the aorus lcd panel service service terminated unexpectedly

2018-12-08 08:22 - 2018-12-08 08:22 - 002059264 _____ (TODO: ) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\GHidApi.dll IFEO\mpcmdrun.exe: [Debugger] C:\Windows\System32\systray.exe Task: {d6cfa018-c9cc-40f6-8ae8-0b452b7908aa} - no filepath 2021-10-02 23:25 - 2021-10-04 18:19 - 000000000 ____D C:\Windows\SysWOW64\1046 SDK ARM Additions (HKLM-x32\\{FCF9D89E-6F79-64FB-B08D-B0E69FF54DEE}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden 2021-10-14 11:40 - 2021-10-14 11:40 - 000058304 _____ C:\Windows\system32\Drivers\49306c4f52694d334e5535714e6e6f30524534354d6a597a61564631576d56464f585a33.sys (GIGA-BYTE TECHNOLOGY CO., LTD. -> ) C:\Program Files (x86)\GIGABYTE\RGBFusion\RGBFusion.exe 2021-10-13 22:14 - 2021-10-07 19:29 - 000800384 _____ C:\Windows\system32\nvofapi64.dll HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => could not remove, key could be protected Faulting process id: 0x2d74 ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal) 2021-10-02 23:22 - 2021-10-02 23:26 - 000000000 ____D C:\Program Files (x86)\Windows Kits 2021-10-02 23:25 - 2021-10-04 18:19 - 000000000 ____D C:\Windows\system32\1046 =========== "C:\WINDOWS\system32\*.tmp" ========== 2021-10-07 11:40 - 2021-10-07 11:40 - 000000000 ___HD C:\$WinREAgent at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) Task: {964fea64-405c-411f-8d7c-f9b886d45580} - no filepath "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{358ba298-e9a3-4572-a1cd-6ec4e7b85984}" => removed successfully ========================================================== Task: {4fb942bf-3d44-41ff-bc65-52cd12996f26} - no filepath Task: {51006d50-cfd3-4b5a-af95-e596678bbea8} - no filepath "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{b7e27570-3f72-4ac2-b2ec-fd92b54c3a60}" => removed successfully 2021-10-13 16:20 - 2021-10-13 16:38 - 000000254 _____ C:\Users\Pepega\AppData\LocalLow\rbxcsettings.rbx Resetting Compartment Forwarding, OK! Faulting module path: C:\Windows\System32\KERNELBASE.dll at System.Threading.ThreadHelper.ThreadStart() Date: 2021-10-24 17:54:57.532 The following corrective action will be taken in 6000 milliseconds: Task: {d7495c49-8426-461c-8455-350522fba9cb} - no filepath i only have lcd tool from rgb fusion 2) !go to the folder C:\Program Files (x86)\GIGABYTE\AORUS LCD Panel Setting\Updater\ right HKLM\\StartupApproved\Run: => "Riot Vanguard" 2021-10-13 16:41 - 2021-10-13 17:14 - 000000000 ____D C:\Users\Pepega\AppData\Roaming\Wireshark 2021-10-02 22:56 - 2021-10-07 19:25 - 007578032 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2021-10-07 12:11 - 2021-10-07 12:11 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER however because i have other Task: {f746fb73-bc4d-499e-882f-e5f30abe8a2f} - no filepath go to : C:\Program Files (x86)\GIGABYTE\AORUS LCD Panel * "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29ad0c16-34a9-49f9-a1d8-81f44fff082d}" => removed successfully (Microsoft Windows Operating System) [File not signed] C:\Users\Pepega\AppData\Local\Update.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe 0.0.0.0 oca.telemetry.microsoft.com Engine Version: AM: 1.1.18600.4, NIS: 1.1.18600.4 Detection Type: Concrete And if the question was in general wich LCD Panel we mean. The Aorus Master 370 and 3080 have a LCD Panel on the site to show of GPU Stats and Gifs. THANK YOU! 2021-10-02 23:46 - 2021-10-24 14:30 - 000000000 ____D C:\Program Files (x86)\Steam "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5ea271ce-e48a-4ade-9079-2a5bece10d83}" => removed successfully Startup: C:\Users\Pepega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Thing.bat [2021-10-24] () [File not signed] 2021-10-02 23:25 - 2021-10-04 