Task: {c68b5818-129c-4160-9e29-1a8feeb737d8} - no filepath 2021-10-02 23:25 - 2021-10-02 23:26 - 000000000 ____D C:\Windows\SysWOW64\1041 0.0.0.0 telemetry.microsoft.com Resetting Proxy Neighbor, OK! Battle.net (HKLM-x32\\Battle.net) (Version: - Blizzard Entertainment) ==================== MBR & Partition Table ==================== Task: {73931e1e-d4e0-4d8f-9b0c-c332b70c4204} - no filepath 2021-10-15 11:58 - 2021-10-15 11:58 - 000000828 _____ C:\Users\Pepega\Desktop\LDMultiPlayer4.lnk Task: {bc549475-73a3-47b9-8e8c-cce95c3b76c2} - no filepath "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{e2e2a07e-8ce9-45bf-94db-a91755d15155}" => removed successfully 2021-10-24 21:16 - 2021-10-24 21:20 - 000025442 _____ C:\Users\Pepega\Downloads\FRST.txt icecap_collectionresources (HKLM-x32\\{D71337CA-4452-43D2-9583-45670FF77185}) (Version: 17.0.31709 - Microsoft Corporation) Hidden 2021-10-03 15:48 - 2021-10-03 15:48 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf Date: 2021-10-24 15:35:53.954 "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{cf65bcb3-58fb-4f8a-ad70-57403d1f5d1f}" => removed successfully 2021-10-04 18:19 - 2019-03-19 15:52 - 000000000 ____D C:\Windows\system32\GroupPolicy 2021-10-02 23:03 - 2021-09-14 14:39 - 000144240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2021-10-09 19:30 - 2021-10-09 19:30 - 000058304 _____ C:\Windows\system32\Drivers\49306c4f52694e4555486333655846434e586f3256576c6e5a334e784f4535614e585674.sys 2021-10-24 14:58 - 2021-10-24 14:58 - 000000000 ____D C:\ProgramData\Sophos 2021-10-05 09:55 - 2021-10-08 11:46 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service Framework Version: v4.0.30319 Task: {6c61cc2f-6bf1-4d13-9cc0-dd2cf2ba3087} - no filepath Task: {e3f16153-689d-41be-bf13-59cd11df70d5} - no filepath Task: {80442d75-04ca-4d81-8c53-a52f6d4b32b0} - no filepath 2021-10-03 18:39 - 2021-10-07 12:21 - 000049533 _____ C:\Windows\diagwrn.xml FirewallRules: [TCP Query User{CF0A0468-41A2-4CF4-BDA6-1586AE73104D}C:\windows\microsoft.net\framework64\v4.0.30319\vbc.exe] => (Allow) C:\windows\microsoft.net\framework64\v4.0.30319\vbc.exe (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> ) FireFox: 0.0.0.0 watson.telemetry.microsoft.com ============= 2021-10-21 09:11 - 2021-10-21 09:11 - 000058304 _____ C:\Windows\system32\Drivers\49306c4f52694e45546d63335a55524c4d56517854575651566c6c4d64334a474f565268.sys 2021-10-02 23:04 - 2021-10-02 23:04 - 000003940 _____ C:\Windows\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} Task: {38c61830-b1df-4717-ae92-954fefd27747} - no filepath vs_communityx64msi (HKLM\\{CCDBCB7A-75E1-4F9E-AC6C-3F8C6A5D60F7}) (Version: 17.0.31710 - Microsoft Corporation) Hidden "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7758a3fe-bd22-4403-acda-05ae12b2505a}" => removed successfully Task: {8457ad0b-1c75-431d-a5ae-ee1aed76a239} - no filepath 2021-10-13 22:14 - 2021-10-07 19:32 - 001874648 _____ C:\Windows\system32\vulkaninfo.exe "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{b1fed2a8-3200-4219-af34-0fd05172af37}" => removed successfully 2021-10-03 09:11 - 2021-10-03 09:11 - 000000000 ____D C:\Users\Pepega\AppData\Local\ServiceHub "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0ffde93b-8785-42a8-8c6c-2672d544280d}" => removed successfully Task: {b8ce6039-5202-4c0c-b706-9d55226ab086} - no filepath 2021-10-24 14:56 - 2019-03-19 15:52 - 000000000 ____D