Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZoneAlarm Antivirus/Spyware Won't Update


  • This topic is locked This topic is locked
7 replies to this topic

#1 Gillman

Gillman

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 13 December 2015 - 08:06 AM

Hi there, I am sure this topic has come up quite a few times. I have a new laptop and a fresh copy of Windows installed. For some reason shortly thereafter ZA stopped updating. I followed ZA's own guidelines around uninstalling and reinstalling but to no avail. I have seen other posts on this forum and have run logs, which I have copied below (and attached).

 

Many thanks in advance for any assistance you're able to provide.

 

Gillman 

 

-----------

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.10586.20  BrowserJavaVersion: 11.66.2
Run by darre at 12:32:30 on 2015-12-13
Microsoft Windows 10 Pro  10.0.10586.0.1252.44.1033.18.16337.10419 [GMT 0:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ZoneAlarm Extreme Security Antivirus *Enabled/Updated* {23B6D20A-C2DE-B3F5-C67D-07ECD854E6A9}
SP: ZoneAlarm Extreme Security Anti-Spyware *Enabled/Updated* {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Extreme Security Firewall *Enabled* {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files (x86)\CheckPoint\AKL\AkSVC.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files\Killer Networking\Network Manager\KillerService.exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
C:\Program Files (x86)\SCM\MSIService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Windows\system32\svchost.exe -k appmodel
C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
C:\Program Files (x86)\CheckPoint\AKL\AkSA.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\sihost.exe
C:\Windows\system32\taskhostw.exe
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\Explorer.EXE
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
C:\Program Files\WindowsApps\Microsoft.Messaging_1.11.19004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
C:\Program Files (x86)\TeamViewer\tv_w32.exe
C:\Program Files (x86)\TeamViewer\tv_x64.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\SCM\SCM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\ThreatEmulation.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\SettingSyncHost.exe
C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\ApplicationFrameHost.exe
C:\Windows\ImmersiveControlPanel\SystemSettings.exe
C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6508.23761.0_x64__8wekyb3d8bbwe\OHub.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6509.64001.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6509.64001.0_x64__8wekyb3d8bbwe\HxTsr.exe
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\Windows\system32\dashost.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
C:\Windows\system32\browser_broker.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
uLocal Page = %11%\blank.htm
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll
uRun: [SteelSeries Engine] C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
dRun: [ZoneAlarm Windows 10 Upgrader] "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\KILLER~1.LNK - C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{6c71cc20-f53e-4d18-9feb-741be0885de9} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{958831bd-fe0a-4bfe-92b2-e86795060cfe} : DHCPNameServer = 192.168.0.1
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages =  ""
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\windows.storage.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [SCM] C:\Program Files (x86)\SCM\SCM.exe
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] "C:\Windows\System32\rundll32.exe" C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [ISW] "C:\Program Files (x86)\CheckPoint\AKL\AkSA.exe" /icon="hidden"
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
x64-Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - <orphaned>
x64-Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - <orphaned>
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2015-7-29 1462720]
R0 intelpep;Intel® Power Engine Plug-in Driver;C:\Windows\System32\drivers\intelpep.sys [2015-10-30 46432]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\Windows\System32\drivers\WindowsTrustedRT.sys [2015-10-30 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys [2015-10-30 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\Windows\System32\drivers\wof.sys [2015-10-30 199008]
R1 ahcache;Application Compatibility Cache;C:\Windows\System32\drivers\ahcache.sys [2015-10-30 218624]
R1 BfLwf;KIller Bandwidth Control;C:\Windows\System32\drivers\bwcW10x64.sys [2015-7-7 114736]
R1 FileCrypt;FileCrypt;C:\Windows\System32\drivers\filecrypt.sys [2015-10-30 87040]
R1 GpuEnergyDrv;GPU Energy Driver;C:\Windows\System32\drivers\gpuenergydrv.sys [2015-10-30 8192]
R1 klhk;Kaspersky Lab service driver;C:\Windows\System32\drivers\klhk.sys [2015-12-11 227512]
