(If an entry is included in the fixlist, the file/folder will be moved.) "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55b76d6d-fbf6-450e-a24e-071e1db9f945}" => removed successfully 2021-10-20 14:50 - 2021-10-20 14:50 - 000017424 _____ (MICSYS Technology Co., LTd) C:\Windows\system32\Drivers\MsIo64.sys Exception code: 0xe0434352 2021-10-03 09:11 - 2021-10-03 09:11 - 000000000 ____D C:\Users\Pepega\AppData\Local\IdentityNexusIntegration FirewallRules: [TCP Query User{E9D0A5AC-D6AE-47D2-9B56-FBAC6E4A4ACA}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe (Activision Publishing Inc -> Activision) Name: SettingsModifier:Win32/PossibleHostsFileHijack "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{b44de6b6-1303-474b-bd1f-0c3e771de5d9}" => removed successfully ==================== Drives ================================ Faulting package-relative application ID: Category: Settings Modifier Detection Origin: Local machine FF ProfilePath: C:\Users\Pepega\AppData\Roaming\Mozilla\Firefox\Profiles\h4od9c6l.default [2021-10-05] 2021-10-03 10:57 - 2021-10-03 10:57 - 000000000 ____D C:\Users\Pepega\ansel 2019-03-19 15:49 - 2021-10-24 15:25 - 000002820 _____ C:\Windows\system32\drivers\etc\hosts Task: {cd558596-f4ee-4e6a-a00e-029783722e00} - no filepath Virus, Trojan, Spyware, and Malware Removal Help, Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-10-2021, This is not recommended for shared computers, Apples first Rapid Security Response patch fails to install on iPhones, Extended Deal: Get Microsoft Office 2021 on sale for just $39, Best VPNs to unblock WhatsApp calling in the UAE, https://www.virustotal.com/gui/file/85aa1344d28fd7c6a911924040e5b3ae1278fb70444cd39d056bd270f147f61b, https://www.virustotal.com/gui/file/85aa1344d28fd7c6a911924040e5b3ae1278fb70444cd39d056bd270f147f61b/behavior/Microsoft%20Sysinternals, https://go.microsoft.com/fwlink/?linkid=37020&name=SettingsModifier:Win32/PossibleHostsFileHijack&threatid=14994&enterprise=0, Back to Virus, Trojan, Spyware, and Malware Removal Help. 2021-10-02 23:04 - 2021-09-14 14:39 - 002838384 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll Reason:0xC004F011 2021-10-07 17:59 - 2021-10-20 15:14 - 000000427 _____ C:\Users\Pepega\Desktop\Adjectives.txt C:\Users\Pepega\AppData\Local\Update.exe CustomCLSID: HKU\S-1-5-21-326566074-3447909417-183555969-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.) 2021-10-04 09:35 - 2021-02-13 04:24 - 000205552 _____ (Ray Hinchliffe) C:\Windows\system32\Drivers\SIVX64.sys FirewallRules: [{EF3E048A-7A4B-4F8B-8146-DAC25B77EE95}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) 2021-10-04 18:19 - 2019-03-19 15:52 - 000000000 ____D C:\Windows\system32\WinBioDatabase Restart Windows and look at the time stamp on the event error message. Task: {2d5dd02e-d989-436b-a3d0-b2283ce2c942} - no filepath Faulting application path: C:\Users\Pepega\AppData\Local\Update.exe 2021-10-14 17:26 - 2021-10-14 17:26 - 000058304 _____ C:\Windows\system32\Drivers\49306c4f52694d326545524e61315a68555667314e6a6c4662576c51524768434e6b7056.sys Microsoft Defender Antivirus has detected malware or other potentially unwanted software. VS Immersive Activate Helper (HKLM-x32\\{C0ACF658-B4DC-4CBB-B8F2-9E667D69919A}) (Version: 17.0.114.0 - Microsoft Corporation) Hidden Task: {C29DAE2E-7E30-4647-AAB2-EB669473462C} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe [66472 2021-10-02] (Microsoft Corporation -> Microsoft) 2021-10-02 23:00 - 2021-10-02 23:00 - 000000000 ____D C:\Users\Pepega\AppData\Roaming\WinRAR Faulting module path: C:\Windows\System32\KERNELBASE.dll Python 3.9.5 Utility Scripts (64-bit) (HKLM\\{420E50F6-A8E8-4098-A321-7DF6B3C3BA82}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{fc60ad33-5948-48d9-9f11-c6ca25373a9c}" => removed successfully Note: In the properties section of the 'miners,' they label themselves as Microsoft apps (even though they arn't, and i have never seen these apps on my computer before this incident today), even has the little copyright symbol. 