========= "C:\Windows\SYSTEM32\lodctr.exe" /R ========= Edge Profile: C:\Users\Pepega\AppData\Local\Microsoft\Edge\User Data\Default [2021-10-24] "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{d6cfa018-c9cc-40f6-8ae8-0b452b7908aa}" => removed successfully 2021-10-02 23:44 - 2021-10-24 12:19 - 000000000 ____D C:\Users\Pepega\AppData\Local\Battle.net 2021-10-02 23:04 - 2021-10-02 23:04 - 000000000 ____D C:\Program Files\KeePassXC "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{378659c1-e595-42d5-9357-395cbc08c53b}" => removed successfully 2021-10-02 22:59 - 2021-10-02 22:59 - 000000000 ____D C:\Program Files\WinRAR Task: {fae948d5-3779-41c7-9906-949a94f8fbda} - no filepath 2021-10-04 10:02 - 2021-10-04 10:02 - 000000000 ____D C:\Users\Pepega\AppData\Local\OO Software Resetting Control Protocol, OK! "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{bab92bdb-173c-46a1-aad1-e84ad4e1371c}" => removed successfully Task: {8a8c9b4d-3ba3-4f5f-8da4-8714c002e24f} - no filepath (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5292bbfbf575e2d2\Display.NvContainer\NVDisplay.Container.exe <2> 2021-10-13 22:14 - 2021-10-07 19:32 - 001874648 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe FirewallRules: [{F7197523-B9AE-42F6-9BCD-3487235CDA82}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe => No File C:\ProgramData\NTUSER.pol => moved successfully Faulting module name: KERNELBASE.dll, version: 10.0.18362.418, time stamp: 0xfba22159 10,510. (Microsoft Windows Operating System) [File not signed] C:\Users\Pepega\AppData\Local\Update.exe "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11dec036-7e8b-4b5b-906d-51876287d3d1}" => removed successfully 2021-10-05 09:55 - 2021-10-08 09:32 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk The following corrective action will be taken in (If an entry is included in the fixlist, it will be removed.) WinRT Intellisense Desktop - Other Languages (HKLM-x32\\{B42BF427-AFDB-C00F-DB60-6F51395D74A1}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden Task: {14B4F718-04DD-467B-A775-E906F62BB732} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-09-14] (NVIDIA Corporation -> NVIDIA Corporation) 2021-10-02 23:04 - 2021-10-02 23:04 - 000004308 _____ C:\Windows\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{fc60ad33-5948-48d9-9f11-c6ca25373a9c}" => removed successfully For more information please see the following:https://go.microsoft.com/fwlink/?linkid=37020&name=SettingsModifier:Win32/PossibleHostsFileHijack&threatid=14994&enterprise=0 "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55b76d6d-fbf6-450e-a24e-071e1db9f945}" => removed successfully Faulting application path: C:\Windows\SysWOW64\Windows Driver Installation Service\Windows Driver Installation Service.exe ==================== MSCONFIG/TASK MANAGER disabled items == Task: {7a44f97c-3b59-4a4b-a061-3e52f050d32e} - no filepath "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{cefea723-c2e4-4ec0-b440-c45c5526fda8}" => removed successfully 2021-08-23 15:07 - 2021-08-23 15:07 - 000423936 _____ (TODO: ) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\GvLedLib.dll Task: {fc60ad33-5948-48d9-9f11-c6ca25373a9c} - no filepath Task: {b7e27570-3f72-4ac2-b2ec-fd92b54c3a60} - no filepath 2021-10-02 23:26 - 2021-10-02 23:26 - 000000000 ____D C:\Users\Pepega\AppData\Local\Package Cache 2021-10-04 18:19 - 2019-03-19 15:52 - 000000000 ____D C:\Windows\ServiceState 2021-10-02 23:24 - 2021-10-02 23:24 - 000000000 ____D C:\Program Files (x86)\IIS IFEO\mpcmdrun.exe: [Debugger] C:\Windows\System32\systray.exe