C:\Windows\AppReadiness Entity Framework 6.2.0 Tools for Visual Studio 2022 (HKLM-x32\\{3A21F37E-9707-4E7F-94EB-2937A1C931FA}) (Version: 6.2.0.0 - Microsoft Corporation) Hidden Task: {10914230-EDDF-4324-BD6D-2A05C1496959} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-09-14] (NVIDIA Corporation -> NVIDIA Corporation) 0.0.0.0 choice.microsoft.com.nstac.net S4 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [434424 2021-10-24] (Microsoft Windows -> Microsoft Corporation) (NVIDIA Corporation -> NVIDIA) C:\Program Files\NVIDIA Corporation\FrameViewSDK\bin\nvrla.exe After this log, it shows our application Reason: The filter driver was unloaded unexpectedly. 0.0.0.0 feedback.search.microsoft.com Task: {6d29bb8b-f135-47e9-9ff9-392b06a68bf3} - no filepath 2021-10-13 22:14 - 2021-10-07 19:27 - 005703288 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2021-10-03 09:12 - 2021-10-03 09:12 - 000000000 ____D C:\Users\Pepega\AppData\Roaming\NuGet Task: {4de67c63-be14-4dd1-af32-f53029177ebc} - no filepath Task: {cf65bcb3-58fb-4f8a-ad70-57403d1f5d1f} - no filepath R2 AORUS LCD Panel Service; C:\Program Files (x86)\GIGABYTE\AORUS LCD Panel Setting\MonitorService-exec.exe [360960 2018-12-21] (CloudBees, Inc.) [File not signed] SearchScopes: HKU\S-1-5-21-326566074-3447909417-183555969-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 Task: {6298650e-c3bc-47e3-a571-b4eea94ac419} - no filepath 2021-10-02 22:56 - 2021-10-24 15:34 - 000000000 ____D C:\ProgramData\NVIDIA Corporation FirewallRules: [UDP Query User{0A8BBE95-3686-4B16-8A84-FCFD22173BE9}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe (Activision Publishing Inc -> Activision) 2021-10-24 14:56 - 2019-03-19 15:52 - 000000000 ___HD C:\Program Files\WindowsApps 2021-10-02 23:07 - 2021-10-02 23:07 - 000000000 ____D C:\Users\Pepega\AppData\Local\SquirrelTemp 2021-10-02 23:44 - 2021-10-24 12:19 - 000000000 ____D C:\Users\Pepega\AppData\Local\Battle.net Python 3.9.5 Test Suite (64-bit) (HKLM\\{605117B9-EE12-4498-A089-A63219191799}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden This error could be caused if the system stopped responding, crashed, or lost power unexpectedly. (Microsoft Windows Operating System) [File not signed] C:\Users\Pepega\AppData\Local\Update.exe Total physical RAM: 32689.05 MB It has done this 1 time(s). 2021-10-13 22:14 - 2021-10-07 19:28 - 000564352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll The fix I suggested did stop both of these .bat files to run. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{b2522ebf-6a65-406b-9bc7-1ce57d2a2c7c}" => removed successfully FirewallRules: [{F7197523-B9AE-42F6-9BCD-3487235CDA82}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe => No File 0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92ec50a0-247a-4611-885a-d70f21f03e46}" => removed successfully 2021-10-04 18:19 - 2019-03-19 15:52 - 000000000 ____D C:\Windows\system32\ta-in WinRT Intellisense IoT - Other Languages (HKLM-x32\\{216D5F47-257D-6284-5849-B51037875EFA}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden Resetting Resolve Neighbor, OK! Edited by presto12345, 24 October 2021 - 06:27 AM. Detection Origin: Local machine [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\GVDisplay.dll Network Binding: 2021-10-02 23:02 - 2021-10-18 19:32 - 000000000 ____D C:\Program Files (x86)\Realtek 2021-10-22 11:43 - 2021-10-22 11:43 - 000000000 ____D C:\Users\Pepega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Riot Games HKLM\System\CurrentControlSet\Services\npcap_wifi => removed successfully Boot Mode: Normal SearchScopes: HKU\S-1-5-21-326566074-3447909417-183555969-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 HKU\S-1-5-21-326566074-3447909417-183555969-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141 2021-10-02 23:23 - 2021-10-18 13:15 - 000000000 ____D C:\Program Files (x86)\dotnet \\?