HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896 Faulting module path: C:\Windows\System32\KERNELBASE.dll FF ProfilePath: C:\Users\Pepega\AppData\Roaming\Mozilla\Firefox\Profiles\q42kwfcc.default-release [2021-10-24] Task: {a68a203b-7eaa-4914-a565-5ff9759ae2a4} - no filepath 2021-10-13 16:41 - 2021-10-13 16:41 - 000001827 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk 2021-10-13 22:14 - 2021-10-07 19:27 - 000452224 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe 0.0.0.0 telecommand.telemetry.microsoft.com (Currently there is no automatic fix for this section.) Task: {bfa657d3-0b7d-471a-89e3-f729ecb71365} - no filepath Faulting package-relative application ID: 2021-10-02 23:04 - 2021-09-14 14:39 - 002838384 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll PC stuck at Aorus loading screen. - Tom's Hardware Forum Detection Origin: Local machine service 2021-10-03 09:12 - 2021-10-03 09:12 - 000000000 ____D C:\Users\Pepega\AppData\Roaming\NuGet Task: {7d4dac2b-fbf4-45de-adae-6a9396b9ca9c} - no filepath 2021-10-02 23:02 - 2021-10-02 23:02 - 000000000 ____D C:\Users\Pepega\AppData\Roaming\AMD Task: {dceb985f-25eb-484d-ae30-6da7f11e1091} - no filepath ==================== Faulty Device Manager Devices ============ 2021-10-08 09:32 - 2021-10-08 09:32 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla 2021-10-24 13:05 - 2021-10-24 13:43 - 000000159 _____ C:\Users\Pepega\Desktop\thingstodelete.txt 2021-10-13 16:20 - 2021-10-13 16:38 - 000000254 _____ C:\Users\Pepega\AppData\LocalLow\rbxcsettings.rbx 2021-10-12 19:20 - 2021-10-12 19:20 - 000000000 ____D C:\Users\Pepega\AppData\Local\EOSUserHelper 2021-10-05 15:51 - 2021-10-05 16:12 - 000000094 _____ C:\Users\Pepega\Desktop\cod filters.txt 3>restart. Task: {dfa6b7fe-8965-4d4f-9d9a-7abe5c5ee553} - no filepath 2021-10-02 23:25 - 2021-10-04 18:19 - 000000000 ____D C:\Windows\system32\1036 "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95d6d4ae-89c2-47b7-947d-0a2c92579474}" => removed successfully Microsoft Edge WebView2 Runtime (HKLM-x32\\Microsoft EdgeWebView) (Version: 95.0.1020.30 - Microsoft Corporation) 2021-10-02 22:56 - 2021-10-07 11:58 - 000125568 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys It has done this 1 time(s). It is the time when you shutdown not "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{fae948d5-3779-41c7-9906-949a94f8fbda}" => removed successfully Exception code: 0xe0434352 i also cannot use a startup bat file to immediately terminate these executables from running as they have a delayed start. 0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net Task: {2d5dd02e-d989-436b-a3d0-b2283ce2c942} - no filepath 2021-10-02 23:18 - 2021-10-02 23:18 - 000001429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk 2017-10-05 15:26 - 2017-10-05 15:26 - 002247168 _____ (TODO: ) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\CRtive.dll Task: {0ffde93b-8785-42a8-8c6c-2672d544280d} - no filepath at System.Windows.Forms.Clipboard.ThrowIfFailed(Int32) 2021-10-12 19:18 - 2021-10-12 19:18 - 000000000 ____D C:\Users\Pepega\AppData\Local\Epic Games 2021-10-22 11:43 - 2021-10-22 11:44 - 000000000 ____D C:\Riot Games Task: {9b1a2e00-1c51-45d5-b5e4-9257d58cc2fe} - no filepath "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9ab420ae-8543-428c-9838-410f79c8d585}" => removed successfully FirewallRules: [{199C16F6-0269-4609-BF27-31826F152D00}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) Task: {b2522ebf-6a65-406b-9bc7-1ce57d2a2c7c} - no filepath icecap_collection_neutral (HKLM-x32\\{519060B0-9C83-4D54-97A7-32C2350583C9}) (Version: 17.0.31709 - Microsoft Corporation) Hidden ==================== Loaded Modules (Whitelisted) ============= 2021-10-13 16:20 - 