Solved Laptop keeps having BSOD

Hi ILWG and welcome to PCHF

Please follow my BSOD prework and upload any BSOD logs so I can analyze them

ILWG said:

Thank you for helping but I just set it to small memory dump so I will have to wait until my computer crashes again.

Click to expand...

Of course We await your files

In the meantime, have you installed any new software of hardware before the errors started happening?

Yes please

Did you ensure you followed the BSOD prework? The BSOD prework ensures the BSOD log file writes before rebooting

Step 1: Reset Host File

• Click here to download RstHosts v2.0
• Save the file to your desktop.
• Right Click and Run as Administrator.
• Click on Restaurer, then click OK at the prompt.
• This will restore the default host file.
• Next Click on Creer Un Rapport.
• This will open a logfile, post that in your next reply.

Step 2: MiniToolBox Scan


Please download MINITOOLBOX and run it.

Checkmark following boxes:



Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go post the result.

Step 3: Autoruns Scan.


Download Autoruns and Autorunsc Unzip it to your desktop and then double click autoruns.exe
After the scan is finished then click on File>>>>>>>>>>>Save
The default name will be autoruns.arn make sure to save it as Autoruns.txt under the file type option.
in other words make sure it is a .txt file instead of .arn Attach the text in your next reply.


Step 4: HijackThis.



1- Please Click HERE to download HijackThis. -- Unzip to your desktop.
2- Right click run as admin.
3- Click on the Main Menu button if not already there.
4- Select Do a system scan and save a logfile.
5- Copy paste the log here.



Step 5: JRT Scan.


Please download Junkware Removal Tool and save it on your desktop.

• Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log is saved to your desktop and will automatically open.
• Please post the JRT log.

Step 6: Adware Cleaner Scan.

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

MiniToolBox by Farbar Version: 17-06-2016
Ran by user (administrator) on 09-05-2017 at 10:35:05
Running from "C:\Users\user\AppData\Local\Temp\scoped_dir10472_8816"
Microsoft Windows 10 Home (X64)
Model: K401UB Manufacturer: ASUSTeK COMPUTER INC.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================

Intel(R) Dual Band Wireless-AC 7265 = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global defaultcurhoplimit=64 taskoffload=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : DESKTOP-R8TPN6U
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : kgv.edu.hk

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 2C-56-DC-BE-F1-8E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : 10-02-B5-56-AF-DC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . : kgv.edu.hk
Description . . . . . . . . . . . : Intel(R) Dual Band Wireless-AC 7265
Physical Address. . . . . . . . . : 10-02-B5-56-AF-DB
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::153f:bb62:9a8:c4e6%5(Preferred)
IPv4 Address. . . . . . . . . . . : 172.16.38.153(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.254.0
Lease Obtained. . . . . . . . . . : Tuesday, May 9, 2017 9:43:56 AM
Lease Expires . . . . . . . . . . : Tuesday, May 30, 2017 10:30:17 AM
Default Gateway . . . . . . . . . : 172.16.39.250
DHCP Server . . . . . . . . . . . : 1.1.1.1
DHCPv6 IAID . . . . . . . . . . . : 34603701
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-B6-93-84-2C-56-DC-BE-F1-8E
DNS Servers . . . . . . . . . . . : 210.0.128.250
203.184.245.251
8.8.8.8
8.8.4.4
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 10-02-B5-56-AF-DF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.kgv.edu.hk:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : kgv.edu.hk
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: ns250.on-nets.com
Address: 210.0.128.250

Name: google.com
Addresses: 2404:6800:4005:806::200e
216.58.200.14
216.58.200.14
216.58.200.14


Pinging google.com [216.58.200.14] with 32 bytes of data:
Reply from 216.58.200.14: bytes=32 time=3ms TTL=53
Reply from 216.58.200.14: bytes=32 time=4ms TTL=53

Ping statistics for 216.58.200.14:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 3ms, Maximum = 4ms, Average = 3ms
Server: ns250.on-nets.com
Address: 210.0.128.250

