the aorus lcd panel service service terminated unexpectedly

Task: {51006d50-cfd3-4b5a-af95-e596678bbea8} - no filepath 2021-10-18 20:24 - 2021-10-20 14:48 - 000000000 ____D C:\Users\Pepega\AppData\Local\Downloaded Installations 2021-10-13 22:14 - 2021-10-07 19:28 - 002114672 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll Task: {646144d0-0d5f-463c-aedc-cbc190d10525} - no filepath Task: {bb2029d9-cbf0-4ee3-aa1b-fbafda7b399a} - no filepath 2021-10-13 22:14 - 2021-10-07 19:32 - 001206416 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll Task: {7758a3fe-bd22-4403-acda-05ae12b2505a} - no filepath 2021-10-03 15:48 - 2021-10-24 19:36 - 000000006 ____H C:\Windows\Tasks\SA.DAT (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) 2021-10-12 19:18 - 2021-10-12 19:18 - 000000000 ____D C:\Users\Pepega\AppData\Local\Epic Games Path: file:_C:\Windows\System32\drivers\etc\hosts FirewallRules: [TCP Query User{28A199D2-4D67-4933-A8E1-FB5A7CEBD024}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.) Platform: Microsoft Windows 10 Pro Version 1909 18363.418 (X64) Language: English (United States) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\GvIllumLib.dll FirewallRules: [{30A1031D-2A0F-4ED7-BB78-4C35329A0857}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) Name: SettingsModifier:Win32/PossibleHostsFileHijack Error: (10/24/2021 08:19:57 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) 2021-10-04 18:09 - 2021-10-04 18:09 - 000008192 _____ C:\Windows\system32\config\userdiff "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{b19f8042-93dc-47e1-87f7-7ad8cb0032d9}" => removed successfully Security intelligence Version: AV: 1.351.958.0, AS: 1.351.958.0, NIS: 1.351.958.0 Task: {e21ec10f-b0f2-4d8c-ac9d-e74491370460} - no filepath Task: {78bdf1d8-0a82-4ea3-8ac6-e6a6e95fd874} - no filepath ============= 2021-10-24 13:24 - 2021-07-24 06:02 - 000040684 _____ C:\Users\Pepega\Desktop\tron.bat ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> ) Description: Update Windows license and product key tokens failed with 0x8007000D. Task: {43f54ace-856e-4b50-9808-1588b79b7c18} - no filepath ==================== Shortcuts & WMI ======================== Description: Resetting , OK! Task: {cefea723-c2e4-4ec0-b440-c45c5526fda8} - no filepath FF Extension: (BetterTTV) - C:\Users\Pepega\AppData\Roaming\Mozilla\Firefox\Profiles\q42kwfcc.default-release\Extensions\firefox@betterttv.net.xpi [2021-10-19] (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5292bbfbf575e2d2\Display.NvContainer\NVDisplay.Container.exe <2> R2 LdVBoxDrv; C:\Program Files\ldplayerbox\LdVBoxDrv.sys [315232 2021-10-15] (MyTestCertificate -> Oracle Corporation) CreateRestorePoint: SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC Fault offset: 0x000000000003a839 2021-10-02 23:03 - 2021-09-14 14:39 - 000067464 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys 0.0.0.0 choice.microsoft.com Task: {f746fb73-bc4d-499e-882f-e5f30abe8a2f} - no filepath Detection Origin: Local machine 2021-09-30 14:35 - 2021-09-30 14:35 - 001988096 _____ (GIGABYTE) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\AACSSD_Lib.dll Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) WebA Customers may purchase an AORUS Extended Warranty at the time of registration for eligible product. IntelliTraceProfilerProxy (HKLM-x32\\{C8891AD2-C223-45CD-A9BE-617A68923B61}) (Version: 15.0.21225.01 - Microsoft Corporation) Hidden After you have restarted the application, it