ENE_EHD_M2_HAL (HKLM\\{37A48B7F-D4EA-4863-844E-A284E2AA3C5D}) (Version: 1.0.8.13 - ENE TECHNOLOGY INC.) Hidden ENE_EHD_M2_HAL (HKLM-x32\\{54d3d2b5-db16-446d-b6dd-f4964b166b3b}) (Version: 1.0.8.13 - ENE TECHNOLOGY INC.) Hidden Task: {C6B4432E-BB97-4CBA-9DFC-158E3B8F51BE} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [680888 2021-10-07] (Mozilla Corporation -> Mozilla Foundation) service 2021-10-12 19:20 - 2021-10-12 19:20 - 000000000 ____D C:\Users\Pepega\AppData\Local\EOSUserHelper "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{d4928d07-631c-4754-af4f-3f5f19729138}" => removed successfully Microsoft Windows Desktop Runtime - 5.0.11 (x86) (HKLM-x32\\{7ce2617d-0a0a-4f61-8e5a-96f7bfca6fdd}) (Version: 5.0.11.30524 - Microsoft Corporation) FirewallRules: [UDP Query User{0A8BBE95-3686-4B16-8A84-FCFD22173BE9}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe (Activision Publishing Inc -> Activision) 2021-10-03 23:13 - 2021-10-03 23:14 - 000008192 ___SH C:\DumpStack.log.tmp HKU\S-1-5-21-326566074-3447909417-183555969-1001\\StartupApproved\Run: => "EpicGamesLauncher" icecap_collection_neutral (HKLM-x32\\{519060B0-9C83-4D54-97A7-32C2350583C9}) (Version: 17.0.31709 - Microsoft Corporation) Hidden HKU\S-1-5-21-326566074-3447909417-183555969-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => removed successfully 2021-10-02 23:01 - 2021-10-24 12:21 - 000000000 ____D C:\ProgramData\Package Cache Detection Origin: Local machine =========== "C:\WINDOWS\system32\*.tmp" ========== "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{d6cfa018-c9cc-40f6-8ae8-0b452b7908aa}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9b1a2e00-1c51-45d5-b5e4-9257d58cc2fe}" => removed successfully 2021-10-13 22:14 - 2021-10-07 19:28 - 000707712 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0c664c7f-7430-46ad-86a6-f5c0223c7fc4}" => removed successfully Error: (10/24/2021 07:38:08 PM) (Source: Software Protection Platform Service) (EventID: 8211) (User: ) 2021-10-02 23:05 - 2021-10-24 12:59 - 000000000 ____D C:\Users\Pepega\AppData\Roaming\KeePassXC Task: {92ec50a0-247a-4611-885a-d70f21f03e46} - no filepath Fusion 2.0 working for Aorus Xtreme 3080 working R3 gdrv3; C:\Windows\gdrv3.sys [36352 2021-10-20] (GIGA-BYTE Technology Co., Ltd. -> GIGA-BYTE TECHNOLOGY CO., LTD.) (Wen Jia Liu -> wj32) C:\Program Files\Process Hacker 2\ProcessHacker.exe Resetting Path, OK! Stage:GATHER_RULES_FROM_LICENSES 2021-10-13 22:14 - 2021-10-07 11:58 - 000085583 _____ C:\Windows\system32\nvinfo.pb 'Thing.bat' and 'Thing2.bat' are batch files that i wrote to try and kill 'Update.exe' and 'Windows Driver Installation Service.exe' on startup, but as said in my post, the apps have a delayed start so my batch files are pretty much useless. SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC 2021-10-13 16:39 - 2021-10-24 14:30 - 000000000 ____D C:\Program Files\Npcap Task: {b3eb79cd-689d-4158-bea3-8771c38a327c} - no filepath Faulting application start time: 0x01d7c8b23661392d Date: 2021-10-24 17:54:57.532 2021-10-18 19:33 - 2021-10-18 19:33 - 000000000 ____D C:\Users\Pepega\AppData\Local\NhNotifSys however the RGB Fusion software is notoriously glitchy. 1. Lost Connection to Service and then client closes "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8457ad0b-1c75-431d-a5ae-ee1aed76a239}" => removed successfully 2021-10-03 13:32 - 2021-10-04 18:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty Modern Warfare Mozilla Maintenance Service (HKLM\\MozillaMaintenanceService) (Version: 92.0.1 - Mozilla) ==================== Loaded Modules (Whitelisted) ============= 0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net VS Immersive Activate Helper (HKLM-x32\\{C0ACF658-B4DC-4CBB-B8F2-9E667D69919A}) (Version: 17.0.114.0 - Microsoft Corporation) Hidden at System.Windows.Forms.Clipboard.ThrowIfFailed(Int32) "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86c0c79f-566b-48c2-a517-d270146f5782}" => removed successfully 2021-10-11 09:07 - 2021-10-11 09:07 - 000058304 _____ C:\Windows\system32\Drivers\49306c4f52694d336548644956544e70536b4a70616d56784e5546484d57517956577430.sys