\Volume{7551d85d-c70c-448e-b08c-13d1c138506d}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4204c90d-5097-480b-ab90-0cff3c443b89}" => removed successfully ==================== One month (modified) ================== Microsoft Update Health Tools (HKLM\\{8A6AB459-CB4B-4D09-8C1E-337FB59135C4}) (Version: 2.84.0.0 - Microsoft Corporation) here are the virustotals for the 2 files:https://www.virustotal.com/gui/file/85aa1344d28fd7c6a911924040e5b3ae1278fb70444cd39d056bd270f147f61bhttps://www.virustotal.com/gui/file/85aa1344d28fd7c6a911924040e5b3ae1278fb70444cd39d056bd270f147f61b/behavior/Microsoft%20Sysinternals, FRST RESULTS: HKLM\\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_df67044ddd98b524\RtkAudUService64.exe [1273712 2021-07-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor) Resetting , OK! 2021-10-02 23:26 - 2019-03-19 13:20 - 000415232 _____ (Windows Win 7 DDK provider) C:\Windows\system32\DXCpl.exe Error: (10/24/2021 08:19:57 PM) (Source: Application Error) (EventID: 1000) (User: ) 2021-10-02 22:55 - 2021-10-16 20:49 - 000000000 ____D C:\Users\Pepega\AppData\Roaming\Adobe "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68912dca-04b7-43b9-b125-ab2888148ebb}" => removed successfully 2021-10-24 18:02 - 2021-10-24 20:25 - 000072704 _____ (Microsoft Windows Operating System) C:\Users\Pepega\AppData\Local\Update.exe Resetting Site Prefix, OK! Resetting Multicast Address, OK! 2021-10-16 20:39 - 2021-10-16 20:41 - 000000000 ____D C:\Program Files (x86)\Adobe ==================== Installed Programs ====================== Steam (HKLM-x32\\Steam) (Version: 2.10.91.91 - Valve Corporation) Python 3.9.5 Core Interpreter (64-bit symbols) (HKLM\\{7AE79937-D0A7-4D36-9965-5E91E22E5FFA}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden Description: The WinRing0_1_2_0 service failed to start due to the following error: 2021-10-18 19:33 - 2021-10-18 19:33 - 000000000 ____D C:\Windows\system32\A-Volute GroupPolicy: Restriction ? 2021-10-13 16:39 - 2021-10-13 16:39 - 000003192 _____ C:\Windows\system32\Tasks\npcapwatchdog Task: {a4a7b095-aaa9-401c-a9d7-8abe8ea301af} - no filepath Packages: Detection Source: Real-Time Protection "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{572eb39c-ac47-4eda-a21b-d776650fa302}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{414df2f8-cc7c-49b6-a90f-8e407ed62e02}" => removed successfully HKLM\System\CurrentControlSet\Services\BlueStacksDrv_nxt => removed successfully Task: {410813e0-851c-472e-9a03-ef8f43a11e2b} - no filepath Stage:GATHER_RULES_FROM_LICENSES ==================== Shortcuts & WMI ======================== The following corrective action will be taken in 3 milliseconds: Restart the service. Task: {57f92185-4f7e-4549-bf72-8ded737637ee} - no filepath Task: {9787f435-46f9-458d-9737-9ba0cb4bc234} - no filepath 2021-10-04 18:19 - 2019-03-19 15:52 - 000000000 ____D C:\Windows\system32\WinBioDatabase 2021-10-14 13:14 - 2021-10-14 13:14 - 000058304 _____ C:\Windows\system32\Drivers\49306c4f52694e454d556f325256464b5a33706c566b3161516c64354f544e6a4f457436.sys 0.0.0.0 sqm.telemetry.microsoft.com Task: {53b08e97-673e-4df6-ae10-9a73f6648a6c} - no filepath i have tried manually removing these files in safe mode but again, it was only a temporary solution, as they are downloaded again (presumably using some sort of script), even though i have firewall enable Task: {e21ec10f-b0f2-4d8c-ac9d-e74491370460} - no filepath HKU\S-1-5-21-326566074-3447909417-183555969-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg Engine Version: AM: 1.1.18600.4, NIS: 1.1.18600.4 "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F7197523-B9AE-42F6-9BCD-3487235CDA82}" => removed successfully Task: {e6857042-80d9-4422-85b4-1c5dc0aae451} - no filepath ALASKA - 1072009 06/22/2021 Task: {55b76d6d-fbf6-450e-a24e-071e1db9f945} - no filepath (If an entry is included in the fixlist, the file/folder will be moved.) FF Extension: (uBlock Origin) - C:\Users\Pepega\AppData\Roaming\Mozilla\Firefox\Profiles\q42kwfcc.default-release\Extensions\uBlock0@raymondhill.net.xpi [2021-10-24] Task: {7758a3fe-bd22-4403-acda-05ae12b2505a} - no filepath 2021-10-13 16:39 - 2021-10-13 16:39 - 000000000 ____D C:\Windows\SysWOW64\Npcap HKLM\\StartupApproved\Run: => "WindowsDefender" Task: {df1c3fe3-3222-4a5e-b520-95a4768a5710} - no filepath Severity: Medium Task: {a2a9bb80-76ce-4752-9e44-f43e01b26a35} - no filepath "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{560963e7-8fb3-45a5-b560-b69102dfab6a}" => removed successfully The Corsair Service service terminated unexpectedly. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{df1c3fe3-3222-4a5e-b520-95a4768a5710}" => removed successfully FirewallRules: [UDP Query User{019D75AB-C81F-411D-9974-8F4883C85907}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.) Description: The rules engine failed to evaluate the rules. 2021-10-22 22:53 - 2019-03-19 15:52 - 000000000 ____D C:\Windows\system32\NDF Fix result of Farbar Recovery Scan Tool (x64) Version: 20-10-2021 Task: {257fa8a3-d406-4d7e-99a9-c9e255f9f6f0} - no filepath Task: {2d5dd02e-d989-436b-a3d0-b2283ce2c942} - no filepath 2021-10-24 14:37 - 2019-03-19 15:52 - 000000000 ____D C:\Program Files\Windows Defender ==================== Scheduled Tasks (Whitelisted) ============ Check that it's latest OS build. 2021-10-02 23:46 - 2021-10-24 14:30 - 000000000 ____D C:\Program Files (x86)\Steam Resetting Anycast Address, OK! Wi-Fi: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) R1 npcap; C:\Windows\system32\DRIVERS\npcap.sys [74744 2021-04-22] (Insecure.Com LLC -> Insecure.Com LLC.) 2021-10-02 23:44 - 2021-10-04 18:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net CustomCLSID: HKU\S-1-5-21-326566074-3447909417-183555969-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Pepega\AppData\Local\Microsoft\OneDrive\21.170.0822.0002\amd64\FileSyncShell64.dll => No File (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe <2> Task: {66f5635a-5bb6-4432-8d29-d7d2f625b98a} - no filepath Restore point was successfully created. #1. 