will correctly indicate that your software is up to date or retrieve and install Task: {f72e227f-a82a-46d0-b517-0dcc9c2c1947} - no filepath (Microsoft Windows Operating System) [File not signed] C:\Users\Pepega\AppData\Local\Update.exe Task: {1e6a4e2b-eca4-4162-8baf-5e2cbc56f0a8} - no filepath 1. Task: {e2e2a07e-8ce9-45bf-94db-a91755d15155} - no filepath 2021-10-02 22:56 - 2021-10-04 09:59 - 000000000 ___RD C:\Users\Pepega\OneDrive Task: {bb4b5836-08d4-46b2-996b-c55ac054f68a} - no filepath HKLM\\StartupApproved\Run: => "SecurityHealth" 2021-10-04 11:39 - 2021-10-14 11:49 - 000058304 _____ (Intel Corporation ) C:\Windows\system32\Drivers\49306c4f52694e4557446c556347467a5a44673559566c4954584a44616c687152576c6a.sys 2021-10-02 23:26 - 2019-03-19 13:20 - 000415232 _____ (Windows Win 7 DDK provider) C:\Windows\system32\DXCpl.exe 2021-10-03 16:54 - 2021-10-03 16:54 - 000000223 _____ C:\Users\Pepega\Desktop\Apex Legends.url "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6902881d-a9ea-4ce3-9977-eac42438e59f}" => removed successfully WinRT Intellisense PPI - en-us (HKLM-x32\\{15E29AFF-CB19-A20B-9A81-B0765A63115F}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden Task: {df1c3fe3-3222-4a5e-b520-95a4768a5710} - no filepath Task: {e2e2a07e-8ce9-45bf-94db-a91755d15155} - no filepath Detection Type: Concrete Task: {ab7dbf26-2e26-445a-a7dd-f60ac12f19a6} - no filepath Task: {3b6b25a5-1bf5-48bb-81f3-5e306db688ba} - no filepath "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68912dca-04b7-43b9-b125-ab2888148ebb}" => removed successfully ================== Security intelligence Version: AV: 1.351.958.0, AS: 1.351.958.0, NIS: 1.351.958.0 Task: {d41d49ee-176e-4547-bd74-93495b181988} - no filepath ==================== Alternate Data Streams (Whitelisted) ======== "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{bb4b5836-08d4-46b2-996b-c55ac054f68a}" => removed successfully Python 3.9.5 Documentation (64-bit) (HKLM\\{4EFE695B-F377-4CB0-90E3-6AEEE22DEFEB}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden Python 3.9.5 Standard Library (64-bit) (HKLM\\{F4DC18F4-6323-4BE8-A322-38268831BC24}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden i have the 3090rtx xtreme from gigabyte. CustomCLSID: HKU\S-1-5-21-326566074-3447909417-183555969-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Pepega\AppData\Local\Microsoft\OneDrive\21.170.0822.0002\amd64\FileSyncShell64.dll => No File not found NVIDIA GeForce Experience 3.23.0.74 (HKLM\\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.23.0.74 - NVIDIA Corporation) FirewallRules: [{7AD4F43C-4369-433E-B2EC-A10468B9A5B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve Corp. -> ) It has done this 1 time(s). Resetting , OK! Task: {0ed742eb-771d-447f-a4e4-64c6fd2882f4} - no filepath Description: (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe Resetting Global, OK! Task: {cefea723-c2e4-4ec0-b440-c45c5526fda8} - no filepath HKU\S-1-5-21-326566074-3447909417-183555969-1001\\Run: [Discord] => C:\Users\Pepega\AppData\Local\Discord\Update.exe [1512608 2021-09-22] (Discord Inc. -> GitHub) 2021-10-24 14:03 - 2021-10-24 14:03 - 000058304 _____ C:\Windows\system32\Drivers\49306c4f52694d3361565a36626b5a525132647563586434536a6c474d586f3054584670.sys HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION Universal CRT Redistributable (HKLM-x32\\{0460C87B-7F4C-3170-FAC9-B7A6AE5CE4E9}) (Version: 10.0.26624 - Microsoft Corporation) Hidden Universal CRT Extension SDK (HKLM-x32\\{4D69FB64-4443-F2DD-DE1C-F14FD98AAC59}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden Network Binding: ==================== End of Addition.txt =======================. Faulting package-relative application ID: 2021-10-02 23:19 - 2021-10-02 23:19 - 000000000 ____D C:\Program Files\Microsoft Visual Studio Error: (10/24/2021 07:35:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Tcpip\..