2021-10-13 16:20 - 000000000 ____D C:\Users\Pepega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox 2021-10-02 23:04 - 2021-10-02 23:04 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{bb2029d9-cbf0-4ee3-aa1b-fbafda7b399a}" => removed successfully ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\\{5A260D5A-95D3-4956-8E0A-E182CC4144ED}) (Version: 4.8.04162 - Microsoft Corporation) Hidden Detection Source: Real-Time Protection Running from C:\Users\Pepega\Downloads Detection Type: Concrete Task: {95d6d4ae-89c2-47b7-947d-0a2c92579474} - no filepath Task: {1e6a4e2b-eca4-4162-8baf-5e2cbc56f0a8} - no filepath Task: {134fdbcd-c972-40e5-a39b-91c169e4c9bf} - no filepath "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ed48b1d9-cb70-4ae5-8deb-ce6ddd63422a}" => removed successfully Resetting , OK! CMD: ipconfig /flushDNS \\?\Volume{66a9e99a-1cf4-4f5a-a085-9db2177d6629}\ (Recovery) (Fixed) (Total:0.52 GB) (Free:0.5 GB) NTFS Task: {572eb39c-ac47-4eda-a21b-d776650fa302} - no filepath 2021-10-12 19:18 - 2021-10-12 19:20 - 000000000 ____D C:\ProgramData\Epic (Discord Inc. -> Discord Inc.) C:\Users\Pepega\AppData\Local\Discord\app-1.0.9003\Discord.exe <6> Task: {9BB503F1-5151-4934-BC8F-F3BE719FB619} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-09-14] (NVIDIA Corporation -> NVIDIA Corporation) NVIDIA PhysX System Software 9.21.0713 (HKLM\\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation) Epic Games Launcher (HKLM-x32\\{209F4B4B-3DF2-4825-9906-D4D6A80EC09E}) (Version: 1.3.0.0 - Epic Games, Inc.) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION CMD: netsh int ip reset Description: HKU\S-1-5-21-326566074-3447909417-183555969-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg 2021-10-02 23:25 - 2021-10-04 18:19 - 000000000 ____D C:\Windows\system32\1040 ==================== MSCONFIG/TASK MANAGER disabled items == "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{977e0d72-710d-4264-bfbf-105f17f81aa3}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9787f435-46f9-458d-9737-9ba0cb4bc234}" => removed successfully the miner is called 'Update.exe' and is located in appdata. Name: SettingsModifier:Win32/PossibleHostsFileHijack 2021-10-20 14:50 - 2021-10-20 14:50 - 000036352 ____N (GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Windows\gdrv3.sys Task: {b44de6b6-1303-474b-bd1f-0c3e771de5d9} - no filepath Task: {6298650e-c3bc-47e3-a571-b4eea94ac419} - no filepath ========= vs_clickoncebootstrappermsi (HKLM-x32\\{86B9577E-4C3E-4035-BAAF-CAFB08B73ADD}) (Version: 17.0.31709 - Microsoft Corporation) Hidden ==================== Installed Programs ====================== The "AlternateShell" will be restored.) i tried using the tron script (utilizes hitman pro, malwarebytes, and kaspersky) but it only temporarily solved the issue. 2021-10-24 13:24 - 2021-10-24 15:28 - 000000000 ____D C:\Users\Pepega\Desktop\resources Task: {C6B4432E-BB97-4CBA-9DFC-158E3B8F51BE} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [680888 2021-10-07] (Mozilla Corporation -> Mozilla Foundation) R1 MSIO; C:\Windows\system32\drivers\MsIo64.sys [17424 2021-10-20] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd) Resetting , OK! KeePassXC (HKLM\\{89472929-1ED2-410F-B9CC-974CEE93800E}) (Version: 2.6.6 - KeePassXC Team) CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R Task: {46ee8f94-e240-420c-a5e8-0660f5c5f9e1} - no filepath The Client License Service (ClipSVC) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. vs_SQLClickOnceBootstrappermsi (HKLM-x32\\{F16C13E8-83A4-47C8-8687-B9E1DDDFA80C}) (Version: 17.0.31703 - Microsoft Corporation) Hidden Faulting package full name: ==================== One month (created) (Whitelisted) ========= "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{bfa657d3-0b7d-471a-89e3-f729ecb71365}" => removed successfully 2021-10-15 11:55 - 2021-10-15 11:55 - 000000000 ____D C:\Users\Pepega\AppData\Local\BlueStacks Task: {4596b534-45a4-4c4e-93a8-e4c01a69090e} - no filepath 'Thing.bat' and 'Thing2.bat' are batch files that i wrote to try and kill 'Update.exe' and 'Windows Driver Installation Service.exe' on startup, but as said in my post, the apps have a delayed start so my batch files are pretty much useless. Task: {78bdf1d8-0a82-4ea3-8ac6-e6a6e95fd874} - no filepath 2021-10-24 20:41 - 2021-10-24 21:08 - 000000020 _____ C:\Windows\system32\Drivers\SMR540.dat WinRAR 6.02 (64-bit) (HKLM\\WinRAR archiver) (Version: 6.02.0 - win.rar GmbH) Task: {66f5635a-5bb6-4432-8d29-d7d2f625b98a} - no filepath 2021-10-24 14:58 - 2019-03-19 15:37 - 000032768 _____ C:\Windows\system32\config\ELAM Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.30.30528 (HKLM-x32\\{97b4863e-6df5-4673-8f93-2a549b8a4a91}) (Version: 14.30.30528.0 - Microsoft Corporation) Fault offset: 0x000000000003a839 (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe 2021-10-13 22:14 - 2021-10-07 19:29 - 000635008 _____ C:\Windows\SysWOW64\nvofapi.dll vs_BlendMsi (HKLM-x32\\{0FA54D38-8BB1-4B4B-B8FA-AC3191AD862D}) (Version: 17.0.31703 - Microsoft Corporation) Hidden Task: {53b08e97-673e-4df6-ae10-9a73f6648a6c} - no filepath FirewallRules: [{D2BE48F9-4A26-495F-A434-C4289999EADD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) Python 3.9.5 Core Interpreter (64-bit symbols) (HKLM\\{7AE79937-D0A7-4D36-9965-5E91E22E5FFA}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden 2021-10-13 22:14 - 2021-10-07 19:32 - 001874648 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe 0.0.0.0 settings-win.data.microsoft.com Description: Description: Faulting application name: Windows Driver Installation Service.exe, version: 10.0.100.100, time stamp: 0x6174a237 Task: {90b432e7-5c87-425c-9dd5-33099e0e41c9} - no filepath FirewallRules: [{c3fd991f-853b-41ba-b492-a58509655958}] => (Allow) C:\Program Files\ldplayerbox\LdVBoxHeadless.exe (Shanghai Changzhi Network Technology Co., Ltd. -> Oracle Corporation) Task: {95bbc0e1-37d1-403e-badd-d7f7c4fc36d1} - no filepath Task: {560963e7-8fb3-45a5-b560-b69102dfab6a} - no filepath 2021-10-02 23:44 - 2021-10-24 12:19 - 000000000 ____D C:\Users\Pepega\AppData\Local\Battle.net Task: {53b08e97-673e-4df6-ae10-9a73f6648a6c} - no filepath "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{bb4b5836-08d4-46b2-996b-c55ac054f68a}" => removed successfully "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mpcmdrun.exe" => not found 2021-10-18 19:33 - 2021-10-18 19:33 - 000002385 _____ C:\Users\Pepega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nahimic Companion.lnk WinRT Intellisense PPI - en-us (HKLM-x32\\{15E29AFF-CB19-A20B-9A81-B0765A63115F}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden Task: {48ae682f-228f-4e67-8aa4-854778a3a6a2} - no filepath 0.0.0.0 sqm.df.telemetry.microsoft.com Fusion 2.0 working for Aorus Xtreme 3080 working FF Extension: (TubeBuddy) - C:\Users\Pepega\AppData\Roaming\Mozilla\Firefox\Profiles\q42kwfcc.default-release\Extensions\e389d8c2-5554-4ba2-a36e-ac7a57093130@gmail.com.xpi [2021-10-14] IntelliTraceProfilerProxy (HKLM-x32\\{C8891AD2-C223-45CD-A9BE-617A68923B61}) (Version: 15.0.21225.01 - Microsoft Corporation) Hidden Microsoft Update Health Tools (HKLM\\{8A6AB459-CB4B-4D09-8C1E-337FB59135C4}) (Version: 2.84.0.0 - Microsoft Corporation) Task: {e62b268c-ea0c-4217-bfa2-7bd1145ba5a0} - no filepath Platform: Microsoft Windows 10 Pro Version 1909 18363.418 (X64) Language: English (United States) (If an entry is included in the fixlist, it will be removed.) ==================== Security