DcomLaunch
        LOAD_ORDER_GROUP   : PlugPlay
        TAG                : 0
        DISPLAY_NAME       : Plug and Play
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: Power
DISPLAY_NAME: Power
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 848
        FLAGS              : 
        DESCRIPTION        : Manages power policy and power policy notification delivery.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k DcomLaunch
        LOAD_ORDER_GROUP   : Plugplay
        TAG                : 0
        DISPLAY_NAME       : Power
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: ProfSvc
DISPLAY_NAME: User Profile Service
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 608
        FLAGS              : 
        DESCRIPTION        : This service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully sign in or sign out, apps might have problems getting to users' data, and components registered to receive profile event notifications won't receive them.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k netsvcs
        LOAD_ORDER_GROUP   : profsvc_group
        TAG                : 0
        DISPLAY_NAME       : User Profile Service
        DEPENDENCIES       : RpcSs
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: RasMan
DISPLAY_NAME: Remote Access Connection Manager
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 608
        FLAGS              : 
        DESCRIPTION        : Manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks. If this service is disabled, any services that explicitly depend on it will fail to start.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 3   DEMAND_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k netsvcs
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Remote Access Connection Manager
        DEPENDENCIES       : Tapisrv
                           : SstpSvc
        SERVICE_START_NAME : localSystem
 
SERVICE_NAME: RpcEptMapper
DISPLAY_NAME: RPC Endpoint Mapper
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 968
        FLAGS              : 
        DESCRIPTION        : Resolves RPC interfaces identifiers to transport endpoints. If this service is stopped or disabled, programs using Remote Procedure Call (RPC) services will not function properly.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k RPCSS
        LOAD_ORDER_GROUP   : COM Infrastructure
        TAG                : 0
        DISPLAY_NAME       : RPC Endpoint Mapper
        SERVICE_START_NAME : NT AUTHORITY\NetworkService
 
SERVICE_NAME: RpcSs
DISPLAY_NAME: Remote Procedure Call (RPC)
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 968
        FLAGS              : 
        DESCRIPTION        : The RPCSS service is the Service Control Manager for COM and DCOM servers. It performs object activations requests, object exporter resolutions and distributed garbage collection for COM and DCOM servers. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the RPCSS service running.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k rpcss
        LOAD_ORDER_GROUP   : COM Infrastructure
        TAG                : 0
        DISPLAY_NAME       : Remote Procedure Call (RPC)
        DEPENDENCIES       : RpcEptMapper
                           : DcomLaunch
        SERVICE_START_NAME : NT AUTHORITY\NetworkService
 
SERVICE_NAME: SamSs
DISPLAY_NAME: Security Accounts Manager
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 724
        FLAGS              : SERVICE_RUNS_IN_SYSTEM_PROCESS
        DESCRIPTION        : The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests.  Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\lsass.exe
        LOAD_ORDER_GROUP   : MS_WindowsLocalValidation
        TAG                : 0
        DISPLAY_NAME       : Security Accounts Manager
        DEPENDENCIES       : RPCSS
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: Schedule
DISPLAY_NAME: Task Scheduler
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 608
        FLAGS              : 
        DESCRIPTION        : Enables a user to configure and schedule automated tasks on this computer. The service also hosts multiple Windows system-critical tasks. If this service is stopped or disabled, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k netsvcs
        LOAD_ORDER_GROUP   : SchedulerGroup
        TAG                : 0
        DISPLAY_NAME       : Task Scheduler
        DEPENDENCIES       : RPCSS
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: SENS
DISPLAY_NAME: System Event Notification Service
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 608
        FLAGS              : 
        DESCRIPTION        : Monitors system events and notifies subscribers to COM+ Event System of these events.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k netsvcs
        LOAD_ORDER_GROUP   : ProfSvc_Group
        TAG                : 0
        DISPLAY_NAME       : System Event Notification Service
        DEPENDENCIES       : EventSystem
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: ShellHWDetection
DISPLAY_NAME: Shell Hardware Detection
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 608
        FLAGS              : 
        DESCRIPTION        : Provides notifications for AutoPlay hardware events.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 0   IGNORE
        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k netsvcs
        LOAD_ORDER_GROUP   : ShellSvcGroup
        TAG                : 0
        DISPLAY_NAME       : Shell Hardware Detection
        DEPENDENCIES       : RpcSs
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: Spooler
DISPLAY_NAME: Print Spooler
        TYPE               : 110  WIN32_OWN_PROCESS (interactive)
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 1804
        FLAGS              : 
        DESCRIPTION        : This service spools print jobs and handles interaction with the printer.  If you turn off this service, you won’t be able to print or see your printers.
 