Name: yahoo.com
Addresses: 2001:4998:58:c02::a9
2001:4998:c:a06::2:4008
2001:4998:44:204::a7
98.138.253.109
98.139.183.24
206.190.36.45


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=274ms TTL=47
Reply from 98.138.253.109: bytes=32 time=194ms TTL=47

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 194ms, Maximum = 274ms, Average = 234ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
6...2c 56 dc be f1 8e ......Realtek PCIe GBE Family Controller
14...10 02 b5 56 af dc ......Microsoft Wi-Fi Direct Virtual Adapter
5...10 02 b5 56 af db ......Intel(R) Dual Band Wireless-AC 7265
7...10 02 b5 56 af df ......Bluetooth Device (Personal Area Network)
1...........................Software Loopback Interface 1
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.16.39.250 172.16.38.153 45
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
172.16.38.0 255.255.254.0 On-link 172.16.38.153 301
172.16.38.153 255.255.255.255 On-link 172.16.38.153 301
172.16.39.255 255.255.255.255 On-link 172.16.38.153 301
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 172.16.38.153 301
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 172.16.38.153 301
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 331 ::1/128 On-link
5 301 fe80::/64 On-link
5 301 fe80::153f:bb62:9a8:c4e6/128
On-link
1 331 ff00::/8 On-link
5 301 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWoW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWoW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWoW64\winrnr.dll [24064] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWoW64\wshbth.dll [51712] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 13 C:\Windows\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [62976] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/09/2017 10:11:30 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1051_none_7f2bf7ea21d201b2\TiWorker.exe -Embedding; Description = Windows Modules Installer; Error = 0x80070422).

Error: (05/09/2017 10:11:29 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).

Error: (05/09/2017 09:52:53 AM) (Source: Office 2016 Licensing Service) (User: )
Description: Subscription licensing service failed: -2143485946

Error: (05/09/2017 09:52:53 AM) (Source: Microsoft Office 16) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0006; CorrelationId: {84FFB84E-7CC4-4507-A95A-972161D621E2}

Error: (05/09/2017 09:48:37 AM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (05/09/2017 12:20:13 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: DESKTOP-R8TPN6U)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/09/2017 12:20:13 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: DESKTOP-R8TPN6U)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/09/2017 12:20:13 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: DESKTOP-R8TPN6U)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/08/2017 06:13:37 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1051_none_7f2bf7ea21d201b2\TiWorker.exe -Embedding; Description = Windows Modules Installer; Error = 0x80070422).

Error: (05/08/2017 06:13:33 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).


System errors:
=============
Error: (05/09/2017 10:25:07 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (05/09/2017 09:43:54 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (05/09/2017 09:43:54 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (05/09/2017 09:43:54 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (05/09/2017 09:43:54 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (05/09/2017 09:43:52 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (05/09/2017 09:43:45 AM) (Source: Service Control Manager) (User: )
Description: The USER_ESRV_SVC_QUEENCREEK service terminated with the following error:
%%497

Error: (05/09/2017 09:43:43 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 8:57:40 AM on ‎5/‎9/‎2017 was unexpected.

Error: (05/09/2017 09:43:36 AM) (Source: Microsoft-Windows-Kernel-Boot) (User: NT AUTHORITY)
Description: 32212256841561616

Error: (05/09/2017 08:57:48 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable


Microsoft Office Sessions:
=========================
Error: (05/09/2017 10:11:30 AM) (Source: System Restore)(User: )
Description: C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1051_none_7f2bf7ea21d201b2\TiWorker.exe -EmbeddingWindows Modules Installer0x80070422

Error: (05/09/2017 10:11:29 AM) (Source: System Restore)(User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80070422

Error: (05/09/2017 09:52:53 AM) (Source: Office 2016 Licensing Service)(User: )
Description: Subscription licensing service failed: -2143485946

Error: (05/09/2017 09:52:53 AM) (Source: Microsoft Office 16)(User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0006; CorrelationId: {84FFB84E-7CC4-4507-A95A-972161D621E2}

Error: (05/09/2017 09:48:37 AM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (05/09/2017 12:20:13 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: DESKTOP-R8TPN6U)
Description: Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App-2144927141

