Task: {C29DAE2E-7E30-4647-AAB2-EB669473462C} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe [66472 2021-10-02] (Microsoft Corporation -> Microsoft) Total physical RAM: 32689.05 MB 2021-10-03 15:48 - 2019-03-19 15:52 - 000000000 ___RD C:\Windows\ImmersiveControlPanel Task: {a1c5790b-b106-45b9-9d9c-0442f6ab1b08} - no filepath 2021-10-02 23:04 - 2021-10-02 23:04 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{f746fb73-bc4d-499e-882f-e5f30abe8a2f}" => removed successfully SDK ARM Redistributables (HKLM-x32\\{72DB07D6-E166-5A3F-B6E6-4664383781B8}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden Task: {69239D2A-9392-46A2-9683-DE2CB69D23FE} - System32\Tasks\AMDAutoUpdate => C:\Program Files\AMD\AutoUpdate\AMDAutoUpdate.exe [667832 2021-07-16] (Advanced Micro Devices INC. -> ) Task: {6298650e-c3bc-47e3-a571-b4eea94ac419} - no filepath Task: {5ea271ce-e48a-4ade-9079-2a5bece10d83} - no filepath Task: {6ee54cdc-f0d4-4cad-be32-be99498e56b8} - no filepath The system cannot find the file specified. 2021-10-13 22:14 - 2021-10-07 19:28 - 000707712 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe The file will not be moved unless listed separately.) ========= End -> "C:\Windows\Temp\*. go to : C:\Program Files (x86)\GIGABYTE\AORUS LCD Panel 2021-10-02 22:55 - 2021-10-24 19:42 - 000049844 _____ C:\Windows\system32\PerfStringBackup.INI Security intelligence Version: AV: 1.351.958.0, AS: 1.351.958.0, NIS: 1.351.958.0 (GIGA-BYTE TECHNOLOGY CO., LTD. -> ) C:\Program Files (x86)\GIGABYTE\RGBFusion\RGBFusion.exe 2021-10-15 11:56 - 2021-10-15 12:04 - 000000000 ____D C:\Users\Pepega\AppData\Roaming\ChangZhi2 (Discord Inc. -> Discord Inc.) C:\Users\Pepega\AppData\Local\Discord\app-1.0.9003\Discord.exe <6> Error: Unable to rebuild performance counter setting from system backup store, error code is 2 CMD: ipconfig /flushDNS 2021-10-24 09:40 - 2021-10-24 09:40 - 000000000 ____D C:\Users\Pepega\Documents\Call of Duty Modern Warfare Policies: C:\Users\Pepega\NTUSER.pol: Restriction <==== ATTENTION Visual Studio Community 2022 Preview (HKLM-x32\\8cca2edf) (Version: 17.0.0 Preview 4.1 - Microsoft Corporation) vs_communitysharedmsi (HKLM-x32\\{5E09B4C5-4E18-411F-BEF1-33F15E2906CF}) (Version: 17.0.31709 - Microsoft Corporation) Hidden Description: The AORUS LCD Panel Service service terminated unexpectedly. Resetting Proxy Neighbor, OK! vs_clickoncesigntoolmsi (HKLM-x32\\{B00D9AE3-D2B9-4C16-AF48-B3AF4B46E67A}) (Version: 17.0.31703 - Microsoft Corporation) Hidden "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4596b534-45a4-4c4e-93a8-e4c01a69090e}" => removed successfully Kits Configuration Installer (HKLM-x32\\{E75A9998-E979-760B-6AEB-49763F279EDD}) (Version: 10.1.19041.685 - Microsoft) Hidden Steam (HKLM-x32\\Steam) (Version: 2.10.91.91 - Valve Corporation) Description: Application: Windows Driver Installation Service.exe (If an entry is included in the fixlist, it will be removed from the registry. For more information please see the following:https://go.microsoft.com/fwlink/?linkid=37020&name=SettingsModifier:Win32/PossibleHostsFileHijack&threatid=14994&enterprise=0 Category: Settings Modifier Task: {098ef5b0-108d-4923-9d7d-021a97ef1fba} - no filepath "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0c664c7f-7430-46ad-86a6-f5c0223c7fc4}" => removed successfully RGB Fusion (HKLM-x32\\{FFA8F1FA-3C2C-4A94-AC0B-0DF47272C25F}) (Version: 3.21.1001.1 - Gigabyte) Task: {132c3361-2a8c-4a3a-a81d-208c0f31a908} - no filepath HKU\S-1-5-21-326566074-3447909417-183555969-1001_Classes\CLSID\{917E8742-AA3B-7318-FA12-10485FB322A2} => removed