2021-10-02 22:51 - 2021-10-10 13:03 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23df4797-0507-44e3-9c41-f5d1be966072}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00f722c3-08dc-4b10-b10e-91a3004714f3}" => removed successfully however because i have other "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82a0b077-3637-4350-9431-56dbbbb4d5c1}" => removed successfully 2021-09-30 14:33 - 2021-09-30 14:33 - 001993216 _____ (GIGABYTE) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\AACPCIeSSD_Lib.dll Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.30.30528 (HKLM-x32\\{b8a0348b-0f62-46f7-b7a2-e3926f10955f}) (Version: 14.30.30528.0 - Microsoft Corporation) The file which is running by the task will not be moved.) Task: {7d4dac2b-fbf4-45de-adae-6a9396b9ca9c} - no filepath CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R Faulting module name: SinEx 4.2.0 BETA Woofer [All Winver].exe, version: 0.0.0.0, time stamp: 0x616e2119 Web- Request warranty service online - Request and check RMA status Business Support - Check warranty status by SN - Request and check RMA status Warranty Terms 3 years Service Center G.B.T., Inc. 2021-10-14 10:50 - 2021-10-14 17:35 - 000001229 ____H C:\Users\Pepega\AppData\Local\d89b27a4d89b27a4d89b Task: {00f722c3-08dc-4b10-b10e-91a3004714f3} - no filepath Task: {82a0b077-3637-4350-9431-56dbbbb4d5c1} - no filepath Task: {572eb39c-ac47-4eda-a21b-d776650fa302} - no filepath Task: {19e78c37-4706-4ee6-b14f-00a377e1761c} - no filepath Startup: C:\Users\Pepega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Thing2.bat [2021-10-24] () [File not signed] "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{b086bb79-9ed7-4043-ab6c-148342fcf383}" => removed successfully FirewallRules: [TCP Query User{3D3D13C6-EB42-4BF7-9989-E995CB143820}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.) Task: {4fb942bf-3d44-41ff-bc65-52cd12996f26} - no filepath hey guys, i have a miner on my computer and i dont know how to remove it. Task: {95bbc0e1-37d1-403e-badd-d7f7c4fc36d1} - no filepath 2021-10-18 19:33 - 2021-10-18 19:33 - 000002385 _____ C:\Users\Pepega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nahimic Companion.lnk 2021-10-04 11:39 - 2021-10-14 11:49 - 000058304 _____ (Intel Corporation ) C:\Windows\system32\Drivers\49306c4f52694e4557446c556347467a5a44673559566c4954584a44616c687152576c6a.sys 2021-10-24 12:15 - 2021-10-24 12:15 - 000000000 ____D C:\Program Files (x86)\Print driver host for applications WinRT Intellisense Desktop - Other Languages (HKLM-x32\\{B42BF427-AFDB-C00F-DB60-6F51395D74A1}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden The following corrective action will be taken in 3 milliseconds: Restart the service. Task: {0e056076-a1e1-4979-83ca-d3b97785e4bb} - no filepath HKU\S-1-5-21-326566074-3447909417-183555969-1001\\StartupApproved\Run: => "OneDrive" The file will not be moved unless listed separately.) 'Thing.bat' and 'Thing2.bat' are batch files that i wrote to try and kill 'Update.exe' and 'Windows Driver Installation Service.exe' on startup, but as said in my post, the apps have a delayed start so my batch files are pretty much useless. 2021-10-13 22:14 - 2021-10-07 19:26 - 000849040 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe FirewallRules: [{E2EA9D77-F4B6-46E6-94CF-DAE772492424}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve Corp. -> ) "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{358ba298-e9a3-4572-a1cd-6ec4e7b85984}" => removed successfully 2021-10-02 22:56 - 2021-10-07 19:25 - 007578032 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll Detection Source: Real-Time Protection (If an entry is included in the fixlist, it will be removed.) In bios, its not showing up all of my SSDs, but at no point is it 0.0.0.0 settings-sandbox.data.microsoft.com But again, it could be just a temporary solution, and the miner would re-appear again. 