Error: (05/09/2017 12:20:13 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: DESKTOP-R8TPN6U)
Description: Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App-2144927141

Error: (05/09/2017 12:20:13 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: DESKTOP-R8TPN6U)
Description: Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App-2144927141

Error: (05/08/2017 06:13:37 PM) (Source: System Restore)(User: )
Description: C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1051_none_7f2bf7ea21d201b2\TiWorker.exe -EmbeddingWindows Modules Installer0x80070422

Error: (05/08/2017 06:13:33 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80070422


CodeIntegrity Errors:
===================================
Date: 2017-05-08 19:32:19.977
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_ea8522bfcc1f1aa8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-07 23:08:58.472
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_ea8522bfcc1f1aa8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-07 20:12:09.842
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_ea8522bfcc1f1aa8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-06 12:21:39.359
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_ea8522bfcc1f1aa8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-04 13:05:47.505
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_b2bf7adf4f50ea63\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-03 16:49:06.310
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_b2bf7adf4f50ea63\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-03 08:39:39.067
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\7afab15aa4e68394220c240ca031651d.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-05-03 08:39:37.426
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\7afab15aa4e68394220c240ca031651d.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-05-02 20:15:50.626
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_b2bf7adf4f50ea63\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-01 20:19:20.672
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_b2bf7adf4f50ea63\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.


=========================== Installed Programs ============================

. . (HKLM\...\{12B07FF1-29CB-45AC-B493-1DB88BE717BD}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{C01175B6-6575-4526-A55B-2BC2F10BA083}) (Version: 2.7.2.4 - Intel) Hidden
µTorrent (HKCU\...\uTorrent) (Version: 3.5.0.43580 - BitTorrent Inc.)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Acronis True Image 2015 (HKLM-x32\...\{2E51FA82-585D-42B4-B465-A4160DAD4A26}) (Version: 18.0.4061 - Acronis)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.1 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated)
Adobe CS6 Design and Web Premium (HKLM-x32\...\{402F6F2E-5683-491C-977D-0CA599A07CAF}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Premiere (HKLM\...\{C1CB876C-A08E-4692-B525-42848BD154D7}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CC 2017 (HKLM-x32\...\PPRO_11_0_1) (Version: 11.0.1 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Alcor Micro USB Card Reader Driver (HKLM-x32\...\{AB4E4E64-6DA2-4E43-969E-83ACB1F57BB6}) (Version: 20.24.401.14520 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader Driver (HKLM-x32\...\InstallShield_{AB4E4E64-6DA2-4E43-969E-83ACB1F57BB6}) (Version: 20.24.401.14520 - Alcor Micro Corp.)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.05 - NVIDIA Corporation) Hidden
ASUS GIFTBOX (HKLM-x32\...\ASUS GIFTBOX) (Version: 7.4.223 - ASUSTek Computer Inc)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.17 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.19.0004 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0040 - ASUS)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.151 - ICEpower a/s)