successfully 2021-10-24 14:58 - 2019-03-19 15:37 - 000032768 _____ C:\Windows\system32\config\ELAM Task: {cf65bcb3-58fb-4f8a-ad70-57403d1f5d1f} - no filepath "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{b2522ebf-6a65-406b-9bc7-1ce57d2a2c7c}" => removed successfully 2021-10-20 14:50 - 2020-11-23 13:38 - 000475648 _____ (GIGABYTE Technology Co.,Ltd.) 2021-10-18 19:32 - 2021-07-29 05:38 - 006582064 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{d6cfa018-c9cc-40f6-8ae8-0b452b7908aa}" => removed successfully HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" 2021-10-02 23:26 - 2019-03-19 12:09 - 000390656 _____ (Windows Win 7 DDK provider) C:\Windows\SysWOW64\DXCpl.exe i only have lcd tool from rgb fusion 2) Task: {00f722c3-08dc-4b10-b10e-91a3004714f3} - no filepath Startup: C:\Users\Pepega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Thing2.bat [2021-10-24] () [File not signed] "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mpcmdrun.exe" => not found reinstall aorus engine (1.92) and nvidia driver (457.09, full installation) from gigabyte official site. go to : C:\Program Files (x86)\GIGABYTE\AORUS LCD Panel Setting\Updater and run FWUpgrade.exe, you will see the progress and after completion, it will ask you to shutdown, click yes and the turn on the pc again. If registration is within 90 days of the purchase date and you are the 2021-10-15 11:59 - 2021-10-15 11:59 - 000000068 _____ C:\Users\Pepega\AppData\Roaming\changzhi_leidian.data Framework Version: v4.0.30319 Severity: Medium [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\GvIllumLib.dll 0.0.0.0 watson.live.com "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57f92185-4f7e-4549-bf72-8ded737637ee}" => removed successfully Task: {4de67c63-be14-4dd1-af32-f53029177ebc} - no filepath 2021-10-13 22:14 - 2021-10-07 19:32 - 001874648 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe IFEO\mpcmdrun.exe: [Debugger] C:\Windows\System32\systray.exe 2021-10-02 22:56 - 2021-10-24 15:34 - 000000000 ____D C:\ProgramData\NVIDIA Corporation 2021-10-02 23:43 - 2021-10-02 23:43 - 000000000 ____D C:\ProgramData\Battle.net Task: {ca0fb10b-e917-4aa5-9e3a-f6a019682f3f} - no filepath ==================== Memory info =========================== Task: {6298650e-c3bc-47e3-a571-b4eea94ac419} - no filepath 2021-10-02 23:02 - 2021-10-18 19:32 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80442d75-04ca-4d81-8c53-a52f6d4b32b0}" => removed successfully IntelliTraceProfilerProxy (HKLM-x32\\{C8891AD2-C223-45CD-A9BE-617A68923B61}) (Version: 15.0.21225.01 - Microsoft Corporation) Hidden Faulting module name: SinEx 4.2.0 BETA Woofer [All Winver].exe, version: 0.0.0.0, time stamp: 0x616e2119 2021-10-13 22:14 - 2021-10-07 19:32 - 001111256 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll 2021-10-18 20:24 - 2021-10-20 14:48 - 000000000 ____D C:\Users\Pepega\AppData\Local\Downloaded Installations Task: {65f6d357-0576-4835-8e37-d12ac62b76e0} - no filepath Error: (10/24/2021 08:37:06 PM) (Source: Application Error) (EventID: 1000) (User: ) 2021-10-13 22:14 - 2021-10-07 11:58 - 000085583 _____ C:\Windows\system32\nvinfo.pb Error: (10/24/2021 07:36:20 PM) (Source: Application Error) (EventID: 1000) (User: ) "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ed48b1d9-cb70-4ae5-8deb-ce6ddd63422a}" => removed successfully ^rinse and repeat. LDPlayer (HKLM-x32\\LDPlayer4) (Version: 4.0.66 - XUANZHI INTERNATIONAL CO., LIMITED) Error: (10/24/2021 06:01:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) 