Center ======================== Task: {8c4fdb45-99dd-42f3-8984-07e5f8dff7f4} - no filepath ================ Task: {6298650e-c3bc-47e3-a571-b4eea94ac419} - no filepath 2021-10-02 23:07 - 2021-10-02 23:07 - 000000000 ____D C:\Users\Pepega\AppData\Local\SquirrelTemp 2021-10-18 20:24 - 2021-10-18 20:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Ryzen Master ==================== MBR & Partition Table ==================== 2021-10-13 22:14 - 2021-10-07 19:27 - 005703288 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll Microsoft Visual Studio Installer (HKLM\\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 3.0.3444.25014 - Microsoft Corporation) 2021-10-24 13:01 - 2021-10-24 17:56 - 000000410 __RSH C:\ProgramData\ntuser.pol Task: {098ef5b0-108d-4923-9d7d-021a97ef1fba} - no filepath Bluetooth Network Connection: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) Error: (10/24/2021 07:28:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) at System.Windows.Forms.Clipboard.GetDataObject() Python 3.9.5 pip Bootstrap (64-bit) (HKLM\\{7559EB6B-36F9-4AE8-8970-532E4DC0ECA3}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden Application errors: Name: SettingsModifier:Win32/PossibleHostsFileHijack Task: {fc60ad33-5948-48d9-9f11-c6ca25373a9c} - no filepath Engine Version: AM: 1.1.18600.4, NIS: 1.1.18600.4 2021-10-15 11:59 - 2021-10-15 11:59 - 000000128 _____ () C:\Users\Pepega\AppData\Roaming\changzhi_leidianmac.data 2021-10-03 15:03 - 2019-03-19 15:52 - 000000000 ____D C:\Windows\system32\Sysprep "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1a105416-49db-4c94-a1d7-5a3597878e9a}" => removed successfully Task: {410813e0-851c-472e-9a03-ef8f43a11e2b} - no filepath Task: {fae948d5-3779-41c7-9906-949a94f8fbda} - no filepath "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{f31abc37-3a79-4244-9a4b-03a808823654}" => removed successfully Description: The AORUS LCD Panel Service service terminated unexpectedly. Task: {4204c90d-5097-480b-ab90-0cff3c443b89} - no filepath 2021-10-22 12:27 - 2021-10-24 19:38 - 000000001 _____ C:\Windows\vgkbootstatus.dat Task: {0ffde93b-8785-42a8-8c6c-2672d544280d} - no filepath (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe Task: {e0ba60f1-d26f-4185-8bb0-04b05678ff5a} - no filepath The file which is running by the task will not be moved.) Faulting package full name: 2021-10-02 23:49 - 2021-10-02 23:49 - 000000219 _____ C:\Users\Pepega\Desktop\Counter-Strike Global Offensive.url Engine Version: AM: 1.1.18600.4, NIS: 1.1.18600.4 2021-10-02 22:51 - 2019-03-19 15:52 - 000000000 ____D C:\Windows\system32\FxsTmp Process Name: C:\Users\Pepega\AppData\Local\Discord\app-1.0.9003\Discord.exe 2021-10-02 23:17 - 2021-10-24 09:40 - 000000000 ____D C:\Users\Pepega\AppData\Local\NVIDIA Corporation Task: {8c4fdb45-99dd-42f3-8984-07e5f8dff7f4} - no filepath Framework Version: v4.0.30319 2021-10-04 10:59 - 2021-10-24 20:38 - 000000000 ____D C:\Users\Pepega\AppData\LocalLow\Mozilla The following corrective action will be taken in 10 milliseconds: Restart the service. Name: SettingsModifier:Win32/PossibleHostsFileHijack Task: {a1c5790b-b106-45b9-9d9c-0442f6ab1b08} - no filepath ==================== Registry (Whitelisted) =================== Suspected miner installed on my computer after Task: {4fb942bf-3d44-41ff-bc65-52cd12996f26} - no filepath *Digital LEDs are available only on select Motherboards, external LED Strips, Digital LED Strips are not included with Motherboard purchase. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{f0e86eb7-a641-47fc-9528-df32545b183d}" => removed successfully HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141 (If an entry is included in the fixlist, it will be removed.) Boot Mode: Normal Error: (10/24/2021 07:36:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Task: {b44de6b6-1303-474b-bd1f-0c3e771de5d9} - no filepath Task: {ca0fb10b-e917-4aa5-9e3a-f6a019682f3f} - no filepath Severity: Medium And if the question was in general wich LCD Panel we mean. The Aorus Master 370 and 3080 have a LCD Panel on the site to show of GPU Stats and Gifs. THANK YOU! Task: {f99694c5-bf64-4109-a138-067cb4c7d2e7} - no filepath "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{d6cfa018-c9cc-40f6-8ae8-0b452b7908aa}" => removed successfully WebA Customers may purchase an AORUS Extended Warranty at the time of registration for eligible product. ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> ) C:\Users\Pepega\NTUSER.pol => moved successfully ?\C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys [X] Python 3.9.5 Standard Library (64-bit symbols) (HKLM\\{72FB8CF5-E7CB-4CD2-90B2-39ADC3483845}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden 2019-03-19 15:49 - 2021-10-24 15:25 - 000002820 _____ C:\Windows\system32\drivers\etc\hosts Task: {3b6b25a5-1bf5-48bb-81f3-5e306db688ba} - no filepath HKU\S-1-5-21-326566074-3447909417-183555969-1001\\Run: [Print driver host for applications] => C:\Program Files (x86)\Print driver host for applications\Print driver host for applications.exe [74752 2021-10-24] (Microsoft Corporation) [File not signed] 2021-10-03 10:57 - 2021-10-03 10:57 - 000000000 ____D C:\Users\Pepega\ansel Edge DefaultProfile: Default Task: {7a44f97c-3b59-4a4b-a061-3e52f050d32e} - no filepath Task: {19e78c37-4706-4ee6-b14f-00a377e1761c} - no filepath 2021-10-24 19:36 - 2019-03-19 15:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55b76d6d-fbf6-450e-a24e-071e1db9f945}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8a370bc5-d53d-4130-9a86-55745d7884c5}" => removed successfully CustomCLSID: HKU\S-1-5-21-326566074-3447909417-183555969-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Pepega\AppData\Local\Microsoft\OneDrive\21.170.0822.0002\amd64\FileSyncShell64.dll => No File ==================== Files in the root of some directories ======== HKU\S-1-5-21-326566074-3447909417-183555969-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => removed successfully vs_minshellinteropsharedmsi (HKLM-x32\\{6A4F2879-CFBC-4023-8C00-75E2ED65E0C9}) (Version: 17.0.31709 - Microsoft Corporation) Hidden 2021-10-24 21:16 - 2021-10-24 21:20 - 000025442 _____ C:\Users\Pepega\Downloads\FRST.txt 2021-10-02 23:25 - 2021-10-04 18:19 - 000000000 ____D C:\Windows\SysWOW64\3082 It has done this 1 time (s). The tool will create a log (Fixlog.txt) please post it to your reply. Task: {b1fed2a8-3200-4219-af34-0fd05172af37} - no filepath CustomCLSID: HKU\S-1-5-21-326566074-3447909417-183555969-1001_Classes\CLSID\{917E8742-AA3B-7318-FA12-10485FB322A2}\localserver32 -> "C:\Users\Pepega\AppData\Local\Microsoft\OneDrive\21.170.0822.0002\Microsoft.SharePoint.exe" => No File FirewallRules: [{A73419CB-E557-4602-83F3-EED8A5A67B9A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) 2021-10-20 14:50 - 2021-10-20 14:50 - 000017424 _____ (MICSYS Technology Co., LTd) C:\Windows\system32\Drivers\MsIo64.sys Error: (10/24/2021 07:38:08 PM) (Source: Software Protection Platform Service) (EventID: 8211) (User: ) "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{dceb985f-25eb-484d-ae30-6da7f11e1091}" => removed successfully 2021-10-02 23:44 - 2021-10-20 12:04 - 000000000 ____D C:\Users\Pepega\AppData\Roaming\Battle.net 2021-10-16 20:46 - 2021-10-16 20:47 - 000000000 ____D C:\Users\Pepega\Documents\Adobe Task: {68C28E6F-4B49-4B54-9323-54ABA9FD7C63} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-09-14] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe Task: {23df4797-0507-44e3-9c41-f5d1be966072} - no filepath Resetting Potential, OK! (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Print driver host for applications\Print driver host for applications.exe iCue causing system to hang/crash. - Page 4 - iCUE vs_minshellmsires (HKLM-x32\\{6BEA577E-EB1B-47A4-A0EF-05D5FAC0861E}) (Version: 17.0.31709 - Microsoft Corporation) Hidden Tcpip\..