BeamNG.drive v0.9 (HKLM-x32\...\vsetop.com BeamNG.drive v0.9_is1) (Version: 0.9 - VseTop.Com)
Blizzard App (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.52.52 - Conexant)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
DAEMON Tools Ultra (HKLM\...\DAEMON Tools Ultra) (Version: 5.1.0.0585 - Disc Soft Ltd)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.2.5 - ASUSTek COMPUTER INC.)
EaseUS Todo Backup Home 10.0 Trial (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 10.0 - CHENGDU YIWO Tech Development Co., Ltd)
ExpressCache (HKLM\...\{F19137D8-2E93-4043-9634-4D44E7EFE889}) (Version: 1.3.118.0 - Condusiv Technologies)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.81 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Hearts of Iron IV Together for Victory (HKLM-x32\...\Hearts of Iron IV Together for Victory_is1) (Version: - )
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10605.221 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1169 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1633.3 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{7B11A2EA-168E-442A-809E-5F8908A7504F}) (Version: 19.50.1 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{954190cd-c66c-4650-bd15-f3dd85f2ae15}) (Version: 2.7.2.4 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{185db067-38cd-4521-a43e-c39b96ee1389}) (Version: 19.50.1 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Left 4 Dead 2 (HKLM\...\Steam App 550) (Version: - Valve)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7967.2139 - Microsoft Corporation)
Microsoft Office 365 - zh-cn (HKLM\...\O365HomePremRetail - zh-cn) (Version: 16.0.7967.2139 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7967.2139 - Microsoft Corporation)
Microsoft Office 365 ProPlus - zh-cn (HKLM\...\O365ProPlusRetail - zh-cn) (Version: 16.0.7967.2139 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
NVIDIA GeForce Experience 3.5.0.76 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.5.0.76 - NVIDIA Corporation)
NVIDIA Graphics Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.5.0.76 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.8.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.7967.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.7967.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0804-1000-0000000FF1CE}) (Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Opera Stable 44.0.2510.1218 (HKLM-x32\...\Opera 44.0.2510.1218) (Version: 44.0.2510.1218 - Opera Software)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0360 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.5.0.76 - NVIDIA Corporation) Hidden
StarCraft (HKLM-x32\...\StarCraft) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stellaris (HKLM\...\Steam App 281990) (Version: - Paradox Development Studio)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.59518 - TeamViewer)
Terraria (HKLM\...\Steam App 105600) (Version: - Re-Logic)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Wallpaper Engine (HKLM\...\Steam App 431960) (Version: - Kristjan Skutta)
WhatsApp (HKCU\...\WhatsApp) (Version: 0.2.4240 - WhatsApp)
Windows Driver Package - ASUS (AsusSGDrv) Mouse (11/14/2016 8.0.0.26) (HKLM\...\F2F863C5091CD775A1EC34759959219D836FDA66) (Version: 11/14/2016 8.0.0.26 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.1.0 - ASUS)
WPS Office for ASUS (HKLM-x32\...\Kingsoft Office) (Version: 10.1.0.5644 - Kingsoft Corp.)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 65%
Total physical RAM: 8090.88 MB
Available physical RAM: 2760.41 MB
Total Virtual: 9498.88 MB
Available Virtual: 3611.78 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:487.99 GB) (Free:297.17 GB) NTFS