2021-10-02 23:18 - 2021-10-02 23:18 - 000001429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk 2021-10-05 09:55 - 2021-10-08 11:46 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service Microsoft Windows 10 Pro Version 1909 18363.418 (X64) (1970-01-01 06:34:12) I have just completed what you have told me to do, and it seems to be working. Stage:GATHER_RULES_FROM_LICENSES 2021-10-02 23:04 - 2021-10-02 23:04 - 000004308 _____ C:\Windows\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} Task: {a2a9bb80-76ce-4752-9e44-f43e01b26a35} - no filepath HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" Please re-enable javascript to access full functionality. 2021-10-04 18:19 - 2019-03-19 15:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared Task: {481404b2-cd19-4388-9998-80f99056dcfd} - no filepath Task: {4972aadd-d0db-4681-984f-17b847488bc9} - no filepath Task: {95d6d4ae-89c2-47b7-947d-0a2c92579474} - no filepath It has done this 1 time(s). Task: {e21ec10f-b0f2-4d8c-ac9d-e74491370460} - no filepath 2021-10-24 21:16 - 2021-10-24 21:20 - 000025442 _____ C:\Users\Pepega\Downloads\FRST.txt C:\Users\Pepega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Thing.bat => moved successfully 2021-10-24 17:43 - 2021-10-24 20:56 - 000002087 _____ C:\Users\Pepega\Desktop\help.txt HKLM-x32\\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> ) ==================== Services (Whitelisted) =================== FirewallRules: [TCP Query User{CF0A0468-41A2-4CF4-BDA6-1586AE73104D}C:\windows\microsoft.net\framework64\v4.0.30319\vbc.exe] => (Allow) C:\windows\microsoft.net\framework64\v4.0.30319\vbc.exe (Microsoft Corporation -> Microsoft Corporation) 2021-10-03 09:11 - 2021-10-03 09:11 - 000000000 ____D C:\Users\Pepega\AppData\Local\IdentityNexusIntegration ========= End of CMD: ========= HKU\S-1-5-21-326566074-3447909417-183555969-1001\\StartupApproved\Run: => "EpicGamesLauncher" 2021-10-24 13:24 - 2021-10-24 15:28 - 000000000 ____D C:\Users\Pepega\Desktop\resources I assume this one is for the gpu mining as my gpu is also being used on 100%, but i am not able to see which app is using 100%, as the miner has a script where it immediately stops mining when process hacker or task manager is opened, the only way i was able to tell that the gpu was being used at 100% was because of an app that the gpu manufacturer has provided 2021-10-02 23:04 - 2021-09-14 14:39 - 002838384 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll CustomCLSID: HKU\S-1-5-21-326566074-3447909417-183555969-1001_Classes\CLSID\{917E8742-AA3B-7318-FA12-10485FB322A2}\localserver32 -> "C:\Users\Pepega\AppData\Local\Microsoft\OneDrive\21.170.0822.0002\Microsoft.SharePoint.exe" => No File Path: file:_C:\Windows\System32\drivers\etc\hosts at Miner.Clipboard+<>c__DisplayClass0_0.b__0() Virus, Trojan, Spyware, and Malware Removal Help, Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-10-2021, This is not recommended for shared computers, Apples first Rapid Security Response patch fails to install on iPhones, Extended Deal: Get Microsoft Office 2021 on sale for just $39, Best VPNs to unblock WhatsApp calling in the UAE, https://www.virustotal.com/gui/file/85aa1344d28fd7c6a911924040e5b3ae1278fb70444cd39d056bd270f147f61b, https://www.virustotal.com/gui/file/85aa1344d28fd7c6a911924040e5b3ae1278fb70444cd39d056bd270f147f61b/behavior/Microsoft%20Sysinternals, https://go.microsoft.com/fwlink/?linkid=37020&name=SettingsModifier:Win32/PossibleHostsFileHijack&threatid=14994&enterprise=0, Back to Virus, Trojan, Spyware, and Malware Removal Help. Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.9220.0_x64__8wekyb3d8bbwe [2021-10-12] (Microsoft Studios) [MS Ad] C:\Users\Pepega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Thing2.bat => moved successfully vs_communitymsires (HKLM-x32\\{C1C3D2B9-781E-4D38-BF06-1D1FF670FA95}) (Version: 17.0.31709 - Microsoft Corporation) Hidden Task: {bab92bdb-173c-46a1-aad1-e84ad4e1371c} - no filepath Task: {7ef13d49-f1cb-4454-af1c-a7a9e880a031} - no filepath Resetting Echo Sequence Request, OK! Task: {098ef5b0-108d-4923-9d7d-021a97ef1fba} - no filepath SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC Task: {5594E525-77BA-4ACC-96A7-90740DA56E19} - System32\Tasks\NahimicSvc32Run => C:\Windows\SysWOW64\NahimicSvc32.exe [823304 2020-12-10] (A-Volute SAS -> Nahimic) "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{257fa8a3-d406-4d7e-99a9-c9e255f9f6f0}" => removed successfully 2021-10-02 23:25 - 2021-10-04 18:19 - 000000000 ____D C:\Windows\SysWOW64\1040 S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [16029472 2021-10-12] (Epic Games Inc. -> Epic Games, Inc.) Task: {e3f16153-689d-41be-bf13-59cd11df70d5} - no filepath FF Extension: (Kurgzsekseta) - C:\Users\Pepega\AppData\Roaming\Mozilla\Firefox\Profiles\q42kwfcc.default-release\Extensions\{e8f3b919-d290-4270-b66f-29f3fdbb1986}.xpi [2021-10-05] Now my pc wont boot into unto windows and stays on the aorus symbol screen. Description: Task: {78bdf1d8-0a82-4ea3-8ac6-e6a6e95fd874} - no filepath HKLM\System\CurrentControlSet\Services\BlueStacksDrv_nxt => removed successfully at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) ***************** Task: {48ae682f-228f-4e67-8aa4-854778a3a6a2} - no filepath Description: The AORUS LCD Panel Service service terminated unexpectedly. 2021-10-02 23:17 - 2021-10-24 09:40 - 000000000 ____D C:\Users\Pepega\AppData\Local\NVIDIA Corporation Task: {b3eb79cd-689d-4158-bea3-8771c38a327c} - no filepath News of intermittent USB connectivity issues on AMD Ryzen systems broke a few weeks ago, and the company has since announced that it is investigating the at Miner.Clipboard+<>c__DisplayClass0_0.b__0() Task: {410813e0-851c-472e-9a03-ef8f43a11e2b} - no filepath 2021-10-02 22:56 - 2021-10-07 19:25 - 007578032 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896 FF Extension: (Video Ad-Block, for Twitch) - C:\Users\Pepega\AppData\Roaming\Mozilla\Firefox\Profiles\q42kwfcc.default-release\Extensions\{3385c2d8-dcfd-4f92-adb7-5d8429dee164}.xpi [2021-10-23] "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{dfa6b7fe-8965-4d4f-9d9a-7abe5c5ee553}" => removed successfully 2021-10-24 14:58 - 2021-10-24 14:58 - 000000000 ____D C:\ProgramData\Sophos Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Task: {e3f16153-689d-41be-bf13-59cd11df70d5} - no filepath "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4bc5b754-7072-4f40-a1b7-dd43c20ebdf6}" => removed successfully Packages: Security intelligence Version: AV: 1.351.958.0, AS: 1.351.958.0, NIS: 1.351.958.0 Task: {73931e1e-d4e0-4d8f-9b0c-c332b70c4204} - no filepath 2021-10-07 17:52 - 2021-10-08 11:46 - 000000000 ____D C:\Program Files\Mozilla Firefox Resetting Compartment Forwarding, OK! Task: {4de67c63-be14-4dd1-af32-f53029177ebc} - no filepath "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{f72e227f-a82a-46d0-b517-0dcc9c2c1947}" => removed successfully Task: {bb2029d9-cbf0-4ee3-aa1b-fbafda7b399a} - no filepath ==================== MSCONFIG/TASK MANAGER disabled items == The system cannot find the file specified. BlueStacksDrv_nxt => service removed successfully Task: {b7e27570-3f72-4ac2-b2ec-fd92b54c3a60} - no filepath Resetting Wakeup Pattern, OK! Resetting , OK! 2021-10-13 22:14 - 2021-10-07 19:28 - 001172608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll Epic Online Services (HKLM-x32\\{32C68D93-D32F-4B01-8250-61642BFC22F8}) (Version: 2.0.28.0 - Epic Games, Inc.) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_df67044ddd98b524\RtkAudUService64.exe <2> Faulting application start time: 0x01d7c8b23e4aead7 2021-10-14 17:26 - 2021-10-14 17:26 - 000058304 _____ C:\Windows\system32\Drivers\49306c4f52694d326545524e61315a68555667314e6a6c4662576c51524768434e6b7056.sys The Client License Service (ClipSVC) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 2021-10-02 23:22 - 2021-10-02 23:26 - 000000000 ____D C:\Program Files (x86)\Windows Kits ========= End of CMD: ========= Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{e2e2a07e-8ce9-45bf-94db-a91755d15155}" => removed successfully (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [48520 2021-10-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. Task: {560963e7-8fb3-45a5-b560-b69102dfab6a} - no filepath 2021-10-02 22:51 - 2021-10-02 22:51 - 000000000 ____D C:\Windows\CSC Platform: Microsoft Windows 10 Pro Version 1909 18363.418 (X64) Language: English (United States) start CustomCLSID: HKU\S-1-5-21-326566074-3447909417-183555969-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Pepega\AppData\Local\Microsoft\OneDrive\21.170.0822.0002\amd64\FileSyncShell64.dll => No File 2021-10-13 22:14 - 2021-10-07 19:27 - 005703288 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll ClickOnce Bootstrapper Package for Microsoft .NET Framework 4.8 on Visual Studio 2017 (HKLM-x32\\{7556B2FA-6364-47EE-901D-12B23F78F382}) (Version: 4.8.04162 - Microsoft Corporation) Process Hacker 2.39 (r124) (HKLM\\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32) Network Binding: \\?\Volume{7551d85d-c70c-448e-b08c-13d1c138506d}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 C:\Windows\Temp\ASPNETSetup_00000.log => moved successfully Task: {60deadb4-207d-4623-826b-8aef456e994f} - no filepath Error: Unable to rebuild performance counter setting from system backup store, error code is 2 Detection Origin: Local machine C:\WINDOWS\syswow64\*.tmp 2021-10-15 11:59 - 2021-10-15 11:59 - 000000128 _____ () C:\Users\Pepega\AppData\Roaming\changzhi_leidianmac.data 2021-10-02 23:07 - 2021-10-02 23:07 - 000002232 _____ C:\Users\Pepega\Desktop\Discord.lnk 2021-10-24 14:37 - 2019-03-19 15:52 - 000000000 ____D C:\Program Files\Windows Defender See Hosts section of Addition.txt vs_clickoncebootstrappermsi (HKLM-x32\\{86B9577E-4C3E-4035-BAAF-CAFB08B73ADD}) (Version: 17.0.31709 - Microsoft Corporation) Hidden Error: Unable to rebuild performance counter setting from system backup store, error code is 2 Python 3.9.5 Utility Scripts (64-bit) (HKLM\\{420E50F6-A8E8-4098-A321-7DF6B3C3BA82}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden And if the question was in general wich LCD Panel we mean. The Aorus Master 370 and 3080 have a LCD Panel on the site to show of GPU Stats and Gifs. THANK YOU! i tried using the tron script (utilizes hitman pro, malwarebytes, and kaspersky) but it only temporarily solved the issue. Several functions may not work. 2021-10-08 09:32 - 2021-10-08 09:32 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla Wi-Fi: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) Task: {60deadb4-207d-4623-826b-8aef456e994f} - no filepath