HKU\S-1-5-21-326566074-3447909417-183555969-1001\SOFTWARE\Policies\Microsoft\Edge => removed successfully Category: Settings Modifier Task: {c68b5818-129c-4160-9e29-1a8feeb737d8} - no filepath ==================== Accounts: ============================= HKU\S-1-5-21-326566074-3447909417-183555969-1001\\StartupApproved\Run: => "Windows Driver Installation Service" RGB Fusion with Digital LEDs comes with 9 new patterns and various speed settings with more to come. ==================== Loaded Modules (Whitelisted) ============= For more information please see the following:https://go.microsoft.com/fwlink/?linkid=37020&name=SettingsModifier:Win32/PossibleHostsFileHijack&threatid=14994&enterprise=0 0.0.0.0 watson.live.com Task: {80442d75-04ca-4d81-8c53-a52f6d4b32b0} - no filepath C:\Users\Pepega\AppData\Local\Update.exe => No running process found Adobe Creative Cloud (HKLM-x32\\Adobe Creative Cloud) (Version: 5.6.0.788 - Adobe Inc.) Microsoft Update Health Tools (HKLM\\{8A6AB459-CB4B-4D09-8C1E-337FB59135C4}) (Version: 2.84.0.0 - Microsoft Corporation) 2021-10-05 09:55 - 2021-10-24 19:37 - 000000000 ____D C:\ProgramData\Mozilla Task: {e3f16153-689d-41be-bf13-59cd11df70d5} - no filepath "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0ed742eb-771d-447f-a4e4-64c6fd2882f4}" => removed successfully FF ProfilePath: C:\Users\Pepega\AppData\Roaming\Mozilla\Firefox\Profiles\q42kwfcc.default-release [2021-10-24] Universal CRT Redistributable (HKLM-x32\\{A57CD0A6-4297-FD30-34A4-34758B6F5F69}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden 2021-10-02 23:25 - 2021-10-04 18:19 - 000000000 ____D C:\Windows\SysWOW64\1036 Im trying to get the LCD panel on the side of the graphics card to display the temps and clock speed of the GPU. (There is no automatic fix for files that do not pass verification.) here are the virustotals for the 2 files:https://www.virustotal.com/gui/file/85aa1344d28fd7c6a911924040e5b3ae1278fb70444cd39d056bd270f147f61bhttps://www.virustotal.com/gui/file/85aa1344d28fd7c6a911924040e5b3ae1278fb70444cd39d056bd270f147f61b/behavior/Microsoft%20Sysinternals, FRST RESULTS: 2021-10-24 19:35 - 2019-03-19 15:37 - 000524288 _____ C:\Windows\system32\config\BBI The Client License Service (ClipSVC) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. CustomCLSID: HKU\S-1-5-21-326566074-3447909417-183555969-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3> Faulting process id: 0x2d74 "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{358ba298-e9a3-4572-a1cd-6ec4e7b85984}" => removed successfully Task: {960b6a6a-dc34-4565-96a7-4db5fb5b3ff9} - no filepath Total Virtual: 37553.05 MB vs_Graphics_Singletonx64 (HKLM\\{FB70BB0F-04E2-48FE-B4A8-41FA0ABD59C1}) (Version: 17.0.31709 - Microsoft Corporation) Hidden "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23df4797-0507-44e3-9c41-f5d1be966072}" => removed successfully 2021-10-13 22:14 - 2021-10-07 19:32 - 001450200 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe System errors: Task: {d4928d07-631c-4754-af4f-3f5f19729138} - no filepath 2021-10-02 22:49 - 2021-10-24 14:30 - 000000000 ____D C:\Windows\minidump "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8a8c9b4d-3ba3-4f5f-8da4-8714c002e24f}" => removed successfully ================== Task: {8f7674a6-0b05-416d-8dc8-bba2f61cad8c} - no filepath 2021-10-02 23:01 - 2021-10-02 23:01 - 000000000 ____D C:\Users\Pepega\AppData\Local\setup Task: {bb2029d9-cbf0-4ee3-aa1b-fbafda7b399a} - no filepath Task: {646144d0-0d5f-463c-aedc-cbc190d10525} - no filepath Task: {257fa8a3-d406-4d7e-99a9-c9e255f9f6f0} - no filepath (If an entry is included in the fixlist, the file/folder will be moved.) 