R1 Klwtp;Klwtp;C:\Windows\System32\drivers\klwtp.sys [2015-11-3 103096]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-10-7 77104]
R2 ClickToRunSvc;Microsoft Office Click-to-Run Service;C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe [2015-12-12 2748600]
R2 CoreMessagingRegistrar;CoreMessaging;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2015-10-30 43944]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\Windows\System32\svchost.exe -k utcsvc [2015-10-30 43944]
R2 DoSvc;Delivery Optimization;C:\Windows\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-12-5 1156400]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2015-7-27 18856]
R2 ISWKL;ZoneAlarm AntiKeylogger ISWKL;C:\Program Files (x86)\CheckPoint\AKL\ISWKL.sys [2014-7-17 54144]
R2 IswSvc;ZoneAlarm AntiKeylogger IswSvc;C:\Program Files (x86)\CheckPoint\AKL\AkSVC.exe [2014-7-17 1144952]
R2 Killer Service V2;Killer Service V2;C:\Program Files\Killer Networking\Network Manager\KillerService.exe [2015-7-7 413696]
R2 Micro Star SCM;Micro Star SCM;C:\Program Files (x86)\SCM\MSIService.exe [2015-4-21 160768]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-12-5 1872688]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2015-12-5 5915440]
R2 storqosflt;Storage QoS Filter Driver;C:\Windows\System32\drivers\storqosflt.sys [2015-10-30 78848]
R2 SynTPEnhService;SynTPEnh Caller Service;C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2015-8-21 247992]
R2 TeamViewer;TeamViewer 11;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-12-5 6887696]
R2 tiledatamodelsvc;Tile Data model server;C:\Windows\System32\svchost.exe -k appmodel [2015-10-30 43944]
R2 UserManager;User Manager;C:\Windows\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R2 ZAPrivacyService;ZoneAlarm Privacy Service;C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [2015-10-19 96272]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2015-9-2 602736]
R3 busenum;SteelBusSvc;C:\Windows\System32\drivers\SteelBus64.sys [2015-6-11 163536]
R3 DsSvc;Data Sharing Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
R3 KillerEth;NDIS Miniport Driver for Killer e2400 PCI-E Ehternet Controller;C:\Windows\System32\drivers\e24w10x64.sys [2015-10-22 124464]
R3 klflt;Kaspersky Lab Kernel DLL;C:\Windows\System32\drivers\klflt.sys [2015-11-3 172920]
R3 lfsvc;Geolocation Service;C:\Windows\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 LicenseManager;Windows License Manager Service;C:\Windows\System32\svchost.exe -k LocalService [2015-10-30 43944]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-10-26 351520]
R3 LVUVC64;@oem3.inf,%PID_0990_DD%(UVC);Logitech QuickCam Pro 9000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-10-26 4758176]
R3 NcbService;Network Connection Broker;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\Windows\System32\drivers\NdisVirtualBus.sys [2015-10-30 20480]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-12-5 19760]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2015-12-5 8133424]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2015-12-5 50472]
R3 Qcamain10x64;Qualcomm Atheros Extensible Wireless LAN 11AC device driver;C:\Windows\System32\drivers\Qcamain10x64.sys [2015-6-29 2327344]
R3 RTSPER;Realtek PCIE Card Reader - PER;C:\Windows\System32\drivers\RtsPer.sys [2015-9-23 759552]
R3 SAlphaPS2;SteelPs2Svc;C:\Windows\System32\drivers\SAlphaPS264.sys [2014-10-8 27520]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2015-12-5 44216]
R3 StateRepository;State Repository Service;C:\Windows\System32\svchost.exe -k appmodel [2015-10-30 43944]
R3 UEFI;Microsoft UEFI Driver;C:\Windows\System32\drivers\uefi.sys [2015-10-30 28512]
R3 wdiwifi;WDI Driver Framework;C:\Windows\System32\drivers\WdiWiFi.sys [2015-10-30 694784]
S0 klelam;klelam;C:\Windows\System32\drivers\klelam.sys [2015-11-3 30328]
S2 MapsBroker;Downloaded Maps Manager;C:\Windows\System32\svchost.exe -k NetworkService [2015-10-30 43944]
S2 SetupARService;SetupARService;C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [2015-12-5 10752]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-7-9 327296]
S3 ADP80XX;ADP80XX;C:\Windows\System32\drivers\adp80xx.sys [2015-10-30 1135456]
S3 AJRouter;AllJoyn Router Service;C:\Windows\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 AppReadiness;App Readiness;C:\Windows\System32\svchost.exe -k AppReadiness [2015-10-30 43944]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\Windows\System32\svchost.exe -k wsappx [2015-10-30 43944]
S3 bcmfn;bcmfn Service;C:\Windows\System32\drivers\bcmfn.sys [2015-10-30 9728]
S3 bcmfn2;bcmfn2 Service;C:\Windows\System32\drivers\bcmfn2.sys [2015-10-30 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-10-30 43944]
S3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\drivers\BthLEEnum.sys [2015-10-30 245248]
S3 buttonconverter;Service for Portable Device Control devices;C:\Windows\System32\drivers\buttonconverter.sys [2015-10-30 37376]