\Interfaces\{0b906b63-14f9-4205-87bd-1b6b0fc3f4de}: [DhcpNameServer] 1.1.1.1 1.0.0.1 2021-10-22 22:53 - 2019-03-19 15:52 - 000000000 ____D C:\Windows\system32\NDF I disabled it and now everything runs fine. WebAORUS is a world leading brand in high-performance motherboards, graphic cards, laptops gaming hardware and systems. Task: {9ab420ae-8543-428c-9838-410f79c8d585} - no filepath 2021-10-24 19:36 - 2019-03-19 15:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft R3 gdrv3; C:\Windows\gdrv3.sys [36352 2021-10-20] (GIGA-BYTE Technology Co., Ltd. -> GIGA-BYTE TECHNOLOGY CO., LTD.) Faulting process id: 0x2d74 HKU\S-1-5-21-326566074-3447909417-183555969-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg HKLM\System\CurrentControlSet\Services\npcap_wifi => removed successfully Python 3.9.5 Standard Library (64-bit symbols) (HKLM\\{72FB8CF5-E7CB-4CD2-90B2-39ADC3483845}) (Version: 3.9.5150.0 - Python Software Foundation) Hidden It has done this 1 time(s). Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) FirewallRules: [{01D768A1-24F5-4716-9BA7-067DFF0B3015}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) 2021-10-02 23:44 - 2021-10-23 09:53 - 000000000 ____D C:\Program Files (x86)\Battle.net 2021-10-18 19:32 - 2021-07-29 05:38 - 006582064 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys Task: {51f29cff-5f75-43a6-8c78-2970cd2f96ac} - no filepath "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{a68a203b-7eaa-4914-a565-5ff9759ae2a4}" => removed successfully Microsoft ASP.NET Core 5.0.7 - Shared Framework (HKLM-x32\\{1c2c5c8e-d9f7-46c5-833d-0a63f6becb4a}) (Version: 5.0.7.21263 - Microsoft Corporation) "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{e21ec10f-b0f2-4d8c-ac9d-e74491370460}" => removed successfully Task: {d4928d07-631c-4754-af4f-3f5f19729138} - no filepath FirewallRules: [{E1D43D4F-5765-4B23-A804-FDD364EFF570}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1e6a4e2b-eca4-4162-8baf-5e2cbc56f0a8}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3b6b25a5-1bf5-48bb-81f3-5e306db688ba}" => removed successfully Epic Online Services (HKLM-x32\\{32C68D93-D32F-4B01-8250-61642BFC22F8}) (Version: 2.0.28.0 - Epic Games, Inc.) FirewallRules: [{E2EA9D77-F4B6-46E6-94CF-DAE772492424}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve Corp. -> ) Task: {4972aadd-d0db-4681-984f-17b847488bc9} - no filepath "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0ffde93b-8785-42a8-8c6c-2672d544280d}" => removed successfully *" ======== AMD Ryzen Master (HKLM\\AMD Ryzen Master) (Version: 2.8.0.1937 - Advanced Micro Devices, Inc.) (If an entry is included in the fixlist, the registry item will be restored to default or removed. Task: {78bdf1d8-0a82-4ea3-8ac6-e6a6e95fd874} - no filepath 2021-10-15 11:59 - 2021-10-15 11:59 - 000000000 ____D C:\Users\Pepega\.Ld2VirtualBox 2021-10-02 22:52 - 2021-10-23 10:08 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk HKLM\\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [3180256 2021-10-21] (Riot Games, Inc. -> Riot