========================= Users: ========================================

User accounts for \\DESKTOP-R8TPN6U

Administrator DefaultAccount defaultuser0
Guest user


**** End of log ****

Logfile of HiJackThis Fork (Alpha) by Alex Dragokas v.2.6.4.17

Platform: x64 Windows 10 (Home), 10.0.14393 (ReleaseId: 1607), Service Pack: 0
Time: 09.05.2017 - 10:48
Language: OS: English (0x409). Display: English (0x409). Non-Unicode: English (0x409)
Elevated: Yes
Ran by: user (group: Administrator) on DESKTOP-R8TPN6U

Opera: 44.0.2510.1218
Chrome: 58.0.3029.81
Edge: 11.0.14393.351
Internet Explorer: 11.0.14393.0

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
1 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
1 C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe
1 C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
1 C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
1 C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
1 C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
1 C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
1 C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
1 C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
1 C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\wtoolex\wpsupdatesvr.exe
1 C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
1 C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
1 C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
1 C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
1 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
1 C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
1 C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
1 C:\Program Files\DAEMON Tools Ultra\DTAgent.exe
1 C:\Program Files\DAEMON Tools Ultra\DiscSoftBusServiceUltra.exe
1 C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
1 C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
1 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
1 C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
2 C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
1 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
1 C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
6 C:\Program Files\Opera\44.0.2510.1218\opera.exe
1 C:\Program Files\Opera\44.0.2510.1218\opera_crashreporter.exe
1 C:\Program Files\Windows Defender\MpCmdRun.exe
1 C:\Program Files\Windows Defender\MsMpEng.exe
1 C:\Program Files\Windows Defender\NisSrv.exe
1 C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.675.0_x64__kzf8qxf38zg5c\SkypeHost.exe
1 C:\Users\user\Desktop\HiJackThis.exe
1 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
1 C:\Windows\SysWOW64\esif_uf.exe
1 C:\Windows\System32\CxAudMsg64.exe
1 C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe
1 C:\Windows\System32\InputMethod\CHS\ChsIME.exe
1 C:\Windows\System32\SASrv.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\WUDFHost.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\dasHost.exe
1 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\ibtsiva.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
16 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\vds.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wbem\unsecapp.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\System32\wlanext.exe
1 C:\Windows\System32\wuauclt.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
1 C:\Windows\Temp\DPTF\esif_assist_64.exe
1 C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1051_none_7f2bf7ea21d201b2\TiWorker.exe
2 C:\Windows\explorer.exe
1 C:\Windows\servicing\TrustedInstaller.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus17win10.msn.com/?pc=ASTE
R4 - HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: DisplayName = Bing
R4 - HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: URL = http://www.bing.com/search?q={searchTerms}&form=PRASU1&src=IE11TR&pc=ASTE
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL
O2-32 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2-32 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2-32 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O2-32 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL
O2-32 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3-32 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKCU\..\Run: [DAEMON Tools Ultra Agent] C:\Program Files\DAEMON Tools Ultra\DTAgent.exe -autorun
O4 - HKCU\..\Run: [OneDrive] C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background
O4 - HKCU\..\StartupApproved\Run: [uTorrent] (2017/04/24)C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
O4 - HKLM\..\Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
O4 - HKLM\..\Run: [ShadowPlay] C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
O4 - HKLM\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /c /delay:30
O4 - HKLM\..\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
O4 - HKLM\..\StartupApproved\Run: [WindowsDefender] (1601/01/01)C:\Program Files\Windows Defender\MSASCuiL.exe
O4 - HKU\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
O4 - HKU\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
O4-32 - HKLM\..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
O4-32 - HKLM\..\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