S3 CapImg;HID driver for CapImg touch screen;C:\Windows\System32\drivers\capimg.sys [2015-12-5 117248]
S3 ClipSVC;Client License Service (ClipSVC);C:\Windows\System32\svchost.exe -k wsappx [2015-10-30 43944]
S3 CWUpdaterDaemon;ContentWatch Updater Daemon;C:\Program Files (x86)\CheckPoint\Parental Controls\bin\cwupdater.exe [2015-8-13 9729368]
S3 DcpSvc;DataCollectionPublishingService;C:\Windows\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 diagnosticshub.standardcollector.service;Microsoft ® Diagnostics Hub Standard Collector Service;C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-10-30 31744]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\Windows\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 dmwappushservice;dmwappushsvc;C:\Windows\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 embeddedmode;embeddedmode;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 EntAppSvc;Enterprise App Management Service;C:\Windows\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 genericusbfn;Generic USB Function Class;C:\Windows\System32\drivers\genericusbfn.sys [2015-10-30 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\Windows\System32\drivers\hidinterrupt.sys [2015-10-30 50016]
S3 iai2c;Intel® Serial IO I2C Host Controller;C:\Windows\System32\drivers\iai2c.sys [2015-10-30 81408]
S3 iaLPSS2i_I2C;Intel® Serial IO I2C Driver v2;C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [2015-10-30 165888]
S3 iaLPSSi_GPIO;Intel® Serial IO GPIO Controller Driver;C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [2015-10-30 38128]
S3 iaLPSSi_I2C;Intel® Serial IO I2C Controller Driver;C:\Windows\System32\drivers\iaLPSSi_I2C.sys [2015-10-30 113152]
S3 iaStorAV;Intel® SATA RAID Controller Windows;C:\Windows\System32\drivers\iaStorAV.sys [2015-10-30 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\Windows\System32\drivers\ibbus.sys [2015-10-30 424800]
S3 icsak;icsak;C:\Program Files (x86)\CheckPoint\AKL\AK\icsak.sys [2014-7-17 48512]
S3 icssvc;Windows Mobile Hotspot Service;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-10-30 117760]
S3 LSI_SAS2i;LSI_SAS2i;C:\Windows\System32\drivers\lsi_sas2i.sys [2015-10-30 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\Windows\System32\drivers\lsi_sas3i.sys [2015-10-30 99168]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\Windows\System32\drivers\mlx4_bus.sys [2015-10-30 705376]
S3 ndfltr;NetworkDirect Service;C:\Windows\System32\drivers\ndfltr.sys [2015-10-30 76128]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2014-8-15 23040]
S3 NetSetupSvc;Network Setup Service;C:\Windows\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 NgcSvc;Microsoft Passport;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 percsas2i;percsas2i;C:\Windows\System32\drivers\percsas2i.sys [2015-10-30 58208]
S3 percsas3i;percsas3i;C:\Windows\System32\drivers\percsas3i.sys [2015-10-30 58720]
S3 PhoneSvc;Phone Service;C:\Windows\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 ReFSv1;ReFSv1;C:\Windows\System32\drivers\refsv1.sys [2015-10-30 930656]
S3 RetailDemo;Retail Demo Service;C:\Windows\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SensorDataService;Sensor Data Service;C:\Windows\System32\SensorDataService.exe [2015-10-30 1297408]
S3 SensorService;Sensor Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SerCx2;Serial UART Support Library;C:\Windows\System32\drivers\SerCx2.sys [2015-10-30 155488]
S3 smphost;Microsoft Storage Spaces SMP;C:\Windows\System32\svchost.exe -k smphost [2015-10-30 43944]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\Windows\System32\drivers\stornvme.sys [2015-10-30 79200]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\Windows\System32\drivers\storufs.sys [2015-10-30 34144]
S3 ThunderboltService;Thunderbolt™ Service;C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [2015-8-4 1770136]
S3 TieringEngineService;Storage Tiers Management;C:\Windows\System32\TieringEngineService.exe [2015-10-30 290304]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\Windows\System32\drivers\UcmCx.sys [2015-10-30 61952]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\Windows\System32\drivers\UcmUcsi.sys [2015-10-30 46592]
S3 UdeCx;USB Device Emulation Support Library;C:\Windows\System32\drivers\Udecx.sys [2015-10-30 45056]
S3 Ufx01000;USB Function Class Extension;C:\Windows\System32\drivers\ufx01000.sys [2015-10-30 254816]
S3 UfxChipidea;USB Chipidea Controller;C:\Windows\System32\drivers\UfxChipidea.sys [2015-10-30 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\Windows\System32\drivers\ufxsynopsys.sys [2015-10-30 131424]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\Windows\System32\drivers\urschipidea.sys [2015-10-30 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\Windows\System32\drivers\urscx01000.sys [2015-10-30 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\Windows\System32\drivers\urssynopsys.sys [2015-10-30 27488]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2015-6-17 54784]