Task: {46ee8f94-e240-420c-a5e8-0660f5c5f9e1} - no filepath 2021-10-02 23:25 - 2021-10-04 18:19 - 000000000 ____D C:\Windows\SysWOW64\1029 2021-10-02 23:25 - 2021-10-02 23:26 - 000000000 ____D C:\Windows\SysWOW64\1028 2021-10-02 23:43 - 2021-10-02 23:43 - 000000000 ____D C:\ProgramData\Battle.net Task: {57f92185-4f7e-4549-bf72-8ded737637ee} - no filepath "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6ee54cdc-f0d4-4cad-be32-be99498e56b8}" => removed successfully ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> ) "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{634166c8-f3ba-4d37-96ef-8a18d9787a4e}" => removed successfully FirewallRules: [{199C16F6-0269-4609-BF27-31826F152D00}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) Date: 2021-10-24 15:35:53.933 Task: {519e0c96-0a46-4c15-840e-41ed3cda1aef} - no filepath Task: {ab7dbf26-2e26-445a-a7dd-f60ac12f19a6} - no filepath Task: {b30dbf6f-75b4-422c-82ed-f93cae0f7dec} - no filepath (If an entry is included in the fixlist, the task (.job) file will be moved. 2021-10-24 13:24 - 2021-10-24 13:24 - 000000000 ____D C:\Users\Pepega\Desktop\tron 2021-10-15 11:57 - 2021-10-15 11:59 - 000000000 ____D C:\Users\Pepega\AppData\Roaming\XuanZhi HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141 CloseProcesses: 2021-10-02 23:25 - 2021-10-02 23:26 - 000000000 ____D C:\Windows\system32\2052 2021-10-02 23:00 - 2021-10-02 23:00 - 000000000 ____D C:\Users\Pepega\AppData\Roaming\WinRAR 2021-10-20 14:50 - 2021-10-20 14:50 - 000036352 ____N (GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Windows\gdrv3.sys S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [16029472 2021-10-12] (Epic Games Inc. -> Epic Games, Inc.) "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{e6857042-80d9-4422-85b4-1c5dc0aae451}" => removed successfully Task: {3b6b25a5-1bf5-48bb-81f3-5e306db688ba} - no filepath 2021-10-02 23:04 - 2021-10-02 23:04 - 000003976 _____ C:\Windows\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-10-13 16:38 - 2021-10-13 16:41 - 000000000 ____D C:\Program Files\Wireshark Task: {4596b534-45a4-4c4e-93a8-e4c01a69090e} - no filepath WebAORUS is a world leading brand in high-performance motherboards, graphic cards, laptops gaming hardware and systems. The file will not be moved.) Access is denied. Task: {9ab420ae-8543-428c-9838-410f79c8d585} - no filepath Faulting package-relative application ID: Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.9220.0_x64__8wekyb3d8bbwe [2021-10-12] (Microsoft Studios) [MS Ad] Task: {1a105416-49db-4c94-a1d7-5a3597878e9a} - no filepath CustomCLSID: HKU\S-1-5-21-326566074-3447909417-183555969-1001_Classes\CLSID\{80172dde-4e20-4df0-81a2-0a48553e80bb}\localserver32 -> C:\Users\Pepega\AppData\Local\NhNotifSys\nahimic\nahimicNotifSys.exe (A-Volute SAS -> A-Volute) Faulting module name: KERNELBASE.dll, version: 10.0.18362.418, time stamp: 0xfba22159 Security intelligence Version: AV: 1.351.958.0, AS: 1.351.958.0, NIS: 1.351.958.0 Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\\{B652B695-C849-4EF2-B09A-72771C7AD2BA}) (Version: 2.71.0.0 - Microsoft Corporation) go to : C:\Program Files (x86)\GIGABYTE\AORUS LCD Panel Setting\Updater and run Updater.exe, check if it is "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{a2a9bb80-76ce-4752-9e44-f43e01b26a35}" => removed successfully 2021-10-18 19:33 - 2021-10-18 19:35 - 000000000 ____D C:\ProgramData\A-Volute Task: {29ad0c16-34a9-49f9-a1d8-81f44fff082d} - no filepath Restarting the service or rebooting the VM did not solved the problem. Task: {6d29bb8b-f135-47e9-9ff9-392b06a68bf3} - no filepath 2021-10-02 23:04 - 2021-10-02 23:04 - 000004308 _____ C:\Windows\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} Category: Settings Modifier at System.Windows.Forms.Clipboard.GetDataObject() WebGitHub Gist: star and fork oshalygin's gists by creating an account on GitHub. Windows Explorer Freezing, Screen Goes Black HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) 2021-10-12 19:23 - 2021-10-12 19:23 - 000000000 ____D C:\Program Files\Epic Games