2021-10-23 13:47 - 2021-10-23 13:47 - 000058304 _____ C:\Windows\system32\Drivers\49306c4f52694d3361456431565451784e3342326455786c5531673353475634636e566a.sys "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6ee54cdc-f0d4-4cad-be32-be99498e56b8}" => removed successfully Security intelligence Version: AV: 1.351.958.0, AS: 1.351.958.0, NIS: 1.351.958.0 Task: {f31abc37-3a79-4244-9a4b-03a808823654} - no filepath Task: {481404b2-cd19-4388-9998-80f99056dcfd} - no filepath Task: {b086bb79-9ed7-4043-ab6c-148342fcf383} - no filepath CustomCLSID: HKU\S-1-5-21-326566074-3447909417-183555969-1001_Classes\CLSID\{20894375-46AE-46E2-BAFD-CB38975CDCE6}\InprocServer32 -> C:\Users\Pepega\AppData\Local\Microsoft\OneDrive\21.170.0822.0002\amd64\FileSyncShell64.dll => No File Task: {e2e2a07e-8ce9-45bf-94db-a91755d15155} - no filepath Task: {43f54ace-856e-4b50-9808-1588b79b7c18} - no filepath "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{fc60ad33-5948-48d9-9f11-c6ca25373a9c}" => removed successfully The Client License Service (ClipSVC) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Fault offset: 0x000000000003a839 10,510. vs_devenvsharedmsi (HKLM-x32\\{50BACB43-F405-4D93-B102-DE47540F2A07}) (Version: 17.0.31703 - Microsoft Corporation) Hidden vs_CoreEditorFonts (HKLM-x32\\{E247EDC7-CB46-45AD-9F59-C5C339A006D9}) (Version: 17.0.31716 - Microsoft Corporation) Hidden Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 25-10-2021 08:47:26) Task: {b30dbf6f-75b4-422c-82ed-f93cae0f7dec} - no filepath Task: {53092fd3-455c-4d74-9110-8a5211ddb6c2} - no filepath HKU\S-1-5-21-326566074-3447909417-183555969-1001\\Run: [Discord] => C:\Users\Pepega\AppData\Local\Discord\Update.exe [1512608 2021-09-22] (Discord Inc. -> GitHub) 2021-10-03 09:12 - 2021-10-03 09:12 - 000000000 ____D C:\Users\Pepega\source 2021-10-03 15:48 - 2021-10-24 14:37 - 000000000 ____D C:\Windows\system32\Drivers\wd C:\Users\Pepega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Thing.bat => moved successfully 2021-10-24 14:57 - 2021-10-24 14:57 - 000000000 ____D C:\Users\Pepega\AppData\Local\mbamtray 2021-10-18 19:32 - 2021-07-29 05:38 - 006582064 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys 2021-10-07 17:52 - 2021-10-08 11:46 - 000000000 ____D C:\Program Files\Mozilla Firefox FirewallRules: [TCP Query User{28A199D2-4D67-4933-A8E1-FB5A7CEBD024}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.) 2021-10-02 23:25 - 2021-10-04 18:19 - 000000000 ____D C:\Windows\SysWOW64\1045 Name: SettingsModifier:Win32/PossibleHostsFileHijack 2021-10-02 22:55 - 2021-10-04 18:28 - 000000000 ___RD C:\Users\Pepega\3D Objects Task: {6c61cc2f-6bf1-4d13-9cc0-dd2cf2ba3087} - no filepath 2021-10-03 10:44 - 2016-02-23 00:52 - 000111692 _____ C:\Users\Pepega\Documents\Burbank Big Condensed Black.ttf CMD: ipconfig /flushDNS FF Extension: (vidIQ Vision for YouTube) - C:\Users\Pepega\AppData\Roaming\Mozilla\Firefox\Profiles\q42kwfcc.default-release\Extensions\firefox@vid.io.xpi [2021-10-23] Task: {C6B4432E-BB97-4CBA-9DFC-158E3B8F51BE} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [680888 2021-10-07] (Mozilla Corporation -> Mozilla Foundation)
Mbta Payroll Department,
Purpose Of Life In Islam In Urdu,
Articles T