18:19 - 000000000 ____D C:\Windows\SysWOW64\1029 Address: 17358 Railroad Street City of Industry, CA 91748 TEL: 1-626-8549338 Option 4 More Online Support How to find model name / serial number Task: {e2e2a07e-8ce9-45bf-94db-a91755d15155} - no filepath 2021-10-02 22:59 - 2021-10-04 18:19 - 000000000 ____D C:\Users\Pepega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR Task: {a68a203b-7eaa-4914-a565-5ff9759ae2a4} - no filepath A If you have any question or concern about your RMA, please have your RMA reference number ready and contact our customer service at TEL: 1-626-8549338 Option 4, Hours: Mon-Fri 8:30 - 5:30 Pacific Time. Q How to purchase extended warranty service? A Customers may purchase an AORUS Extended Warranty at the time of registration for eligible product. Task: {410813e0-851c-472e-9a03-ef8f43a11e2b} - no filepath HKU\S-1-5-21-326566074-3447909417-183555969-1001_Classes\CLSID\{917E8742-AA3B-7318-FA12-10485FB322A2} => removed successfully FF Extension: (vidIQ Vision for YouTube) - C:\Users\Pepega\AppData\Roaming\Mozilla\Firefox\Profiles\q42kwfcc.default-release\Extensions\firefox@vid.io.xpi [2021-10-23] Error: (10/24/2021 07:36:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) 2021-09-30 14:33 - 2021-09-30 14:33 - 001993216 _____ (GIGABYTE) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\AACPCIeSSD_Lib.dll The file will not be moved unless listed separately.) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe 2021-10-24 13:24 - 2021-07-24 06:02 - 000040684 _____ C:\Users\Pepega\Desktop\tron.bat HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141 2021-10-02 23:34 - 2021-10-02 23:34 - 000000000 ____D C:\Program Files (x86)\Application Verifier 2021-10-04 18:19 - 2019-03-19 15:52 - 000000000 ____D C:\Windows\system32\GroupPolicy FF Extension: (Kurgzsekseta) - C:\Users\Pepega\AppData\Roaming\Mozilla\Firefox\Profiles\q42kwfcc.default-release\Extensions\{e8f3b919-d290-4270-b66f-29f3fdbb1986}.xpi [2021-10-05] WebGitHub Gist: star and fork oshalygin's gists by creating an account on GitHub. 2021-10-15 11:40 - 2021-10-15 11:40 - 000003938 _____ C:\Windows\system32\Tasks\BlueStacksHelper_nxt 2021-10-02 23:44 - 2021-10-23 09:53 - 000000000 ____D C:\Program Files (x86)\Battle.net Task: {8a8c9b4d-3ba3-4f5f-8da4-8714c002e24f} - no filepath ==================== Event log errors: ======================== NVIDIA Graphics Driver 496.13 (HKLM\\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 496.13 - NVIDIA Corporation) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) Task: {646144d0-0d5f-463c-aedc-cbc190d10525} - no filepath 2021-10-18 20:24 - 2021-10-18 20:24 - 000000000 ____D C:\ProgramData\AMD AutoUpdate System errors: at System.Windows.Forms.Clipboard.GetText(System.Windows.Forms.TextDataFormat) 2021-10-02 23:03 - 2021-10-02 23:04 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation Task: {82a0b077-3637-4350-9431-56dbbbb4d5c1} - no filepath Task: {cefea723-c2e4-4ec0-b440-c45c5526fda8} - no filepath 2021-10-16 20:49 - 2021-10-16 20:49 - 000001142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder 2021.lnk 2021-10-13 22:14 - 2021-10-07 19:28 - 000981136 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2021-10-13 22:14 - 2021-10-07 19:32 - 001464976 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll Task: {C6B4432E-BB97-4CBA-9DFC-158E3B8F51BE} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [680888 2021-10-07] (Mozilla Corporation -> Mozilla Foundation) 0.0.0.0 watson.microsoft.com SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46ee8f94-e240-420c-a5e8-0660f5c5f9e1}" => removed successfully Task: {65f6d357-0576-4835-8e37-d12ac62b76e0} - no filepath Processes closed successfully. 