S3 UsoSvc;Update Orchestrator Service;C:\Windows\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\Windows\System32\drivers\vhf.sys [2015-10-30 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 vmicvmsession;Hyper-V VM Session Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 WalletService;WalletService;C:\Windows\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\Windows\System32\drivers\WdNisDrv.sys [2015-10-30 118112]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-10-30 364464]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\Windows\System32\svchost.exe -k WepHostSvcGroup [2015-10-30 43944]
S3 WinMad;WinMad Service;C:\Windows\System32\drivers\winmad.sys [2015-10-30 26976]
S3 WinVerbs;WinVerbs Service;C:\Windows\System32\drivers\winverbs.sys [2015-10-30 59232]
S3 workfolderssvc;Work Folders;C:\Windows\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 WpnService;Windows Push Notifications Service;C:\Windows\System32\svchost.exe -k wswpnservice [2015-10-30 43944]
S3 XblAuthManager;Xbox Live Auth Manager;C:\Windows\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 XblGameSave;Xbox Live Game Save;C:\Windows\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\Windows\System32\drivers\xboxgip.sys [2015-10-30 238592]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\Windows\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xinputhid;XINPUT HID Filter Driver;C:\Windows\System32\drivers\xinputhid.sys [2015-10-30 26112]
S4 CDPSvc;Connected Device Platform Service;C:\Windows\System32\svchost.exe -k LocalService [2015-10-30 43944]
S4 tzautoupdate;Auto Time Zone Updater;C:\Windows\System32\svchost.exe -k LocalService [2015-10-30 43944]
SUnknown IoQos;IoQos; [x]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
ShellExec: opera.exe: open="C:\Users\darre\AppData\Local\Programs\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2015-12-12 13:40:30 -------- d---a-w- C:\Program Files\iTunes
2015-12-12 13:40:30 -------- d-----w- C:\Program Files\iPod
2015-12-12 13:40:30 -------- d-----w- C:\Program Files (x86)\iTunes
2015-12-12 12:55:55 2434768 ----a-w- C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2015-12-12 12:49:48 929464 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RUI.en-us.dll
2015-12-12 12:49:48 59584 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ClickToRun\msointl30.en-us.dll
2015-12-11 20:38:35 -------- d-----w- C:\Windows\System32\MRT
2015-12-11 18:15:18 1190000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\NisBackup\gapaengine.dll
2015-12-11 18:15:17 1190000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6EBAE003-FDC2-4C92-ACF3-81DECBC7996F}\gapaengine.dll
2015-12-11 18:15:09 11138400 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{45476467-E303-4244-84F4-0D6BA48CD88E}\mpengine.dll
2015-12-11 18:15:07 -------- d---a-w- C:\Program Files (x86)\PC Tune-Up
2015-12-11 18:15:06 301728 ------w- C:\Windows\System32\MpSigStub.exe
2015-12-11 18:15:05 -------- d---a-w- C:\ProgramData\ContentWatch
2015-12-11 18:14:33 478392 ----a-w- C:\Windows\System32\drivers\kl1.sys
2015-12-11 18:14:32 227512 ----a-w- C:\Windows\System32\drivers\klhk.sys
2015-12-11 18:08:39 -------- d-----w- C:\Program Files (x86)\CheckPoint
2015-12-11 17:57:56 -------- d-----w- C:\Users\darre\AppData\Local\ContentWatch
2015-12-07 23:25:48 -------- d-----w- C:\Users\darre\AppData\Roaming\TeamViewer
2015-12-06 19:56:40 -------- d-----w- C:\Windows\System32\SleepStudy
2015-12-06 19:55:58 -------- d-----w- C:\Users\darre\AppData\Local\PeerDistRepub
2015-12-06 15:34:59 -------- d---a-w- C:\Program Files (x86)\StarCraft II
2015-12-06 14:47:37 -------- d--h--w- C:\OneDriveTemp
2015-12-06 02:28:46 -------- d-----w- C:\Windows\Panther
2015-12-06 01:30:39 -------- d-----w- C:\Users\darre\AppData\Roaming\Opera Software
2015-12-06 01:30:39 -------- d-----w- C:\Users\darre\AppData\Local\Opera Software
2015-12-06 01:30:22 -------- d-----w- C:\Users\darre\AppData\Local\Programs
2015-12-06 01:27:36 -------- d-----w- C:\Users\darre\AppData\Roaming\uTorrent
2015-12-06 01:09:40 -------- d-----w- C:\Users\darre\AppData\Local\Blizzard Entertainment
2015-12-06 01:09:34 -------- d-----w- C:\Users\darre\AppData\Roaming\Battle.net
2015-12-06 01:09:34 -------- d-----w- C:\Users\darre\AppData\Local\Battle.net
2015-12-06 01:09:34 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2015-12-06 01:08:42 -------- d---a-w- C:\Program Files (x86)\Battle.net
2015-12-06 01:08:14 -------- d-----w- C:\ProgramData\Battle.net
2015-12-05 20:52:11 -------- d-----w- C:\Windows\SysWow64\wbem\en-GB
2015-12-05 20:52:11 -------- d-----w- C:\Windows\SysWow64\drivers\UMDF\en-GB
2015-12-05 20:52:11 -------- d-----w- C:\Windows\SysWow64\drivers\en-GB
2015-12-05 20:52:10 -------- d-----w- C:\Windows\System32\wbem\en-GB
2015-12-05 20:52:10 -------- d-----w- C:\Windows\System32\drivers\UMDF\en-GB
2015-12-05 20:52:10 -------- d-----w- C:\Windows\System32\drivers\en-GB
