2021-10-02 23:25 - 2021-10-04 18:19 - 000000000 ____D C:\Windows\system32\1036 icecap_collectionresources (HKLM-x32\\{D71337CA-4452-43D2-9583-45670FF77185}) (Version: 17.0.31709 - Microsoft Corporation) Hidden S4 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\MsMpEng.exe [128392 2021-10-24] (Microsoft Windows Publisher -> Microsoft Corporation) The NVIDIA LocalSystem Container service terminated unexpectedly. Task: {7ef13d49-f1cb-4454-af1c-a7a9e880a031} - no filepath - Right Click on Network Neighborhood -> left click on Properties -> left click on the Protocols tab -> double click on TCP/IP Protocol -> left click on DNS tab and enter a domain name in the "Domain:" field. Task: {51f29cff-5f75-43a6-8c78-2970cd2f96ac} - no filepath (NVIDIA Corporation -> NVIDIA) C:\Program Files\NVIDIA Corporation\FrameViewSDK\bin\nvrla.exe 2021-10-04 18:42 - 2021-10-04 18:42 - 000000020 ___SH C:\Users\Pepega\ntuser.ini 2021-10-02 23:25 - 2021-10-04 18:19 - 000000000 ____D C:\Windows\system32\1045 Task: {53b08e97-673e-4df6-ae10-9a73f6648a6c} - no filepath =========== "C:\WINDOWS\system32\*.tmp" ========== 2021-10-15 11:58 - 2021-10-15 11:58 - 000000852 _____ C:\Users\Pepega\AppData\Roaming\Microsoft\Windows\Start Menu\LDMultiPlayer4.lnk Microsoft Edge (HKLM-x32\\Microsoft Edge) (Version: 95.0.1020.30 - Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-326566074-3447909417-183555969-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Pepega\AppData\Local\Microsoft\OneDrive\21.170.0822.0002\amd64\FileSyncShell64.dll => No File 2021-10-02 23:44 - 2021-10-04 18:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net 2021-10-02 22:59 - 2021-10-04 18:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR Date: 2021-10-24 15:35:27.734 HKU\S-1-5-21-326566074-3447909417-183555969-1001_Classes\CLSID\{47E6DCAF-41F8-441C-BD0E-A50D5FE6C4D1} => removed successfully 2021-10-12 19:18 - 2021-10-12 19:20 - 000000000 ____D C:\ProgramData\Epic 2021-10-13 22:14 - 2021-10-07 19:32 - 001111256 _____ C:\Windows\system32\vulkan-1.dll start Task: {0ed742eb-771d-447f-a4e4-64c6fd2882f4} - no filepath 2021-10-20 14:48 - 2021-10-20 14:50 - 000000000 ____D C:\Program Files (x86)\GIGABYTE ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\\{5A260D5A-95D3-4956-8E0A-E182CC4144ED}) (Version: 4.8.04162 - Microsoft Corporation) Hidden SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC ==================== MBR & Partition Table ==================== vs_clickoncebootstrappermsi (HKLM-x32\\{86B9577E-4C3E-4035-BAAF-CAFB08B73ADD}) (Version: 17.0.31709 - Microsoft Corporation) Hidden 2021-09-30 14:35 - 2021-09-30 14:35 - 001988096 _____ (GIGABYTE) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\AACSSD_Lib.dll Task: {9b1a2e00-1c51-45d5-b5e4-9257d58cc2fe} - no filepath vs_communitymsires (HKLM-x32\\{C1C3D2B9-781E-4D38-BF06-1D1FF670FA95}) (Version: 17.0.31709 - Microsoft Corporation) Hidden Close the Dell Digital Delivery application. vs_communityx64msi (HKLM\\{CCDBCB7A-75E1-4F9E-AC6C-3F8C6A5D60F7}) (Version: 17.0.31710 - Microsoft Corporation) Hidden Discord (HKU\S-1-5-21-326566074-3447909417-183555969-1001\\Discord) (Version: 1.0.9003 - Discord Inc.) vs_minshellx64msi (HKLM\\{5F5AAF1B-FD08-4AEB-A170-600545D57EF5}) (Version: 17.0.31709 - Microsoft Corporation) Hidden Python 3.9.5 Core Interpreter (64-bit) (HKLM\\{FBB6299D-CB58-4177-B6A0-63BFB1C8C3AE}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896 Task: {92ec50a0-247a-4611-885a-d70f21f03e46} - no filepath 2021-10-14 17:26 - 2021-10-14 17:26 - 000058304 _____ C:\Windows\system32\Drivers\49306c4f52694d326545524e61315a68555667314e6a6c4662576c51524768434e6b7056.sys