2021-10-02 23:46 - 2021-10-04 18:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam at System.Windows.Forms.Clipboard.ThrowIfFailed(Int32) Task: {634166c8-f3ba-4d37-96ef-8a18d9787a4e} - no filepath FF Extension: (NoScript) - C:\Users\Pepega\AppData\Roaming\Mozilla\Firefox\Profiles\q42kwfcc.default-release\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2021-10-05] "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6c61cc2f-6bf1-4d13-9cc0-dd2cf2ba3087}" => removed successfully (If an entry is included in the fixlist, it will be removed from the registry. Task: {fc60ad33-5948-48d9-9f11-c6ca25373a9c} - no filepath Task: {95d6d4ae-89c2-47b7-947d-0a2c92579474} - no filepath FirewallRules: [{01D768A1-24F5-4716-9BA7-067DFF0B3015}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) 2021-10-18 19:35 - 2021-10-24 14:56 - 000003152 _____ C:\Windows\system32\Tasks\NahimicSvc32Run 2021-10-13 22:14 - 2021-10-07 19:29 - 000635008 _____ C:\Windows\SysWOW64\nvofapi.dll Get 5 AORUS Points immediately by using my Invite Code when you sign up! 2021-10-02 22:56 - 2021-10-24 19:38 - 000000000 ____D C:\ProgramData\NVIDIA Please re-enable javascript to access full functionality. Detection Type: Concrete 2021-10-02 23:34 - 2021-10-02 23:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits (If an entry is included in the fixlist, the file/folder will be moved.) SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC 2021-10-20 14:48 - 2021-10-20 14:50 - 000000000 ____D C:\Program Files (x86)\GIGABYTE R3 gdrv3; C:\Windows\gdrv3.sys [36352 2021-10-20] (GIGA-BYTE Technology Co., Ltd. -> GIGA-BYTE TECHNOLOGY CO., LTD.) "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{b30dbf6f-75b4-422c-82ed-f93cae0f7dec}" => removed successfully 2021-10-02 22:51 - 2021-10-10 13:03 - 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA The Client License Service (ClipSVC) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Task: {bab92bdb-173c-46a1-aad1-e84ad4e1371c} - no filepath "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{e6857042-80d9-4422-85b4-1c5dc0aae451}" => removed successfully 2021-10-03 13:53 - 2021-10-03 13:53 - 000000000 ____D C:\Users\Pepega\AppData\Roaming\NVIDIA Faulting module path: D:\Cheetos\Woofing\Cinx Archieves\SinEx 4.2.0 [BETA]\SinEx 4.2.0 BETA Woofer [All Winver].exe Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000) 1. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{df1c3fe3-3222-4a5e-b520-95a4768a5710}" => removed successfully 2021-10-21 12:44 - 2021-10-21 12:44 - 000058304 _____ C:\Windows\system32\Drivers\49306c4f52694e4552323830615856545245354261476c4f516b4658556c5a5163446b33.sys 2021-10-24 13:24 - 2021-10-19 08:02 - 000000000 ____D C:\Users\Pepega\Desktop\integrity_verification 0.0.0.0 services.wes.df.telemetry.microsoft.com 2021-10-02 23:25 - 2021-10-04 18:19 - 000000000 ____D C:\Windows\SysWOW64\1040 "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{bab92bdb-173c-46a1-aad1-e84ad4e1371c}" => removed successfully Check that it's latest OS build. 2021-10-02 23:04 - 2021-10-02 23:04 - 000003976 _____ C:\Windows\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} Task: {86c0c79f-566b-48c2-a517-d270146f5782} - no filepath Resetting Site Prefix, OK! 2021-10-03 15:47 - 2021-10-03 15:47 - 000000000 ____D C:\Windows\ServiceProfiles The file will not be moved unless listed separately.) Task: {68703689-47bd-47ee-9cf2-e91abb43a182} - no filepath The Corsair Service service terminated unexpectedly. Framework Version: v4.0.30319 R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5292bbfbf575e2d2\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5292bbfbf575e2d2\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem if you guys know how to remove these types of files please reply, thanks. Task: {46ee8f94-e240-420c-a5e8-0660f5c5f9e1} - no filepath FirewallRules: [{E1D43D4F-5765-4B23-A804-FDD364EFF570}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION 2021-10-24 18:02 - 2021-10-24 20:25 - 000072704 _____ (Microsoft Windows Operating System) C:\Users\Pepega\AppData\Local\Update.exe Severity: Medium Task: {23df4797-0507-44e3-9c41-f5d1be966072} - no filepath 2021-10-02 23:25 - 2021-10-04 18:19 - 000000000 ____D C:\Windows\system32\1036 0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net 2021-10-05 15:51 - 2021-10-05 16:12 - 000000094 _____ C:\Users\Pepega\Desktop\cod filters.txt GroupPolicy: Restriction ? Task: {e6857042-80d9-4422-85b4-1c5dc0aae451} - no filepath C:\ProgramData\NTUSER.pol => moved successfully (If an entry is included in the fixlist, it will be removed from the registry. FirewallRules: [TCP Query User{3D3D13C6-EB42-4BF7-9989-E995CB143820}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.) 2021-10-02 23:07 - 2021-10-04 18:19 - 000000000 ____D C:\Users\Pepega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc 2021-10-13 22:14 - 2021-10-07 19:32 - 000965336 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll Task: {b19f8042-93dc-47e1-87f7-7ad8cb0032d9} - no filepath Bluetooth Network Connection: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) Realtek Ethernet Controller Driver (HKLM-x32\\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.46.1231.2020 - Realtek) Exception Info: System.Runtime.InteropServices.ExternalException 2021-10-16 20:39 - 2021-10-16 20:41 - 000000000 ____D C:\ProgramData\Adobe Task: {4596b534-45a4-4c4e-93a8-e4c01a69090e} - no filepath Task: {dceb985f-25eb-484d-ae30-6da7f11e1091} - no filepath 2021-10-18 20:24 - 2021-10-20 14:48 - 000000000 ____D C:\Users\Pepega\AppData\Local\Downloaded Installations 2021-10-14 13:14 - 2021-10-14 13:14 - 000058304 _____ C:\Windows\system32\Drivers\49306c4f52694e454d556f325256464b5a33706c566b3161516c64354f544e6a4f457436.sys Windows Firewall is enabled. Hey, i managed to get my computer built with a Ryzen 5 5600X and an NVIDIA GeForce Aorus Xtreme RTX 3080 - 10GB GDDR6X. 'Thing.bat' and 'Thing2.bat' are batch files that i wrote to try and kill 'Update.exe' and 'Windows Driver Installation Service.exe' on startup, but as said in my post, the apps have a delayed start so my batch files are pretty much useless. Detection Origin: Local machine HKU\S-1-5-21-326566074-3447909417-183555969-1001\\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [33435616 2021-10-12] (Epic Games Inc. -> Epic Games, Inc.) 2021-10-03 09:11 - 2021-10-03 09:12 - 000000000 ____D C:\Users\Pepega\Documents\Visual Studio 2022 "HKU\S-1-5-21-326566074-3447909417-183555969-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Driver Installation Service" => not found Mozilla Firefox (x64 en-US) (HKLM\\Mozilla Firefox 93.0 (x64 en-US)) (Version: 93.0 - Mozilla) Platform: Microsoft Windows 10 Pro Version 1909 18363.418 (X64) Language: English (United States) Resetting , OK! Task: {65f6d357-0576-4835-8e37-d12ac62b76e0} - no filepath Task: {BF0C50B3-10FC-431A-B29A-34474379E997} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [1145 2021-04-22] () [File not signed] 2021-10-18 20:24 - 2021-10-18 20:24 - 000000000 ____D C:\Program Files\AMD CustomCLSID: HKU\S-1-5-21-326566074-3447909417-183555969-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.) 