2015-12-05 20:52:09 -------- d-----w- C:\Windows\en-GB
2015-12-05 20:50:14 5120 ----a-w- C:\Windows\System32\drivers\en-GB\portcls.sys.mui
2015-12-05 20:50:14 3584 ----a-w- C:\Windows\System32\drivers\en-GB\serscan.sys.mui
2015-12-05 20:50:12 92672 ----a-w- C:\Windows\System32\drivers\en-GB\tcpip.sys.mui
2015-12-05 20:50:12 3584 ----a-w- C:\Windows\System32\drivers\en-GB\scfilter.sys.mui
2015-12-05 20:50:12 3072 ----a-w- C:\Windows\System32\drivers\UMDF\en-GB\SensorsCx.dll.mui
2015-12-05 20:50:10 12288 ----a-w- C:\Windows\System32\drivers\en-GB\NdisImPlatform.sys.mui
2015-12-05 20:50:07 5632 ----a-w- C:\Windows\System32\drivers\en-GB\hidbth.sys.mui
2015-12-05 20:50:07 4608 ----a-w- C:\Windows\System32\drivers\en-GB\BthMini.SYS.mui
2015-12-05 20:50:07 4096 ----a-w- C:\Windows\System32\drivers\en-GB\BTHUSB.SYS.mui
2015-12-05 20:50:07 3584 ----a-w- C:\Windows\System32\drivers\en-GB\bthenum.sys.mui
2015-12-05 20:50:07 15872 ----a-w- C:\Windows\System32\drivers\en-GB\bthport.sys.mui
2015-12-05 20:38:46 -------- d-----w- C:\Users\darre\AppData\Local\Apple Computer
2015-12-05 20:38:34 -------- d-----w- C:\Users\darre\AppData\Local\Apple
2015-12-05 20:38:23 -------- d---a-w- C:\Program Files\Bonjour
2015-12-05 20:38:23 -------- d---a-w- C:\Program Files (x86)\Bonjour
2015-12-05 20:32:32 -------- d-----w- C:\Users\darre\AppData\Local\TeamViewer
2015-12-05 20:31:54 -------- d---a-w- C:\Program Files (x86)\TeamViewer
2015-12-05 20:30:24 -------- d-----w- C:\Program Files (x86)\VideoLAN
2015-12-05 20:27:54 -------- d-----w- C:\Users\darre\Tracing
2015-12-05 20:26:56 -------- d-----r- C:\Program Files (x86)\Skype
2015-12-05 20:19:32 -------- d-sh--w- C:\Windows\BitLockerDiscoveryVolumeContents
2015-12-05 20:12:11 -------- d-----w- C:\Users\darre\AppData\Local\SteelSeries_ApS
2015-12-05 20:12:00 -------- d-----w- C:\Users\darre\AppData\Roaming\SteelSeries
2015-12-05 20:11:57 -------- d-----w- C:\Users\darre\AppData\Local\MSI
2015-12-05 20:06:58 877872 ----a-w- C:\Windows\System32\NvFBC64.dll
2015-12-05 20:04:04 778936 ----a-w- C:\Windows\SysWow64\PresentationNative_v0300.dll
2015-12-05 20:04:04 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2015-12-05 20:04:04 103120 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-12-05 20:04:03 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2015-12-05 20:04:03 1166520 ----a-w- C:\Windows\System32\PresentationNative_v0300.dll
2015-12-05 20:04:02 124624 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-12-05 19:59:58 -------- d-----w- C:\ProgramData\SteelSeries
2015-12-05 19:58:52 -------- d-----w- C:\Program Files\SteelSeries
2015-12-05 19:56:01 -------- d-----w- C:\Program Files (x86)\SCM
2015-12-05 19:51:39 -------- d-----w- C:\Users\darre\.oracle_jre_usage
2015-12-05 19:51:38 97888 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2015-12-05 19:51:29 -------- d-----w- C:\ProgramData\Oracle
2015-12-05 19:47:57 -------- d-----w- C:\Users\darre\AppData\Local\Google
2015-12-05 19:43:37 -------- d-----w- C:\ProgramData\Killer
2015-12-05 19:43:11 -------- d-----w- C:\Program Files\Killer Networking
2015-12-05 19:42:56 -------- d-----w- C:\ProgramData\Downloaded Installations
2015-12-05 19:32:52 -------- d-----w- C:\Program Files\Realtek
2015-12-05 19:31:18 10752 ----a-w- C:\Windows\SetupAfterRebootService.exe
2015-12-05 19:24:10 -------- d-----w- C:\Program Files (x86)\Realtek
2015-12-05 19:23:43 -------- d--h--w- C:\Program Files (x86)\Temp
2015-12-05 19:21:24 -------- d-----w- C:\Users\darre\AppData\Local\NVIDIA
2015-12-05 19:18:33 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation
2015-12-05 19:18:10 -------- d-----w- C:\Intel
2015-12-05 19:17:49 -------- d-----w- C:\Users\darre\AppData\Roaming\Intel Corporation
2015-12-05 19:16:36 -------- d-----w- C:\Users\darre\Intel
2015-12-05 19:15:45 -------- d-----w- C:\Users\darre\AppData\Local\ElevatedDiagnostics
2015-12-05 19:15:18 -------- d-----w- C:\ProgramData\Package Cache
2015-12-05 19:12:20 -------- d-----w- C:\Program Files (x86)\MSI
2015-12-05 19:11:55 -------- d-----w- C:\Users\darre\AppData\Local\CrashDumps
2015-12-05 19:05:33 44216 ----a-w- C:\Windows\System32\drivers\Smb_driver_Intel.sys
2015-12-05 19:05:30 -------- d-----w- C:\Program Files\Synaptics
2015-12-05 19:04:21 -------- d-----w- C:\Program Files\Common Files\Atheros
2015-12-05 19:00:05 -------- d-----w- C:\Windows\System32\DAX2
2015-12-05 19:00:02 -------- d-----w- C:\Windows\SysWow64\RTCOM
2015-12-05 18:56:22 -------- d-----w- C:\Windows\SysWow64\sda
2015-12-05 18:55:21 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2015-12-05 18:55:16 -------- d-----w- C:\Program Files\NVIDIA Corporation
2015-12-05 18:55:16 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2015-12-05 18:50:21 -------- d-----w- C:\Program Files\Common Files\AV
2015-12-05 18:46:36 646280 ----a-w- C:\Windows\System32\AntiTheftCredentialProvider.dll
2015-12-05 18:46:16 -------- d-----w- C:\Users\darre\AppData\Roaming\CheckPoint