0.0.0.0 services.wes.df.telemetry.microsoft.com "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{cd558596-f4ee-4e6a-a00e-029783722e00}" => removed successfully (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe Realtek Ethernet Controller Driver (HKLM-x32\\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.46.1231.2020 - Realtek) (If an entry is included in the fixlist, it will be removed from the registry. Task: {43f54ace-856e-4b50-9808-1588b79b7c18} - no filepath ==================== Safe Mode (Whitelisted) ================== A If you have any question or concern about your RMA, please have your RMA reference number ready and contact our customer service at TEL: 1-626-8549338 Option 4, Hours: Mon-Fri 8:30 - 5:30 Pacific Time. Q How to purchase extended warranty service? A Customers may purchase an AORUS Extended Warranty at the time of registration for eligible product. R1 SMR540; C:\Windows\System32\drivers\SMR540.SYS [119048 2021-10-24] (NortonLifeLock Inc. -> Symantec Corporation) Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\\{B652B695-C849-4EF2-B09A-72771C7AD2BA}) (Version: 2.71.0.0 - Microsoft Corporation) Description: The AORUS LCD Panel Service service terminated unexpectedly. 2021-10-03 09:05 - 2019-03-19 15:52 - 000000000 ____D C:\Windows\appcompat Microsoft Visual Studio Installer (HKLM\\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 3.0.3444.25014 - Microsoft Corporation) Task: {95d6d4ae-89c2-47b7-947d-0a2c92579474} - no filepath 2021-10-02 22:55 - 2021-10-24 19:39 - 000000000 ____D C:\Users\Pepega\AppData\Local\ConnectedDevicesPlatform ==================== Drives ================================ Date: 2021-10-24 15:35:53.933 Task: {1e6a4e2b-eca4-4162-8baf-5e2cbc56f0a8} - no filepath The file will not be moved unless listed separately.) Task: {6ee54cdc-f0d4-4cad-be32-be99498e56b8} - no filepath at System.Windows.Forms.Clipboard.GetDataObject() Resetting , OK! Task: {73931e1e-d4e0-4d8f-9b0c-c332b70c4204} - no filepath go to : C:\Program Files (x86)\GIGABYTE\AORUS LCD Panel The file which is running by the task will not be moved.) Edge DefaultProfile: Default Task: {1a105416-49db-4c94-a1d7-5a3597878e9a} - no filepath "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{a4a7b095-aaa9-401c-a9d7-8abe8ea301af}" => removed successfully 2021-10-16 20:49 - 2021-10-16 20:49 - 000001142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder 2021.lnk 2021-10-18 20:24 - 2021-10-20 14:48 - 000000000 ____D C:\Users\Pepega\AppData\Local\Downloaded Installations Battle.net (HKLM-x32\\Battle.net) (Version: - Blizzard Entertainment) Error: (10/24/2021 08:19:57 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION Task: {410813e0-851c-472e-9a03-ef8f43a11e2b} - no filepath ========= "C:\Windows\SysWOW64\lodctr.exe" /R ========= Reason:0xC004F011 Task: {68703689-47bd-47ee-9cf2-e91abb43a182} - no filepath Task: {098ef5b0-108d-4923-9d7d-021a97ef1fba} - no filepath 2021-10-24 09:40 - 2021-10-24 09:40 - 000000000 ____D C:\Users\Pepega\Documents\Call of Duty Modern Warfare FF Extension: (uBlock Origin) - C:\Users\Pepega\AppData\Roaming\Mozilla\Firefox\Profiles\q42kwfcc.default-release\Extensions\uBlock0@raymondhill.net.xpi [2021-10-24] 2021-10-13 22:14 - 2021-10-07 19:27 - 000452224 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-10-22] (Microsoft Corporation) 2021-10-24 11:47 - 2021-10-24 11:47 - 000000000 ____D C:\Users\Pepega\AppData\Roaming\Process Hacker 2 Task: {4596b534-45a4-4c4e-93a8-e4c01a69090e} - no filepath FirewallRules: [{c3fd991f-853b-41ba-b492-a58509655958}] => (Allow) C:\Program Files\ldplayerbox\LdVBoxHeadless.exe (Shanghai Changzhi