2017-10-05 15:26 - 2017-10-05 15:26 - 002247168 _____ (TODO: ) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\CRtive.dll Task: {8a8c9b4d-3ba3-4f5f-8da4-8714c002e24f} - no filepath ==================== Alternate Data Streams (Whitelisted) ======== 2021-10-02 23:25 - 2021-10-02 23:26 - 000000000 ____D C:\Windows\system32\2052 2021-10-02 23:25 - 2021-10-04 18:19 - 000000000 ____D C:\Windows\SysWOW64\1036 "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23df4797-0507-44e3-9c41-f5d1be966072}" => removed successfully The fix I suggested did stop both of these .bat files to run. 2021-10-13 16:20 - 2021-10-13 16:21 - 000000000 ____D C:\Users\Pepega\AppData\Local\Roblox Drive c: () (Fixed) (Total:1863.02 GB) (Free:1519.33 GB) NTFS 2021-10-24 21:16 - 2021-10-24 21:20 - 000025442 _____ C:\Users\Pepega\Downloads\FRST.txt Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-10-2021 Detection Origin: Local machine IFEO\mpcmdrun.exe: [Debugger] C:\Windows\System32\systray.exe ==================== NetSvcs (Whitelisted) =================== ==================== One month (created) (Whitelisted) ========= Task: {d41d49ee-176e-4547-bd74-93495b181988} - no filepath ==================== Codecs (Whitelisted) ==================== 2021-10-13 22:14 - 2021-10-07 19:32 - 001450200 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe Description: 2021-10-09 19:30 - 2021-10-09 19:30 - 000058304 _____ C:\Windows\system32\Drivers\49306c4f52694e4555486333655846434e586f3256576c6e5a334e784f4535614e585674.sys ENE_X_AIC_HAL (HKLM\\{CF703694-01C6-4062-B797-84DB215662BC}) (Version: 1.0.4.0 - ENE TECHNOLOGY INC.) Hidden ==================== MSCONFIG/TASK MANAGER disabled items == 2021-10-02 23:04 - 2021-09-14 14:39 - 000078192 _____ C:\Windows\system32\FvSDK_x64.dll SDK ARM Additions (HKLM-x32\\{FCF9D89E-6F79-64FB-B08D-B0E69FF54DEE}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden 2021-10-24 21:16 - 2019-03-19 15:50 - 000000000 ____D C:\Windows\INF CMD: "C:\Windows\SYSTEM32\lodctr.exe" /R 2021-10-03 23:13 - 2021-10-03 23:14 - 000008192 ___SH C:\DumpStack.log.tmp Task: {78bdf1d8-0a82-4ea3-8ac6-e6a6e95fd874} - no filepath The cooler still works with no display and the colours are changeable. HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION (CloudBees, Inc.) [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS LCD Panel Setting\MonitorService-exec.exe Python 3.9.5 Executables (64-bit symbols) (HKLM\\{62B02C0C-B9B8-49E4-BC06-ABA02223D2BA}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{132c3361-2a8c-4a3a-a81d-208c0f31a908}" => removed successfully Task: {572eb39c-ac47-4eda-a21b-d776650fa302} - no filepath (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Print driver host for applications\Print driver host for applications.exe Task: {414df2f8-cc7c-49b6-a90f-8e407ed62e02} - no filepath Error: Unable to rebuild performance counter setting from system backup store, error code is 2 0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92ec50a0-247a-4611-885a-d70f21f03e46}" => removed successfully Launcher Prerequisites (x64) (HKLM-x32\\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden 2021-10-08 16:58 - 2021-10-08 16:58 - 000058304 _____ C:\Windows\system32\Drivers\49306c4f52694d3363575a7151566834646c4a3252566836626a644955474a7463474a6f.sys 2021-09-29 10:31 - 2021-10-24 17:56 - 000000000 ____D C:\Users\Pepega HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141 R1 SMR540; C:\Windows\System32\drivers\SMR540.SYS [119048 2021-10-24] (NortonLifeLock Inc. -> Symantec Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\\Microsoft EdgeWebView) (Version: 95.0.1020.30 - Microsoft Corporation) "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4972aadd-d0db-4681-984f-17b847488bc9}" => removed successfully Resetting Resolve Neighbor, OK! 2021-10-14 13:14 - 2021-10-14 13:14 - 000058304 _____ C:\Windows\system32\Drivers\49306c4f52694e454d556f325256464b5a33706c566b3161516c64354f544e6a4f457436.sys Date: 2021-10-24 13:02:27.034 Exception Info: System.Runtime.InteropServices.ExternalException icecap_collectionresourcesx64 (HKLM-x32\\{D7CA7EBC-6382-4CDB-BE73-9057ABE6DBA5}) (Version: 17.0.31709 - Microsoft Corporation) Hidden 0.0.0.0 vortex.data.microsoft.com "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{d7495c49-8426-461c-8455-350522fba9cb}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{e62b268c-ea0c-4217-bfa2-7bd1145ba5a0}" => removed successfully HKU\S-1-5-21-326566074-3447909417-183555969-1001\SOFTWARE\Policies\Microsoft\Edge => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{257fa8a3-d406-4d7e-99a9-c9e255f9f6f0}" => removed successfully Task: {b7e27570-3f72-4ac2-b2ec-fd92b54c3a60} - no filepath Task: {378659c1-e595-42d5-9357-395cbc08c53b} - no filepath FirewallRules: [{199C16F6-0269-4609-BF27-31826F152D00}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) Microsoft Visual Studio Installer (HKLM\\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 3.0.3444.25014 - Microsoft Corporation) It has done this 1 time(s). 2021-10-13 22:14 - 2021-10-07 19:27 - 005703288 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll Task: {8f7674a6-0b05-416d-8dc8-bba2f61cad8c} - no filepath Resetting Potential, OK! 2021-10-14 10:50 - 2021-10-14 17:35 - 000001229 ____H C:\Users\Pepega\AppData\Local\d89b27a4d89b27a4d89b ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> ) 'Thing.bat' and 'Thing2.bat' are batch files that i wrote to try and kill 'Update.exe' and 'Windows Driver Installation Service.exe'. not found Security intelligence Version: AV: 1.351.958.0, AS: 1.351.958.0, NIS: 1.351.958.0 Microsoft Web Deploy 4.0 (HKLM\\{2EC26D34-FB67-4C58-AC20-235697551222}) (Version: 10.0.3802 - Microsoft Corporation) Task: {c4718da2-1857-4507-932c-28593e4e8294} - no filepath Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Windows Desktop Runtime - 5.0.11 (x64) (HKLM-x32\\{59d2a8eb-a667-428d-a393-42df4da226a4}) (Version: 5.0.11.30524 - Microsoft Corporation) S3 SIVDriver; C:\Windows\system32\Drivers\SIVX64.sys [205552 2021-02-13] (RH Software Ltd -> Ray Hinchliffe) Resetting , OK! "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{e2e2a07e-8ce9-45bf-94db-a91755d15155}" => removed successfully ==================== End of FRST.txt ========================, Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-10-2021 It has done this 1 time(s). 2021-10-03 15:47 - 2021-10-24 20:25 - 000000000 ____D C:\Windows\system32\SleepStudy 2021-10-13 22:14 - 2021-10-07 19:27 - 004938872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2021-10-20 14:50 - 2021-10-20 14:50 - 000000000 ____D C:\Program Files\ENE Task: {44e64ec2-07de-480c-b391-0e70d56ee3de} - no filepath But i can not control FirewallRules: [UDP Query User{AF8AC701-2625-4E3F-B802-427DABF38DBC}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.) "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68703689-47bd-47ee-9cf2-e91abb43a182}" => removed successfully 2021-10-02 23:01 - 2021-10-02 23:01 - 000000000 ____D C:\Users\Pepega\AppData\Local\setup Microsoft ASP.NET Core 5.0.7 - Shared Framework (HKLM-x32\\{1c2c5c8e-d9f7-46c5-833d-0a63f6becb4a}) (Version: 5.0.7.21263 - Microsoft Corporation) Partition: GPT. The file will not be moved unless listed separately.) 