2015-12-05 18:40:37 -------- d-----w- C:\ProgramData\CheckPoint
2015-12-05 18:39:30 -------- d-----w- C:\Windows\System32\wbem\Performance
2015-12-05 18:39:21 -------- d-----w- C:\Users\darre\AppData\Local\MicrosoftEdge
2015-12-05 18:39:09 -------- d-----r- C:\Users\darre\OneDrive
2015-12-05 18:38:57 -------- d-----w- C:\ProgramData\Microsoft OneDrive
2015-12-05 18:37:49 -------- d-----w- C:\Users\darre\AppData\Local\Comms
2015-12-05 18:37:46 -------- d-----w- C:\Users\darre\AppData\Local\ActiveSync
2015-12-05 18:37:28 -------- d-----w- C:\Users\darre\AppData\Local\Publishers
2015-12-05 18:37:25 -------- d-----w- C:\Users\darre\AppData\Local\PackageStaging
2015-12-05 18:37:08 -------- d-----r- C:\Users\darre\Searches
2015-12-05 18:37:08 -------- d-----r- C:\Users\darre\Contacts
2015-12-05 18:37:06 -------- d-----w- C:\Users\darre\AppData\Local\VirtualStore
2015-12-05 18:37:05 -------- d-----w- C:\Users\darre\AppData\Local\Packages
2015-12-05 18:37:04 -------- d-----w- C:\Users\darre\AppData\Local\TileDataLayer
2015-12-05 18:33:46 -------- d-----w- C:\ProgramData\USOShared
2015-12-05 18:33:33 2718208 ----a-w- C:\Windows\SysWow64\PrintConfig.dll
2015-12-05 18:32:10 -------- d-----w- C:\Windows\System32\wbem\MOF\good
2015-12-05 18:32:10 -------- d-----w- C:\Windows\System32\wbem\MOF\bad
2015-12-05 18:32:07 -------- d-sh--we C:\ProgramData\Documents
2015-12-05 18:32:07 -------- d-sh--we C:\Documents and Settings
2015-12-05 18:32:07 -------- d-sh--w- C:\Recovery
2015-12-05 18:31:30 -------- d-----w- C:\Windows\System32\wbem\MOF
2015-12-05 18:30:39 -------- d-s---w- C:\Windows\System32\Microsoft
2015-12-04 07:21:20 79544 ----a-w- C:\Windows\System32\vcruntime140.dll
2015-12-04 07:21:20 625848 ----a-w- C:\Windows\System32\msvcp140.dll
2015-12-04 07:21:20 381128 ----a-w- C:\Windows\System32\vccorlib140.dll
2015-12-04 07:21:20 323792 ----a-w- C:\Windows\System32\concrt140.dll
2015-12-04 06:54:58 354512 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
2015-12-04 06:54:58 16064 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll
2015-12-04 06:54:18 28912 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll
2015-12-04 05:22:22 75960 ----a-w- C:\Windows\SysWow64\vcruntime140.dll
2015-12-04 05:22:22 430264 ----a-w- C:\Windows\SysWow64\msvcp140.dll
2015-12-04 05:22:22 257736 ----a-w- C:\Windows\SysWow64\vccorlib140.dll
2015-12-04 05:22:22 234192 ----a-w- C:\Windows\SysWow64\concrt140.dll
2015-12-04 00:39:30 1274456 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pidgenx.dll
.
==================== Find3M  ====================
.
2015-12-01 07:12:09 2152800 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2015-12-01 00:33:29 826872 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-12-01 00:33:29 176632 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-11-26 00:34:46 11228488 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys
2015-11-24 19:32:06 6358648 ----a-w- C:\Windows\System32\nvcpl.dll
2015-11-24 19:32:06 2983032 ----a-w- C:\Windows\System32\nvsvc64.dll
2015-11-24 19:32:05 938616 ----a-w- C:\Windows\System32\nvvsvc.exe
2015-11-24 19:32:04 62768 ----a-w- C:\Windows\System32\nvshext.dll
2015-11-24 19:32:04 385328 ----a-w- C:\Windows\System32\nvmctray.dll
2015-11-24 19:32:04 2554672 ----a-w- C:\Windows\System32\nvsvcr.dll
2015-11-24 12:07:40 1817160 ----a-w- C:\Windows\System32\ntdll.dll
2015-11-24 11:06:29 1540768 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-11-24 10:26:50 1399224 ----a-w- C:\Windows\System32\user32.dll
2015-11-24 10:01:57 2756096 ----a-w- C:\Windows\System32\mshtml.tlb
2015-11-24 09:54:15 7680 ----a-w- C:\Windows\System32\readingviewresources.dll
2015-11-24 09:53:39 115200 ----a-w- C:\Windows\System32\win32k.sys
2015-11-24 09:45:01 18944 ----a-w- C:\Windows\System32\wshrm.dll
2015-11-24 09:37:04 147968 ----a-w- C:\Windows\System32\drivers\rmcast.sys
2015-11-24 09:26:34 1337240 ----a-w- C:\Windows\SysWow64\user32.dll
2015-11-24 09:19:35 182784 ----a-w- C:\Windows\System32\shutdownux.dll
2015-11-24 09:12:41 523776 ----a-w- C:\Windows\System32\catsrvut.dll
2015-11-24 08:58:24 604672 ----a-w- C:\Windows\System32\vbscript.dll
2015-11-24 08:55:41 1393664 ----a-w- C:\Windows\System32\win32kbase.sys
2015-11-24 08:54:21 2756096 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-11-24 08:52:05 1717248 ----a-w- C:\Windows\System32\GdiPlus.dll
2015-11-24 08:49:47 1648640 ----a-w- C:\Windows\System32\comsvcs.dll
2015-11-24 08:27:15 3593216 ----a-w- C:\Windows\System32\win32kfull.sys
2015-11-24 08:14:34 415744 ----a-w- C:\Windows\SysWow64\catsrvut.dll
2015-11-24 08:03:47 503296 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-11-24 07:59:27 1467392 ----a-w- C:\Windows\SysWow64\GdiPlus.dll
2015-11-24 07:57:56 1328128 ----a-w- C:\Windows\SysWow64\comsvcs.dll
2015-11-24 07:35:50 22393856 ----a-w- C:\Windows\System32\edgehtml.dll
2015-11-24 07:29:31 2352128 ----a-w- C:\Windows\System32\authui.dll
2015-11-24 07:11:35 18678272 ----a-w- C:\Windows\SysWow64\edgehtml.dll