O4-32 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe
O4-32 - HKLM\..\Run: [Adobe Creative Cloud] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --showwindow=false --onOSstartup=true
O4-32 - HKLM\..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin
O4-32 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4-32 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll (HKLM)
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll (HKLM)
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll (HKLM)
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll (HKLM)
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll (HKLM)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll (HKLM)
O9-32 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll (HKLM)
O9-32 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll (HKLM)
O9-32 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll (HKLM)
O9-32 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll (HKLM)
O9-32 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll (HKLM)
O9-32 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll (HKLM)
O17 - DHCP DNS - 1: 210.0.128.250
O17 - DHCP DNS - 2: 203.184.245.251
O17 - DHCP DNS - 3: 8.8.8.8
O17 - DHCP DNS - 4: 8.8.4.4
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
O22 - Task (Ready): ASC10_SkipUac_user - C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe /SkipUac (file missing)
O22 - Task (Ready): ASUS Live Update1 - C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe -critical
O22 - Task (Ready): ASUS Live Update2 - C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe -check
O22 - Task (Ready): ASUS Smart Gesture Launcher - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe
O22 - Task (Ready): ASUS Splendid ACMON - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
O22 - Task (Ready): ASUS USB Charger Plus - C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
O22 - Task (Ready): ATK Package 36D18D69AFC3 - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe -CancelShutdown
O22 - Task (Ready): ATK Package A22126881260 - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe
O22 - Task (Ready): Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O22 - Task (Ready): Adobe Flash Player PPAPI Notifier - C:\Windows\SysWoW64\Macromed\Flash\FlashUtil32_25_0_0_148_pepper.exe -check pepperplugin
O22 - Task (Ready): Adobe Flash Player Updater - C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
O22 - Task (Ready): AdobeAAMUpdater-1.0-DESKTOP-R8TPN6U-user - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled
O22 - Task (Ready): GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task (Ready): GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task (Ready): IObitSelfCheckTask - C:\Program Files (x86)\IObit\Smart Defrag\IObitSelfCheck.exe /dotip (file missing)
O22 - Task (Ready): NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
O22 - Task (Ready): NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe --launcher=TaskScheduler
O22 - Task (Ready): NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
O22 - Task (Ready): NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
O22 - Task (Ready): NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe
O22 - Task (Ready): NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe --logon
O22 - Task (Ready): NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe
O22 - Task (Ready): Nvbackend_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (file missing)
O22 - Task (Ready): Opera scheduled Autoupdate 1492056339 - C:\Program Files\Opera\launcher.exe --scheduledautoupdate $(Arg0)
O22 - Task (Ready): USER_ESRV_SVC_QUEENCREEK - C:\Windows\System32\Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
O22 - Task (Ready): Update Checker - C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe
O22 - Task (Ready): WpsExternal_20161109182920 - C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe /wpscloudlaunch /wpsexternal /from=task
O22 - Task (Ready): WpsKtpcntrQingTask_Administrator - C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\office6\ktpcntr.exe qing 10.1.0.5644 xxx server_url="http://kdl1.cache.wps.com/ksodl/wpscfg/client/____client____html____service____bubble.html" ic_server_url="http://info.kingsoftstore.com/wpsv6internet/infos.ads"
O22 - Task (Ready): \ASUSTek Computer Inc\ASUS GIFTBOX - C:\Program Files (x86)\ASUS\Giftbox\asusgiftbox.exe
O22 - Task (Ready): \ASUS\ASUS Product Register Service - C:\Program Files (x86)\ASUS\APRP\aprp.exe
O22 - Task (Ready): \Intel\Intel Telemetry 2 - C:\Program Files\Intel\Telemetry 2.0\lrio.exe
O22 - Task (Ready): \Microsoft\Office\Office Automatic Updates - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe /update SCHEDULEDTASK displaylevel=False
O22 - Task (Ready): \Microsoft\Office\Office ClickToRun Service Monitor - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe /WatchService
O22 - Task (Ready): \Microsoft\Office\Office Subscription Maintenance - C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe
O22 - Task (Ready): \Microsoft\Office\OfficeTelemetryAgentFallBack2016 - C:\Program Files\Microsoft Office\root\Office16\msoia.exe scan upload mininterval:2880