2021-10-12 21:15 - 2021-10-24 19:39 - 000003658 _____ C:\Windows\system32\Tasks\CreateExplorerShellUnelevatedTask 2021-10-02 23:46 - 2021-10-04 18:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2021-10-24 12:15 - 2021-10-24 12:15 - 000000000 ____D C:\Program Files (x86)\Print driver host for applications 0.0.0.0 telecommand.telemetry.microsoft.com Security intelligence Version: AV: 1.351.958.0, AS: 1.351.958.0, NIS: 1.351.958.0 Error: (10/24/2021 07:36:20 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{519e0c96-0a46-4c15-840e-41ed3cda1aef}" => removed successfully Task: {4972aadd-d0db-4681-984f-17b847488bc9} - no filepath "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ca0fb10b-e917-4aa5-9e3a-f6a019682f3f}" => removed successfully HKLM\System\CurrentControlSet\Services\BlueStacksDrv_nxt => removed successfully HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION 2021-10-15 11:58 - 2021-10-15 11:58 - 000000827 _____ C:\Users\Pepega\AppData\Roaming\Microsoft\Windows\Start Menu\LDPlayer4.lnk 2021-10-04 09:37 - 2021-10-04 09:37 - 000000000 ____D C:\Users\Pepega\AppData\Roaming\Macromedia at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) start WinRT Intellisense UAP - Other Languages (HKLM-x32\\{8832F8ED-1035-9ABE-FD73-4E5ABAA84A5C}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden =========== "C:\WINDOWS\system32\*.tmp" ========== C:\Users\Pepega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Thing.bat => moved successfully 2021-10-02 23:07 - 2021-10-02 23:07 - 000000000 ____D C:\Users\Pepega\AppData\Local\tmp5qvbpq15.lck Task: {c68b5818-129c-4160-9e29-1a8feeb737d8} - no filepath 2021-10-24 18:02 - 2021-10-24 20:25 - 000072704 _____ (Microsoft Windows Operating System) C:\Users\Pepega\AppData\Local\Update.exe 2021-10-02 23:04 - 2021-10-02 23:04 - 000004106 _____ C:\Windows\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-10-24 13:24 - 2021-07-24 06:02 - 000040684 _____ C:\Users\Pepega\Desktop\tron.bat S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8901968 2021-10-12] (BattlEye Innovations e.K. The Corsair Service service terminated unexpectedly. Task: {55b76d6d-fbf6-450e-a24e-071e1db9f945} - no filepath "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60deadb4-207d-4623-826b-8aef456e994f}" => removed successfully Task: {8a8c9b4d-3ba3-4f5f-8da4-8714c002e24f} - no filepath 2021-10-04 18:19 - 2019-03-19 15:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared Task: {e3f16153-689d-41be-bf13-59cd11df70d5} - no filepath 2021-10-18 20:24 - 2021-10-18 20:24 - 000003532 _____ C:\Windows\system32\Tasks\AMDAutoUpdate HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Detection Type: Concrete (If an entry is included in the fixlist, it will be removed.) 2021-10-04 18:19 - 2019-03-19 15:52 - 000000000 ____D C:\Windows\system32\ta-in Task: {f72e227f-a82a-46d0-b517-0dcc9c2c1947} - no filepath ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal) Please copy the entire contents of the code box below to the a new file. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{e3f16153-689d-41be-bf13-59cd11df70d5}" => removed successfully 2021-10-15 11:40 - 2021-10-15 11:40 - 000006877 _____ C:\Users\Pepega\-1.14-windows.xml Description: The AORUS LCD Panel Service service terminated unexpectedly. [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\GVDisplay.dll Motherboard: Micro-Star International Co., Ltd. MEG X570 UNIFY (MS-7C35)
Detroit To Toronto Shuttle,
Peoples Funeral Home Obituaries Chatsworth Ga,
Virgo Characteristics,
Articles T