2015-11-24 07:04:25 2155008 ----a-w- C:\Windows\SysWow64\authui.dll
2015-11-23 20:35:43 6049858 ----a-w- C:\Windows\System32\nvcoproc.bin
2015-11-22 10:47:58 7476576 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-11-22 10:47:45 2653816 ----a-w- C:\Windows\System32\CoreUIComponents.dll
2015-11-22 10:41:56 1284960 ----a-w- C:\Windows\System32\LicenseManager.dll
2015-11-22 10:41:04 1859448 ----a-w- C:\Windows\SysWow64\CoreUIComponents.dll
2015-11-22 10:35:10 538632 ----a-w- C:\Windows\System32\WWanAPI.dll
2015-11-22 10:34:32 80600 ----a-w- C:\Windows\System32\wwapi.dll
2015-11-22 10:34:09 975200 ----a-w- C:\Windows\SysWow64\LicenseManager.dll
2015-11-22 10:33:49 58408 ----a-w- C:\Windows\System32\SensorsNativeApi.dll
2015-11-22 10:33:40 51680 ----a-w- C:\Windows\System32\SensorsUtilsV2.dll
2015-11-22 10:33:26 95072 ----a-w- C:\Windows\System32\drivers\sdstor.sys
2015-11-22 10:30:26 604928 ----a-w- C:\Windows\System32\drivers\cng.sys
2015-11-22 10:30:26 161632 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-11-22 10:26:06 431232 ----a-w- C:\Windows\SysWow64\WWanAPI.dll
2015-11-22 10:25:38 63528 ----a-w- C:\Windows\SysWow64\wwapi.dll
2015-11-22 10:24:14 2772584 ----a-w- C:\Windows\System32\d3d11.dll
2015-11-22 10:20:25 795840 ----a-w- C:\Windows\System32\generaltel.dll
2015-11-22 10:19:24 440160 ----a-w- C:\Windows\System32\services.exe
2015-11-22 10:14:03 2185840 ----a-w- C:\Windows\SysWow64\d3d11.dll
2015-11-22 10:12:55 320352 ----a-w- C:\Windows\apppatch\AcRes.dll
2015-11-22 10:00:26 89088 ----a-w- C:\Windows\System32\MapsCSP.dll
2015-11-22 10:00:24 58368 ----a-w- C:\Windows\System32\MosResource.dll
2015-11-22 09:57:57 9728 ----a-w- C:\Windows\System32\Microsoft-Windows-MosHost.dll
2015-11-22 09:57:33 10240 ----a-w- C:\Windows\System32\Microsoft-Windows-MosTrace.dll
2015-11-22 09:57:30 36352 ----a-w- C:\Windows\System32\UIAutomationCoreRes.dll
2015-11-22 09:57:21 110592 ----a-w- C:\Windows\System32\Microsoft-Windows-MapControls.dll
2015-11-22 09:56:52 55808 ----a-w- C:\Windows\System32\rilproxy.dll
2015-11-22 09:56:33 64000 ----a-w- C:\Windows\System32\ihvrilproxy.dll
2015-11-22 09:56:31 1268736 ----a-w- C:\Windows\System32\Windows.UI.Xaml.Resources.dll
2015-11-22 09:56:21 64000 ----a-w- C:\Windows\System32\MosHostClient.dll
2015-11-22 09:55:24 13312 ----a-w- C:\Windows\System32\MapsBtSvcProxy.dll
2015-11-22 09:55:14 70656 ----a-w- C:\Windows\System32\XblAuthManagerProxy.dll
2015-11-22 09:54:51 92160 ----a-w- C:\Windows\System32\SensorsNativeApi.V2.dll
2015-11-22 09:54:51 75264 ----a-w- C:\Windows\System32\wwanprotdim.dll
2015-11-22 09:54:46 138240 ----a-w- C:\Windows\System32\ETWCoreUIComponentsResources.dll
2015-11-22 09:54:44 3072 ----a-w- C:\Windows\System32\MapControlStringsRes.dll
2015-11-22 09:54:39 117248 ----a-w- C:\Windows\System32\drivers\capimg.sys
2015-11-22 09:54:37 28672 ----a-w- C:\Windows\System32\WordBreakers.dll
2015-11-22 09:54:26 44032 ----a-w- C:\Windows\System32\wsplib.dll
2015-11-22 09:54:25 38912 ----a-w- C:\Windows\apppatch\apppatch64\AcWinRT.dll
2015-11-22 09:54:25 28160 ----a-w- C:\Windows\System32\nativemap.dll
2015-11-22 09:52:59 60928 ----a-w- C:\Windows\System32\XblAuthTokenBrokerExt.dll
2015-11-22 09:52:58 28672 ----a-w- C:\Windows\System32\mapsupdatetask.dll
2015-11-22 09:52:47 16984576 ----a-w- C:\Windows\System32\Windows.UI.Xaml.dll
2015-11-22 09:52:14 69632 ----a-w- C:\Windows\System32\wininetlui.dll
2015-11-22 09:51:53 72704 ----a-w- C:\Windows\System32\MosStorage.dll
2015-11-22 09:51:24 157184 ----a-w- C:\Windows\System32\dmcertinst.exe
2015-11-22 09:51:20 119808 ----a-w- C:\Windows\System32\MapsBtSvc.dll
2015-11-22 09:51:08 42496 ----a-w- C:\Windows\System32\mapstoasttask.dll
2015-11-22 09:50:35 74240 ----a-w- C:\Windows\System32\mssign32.dll
2015-11-22 09:49:54 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-11-22 09:49:44 66560 ----a-w- C:\Windows\System32\moshost.dll
2015-11-22 09:49:41 162304 ----a-w- C:\Windows\System32\DeviceCensus.exe
2015-11-22 09:49:25 52224 ----a-w- C:\Windows\System32\Wwanpref.dll
2015-11-22 09:48:59 152064 ----a-w- C:\Windows\System32\drivers\UMDF\SensorsCx.dll
2015-11-22 09:48:33 58368 ----a-w- C:\Windows\SysWow64\MosResource.dll
2015-11-22 09:47:27 269824 ----a-w- C:\Windows\System32\moshostcore.dll
2015-11-22 09:46:30 312832 ----a-w- C:\Windows\apppatch\apppatch64\AcGenral.dll
2015-11-22 09:46:20 248832 ----a-w- C:\Windows\System32\UserMgrProxy.dll
2015-11-22 09:46:17 209920 ----a-w- C:\Windows\System32\wcmcsp.dll
2015-11-22 09:45:37 264192 ----a-w- C:\Windows\System32\NmaDirect.dll
2015-11-22 09:45:32 9728 ----a-w- C:\Windows\SysWow64\Microsoft-Windows-MosHost.dll
2015-11-22 09:45:16 638464 ----a-w- C:\Windows\System32\enterprisecsps.dll
2015-11-22 09:45:14 10240 ----a-w- C:\Windows\SysWow64\Microsoft-Windows-MosTrace.dll
2015-11-22 09:45:13 6572032 ----a-w- C:\Windows\System32\wwanmm.dll
.
============= FINISH: 12:32:50.94 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:58 AM