2021-10-02 23:25 - 2021-10-02 23:26 - 000000000 ____D C:\Windows\SysWOW64\1028 Process Name: C:\Users\Pepega\AppData\Local\Discord\app-1.0.9003\Discord.exe Task: {7ef13d49-f1cb-4454-af1c-a7a9e880a031} - no filepath 2021-10-13 22:14 - 2021-10-07 19:27 - 008722576 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> ) For more information please see the following:https://go.microsoft.com/fwlink/?linkid=37020&name=SettingsModifier:Win32/PossibleHostsFileHijack&threatid=14994&enterprise=0 WebA Customers may purchase an AORUS Extended Warranty at the time of registration for eligible product. Error: (10/24/2021 08:19:57 PM) (Source: Application Error) (EventID: 1000) (User: ) 2021-10-15 11:58 - 2021-10-15 11:58 - 000000803 _____ C:\Users\Pepega\Desktop\LDPlayer4.lnk 2021-10-13 22:14 - 2021-10-07 19:28 - 001597584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll CustomCLSID: HKU\S-1-5-21-326566074-3447909417-183555969-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Pepega\AppData\Local\Microsoft\OneDrive\21.170.0822.0002\amd64\FileSyncShell64.dll => No File ==================== Internet (Whitelisted) ==================== \\?\Volume{7551d85d-c70c-448e-b08c-13d1c138506d}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 not found Detection Origin: Local machine Faulting application start time: 0x01d7c8b23e4aead7 "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{d2d2fbec-f7b4-41b4-9251-9cfdc41d781f}" => removed successfully ***************** "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0c664c7f-7430-46ad-86a6-f5c0223c7fc4}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51006d50-cfd3-4b5a-af95-e596678bbea8}" => removed successfully Resetting Potential, OK! 2021-10-18 19:35 - 2021-10-24 14:56 - 000003152 _____ C:\Windows\system32\Tasks\NahimicSvc64Run HKU\S-1-5-21-326566074-3447909417-183555969-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => removed successfully Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.30.30528 (HKLM-x32\\{b8a0348b-0f62-46f7-b7a2-e3926f10955f}) (Version: 14.30.30528.0 - Microsoft Corporation) Task: {53b08e97-673e-4df6-ae10-9a73f6648a6c} - no filepath 2021-10-02 23:25 - 2021-10-04 18:19 - 000000000 ____D C:\Windows\SysWOW64\1033 HKLM\\StartupApproved\Run: => "SecurityHealth" When i clicked on properties, it said that its original name was 'Update.exe.' Category: Settings Modifier 2021-10-02 22:59 - 2021-10-02 22:59 - 000000000 ____D C:\Program Files\WinRAR Stage:GATHER_RULES_FROM_LICENSES Task: {f31abc37-3a79-4244-9a4b-03a808823654} - no filepath Task: {e62b268c-ea0c-4217-bfa2-7bd1145ba5a0} - no filepath "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60deadb4-207d-4623-826b-8aef456e994f}" => removed successfully 0.0.0.0 telecommand.telemetry.microsoft.com 2021-10-02 23:24 - 2021-10-04 18:19 - 000000000 ____D C:\Program Files\IIS Faulting module path: C:\Windows\System32\KERNELBASE.dll IFEO\mpcmdrun.exe: [Debugger] C:\Windows\System32\systray.exe 2021-10-13 08:53 - 2021-10-14 10:24 - 000000059 _____ C:\Users\Pepega\Desktop\big.txt Resetting Multicast Address, OK! "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mpcmdrun.exe" => not found "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{e0ba60f1-d26f-4185-8bb0-04b05678ff5a}" => removed successfully 0.0.0.0 choice.microsoft.com 2021-10-24 14:37 - 2019-03-19 15:52 - 000000000 ____D C:\Program Files\Windows Defender 2021-10-02 23:25 - 2021-10-02 23:25 - 000000000 ____D C:\Program Files (x86)\NuGet 2021-10-03 09:18 - 2021-10-24 10:14 - 000000000 ____D C:\Program Files (x86)\Call of Duty Modern Warfare Resetting Anycast Address, OK! 2021-10-02 23:04 - 2021-10-02 23:04 - 000004106 _____ C:\Windows\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-10-02 22:56 - 2021-10-07 11:58 - 000125568 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys HKU\S-1-5-21-326566074-3447909417-183555969-1001\\Run: [Print driver host for applications] => C:\Program Files (x86)\Print driver host for applications\Print driver host for applications.exe [74752 2021-10-24] (Microsoft Corporation) [File not signed] Task: {E2F1A91A-7C7E-4500-92A5-65707C268116} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-09-14] (NVIDIA Corporation -> NVIDIA Corporation) Roblox Player for Pepega (HKU\S-1-5-21-326566074-3447909417-183555969-1001\\roblox-player) (Version: - Roblox Corporation) Task: {b19f8042-93dc-47e1-87f7-7ad8cb0032d9} - no filepath Task: {fae948d5-3779-41c7-9906-949a94f8fbda} - no filepath "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ca0fb10b-e917-4aa5-9e3a-f6a019682f3f}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{f99694c5-bf64-4109-a138-067cb4c7d2e7}" => removed successfully 2021-10-24 14:58 - 2019-03-19 15:37 - 000032768 _____ C:\Windows\system32\config\ELAM I disabled it and now everything runs fine. Reboot: Task: {ab7dbf26-2e26-445a-a7dd-f60ac12f19a6} - no filepath (NVIDIA Corporation -> NVIDIA) C:\Program Files\NVIDIA Corporation\FrameViewSDK\bin\nvrla.exe "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8c4fdb45-99dd-42f3-8984-07e5f8dff7f4}" => removed successfully Task: {0DBCA93D-0FE2-4CED-B180-4ED80B676444} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK Task: {11dec036-7e8b-4b5b-906d-51876287d3d1} - no filepath Task: {55b76d6d-fbf6-450e-a24e-071e1db9f945} - no filepath 2021-10-04 09:35 - 2021-10-04 09:35 - 000000000 ____D C:\Users\Pepega\Desktop\rkill U4 npcap_wifi; no ImagePath Description: The rules engine failed to evaluate the rules. 2021-10-18 19:32 - 2019-12-19 18:07 - 002877104 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll RGB Fusion (HKLM-x32\\{FFA8F1FA-3C2C-4A94-AC0B-0DF47272C25F}) (Version: 3.21.1001.1 - Gigabyte) Date: 2021-10-24 15:35:53.954 2021-10-13 16:39 - 2021-10-13 16:39 - 000000000 ____D C:\Windows\system32\Npcap ENE_EHD_M2_HAL (HKLM-x32\\{54d3d2b5-db16-446d-b6dd-f4964b166b3b}) (Version: 1.0.8.13 - ENE TECHNOLOGY INC.) Hidden Total Virtual: 37553.05 MB 2021-10-18 20:24 - 2021-10-18 20:24 - 000000000 ____D C:\Users\Pepega\AppData\Local\AMD Task: {ca0fb10b-e917-4aa5-9e3a-f6a019682f3f} - no filepath "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68912dca-04b7-43b9-b125-ab2888148ebb}" => removed successfully at System.Windows.Forms.Clipboard.GetDataObject(Int32, Int32) (NVIDIA Corporation -> NVIDIA) C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe 2021-10-15 11:59 - 2021-10-15 11:59 - 000000000 ____D C:\Users\Pepega\.Ld2VirtualBox 2021-10-02 23:26 - 2019-03-19 12:09 - 000390656 _____ (Windows Win 7 DDK provider) C:\Windows\SysWOW64\DXCpl.exe ==================== Loaded Modules (Whitelisted) ============= (Currently there is no automatic fix for this section.) R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [8234256 2021-10-21] (Riot Games, Inc. -> Riot Games, Inc.) Policies: C:\Users\Pepega\NTUSER.pol: Restriction <==== ATTENTION Launcher Prerequisites (x64) (HKLM-x32\\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Application errors: Detection Origin: Local machine Exception code: 0xc0000409 2021-10-02 23:04 - 2021-09-14 14:39 - 000067952 _____ C:\Windows\SysWOW64\FvSDK_x86.dll Task: {f72e227f-a82a-46d0-b517-0dcc9c2c1947} - no filepath "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{519e0c96-0a46-4c15-840e-41ed3cda1aef}" => removed successfully ==================== Memory info =========================== FirewallRules: [UDP Query User{08F3CC4B-7B5D-4621-9533-ECBECA43F79E}C:\windows\microsoft.net\framework64\v4.0.30319\vbc.exe] => (Allow) C:\windows\microsoft.net\framework64\v4.0.30319\vbc.exe (Microsoft Corporation -> Microsoft Corporation) Task: {f0e86eb7-a641-47fc-9528-df32545b183d} - no filepath BIOS: American Megatrends International, LLC. Task: {51006d50-cfd3-4b5a-af95-e596678bbea8} - no filepath Report Id: c4164c23-2f25-4c91-a107-f917df162ea7 (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3> Task: {73931e1e-d4e0-4d8f-9b0c-c332b70c4204} - no