Error: Unable to rebuild performance counter setting from system backup store, error code is 2 2021-09-29 10:31 - 2021-10-24 17:56 - 000000000 ____D C:\Users\Pepega =========== "C:\Windows\Temp\*. at System.Windows.Forms.Clipboard.GetDataObject(Int32, Int32) 2020-11-05 14:16 - 2020-11-05 14:16 - 000268800 _____ (GIGABYTE Technology Co.,Ltd.) Task: {c4718da2-1857-4507-932c-28593e4e8294} - no filepath Description: The AORUS LCD Panel Service service terminated unexpectedly. Task: {b30dbf6f-75b4-422c-82ed-f93cae0f7dec} - no filepath Additional Data: Task: {14B4F718-04DD-467B-A775-E906F62BB732} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-09-14] (NVIDIA Corporation -> NVIDIA Corporation) Task: {78bdf1d8-0a82-4ea3-8ac6-e6a6e95fd874} - no filepath 2021-10-03 13:53 - 2021-10-03 13:53 - 000000000 ____D C:\Users\Pepega\AppData\Roaming\NVIDIA Task: {e62b268c-ea0c-4217-bfa2-7bd1145ba5a0} - no filepath Detection Source: Real-Time Protection Task: {0c664c7f-7430-46ad-86a6-f5c0223c7fc4} - no filepath R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5292bbfbf575e2d2\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5292bbfbf575e2d2\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem npcap_wifi => service removed successfully Task: {481404b2-cd19-4388-9998-80f99056dcfd} - no filepath Task: {c4718da2-1857-4507-932c-28593e4e8294} - no filepath 2021-10-24 20:41 - 2021-10-24 21:08 - 000119048 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR540.SYS Description: The rules engine failed to evaluate the rules. Resetting Resolve Neighbor, OK! 2021-10-13 16:41 - 2021-10-13 16:41 - 000001827 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk C:\Windows\Temp\MpSigStub.log => moved successfully The Client License Service (ClipSVC) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. S4 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\NisSrv.exe [2855512 2021-10-24] (Microsoft Windows Publisher -> Microsoft Corporation) (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <13> FirewallRules: [Microsoft-Windows-Unified-Telemetry-Client] => (Block) C:\Windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) 0.0.0.0 oca.telemetry.microsoft.com FF ProfilePath: C:\Users\Pepega\AppData\Roaming\Mozilla\Firefox\Profiles\h4od9c6l.default [2021-10-05] Task: {fc60ad33-5948-48d9-9f11-c6ca25373a9c} - no filepath 2021-10-03 15:48 - 2019-03-19 15:52 - 000000000 ___RD C:\Windows\ImmersiveControlPanel 2021-10-16 20:39 - 2021-10-16 20:49 - 000000000 ____D C:\Program Files\Adobe Task: {410813e0-851c-472e-9a03-ef8f43a11e2b} - no filepath 2021-10-15 11:40 - 2021-10-15 11:40 - 000003938 _____ C:\Windows\system32\Tasks\BlueStacksHelper_nxt FirewallRules: [{F7197523-B9AE-42F6-9BCD-3487235CDA82}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe => No File Dec 16, 2019. vs_filehandler_amd64 (HKLM-x32\\{D4617896-04FC-45D7-8355-2BA21BBB314F}) (Version: 17.0.31709 - Microsoft Corporation) Hidden Error: (10/24/2021 07:36:20 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) IFEO\mpcmdrun.exe: [Debugger] C:\Windows\System32\systray.exe The WMIs service terminated unexpectedly. 2021-10-03 16:54 - 2021-10-03 16:54 - 000000223 _____ C:\Users\Pepega\Desktop\Apex Legends.url 0.0.0.0 vortex-sandbox.data.microsoft.com Detection Source: Real-Time Protection Description: The WinRing0_1_2_0 service failed to start due to the following error: Category: Settings Modifier Description: The BlueStacksDrv_nxt service failed to start due to the following error: Task: {f746fb73-bc4d-499e-882f-e5f30abe8a2f} - no filepath CMD: netsh int ip reset if you guys know how to remove these types of files please reply, thanks. icecap_collectionresourcesx64 (HKLM-x32\\{D7CA7EBC-6382-4CDB-BE73-9057ABE6DBA5}) (Version: 17.0.31709 - Microsoft Corporation) Hidden Detection Origin: Local machine vs_SQLClickOnceBootstrappermsi (HKLM-x32\\{F16C13E8-83A4-47C8-8687-B9E1DDDFA80C}) (Version: 17.0.31703 - Microsoft Corporation) Hidden 2021-10-02 23:04 - 2021-10-02 23:04 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3b6b25a5-1bf5-48bb-81f3-5e306db688ba}" => removed successfully