Posted 13 December 2015 - 09:38 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===


Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


How is the computer running now?
Wait for further instructions.

#3 Gillman

Gillman
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 13 December 2015 - 12:57 PM

Hey Nasdaq - thanks for the kind welcome and your speedy reply!

 

As per your instructions, please find the log files attached (hopefully all you need)

 

Really appreciated!

 

 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:58 AM

Posted 13 December 2015 - 03:15 PM


Your call is you want to keep this but it's not recommended.

[x] [C:\Users\darre\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Not Deleted : uk.ask.com

===

Run MBAM and delete the items that will be found.

Restart the computer normally after.

===

If you are still unable to update ZoneAlarm it might just be that something is still around after you use the Programs and Features applet.

Download and run this Revo uninstaller tool.
http://www.revouninstaller.com/revo_uninstaller_free_download.html

Remove everything associated with ZoneAlarm.

Restart the computer normally to reset the registry.

Re-install ZoneAlarm.

How is it now?

#5 Gillman

Gillman
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 13 December 2015 - 05:34 PM

Thanks again for your efforts. I had in fact used MBAM to delete all adware, etc. I also ran revo - using it to uninstall ZA and then reinstalled. Unfortunately the ZA updates are still failing :/



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:58 AM

Posted 14 December 2015 - 08:55 AM

Well I can only suggest you check with their experts.

The have a forum here.
http://www.zonealarm.com/security/en-us/community/user-forum-agreement.htm

#7 Gillman

Gillman
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 15 December 2015 - 04:42 PM

Thanks Nasdaq, will do. Appreciate your efforts.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:58 AM

Posted 16 December 2015 - 08:44 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users