        TYPE               : 110  WIN32_OWN_PROCESS (interactive)
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\System32\spoolsv.exe
        LOAD_ORDER_GROUP   : SpoolerGroup
        TAG                : 0
        DISPLAY_NAME       : Print Spooler
        DEPENDENCIES       : RPCSS
                           : http
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: SSDPSRV
DISPLAY_NAME: SSDP Discovery
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 2844
        FLAGS              : 
        DESCRIPTION        : Discovers networked devices and services that use the SSDP discovery protocol, such as UPnP devices. Also announces SSDP devices and services running on the local computer. If this service is stopped, SSDP-based devices will not be discovered. If this service is disabled, any services that explicitly depend on it will fail to start.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 3   DEMAND_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : SSDP Discovery
        DEPENDENCIES       : HTTP
        SERVICE_START_NAME : NT AUTHORITY\LocalService
 
SERVICE_NAME: SstpSvc
DISPLAY_NAME: Secure Socket Tunneling Protocol Service
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 996
        FLAGS              : 
        DESCRIPTION        : Provides support for the Secure Socket Tunneling Protocol (SSTP) to connect to remote computers using VPN. If this service is disabled, users will not be able to use SSTP to access remote servers.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 3   DEMAND_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k LocalService
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Secure Socket Tunneling Protocol Service
        SERVICE_START_NAME : NT Authority\LocalService
 
SERVICE_NAME: stisvc
DISPLAY_NAME: Windows Image Acquisition (WIA)
        TYPE               : 10  WIN32_OWN_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 2156
        FLAGS              : 
        DESCRIPTION        : Provides image acquisition services for scanners and cameras
 
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k imgsvc
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Windows Image Acquisition (WIA)
        DEPENDENCIES       : RpcSs
        SERVICE_START_NAME : NT Authority\LocalService
 
SERVICE_NAME: SysMain
DISPLAY_NAME: Superfetch
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 356
        FLAGS              : 
        DESCRIPTION        : Maintains and improves system performance over time.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 0   IGNORE
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Superfetch
        DEPENDENCIES       : rpcss
                           : fileinfo
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: SystemEventsBroker
DISPLAY_NAME: System Events Broker
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 608
        FLAGS              : 
        DESCRIPTION        : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 3   DEMAND_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k netsvcs
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : System Events Broker
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: TapiSrv
DISPLAY_NAME: Telephony
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 1524
        FLAGS              : 
        DESCRIPTION        : Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 3   DEMAND_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k NetworkService
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Telephony
        DEPENDENCIES       : RpcSs
        SERVICE_START_NAME : NT AUTHORITY\NetworkService
 
SERVICE_NAME: Themes
DISPLAY_NAME: Themes
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 608
        FLAGS              : 
        DESCRIPTION        : Provides user experience theme management.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k netsvcs
        LOAD_ORDER_GROUP   : ProfSvc_Group
        TAG                : 0
        DISPLAY_NAME       : Themes
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: TimeBroker
DISPLAY_NAME: Time Broker
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 2844
        FLAGS              : 
        DESCRIPTION        : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 3   DEMAND_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Time Broker
        SERVICE_START_NAME : NT AUTHORITY\LocalService
 