\Interfaces\{0b906b63-14f9-4205-87bd-1b6b0fc3f4de}: [DhcpNameServer] 1.1.1.1 1.0.0.1 C:\WINDOWS\syswow64\*.tmp Description: Task: {65f6d357-0576-4835-8e37-d12ac62b76e0} - no filepath Edited by presto12345, 24 October 2021 - 06:27 AM. Microsoft Defender Antivirus has detected malware or other potentially unwanted software. Task: {95bbc0e1-37d1-403e-badd-d7f7c4fc36d1} - no filepath Error: (10/24/2021 07:36:20 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) 2021-10-02 23:07 - 2021-10-24 21:18 - 000000000 ____D C:\Users\Pepega\AppData\Roaming\discord S4 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\NisSrv.exe [2855512 2021-10-24] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {f746fb73-bc4d-499e-882f-e5f30abe8a2f} - no filepath FF DefaultProfile: h4od9c6l.default 2021-10-04 18:19 - 2019-03-19 15:52 - 000000000 ____D C:\Windows\system32\spool Epic Online Services (HKLM-x32\\{32C68D93-D32F-4B01-8250-61642BFC22F8}) (Version: 2.0.28.0 - Epic Games, Inc.) Category: Settings Modifier FirewallRules: [{EF3E048A-7A4B-4F8B-8146-DAC25B77EE95}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) 2021-10-02 23:44 - 2021-10-23 09:53 - 000000000 ____D C:\Program Files (x86)\Battle.net "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{df1c3fe3-3222-4a5e-b520-95a4768a5710}" => removed successfully ==================== Internet Explorer (Whitelisted) ========== "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82a0b077-3637-4350-9431-56dbbbb4d5c1}" => removed successfully ========= End of CMD: ========= Roblox Player for Pepega (HKU\S-1-5-21-326566074-3447909417-183555969-1001\\roblox-player) (Version: - Roblox Corporation) 0.0.0.0 vortex-win.data.microsoft.com at System.Windows.Forms.Clipboard.GetDataObject() 2021-10-02 23:02 - 2021-10-18 19:32 - 000000000 ____D C:\Program Files (x86)\Realtek Microsoft Web Deploy 4.0 (HKLM\\{2EC26D34-FB67-4C58-AC20-235697551222}) (Version: 10.0.3802 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) RGB Fusion with Digital LEDs comes with 9 new patterns and various speed settings with more to come. 2021-10-02 22:52 - 2021-10-23 10:08 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe 2021-10-02 23:23 - 2021-10-18 13:15 - 000000000 ____D C:\Program Files (x86)\dotnet HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp//go.microsoft.com/fwlink/?LinkId=54896 FirewallRules: [UDP Query User{019D75AB-C81F-411D-9974-8F4883C85907}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.) 2021-10-13 22:14 - 2021-10-07 19:32 - 001111256 _____ C:\Windows\system32\vulkan-1.dll ==================== Alternate Data Streams (Whitelisted) ======== Task: {cd558596-f4ee-4e6a-a00e-029783722e00} - no filepath 2021-10-02 23:23 - 2021-10-18 13:15 - 000000000 ____D C:\Program Files\dotnet ENE_X_AIC_HAL (HKLM-x32\\{ec10ac91-2e61-460a-b493-33f794a07682}) (Version: 1.0.4.0 - ENE TECHNOLOGY INC.) Hidden 2021-10-02 23:22 - 2021-10-02 23:26 - 000000000 ____D C:\Program Files (x86)\Windows Kits 2021-10-02 23:25 - 2021-10-04 18:19 - 000000000 ____D C:\Windows\SysWOW64\1040 Task: {73931e1e-d4e0-4d8f-9b0c-c332b70c4204} - no filepath 2021-10-02 23:25 - 2021-10-04 18:19 - 000000000 ____D C:\Windows\system32\1045 (If an entry is included in the fixlist, it will be removed from the registry.

Wells Fargo Medallion Signature Guarantee Locations, Taidnapam Park Fishing, Tuscaloosa Memorial Obituaries, Articles T