Error: Unable to rebuild performance counter setting from system backup store, error code is 2 Task: {b1fed2a8-3200-4219-af34-0fd05172af37} - no filepath 2021-10-16 20:39 - 2021-10-16 20:49 - 000000000 ____D C:\Program Files\Adobe 2021-10-02 23:22 - 2021-10-02 23:22 - 000000000 ____D C:\Program Files\Microsoft SQL Server icecap_collection_neutral (HKLM-x32\\{519060B0-9C83-4D54-97A7-32C2350583C9}) (Version: 17.0.31709 - Microsoft Corporation) Hidden Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.9220.0_x64__8wekyb3d8bbwe [2021-10-12] (Microsoft Studios) [MS Ad] FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2021-10-16] (Adobe Inc. -> Adobe Systems) (GIGA-BYTE TECHNOLOGY CO., LTD. -> ) C:\Program Files (x86)\GIGABYTE\RGBFusion\RGBFusion.exe Epic Games Launcher (HKLM-x32\\{209F4B4B-3DF2-4825-9906-D4D6A80EC09E}) (Version: 1.3.0.0 - Epic Games, Inc.) 2021-10-02 22:56 - 2021-10-07 19:25 - 007578032 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll ========= End of CMD: ========= 2021-10-03 18:39 - 2021-10-07 12:21 - 000049533 _____ C:\Windows\diagerr.xml Startup: C:\Users\Pepega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Thing2.bat [2021-10-24] () [File not signed] "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{414df2f8-cc7c-49b6-a90f-8e407ed62e02}" => removed successfully Task: {57f92185-4f7e-4549-bf72-8ded737637ee} - no filepath Task: {257fa8a3-d406-4d7e-99a9-c9e255f9f6f0} - no filepath Name: SettingsModifier:Win32/PossibleHostsFileHijack 2021-10-18 19:33 - 2021-10-18 19:33 - 000002385 _____ C:\Users\Pepega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nahimic Companion.lnk Universal CRT Extension SDK (HKLM-x32\\{4D69FB64-4443-F2DD-DE1C-F14FD98AAC59}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden Adobe Media Encoder 2021 (HKLM-x32\\AME_15_4_1) (Version: 15.4.1 - Adobe Inc.) 2021-10-02 22:51 - 2021-10-02 22:51 - 000000000 ____D C:\Windows\CSC SDK ARM Additions (HKLM-x32\\{FCF9D89E-6F79-64FB-B08D-B0E69FF54DEE}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden It has done this 1 time(s). Task: {11dec036-7e8b-4b5b-906d-51876287d3d1} - no filepath 'Thing.bat' and 'Thing2.bat' are batch files that i wrote to try and kill 'Update.exe' and 'Windows Driver Installation Service.exe'. (Currently there is no automatic fix for this section.) 2021-10-02 23:02 - 2021-10-07 19:28 - 000792208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2021-10-02 23:03 - 2021-09-14 14:39 - 000043408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\NvModuleTracker.sys go to : C:\Program Files (x86)\GIGABYTE\AORUS LCD Panel Setting\Updater and run FWUpgrade.exe, you will see the progress and after completion, it will ask you to shutdown, click yes and the turn on the pc again. my os is win10 x64, 2004. goodluck. I have the 3090 and I do not see that folder. Task: {b44de6b6-1303-474b-bd1f-0c3e771de5d9} - no filepath Faulting package-relative application ID: 2021-10-02 23:25 - 2021-10-04 18:19 - 000000000 ____D C:\Windows\SysWOW64\3082 C:\WINDOWS\syswow64\*.tmp ==================== Installed Programs ====================== 2021-10-02 23:26 - 2019-03-19 13:20 - 000415232 _____ (Windows Win 7 DDK provider) C:\Windows\system32\DXCpl.exe Task: {fc60ad33-5948-48d9-9f11-c6ca25373a9c} - no filepath 2021-10-22 11:43 - 2021-10-22 11:43 - 000000000 ____D C:\Users\Pepega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Riot Games ==================== NetSvcs (Whitelisted) =================== Task: {29ad0c16-34a9-49f9-a1d8-81f44fff082d} - no filepath ==================== MSCONFIG/TASK MANAGER disabled items == 2021-10-12 19:23 - 2021-10-12 19:23 - 