SERVICE_NAME: TrkWks
DISPLAY_NAME: Distributed Link Tracking Client
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 356
        FLAGS              : 
        DESCRIPTION        : Maintains links between NTFS files within a computer or across computers in a network.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Distributed Link Tracking Client
        DEPENDENCIES       : RpcSs
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: upnphost
DISPLAY_NAME: UPnP Device Host
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 2844
        FLAGS              : 
        DESCRIPTION        : Allows UPnP devices to be hosted on this computer. If this service is stopped, any hosted UPnP devices will stop functioning and no additional hosted devices can be added. If this service is disabled, any services that explicitly depend on it will fail to start.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 3   DEMAND_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : UPnP Device Host
        DEPENDENCIES       : SSDPSRV
                           : HTTP
        SERVICE_START_NAME : NT AUTHORITY\LocalService
 
SERVICE_NAME: Wcmsvc
DISPLAY_NAME: Windows Connection Manager
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 1016
        FLAGS              : 
        DESCRIPTION        : Makes automatic connect/disconnect decisions based on the network connectivity options currently available to the PC and enables management of network connectivity based on Group Policy settings.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 3   DEMAND_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
        LOAD_ORDER_GROUP   : TDI
        TAG                : 0
        DISPLAY_NAME       : Windows Connection Manager
        DEPENDENCIES       : RpcSs
        SERVICE_START_NAME : NT Authority\LocalService
 
SERVICE_NAME: WdiServiceHost
DISPLAY_NAME: Diagnostic Service Host
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 996
        FLAGS              : 
        DESCRIPTION        : The Diagnostic Service Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local Service context.  If this service is stopped, any diagnostics that depend on it will no longer function.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 3   DEMAND_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k LocalService
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Diagnostic Service Host
        SERVICE_START_NAME : NT AUTHORITY\LocalService
 
SERVICE_NAME: WdiSystemHost
DISPLAY_NAME: Diagnostic System Host
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 356
        FLAGS              : 
        DESCRIPTION        : The Diagnostic System Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local System context.  If this service is stopped, any diagnostics that depend on it will no longer function.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 3   DEMAND_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Diagnostic System Host
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: WinHttpAutoProxySvc
DISPLAY_NAME: WinHTTP Web Proxy Auto-Discovery Service
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 996
        FLAGS              : 
        DESCRIPTION        : WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition, WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 3   DEMAND_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k LocalService
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : WinHTTP Web Proxy Auto-Discovery Service
        DEPENDENCIES       : Dhcp
        SERVICE_START_NAME : NT AUTHORITY\LocalService
 
SERVICE_NAME: Winmgmt
DISPLAY_NAME: Windows Management Instrumentation
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 608
        FLAGS              : 
        DESCRIPTION        : Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 0   IGNORE
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k netsvcs
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Windows Management Instrumentation
        DEPENDENCIES       : RPCSS
        SERVICE_START_NAME : localSystem
 
SERVICE_NAME: WlanSvc
DISPLAY_NAME: WLAN AutoConfig
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 356
        FLAGS              : 
        DESCRIPTION        : The WLANSVC service provides the logic required to configure, discover, connect to, and disconnect from a wireless local area network (WLAN) as defined by IEEE 802.11 standards. It also contains the logic to turn your computer into a software access point so that other devices or computers can connect to your computer wirelessly using a WLAN adapter that can support this. Stopping or disabling the WLANSVC service will make all WLAN adapters on your computer inaccessible from the Windows networking UI. It is strongly recommended that you have the WLANSVC service running if your computer has a WLAN adapter.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
        LOAD_ORDER_GROUP   : TDI
        TAG                : 0
        DISPLAY_NAME       : WLAN AutoConfig
        DEPENDENCIES       : nativewifip
                           : RpcSs
                           : Ndisuio
                           : wcmsvc
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: wlidsvc
DISPLAY_NAME: Microsoft Account Sign-in Assistant
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 608
        FLAGS              : 
        DESCRIPTION        : Enables user sign-in through Microsoft account identity services. If this service is stopped, users will not be able to logon to the computer with their Microsoft account.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 3   DEMAND_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k netsvcs
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Microsoft Account Sign-in Assistant
        DEPENDENCIES       : RpcSs
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: WMPNetworkSvc
DISPLAY_NAME: Windows Media Player Network Sharing Service
        TYPE               : 10  WIN32_OWN_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 2600
        FLAGS              : 
        DESCRIPTION        : Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play
 