O22 - Task (Ready): \Microsoft\Office\OfficeTelemetryAgentLogOn2016 - C:\Program Files\Microsoft Office\root\Office16\msoia.exe scan upload
O22 - Task (Ready): \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\Windows\system32\compattelrunner.exe
O22 - Task (Ready): \Microsoft\Windows\Application Experience\ProgramDataUpdater - C:\Windows\system32\compattelrunner.exe -maintenance
O22 - Task (Ready): \Microsoft\Windows\MemoryDiagnostic\VideoMemoryDiagnostic - C:\ProgramData\VideoMemoryDiagnostic\vmdiag.exe /CheckUp /AdapterId 3 (file missing)
O23 - Service R2: @oem17.inf,%SERVICE_NAME%;Intel Bluetooth Service - (ibtsiva) - C:\Windows\system32\ibtsiva.exe
O23 - Service R2: @oem30.inf,%ServiceDisplayName%;ESIF Upper Framework Service - (esifsvc) - C:\Windows\SysWoW64\esif_uf.exe
O23 - Service R2: ASLDR Service - (ASLDRService) - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
O23 - Service R2: ATKGFNEX Service - (ATKGFNEXSrv) - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service R2: Acronis Nonstop Backup Service - (afcdpsrv) - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service R2: Acronis Scheduler2 Service - (AcrSch2Svc) - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service R2: Acronis Sync Agent Service - (syncagentsrv) - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: Adobe Genuine Software Integrity Service - (AGSService) - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service R2: AdobeUpdateService - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
O23 - Service R2: Bonjour Service - C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe
O23 - Service R2: Conexant Audio Message Service - (CxAudMsg) - C:\Windows\system32\CxAudMsg64.exe
O23 - Service R2: Conexant SmartAudio service - (SAService) - C:\Windows\SysWow64\SAsrv.exe
O23 - Service R2: EaseUS Agent Service - (EaseUS Agent) - C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
O23 - Service R2: Energy Server Service queencreek - (ESRV_SVC_QUEENCREEK) - C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
O23 - Service R2: ExpressCache - C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
O23 - Service R2: Intel(R) Dynamic Application Loader Host Interface Service - (jhi_service) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService2.0.0.0) - C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe
O23 - Service R2: Intel(R) Management and Security Application Local Management Service - (LMS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service R2: Intel(R) PROSet/Wireless Event Log - (EvtEng) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service R2: Intel(R) PROSet/Wireless Registry Service - (RegSrvc) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service R2: Intel(R) PROSet/Wireless Zero Configuration Service - (ZeroConfigService) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
O23 - Service R2: Intel(R) System Usage Report Service SystemUsageReportSvc_QUEENCREEK - (SystemUsageReportSvc_QUEENCREEK) - C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
O23 - Service R2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service R2: NVIDIA LocalSystem Container - (NvContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service R2: NVIDIA Telemetry Container - (NvTelemetryContainer) - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service R2: TeamViewer 11 - (TeamViewer) - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service R2: WPS Office Update Service - (Kingsoft_WPS_UpdateService) - C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\wtoolex\wpsupdatesvr.exe
O23 - Service R2: Windows Defender Service - (WinDefend) - C:\Program Files\Windows Defender\MsMpEng.exe
O23 - Service R3: Disc Soft Ultra Bus Service - C:\Program Files\DAEMON Tools Ultra\DiscSoftBusServiceUltra.exe
O23 - Service R3: Intel(R) Security Assist - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
O23 - Service R3: Windows Defender Network Inspection Service - (WdNisSvc) - C:\Program Files\Windows Defender\NisSrv.exe
O23 - Service S2: Google Update Service (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service S2: Intel(R) Security Assist Helper - (isaHelperSvc) - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
O23 - Service S2: User Energy Server Service queencreek - (USER_ESRV_SVC_QUEENCREEK) - C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: Adobe SwitchBoard - (SwitchBoard) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service S3: Google Update Service (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service S3: Intel(R) Capability Licensing Service TCP IP Interface - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service S3: Intel(R) Content Protection HDCP Service - (cplspcon) - C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHDCPSvc.exe
O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHeciSvc.exe
O23 - Service S3: NVIDIA NetworkService Container - (NvContainerNetworkService) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service S3: WPS Office Cloud Service - (wpscloudsvr) - C:\Program Files (x86)\Kingsoft\WPS Office\wpscloudsvr.exe
O23 - Service S3: Wireless PAN DHCP Server - (MyWiFiDHCPDNS) - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