000000000 ____D C:\Program Files\Epic Games ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> ) ==================== Internet (Whitelisted) ==================== Error: (10/24/2021 07:36:20 PM) (Source: Application Error) (EventID: 1000) (User: ) fixlist content: 2021-10-08 09:32 - 2021-10-08 09:32 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla R2 NahimicService; C:\Windows\system32\NahimicService.exe [1633288 2020-12-10] (A-Volute SAS -> Nahimic) "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0ffde93b-8785-42a8-8c6c-2672d544280d}" => removed successfully Task: {0c664c7f-7430-46ad-86a6-f5c0223c7fc4} - no filepath For more information please see the following:https://go.microsoft.com/fwlink/?linkid=37020&name=SettingsModifier:Win32/PossibleHostsFileHijack&threatid=14994&enterprise=0 FF Extension: (Kurgzsekseta) - C:\Users\Pepega\AppData\Roaming\Mozilla\Firefox\Profiles\q42kwfcc.default-release\Extensions\{e8f3b919-d290-4270-b66f-29f3fdbb1986}.xpi [2021-10-05] Solution: Close the Dell Digital Delivery application, launch Internet Explorer and attempt to navigate to any website. 2021-10-03 09:05 - 2019-03-19 15:52 - 000000000 ____D C:\Windows\appcompat Task: {4d4276f1-945c-486b-b48f-62cda9b73d18} - no filepath Task: {dceb985f-25eb-484d-ae30-6da7f11e1091} - no filepath FirewallRules: [{199C16F6-0269-4609-BF27-31826F152D00}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) Edge DefaultProfile: Default 2021-10-13 22:14 - 2021-10-07 19:29 - 000635008 _____ C:\Windows\SysWOW64\nvofapi.dll 2021-10-22 12:27 - 2021-10-24 19:38 - 000000001 _____ C:\Windows\vgkbootstatus.dat Task: {e62b268c-ea0c-4217-bfa2-7bd1145ba5a0} - no filepath Task: {646144d0-0d5f-463c-aedc-cbc190d10525} - no filepath "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{cefea723-c2e4-4ec0-b440-c45c5526fda8}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6298650e-c3bc-47e3-a571-b4eea94ac419}" => removed successfully 2021-10-24 14:57 - 2021-10-24 15:28 - 000000000 ____D C:\ProgramData\Malwarebytes Reboot: Fix result of Farbar Recovery Scan Tool (x64) Version: 20-10-2021 1) windows task manager process tab sorted by memory (most at the top), Must contain, memory, disk, network, GPU, GPU engine columns 2) Blue iris status (lighting bolt graph,upper left corner) clip storage tab 3) blue Iris status cameras tab Category: Settings Modifier BlueStacksDrv_nxt => service removed successfully See Hosts section of Addition.txt 2021-10-13 16:39 - 2021-10-13 16:39 - 000000000 ____D C:\Windows\SysWOW64\Npcap 0.0.0.0 feedback.search.microsoft.com HKLM\\StartupApproved\Run: => "Riot Vanguard" It is the time when you shutdown not (If an entry is included in the fixlist, it will be removed.) Framework Version: v4.0.30319 Task: {252c0390-ef87-47eb-805e-da800dd5671d} - no filepath Task: {f746fb73-bc4d-499e-882f-e5f30abe8a2f} - no filepath 2021-10-07 12:09 - 2019-12-07 22:09 - 000000000 ___HD C:\$WINDOWS.~BT 2021-10-02 23:18 - 2021-10-02 23:19 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65f6d357-0576-4835-8e37-d12ac62b76e0}" => removed successfully 2021-10-12 19:18 - 2021-10-12 19:18 - 000000000 ____D C:\Program Files (x86)\Epic Games 2021-10-03 16:47 - 2019-03-19 15:49 - 000028672 _____ C:\Windows\system32\config\BCD-Template 2021-10-22 11:43 - 2021-10-22 11:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1539d558-2bfa-453d-a38e-aa8bbec05194}" => removed successfully SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC 2021-10-04 18:09 - 2021-10-04 18:09 - 000008192 _____ C:\Windows\system32\config\userdiff 2021-10-20 14:50 - 2020-11-23 13:38 - 000475648 _____ (GIGABYTE Technology