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : "C:\Program Files\Windows Media Player\wmpnetwk.exe"
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Windows Media Player Network Sharing Service
        DEPENDENCIES       : http
                           : WSearch
        SERVICE_START_NAME : NT AUTHORITY\NetworkService
 
SERVICE_NAME: wscsvc
DISPLAY_NAME: Security Center
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 1016
        FLAGS              : 
        DESCRIPTION        : The WSCSVC (Windows Security Center) service monitors and reports security health settings on the computer.  The health settings include firewall (on/off), antivirus (on/off/out of date), antispyware (on/off/out of date), Windows Update (automatically/manually download and install updates), User Account Control (on/off), and Internet settings (recommended/not recommended). The service provides COM APIs for independent software vendors to register and record the state of their products to the Security Center service.  The Action Center (AC) UI uses the service to provide systray alerts and a graphical view of the security health states in the AC control panel.  Network Access Protection (NAP) uses the service to report the security health states of clients to the NAP Network Policy Server to make network quarantine decisions.  The service also has a public API that allows external consumers to programmatically retrieve the aggregated security health state of the system.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Security Center
        DEPENDENCIES       : RpcSs
                           : WinMgmt
        SERVICE_START_NAME : NT AUTHORITY\LocalService
 
SERVICE_NAME: WSearch
DISPLAY_NAME: Windows Search
        TYPE               : 10  WIN32_OWN_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 2216
        FLAGS              : 
        DESCRIPTION        : Provides content indexing, property caching, and search results for files, e-mail, and other content.
 
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\SearchIndexer.exe /Embedding
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Windows Search
        DEPENDENCIES       : RPCSS
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: wuauserv
DISPLAY_NAME: Windows Update
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 608
        FLAGS              : 
        DESCRIPTION        : Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k netsvcs
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Windows Update
        DEPENDENCIES       : rpcss
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: ZAtheros Bt and Wlan Coex Agent
DISPLAY_NAME: ZAtheros Bt and Wlan Coex Agent
        TYPE               : 10  WIN32_OWN_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 2276
        FLAGS              : 
        DESCRIPTION        : Co-existence Coordinator Service between 11a/b/g/n Wireless LAN and Bluetooth.
 
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 0   IGNORE
        BINARY_PATH_NAME   : C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : ZAtheros Bt and Wlan Coex Agent
        SERVICE_START_NAME : LocalSystem


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,968 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:18 PM

Posted 09 July 2013 - 07:36 PM

Greetings,

I am not real familiar with Bitdefender so I can't really give you specific instructions. What I would like you to do is open the Bitdefender program and find the firewall setting. If it is checked, please uncheck it, reboot your computer and attempt to turn on the Windows Firewall.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 luniz7

luniz7
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 09 July 2013 - 07:45 PM

I am using the free edition of bitdefender which does not include any kind of firewall protection or options.  It is anti virus only.  Firewall still not functioning.


Edited by luniz7, 09 July 2013 - 07:54 PM.


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,968 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:18 PM

Posted 09 July 2013 - 07:59 PM

I've tried starting it manually through services.msc with no luck

Please go back to the service, right click on the firewall entry and select Properties. Please take a screen shot of this window and attach it to your reply.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users