WebA Customers may purchase an AORUS Extended Warranty at the time of registration for eligible product. HKU\S-1-5-21-326566074-3447909417-183555969-1001\\Run: [Print driver host for applications] => C:\Program Files (x86)\Print driver host for applications\Print driver host for applications.exe [74752 2021-10-24] (Microsoft Corporation) [File not signed] DNS Servers: 1.1.1.1 - 1.0.0.1 Microsoft Edge (HKLM-x32\\Microsoft Edge) (Version: 95.0.1020.30 - Microsoft Corporation) 2021-10-18 20:24 - 2021-10-18 20:24 - 000003532 _____ C:\Windows\system32\Tasks\AMDAutoUpdate Task: {d41d49ee-176e-4547-bd74-93495b181988} - no filepath Task: {9BB503F1-5151-4934-BC8F-F3BE719FB619} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-09-14] (NVIDIA Corporation -> NVIDIA Corporation) ======= FirewallRules: [{F7197523-B9AE-42F6-9BCD-3487235CDA82}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe => No File Task: {a4a7b095-aaa9-401c-a9d7-8abe8ea301af} - no filepath Report Id: d2eb9388-b443-4837-a4b1-e1f77a6d3d1d 2021-10-03 09:12 - 2021-10-03 09:12 - 000000000 ____D C:\Users\Pepega\AppData\Roaming\NuGet Task: {90b432e7-5c87-425c-9dd5-33099e0e41c9} - no filepath 2021-10-02 23:46 - 2021-10-02 23:46 - 000000000 ____D C:\ProgramData\Blizzard Entertainment 2021-10-02 23:44 - 2021-10-23 09:53 - 000000000 ____D C:\Program Files (x86)\Battle.net "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{134fdbcd-c972-40e5-a39b-91c169e4c9bf}" => removed successfully 2021-10-02 23:25 - 2021-10-02 23:26 - 000000000 ____D C:\Windows\system32\1031 ==================== Security Center ======================== Task: {a68a203b-7eaa-4914-a565-5ff9759ae2a4} - no filepath 2021-10-20 14:50 - 2021-10-20 14:50 - 000000000 ____D C:\Program Files\ENE FirewallRules: [{6044C6B5-9B61-4F44-874F-BF6511DBDB68}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141 0.0.0.0 choice.microsoft.com (NVIDIA Corporation -> NVIDIA) C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe 2021-10-03 18:39 - 2021-10-07 12:21 - 000049533 _____ C:\Windows\diagerr.xml 2021-10-02 22:59 - 2021-10-02 22:59 - 000000000 ____D C:\Program Files\WinRAR not found Ran by Pepega (25-10-2021 08:46:25) Run:1 I disabled it and now everything runs fine. go to : C:\Program Files (x86)\GIGABYTE\AORUS LCD Panel Setting\Updater and run FWUpgrade.exe, you will see the progress and after completion, vs_CoreEditorFonts (HKLM-x32\\{E247EDC7-CB46-45AD-9F59-C5C339A006D9}) (Version: 17.0.31716 - Microsoft Corporation) Hidden Task: {2d5dd02e-d989-436b-a3d0-b2283ce2c942} - no filepath Edge Profile: C:\Users\Pepega\AppData\Local\Microsoft\Edge\User Data\Default [2021-10-24] FF DefaultProfile: h4od9c6l.default Python 3.9.5 Standard Library (64-bit symbols) (HKLM\\{72FB8CF5-E7CB-4CD2-90B2-39ADC3483845}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden 2021-10-03 09:12 - 2021-10-03 09:12 - 000000000 ____D C:\Users\Pepega\source Faulting module name: KERNELBASE.dll, version: 10.0.18362.418, time stamp: 0xfba22159 there is a folder in SysWOW64, which i presume to be related to the miner, called 'Windows driver installation service.' HKU\S-1-5-21-326566074-3447909417-183555969-1001\\StartupApproved\Run: => "Steam" Task: {b8ce6039-5202-4c0c-b706-9d55226ab086} - no filepath HKU\S-1-5-21-326566074-3447909417-183555969-1001\\StartupApproved\Run: => "OneDrive" 2021-10-15 11:40 - 2021-10-15 11:40 - 000000000 ____D C:\ProgramData\BlueStacks_nxt The following corrective action will be taken in Tcpip\..\Interfaces\{0b906b63-14f9-4205-87bd-1b6b0fc3f4de}: [DhcpNameServer] 1.1.1.1 1.0.0.1