--
End of file - Time spent: 7 sec. - 47720 bytes, CRC32: FFFFFFFF. Sign: 㪝

Fix with HijackThis!

Close all other programs!

Right Click Hijack this, run as administrator.
Click do a system scan only.
Place a tick next to the items below.

O4 - HKCU\..\Run: [DAEMON Tools Ultra Agent] C:\Program Files\DAEMON Tools Ultra\DTAgent.exe -autorun
O4 - HKCU\..\Run: [OneDrive] C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background
O4 - HKCU\..\StartupApproved\Run: [uTorrent] (2017/04/24)C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
O4 - HKLM\..\Run: [ShadowPlay] C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
O4 - HKLM\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /c /delay:30
O4 - HKLM\..\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
O4 - HKU\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
O4 - HKU\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
O4-32 - HKLM\..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
O4-32 - HKLM\..\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
O4-32 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe
O4-32 - HKLM\..\Run: [Adobe Creative Cloud] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --showwindow=false --onOSstartup=true
O4-32 - HKLM\..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin
O4-32 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4-32 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
O22 - Task (Ready): ASC10_SkipUac_user - C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe /SkipUac (file missing)
O22 - Task (Ready): ASUS Live Update1 - C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe -critical
O22 - Task (Ready): ASUS Live Update2 - C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe -check
O22 - Task (Ready): ASUS Smart Gesture Launcher - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe
O22 - Task (Ready): ASUS Splendid ACMON - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
O22 - Task (Ready): ASUS USB Charger Plus - C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
O22 - Task (Ready): ATK Package 36D18D69AFC3 - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe -CancelShutdown
O22 - Task (Ready): ATK Package A22126881260 - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe
O22 - Task (Ready): Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O22 - Task (Ready): Adobe Flash Player PPAPI Notifier - C:\Windows\SysWoW64\Macromed\Flash\FlashUtil32_25_0_0_148_pepper.exe -check pepperplugin
O22 - Task (Ready): Adobe Flash Player Updater - C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
O22 - Task (Ready): AdobeAAMUpdater-1.0-DESKTOP-R8TPN6U-user - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled
O22 - Task (Ready): IObitSelfCheckTask - C:\Program Files (x86)\IObit\Smart Defrag\IObitSelfCheck.exe /dotip (file missing)
O22 - Task (Ready): NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
O22 - Task (Ready): Opera scheduled Autoupdate 1492056339 - C:\Program Files\Opera\launcher.exe --scheduledautoupdate $(Arg0)
O22 - Task (Ready): USER_ESRV_SVC_QUEENCREEK - C:\Windows\System32\Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
O22 - Task (Ready): Update Checker - C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe
O22 - Task (Ready): WpsExternal_20161109182920 - C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe /wpscloudlaunch /wpsexternal /from=task
O22 - Task (Ready): WpsKtpcntrQingTask_Administrator - C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\office6\ktpcntr.exe qing 10.1.0.5644 xxx server_url="http://kdl1.cache.wps.com/ksodl/wpscfg/client/____client____html____service____bubble.html" ic_server_url="http://info.kingsoftstore.com/wpsv6internet/infos.ads"
O22 - Task (Ready): \ASUSTek Computer Inc\ASUS GIFTBOX - C:\Program Files (x86)\ASUS\Giftbox\asusgiftbox.exe
O22 - Task (Ready): \ASUS\ASUS Product Register Service - C:\Program Files (x86)\ASUS\APRP\aprp.exe
O22 - Task (Ready): \Intel\Intel Telemetry 2 - C:\Program Files\Intel\Telemetry 2.0\lrio.exe
O22 - Task (Ready): \Microsoft\Office\Office Automatic Updates - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe /update SCHEDULEDTASK displaylevel=False
O22 - Task (Ready): \Microsoft\Office\Office ClickToRun Service Monitor - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe /WatchService
O22 - Task (Ready): \Microsoft\Office\Office Subscription Maintenance - C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe
O22 - Task (Ready): \Microsoft\Office\OfficeTelemetryAgentFallBack2016 - C:\Program Files\Microsoft Office\root\Office16\msoia.exe scan upload mininterval:2880
O22 - Task (Ready): \Microsoft\Office\OfficeTelemetryAgentLogOn2016 - C:\Program Files\Microsoft Office\root\Office16\msoia.exe scan upload
O22 - Task (Ready): \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\Windows\system32\compattelrunner.exe
O22 - Task (Ready): \Microsoft\Windows\Application Experience\ProgramDataUpdater - C:\Windows\system32\compattelrunner.exe -maintenance
O22 - Task (Ready): \Microsoft\Windows\MemoryDiagnostic\VideoMemoryDiagnostic - C:\ProgramData\VideoMemoryDiagnostic\vmdiag.exe /CheckUp /AdapterId 3 (file missing)
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: Bonjour Service - C:\Program Files (x86)\Blizzard\Bonjour Service\mDNSResponder.exe
O23 - Service R2: NVIDIA Telemetry Container - (NvTelemetryContainer) - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe



Click fix checked.
Accept the prompt.
Reboot the machine after.

ZHP Diag Scan


Download ZHP Diag to your desktop.


1. Right Click Run as Admin.

2. Click the Options button.

Click on Check All
Then Click Validate
Then click close.






2. Click the Scanner button.




When complete please push the report button.
A notepad will open... copy and paste the report in your next reply.

Any update for us?

ZHP Fix

• Disable your antivirus prior to this fix!
  
• Download ZHP-Fix from here.
• Install it.
• Click Suivant 5 Times.
• Then Installer.
• Then Terminer.
• Then right clcick the ZHP Fix icon Run as admin.
• Copy the entire content of the code box below, the next step will grab it from your clipboard.
  
• Then click on import.
• Then click GO.
• Allow completion.
• A log file will appear on your desktop.
  
• Post it here in your next reply.