Network Technology Co., Ltd. -> Oracle Corporation) HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896 <==== ATTENTION Faulting application start time: 0x01d7c8b2547f9944 Error: (10/24/2021 07:27:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78bdf1d8-0a82-4ea3-8ac6-e6a6e95fd874}" => removed successfully 2021-10-02 22:50 - 2019-03-19 15:52 - 000000000 ____D C:\ProgramData\USOPrivate ==================== End of FRST.txt ========================, Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-10-2021 2021-10-12 21:15 - 2021-10-24 19:39 - 000003658 _____ C:\Windows\system32\Tasks\CreateExplorerShellUnelevatedTask Task: {bfa657d3-0b7d-471a-89e3-f729ecb71365} - no filepath Reason:0xC004F011 Detection Type: Concrete =========== "C:\WINDOWS\system32\*.tmp" ========== 2021-10-22 11:43 - 2021-10-22 18:56 - 000000000 ____D C:\ProgramData\Riot Games Task: {9b1a2e00-1c51-45d5-b5e4-9257d58cc2fe} - no filepath 2021-10-13 22:14 - 2021-10-07 19:28 - 001597584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll S4 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\NisSrv.exe [2855512 2021-10-24] (Microsoft Windows Publisher -> Microsoft Corporation) Faulting package full name: 2021-10-02 22:55 - 2021-10-24 14:56 - 000000000 ____D C:\Users\Pepega\AppData\Local\Packages 2021-10-02 23:25 - 2021-10-02 23:26 - 000000000 ____D C:\Windows\system32\1041 Microsoft Defender Antivirus has detected malware or other potentially unwanted software. Python 3.9.5 (64-bit) (HKU\S-1-5-21-326566074-3447909417-183555969-1001\\{f3d4ed4c-f434-41ef-8469-ffadd80c4ccf}) (Version: 3.9.5150.0 - Python Software Foundation) Task: {e21ec10f-b0f2-4d8c-ac9d-e74491370460} - no filepath Available Virtual: 28808.94 MB HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION vs_minshellinteropsharedmsi (HKLM-x32\\{6A4F2879-CFBC-4023-8C00-75E2ED65E0C9}) (Version: 17.0.31709 - Microsoft Corporation) Hidden Task: {d9c6b67e-9dbb-4ba4-ad4b-5aecb6889d08} - no filepath Task: {8457ad0b-1c75-431d-a5ae-ee1aed76a239} - no filepath 2021-10-24 20:41 - 2021-10-24 20:41 - 000000000 ____D C:\ProgramData\Norton "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{572eb39c-ac47-4eda-a21b-d776650fa302}" => removed successfully Task: {57F289BA-DE1C-4DD8-95F8-ED9D13AD93D0} - System32\Tasks\NahimicSvc64Run => C:\Windows\system32\NahimicSvc64.exe [1067016 2020-12-10] (A-Volute SAS -> Nahimic) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) 2021-10-07 17:52 - 2021-10-08 11:46 - 000000000 ____D C:\Program Files\Mozilla Firefox FirewallRules: [{01D768A1-24F5-4716-9BA7-067DFF0B3015}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) Task: {d4928d07-631c-4754-af4f-3f5f19729138} - no filepath Resetting Prefix Policy, OK! 2021-10-04 18:19 - 2019-03-19 15:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared Task: {8457ad0b-1c75-431d-a5ae-ee1aed76a239} - no filepath Windows SDK AddOn (HKLM-x32\\{E18618EC-D9DB-4BCE-B382-85ADA2CBB340}) (Version: 10.1.0.0 - Microsoft Corporation) Microsoft ASP.NET Core 5.0.7 - Shared Framework (HKLM-x32\\{1c2c5c8e-d9f7-46c5-833d-0a63f6becb4a}) (Version: 5.0.7.21263 - Microsoft Corporation) at System.Windows.Forms.Clipboard.GetText(System.Windows.Forms.TextDataFormat) Category: Settings Modifier Network Binding: (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe DNS Servers: 1.1.1.1 - 1.0.0.1 AMD Ryzen Master (HKLM\\AMD Ryzen Master) (Version: 2.8.0.1937 - Advanced Micro Devices, Inc.) WebA Customers may purchase an AORUS Extended Warranty at the time of registration for eligible product. The NVIDIA LocalSystem Container service terminated unexpectedly. Task: {fae948d5-3779-41c7-9906-949a94f8fbda} - no filepath HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp//go.microsoft.com/fwlink/?LinkId=54896 2021-10-04 10:59 - 2021-10-04 10:59 - 000000000 ____D C:\Tor Browser 2021-10-03 18:24 - 2021-10-13 10:55 - 000000000 ____D C:\Windows\system32\MRT (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SnippingTool.exe Edge: at System.Windows.Forms.Clipboard.ThrowIfFailed(Int32) 2021-10-03 15:47 - 2021-10-18 20:25 - 000270480 _____ C:\Windows\system32\FNTCACHE.DAT Launcher Prerequisites (x64) (HKLM-x32\\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Task: {0e056076-a1e1-4979-83ca-d3b97785e4bb} - no filepath Packages: Task: {38c61830-b1df-4717-ae92-954fefd27747} - no filepath 2021-10-04 09:35 - 2021-10-04 09:35 - 000000000 ____D C:\Users\Pepega\Desktop\rkill 2021-10-18 21:04 - 2021-10-18 21:04 - 000000000 ____D C:\Users\Pepega\Documents\MAXON Task: {aadbbd5a-88ab-4f36-b6d5-c7eaaf6ddc1d} - no filepath (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe 2021-10-02 23:26 - 2019-03-19 13:20 - 000415232 _____ (Windows Win 7 DDK provider) C:\Windows\system32\DXCpl.exe 2021-10-15 11:58 - 2021-10-15 11:58 - 000000827 _____ C:\Users\Pepega\AppData\Roaming\Microsoft\Windows\Start Menu\LDPlayer4.lnk Task: {4fb942bf-3d44-41ff-bc65-52cd12996f26} - no filepath Call of Duty Modern Warfare (HKLM-x32\\Call of Duty Modern Warfare) (Version: - Blizzard Entertainment) Loaded Profiles: Pepega 2021-10-02 23:02 - 2021-10-18 19:32 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-10-03] (NVIDIA Corp.) 2021-10-18 19:35 - 2021-10-24 14:56 - 000003152 _____ C:\Windows\system32\Tasks\NahimicSvc32Run 2021-10-03 09:18 - 2021-10-24 10:14 - 000000000 ____D C:\Program Files (x86)\Call of Duty Modern Warfare Task: {23df4797-0507-44e3-9c41-f5d1be966072} - no filepath "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9ab420ae-8543-428c-9838-410f79c8d585}" => removed successfully Task: {b19f8042-93dc-47e1-87f7-7ad8cb0032d9} - no filepath 2021-10-16 20:39 - 2021-10-16 20:46 - 000000000 ____D C:\Program Files\Common Files\Adobe Task: {1539d558-2bfa-453d-a38e-aa8bbec05194} - no filepath 2021-10-03 19:33 - 2021-10-03 19:34 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5796168 2019-10-07] (Microsoft Windows Publisher -> Microsoft Corporation) HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION 2021-10-03 10:57 - 2021-10-03 10:57 - 000000000 ____D C:\Users\Pepega\ansel "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{960b6a6a-dc34-4565-96a7-4db5fb5b3ff9}" => removed successfully Aorus Engine was working fine and then just stopped after a day or two. 2021-10-22 11:43 - 2021-10-22 12:31 - 000000000 ____D C:\Users\Pepega\AppData\Local\Riot Games Task: {8c4fdb45-99dd-42f3-8984-07e5f8dff7f4} - no filepath 2021-10-04 18:19 - 2019-03-19 15:52 - 000000000 ____D C:\Windows\system32\MsDtc HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2021-10-16] (Adobe Inc. -> Adobe Systems) FirewallRules: [{E2EA9D77-F4B6-46E6-94CF-DAE772492424}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve Corp. -> ) CustomCLSID: HKU\S-1-5-21-326566074-3447909417-183555969-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Pepega\AppData\Local\Microsoft\OneDrive\21.170.0822.0002\amd64\FileSyncShell64.dll => No File Startup: C:\Users\Pepega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Thing.bat [2021-10-24] () [File not signed] 2021-10-02 23:04 - 2021-10-02 23:04 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-10-16 20:46 - 2021-10-16 20:47 - 000000000 ____D C:\Users\Pepega\Documents\Adobe Task: {A8BA0F77-0928-4197-AD98-116E198D6501} - System32\Tasks\Microsoft\Windows\WindowsUpdate\RUXIM\RUXIMDisplay => C:\Program Files\ruxim\ruximics.exe [477512 2021-06-30] (Microsoft Windows -> Microsoft Corporation) Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed. HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" FirewallRules: [{30A1031D-2A0F-4ED7-BB78-4C35329A0857}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57f92185-4f7e-4549-bf72-8ded737637ee}" => removed successfully Resetting , OK! Task: {8f7674a6-0b05-416d-8dc8-bba2f61cad8c} - no filepath Task: {b8ce6039-5202-4c0c-b706-9d55226ab086} - no filepath 0.0.0.0 vortex-cy2.metron.live.com.nsatc.net 2021-10-02 23:25 - 2021-10-04 18:19 - 000000000 ____D C:\Windows\SysWOW64\1040 0.0.0.0 sqm.df.telemetry.microsoft.com Faulting module path: C:\Windows\System32\KERNELBASE.dll Boot Mode: Normal Resetting Multicast Address, OK! HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141 "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{f99694c5-bf64-4109-a138-067cb4c7d2e7}" => removed successfully Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 25-10-2021 08:47:26) 2021-05-04 17:17 - 2021-05-04 17:17 - 000475648 _____ (GIGABYTE Technology Co.,Ltd.) "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{414df2f8-cc7c-49b6-a90f-8e407ed62e02}" => removed successfully Task: {f746fb73-bc4d-499e-882f-e5f30abe8a2f} - no filepath Task: {f746fb73-bc4d-499e-882f-e5f30abe8a2f} - no filepath Faulting module name: KERNELBASE.dll, version: 10.0.18362.418, time stamp: 0xfba22159 2021-10-08 09:32 - 2021-10-08 09:32 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla Task: {560963e7-8fb3-45a5-b560-b69102dfab6a} - no filepath Task: {4de67c63-be14-4dd1-af32-f53029177ebc} - no filepath C:\Windows\Temp\ASPNETSetup_00001.log => moved successfully WebOpen Hours: Monday Saturday, 8:00 a.m. 6:00 p.m. Login Register; Home; Contact Us Task: {48ae682f-228f-4e67-8aa4-854778a3a6a2} - no filepath Error: (10/24/2021 07:36:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) 0.0.0.0 oca.telemetry.microsoft.com 2021-10-02 23:18 - 2021-10-02 23:19 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio the miner is called 'Update.exe' and is located in appdata. 2021-10-13 22:14 - 2021-10-07 19:25 - 006428792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll SearchScopes: HKU\S-1-5-21-326566074-3447909417-183555969-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 0.0.0.0 vortex.data.microsoft.com Process Hacker 2.39 (r124) (HKLM\\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32) 0.0.0.0 watson.telemetry.microsoft.com.nsatc.net 2021-10-13 22:14 - 2021-10-07 19:32 - 001464976 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2a965443-ec13-4b75-abf9-394d697f739d}" => removed successfully Check that it's latest OS build. right now the only solution i have is to run task manager or processhacker in the background of my pc as the miners have a script to stop mining whenever those exes are open 2021-10-02 23:04 - 2021-09-14 14:39 - 002838384 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll ==================== Services (Whitelisted) =================== Detection Origin: Local machine CustomCLSID: HKU\S-1-5-21-326566074-3447909417-183555969-1001_Classes\CLSID\{917E8742-AA3B-7318-FA12-10485FB322A2}\localserver32 -> "C:\Users\Pepega\AppData\Local\Microsoft\OneDrive\21.170.0822.0002\Microsoft.SharePoint.exe" => No File "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{fae948d5-3779-41c7-9906-949a94f8fbda}" => removed successfully

Francesca Harris Slaughter And May, Radiotelex Coast Station, West Virginia State Police Ranks, Italian Restaurants East Fishkill, Ny, Articles T