filepath (NVIDIA Corporation -> NVIDIA) C:\Program Files\NVIDIA Corporation\FrameViewSDK\bin\PresentMon_x64.exe <2> Task: {0c664c7f-7430-46ad-86a6-f5c0223c7fc4} - no filepath 10,510. at System.Windows.Forms.Clipboard.GetDataObject(Int32, Int32) Description: Task: {90b432e7-5c87-425c-9dd5-33099e0e41c9} - no filepath Task: {8c4fdb45-99dd-42f3-8984-07e5f8dff7f4} - no filepath Universal CRT Extension SDK (HKLM-x32\\{4D69FB64-4443-F2DD-DE1C-F14FD98AAC59}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden 0.0.0.0 sqm.telemetry.microsoft.com FF Extension: (Decentraleyes) - C:\Users\Pepega\AppData\Roaming\Mozilla\Firefox\Profiles\q42kwfcc.default-release\Extensions\jid1-BoFifL9Vbdl2zQ@jetpack.xpi [2021-10-05] The file which is running by the task will not be moved.) NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-10-03] (NVIDIA Corp.) HKU\S-1-5-21-326566074-3447909417-183555969-1001\\StartupApproved\Run: => "EpicGamesLauncher" Task: {b44de6b6-1303-474b-bd1f-0c3e771de5d9} - no filepath "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{132c3361-2a8c-4a3a-a81d-208c0f31a908}" => removed successfully Microsoft System CLR Types for SQL Server 2019 (HKLM\\{5BC7E9EB-13E8-45DB-8A60-F2481FEB4595}) (Version: 15.0.2000.5 - Microsoft Corporation) SDK ARM Redistributables (HKLM-x32\\{72DB07D6-E166-5A3F-B6E6-4664383781B8}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - Other Languages (HKLM-x32\\{B42BF427-AFDB-C00F-DB60-6F51395D74A1}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden Resetting Route, OK! 2021-10-03 23:13 - 2021-10-03 23:14 - 000008192 ___SH C:\DumpStack.log.tmp ======== 2021-10-02 22:56 - 2021-10-04 09:59 - 000000000 ___RD C:\Users\Pepega\OneDrive Universal CRT Redistributable (HKLM-x32\\{A57CD0A6-4297-FD30-34A4-34758B6F5F69}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" Task: {a2a9bb80-76ce-4752-9e44-f43e01b26a35} - no filepath 2021-10-02 22:52 - 2021-10-23 10:08 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk After this log, it shows our application 2021-10-13 16:41 - 2021-10-13 16:41 - 000001827 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk Task: {82a0b077-3637-4350-9431-56dbbbb4d5c1} - no filepath AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} vs_minshellx64msi (HKLM\\{5F5AAF1B-FD08-4AEB-A170-600545D57EF5}) (Version: 17.0.31709 - Microsoft Corporation) Hidden ^rinse and repeat. 2021-10-02 23:03 - 2021-09-14 14:39 - 000069856 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys It has done this 1 time(s). Feature: On Access Loaded Profiles: Pepega Detection Source: Real-Time Protection Task: {55b76d6d-fbf6-450e-a24e-071e1db9f945} - no filepath HKLM\System\CurrentControlSet\Services\npcap_wifi => removed successfully Task: {e21ec10f-b0f2-4d8c-ac9d-e74491370460} - no filepath 2021-10-02 23:19 - 2021-10-02 23:19 - 000000000 ____D C:\Program Files\Microsoft Visual Studio Detection Source: Real-Time Protection (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe Additional Data: - Right Click on Network Neighborhood -> left click on Properties -> left click on the Protocols tab -> double click on TCP/IP Protocol -> left click on DNS tab and enter a domain name in the "Domain:" field. i have tried manually removing these files in safe mode but again, it was only a temporary solution, as they are downloaded again (presumably using some sort of script), even though i have firewall enable Category: Settings Modifier "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65f6d357-0576-4835-8e37-d12ac62b76e0}" => removed successfully
Thomas Partey House Barnet, Patricia Sistine Skakel, Rock Island Steam Locomotive Roster, Funerals This Week At Trent Valley Crematorium, Homes For Sale In Jessamine County, Ky, Articles T