Co.,Ltd.) vs_Graphics_Singletonx86 (HKLM-x32\\{7DDDDC70-9531-49E9-8002-9FAB2B87B54A}) (Version: 17.0.31710 - Microsoft Corporation) Hidden 2021-10-02 22:55 - 2021-10-16 20:49 - 000000000 ____D C:\Users\Pepega\AppData\Roaming\Adobe 2021-10-24 18:02 - 2021-10-24 20:25 - 000072704 _____ (Microsoft Windows Operating System) C:\Users\Pepega\AppData\Local\Update.exe Error: Unable to rebuild performance counter setting from system backup store, error code is 2 "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{e62b268c-ea0c-4217-bfa2-7bd1145ba5a0}" => removed successfully 2021-10-02 23:25 - 2021-10-02 23:26 - 000000000 ____D C:\Windows\system32\1042 Check that it's latest OS build. C:\Users\Pepega\AppData\Local\Update.exe Task: {51006d50-cfd3-4b5a-af95-e596678bbea8} - no filepath 2021-10-15 11:40 - 2021-10-15 11:40 - 000000000 ____D C:\ProgramData\BlueStacks_nxt "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{e6857042-80d9-4422-85b4-1c5dc0aae451}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51f29cff-5f75-43a6-8c78-2970cd2f96ac}" => removed successfully Resetting Wakeup Pattern, OK! AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} i have the 3090rtx xtreme from gigabyte. Task: {4972aadd-d0db-4681-984f-17b847488bc9} - no filepath 2021-10-18 19:33 - 2021-10-18 19:33 - 000000000 ____D C:\Windows\system32\A-Volute 2021-10-16 20:39 - 2021-10-16 20:41 - 000000000 ____D C:\ProgramData\Adobe 2021-10-02 23:25 - 2021-10-02 23:26 - 000000000 ____D C:\Windows\SysWOW64\1028 (NVIDIA Corporation -> NVIDIA) C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe 2021-10-13 08:53 - 2021-10-14 10:24 - 000000059 _____ C:\Users\Pepega\Desktop\big.txt Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-10-2021 2021-10-15 11:58 - 2021-10-15 11:58 - 000000000 ____D C:\Program Files\ldplayerbox Python 3.9.5 Tcl/Tk Support (64-bit symbols) (HKLM\\{9F0D0DF1-B4D0-4760-A174-0CFF5C09D758}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden Task: {19e78c37-4706-4ee6-b14f-00a377e1761c} - no filepath Universal CRT Headers Libraries and Sources (HKLM-x32\\{6B56745A-F6A4-C51C-933A-AD96C00683EA}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden Resetting , OK! Task: {410813e0-851c-472e-9a03-ef8f43a11e2b} - no filepath Detection Type: Concrete 2021-10-02 23:46 - 2021-10-24 14:30 - 000000000 ____D C:\Program Files (x86)\Steam Loaded Profiles: Pepega vs_tipsmsi (HKLM-x32\\{095C2612-23F7-4654-898F-7AD74FECB74A}) (Version: 17.0.31703 - Microsoft Corporation) Hidden 2021-10-01 15:07 - 2021-10-01 15:07 - 002045440 _____ (TODO: ) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\SMBCtrl.dll Description: The AORUS LCD Panel Service service terminated unexpectedly. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{a4a7b095-aaa9-401c-a9d7-8abe8ea301af}" => removed successfully Drive c: () (Fixed) (Total:1863.02 GB) (Free:1519.33 GB) NTFS HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) 2021-10-02 23:25 - 2021-10-04 18:19 - 000000000 ____D C:\Windows\system32\1049 Network Binding: 2021-10-15 11:58 - 2021-10-15 11:58 - 000000827 _____ C:\Users\Pepega\AppData\Roaming\Microsoft\Windows\Start Menu\LDPlayer4.lnk 2021-10-24 13:24 - 2021-10-24 13:24 - 000000000 ____D C:\Users\Pepega\Desktop\tron (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Print driver host for applications\Print driver host for applications.exe HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141 Task: {cd558596-f4ee-4e6a-a00e-029783722e00} - no filepath "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8a8c9b4d-3ba3-4f5f-8da4-8714c002e24f}" => removed successfully
Webex Audio Keeps Cutting Out, Articles T