Games, Inc.) "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{dceb985f-25eb-484d-ae30-6da7f11e1091}" => removed successfully Task: {358ba298-e9a3-4572-a1cd-6ec4e7b85984} - no filepath 2021-10-12 19:20 - 2021-10-12 19:20 - 000000000 ____D C:\Users\Pepega\AppData\Local\EOSUserHelper 2021-10-02 23:25 - 2021-10-04 18:19 - 000000000 ____D C:\Windows\system32\1033 Description: The WinRing0_1_2_0 service failed to start due to the following error: ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> ) Category: Settings Modifier Task: {646144d0-0d5f-463c-aedc-cbc190d10525} - no filepath CustomCLSID: HKU\S-1-5-21-326566074-3447909417-183555969-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Pepega\AppData\Local\Microsoft\OneDrive\21.170.0822.0002\amd64\FileSyncShell64.dll => No File "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{b30dbf6f-75b4-422c-82ed-f93cae0f7dec}" => removed successfully Task: {b19f8042-93dc-47e1-87f7-7ad8cb0032d9} - no filepath 2021-10-12 19:18 - 2021-10-12 19:18 - 000000000 ____D C:\Program Files (x86)\Epic Games KeePassXC (HKLM\\{89472929-1ED2-410F-B9CC-974CEE93800E}) (Version: 2.6.6 - KeePassXC Team) 2021-10-04 18:19 - 2019-03-19 15:52 - 000000000 ____D C:\Windows\system32\GroupPolicy 2021-10-03 09:12 - 2021-10-03 09:12 - 000000000 ____D C:\Users\Pepega\AppData\Roaming\NuGet 2021-10-15 11:55 - 2021-10-15 11:55 - 000000000 ____D C:\Users\Pepega\AppData\Local\BlueStacks "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{560963e7-8fb3-45a5-b560-b69102dfab6a}" => removed successfully Microsoft Defender Antivirus has detected malware or other potentially unwanted software. It has done this 1 time(s). 2021-10-02 23:04 - 2021-10-02 23:04 - 000004308 _____ C:\Windows\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8a370bc5-d53d-4130-9a86-55745d7884c5}" => removed successfully 2021-10-02 23:07 - 2021-10-24 21:18 - 000000000 ____D C:\Users\Pepega\AppData\Roaming\discord DNS Servers: 1.1.1.1 - 1.0.0.1 2021-10-02 23:46 - 2021-10-24 14:30 - 000000000 ____D C:\Program Files (x86)\Steam Description: The AORUS LCD Panel Service service terminated unexpectedly. When i clicked on properties, it said that its original name was 'Update.exe.' Epic Games Launcher Prerequisites (x64) (HKLM\\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Mozilla Maintenance Service (HKLM\\MozillaMaintenanceService) (Version: 92.0.1 - Mozilla) 2021-10-13 22:14 - 2021-10-07 19:32 - 000965336 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll 2021-10-24 14:57 - 2021-10-24 15:28 - 000000000 ____D C:\ProgramData\Malwarebytes 2021-10-02 23:22 - 2021-10-02 23:36 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs Error description: The handle is invalid. ==================== Safe Mode (Whitelisted) ================== But i can not control "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53b08e97-673e-4df6-ae10-9a73f6648a6c}" => removed successfully right now the only solution i have is to run task manager or processhacker in the background of my pc as the miners have a script to stop mining whenever those exes are open 2021-10-13 22:14 - 2021-10-07 19:29 - 000656512 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll U4 npcap_wifi; no ImagePath at Miner.Clipboard+<>c__DisplayClass0_0.b__0() Engine Version: AM: 1.1.18600.4, NIS: 1.1.18600.4 "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43f54ace-856e-4b50-9808-1588b79b7c18}" => removed successfully WebAORUS Gaming Motherboards will support either 5v or 12v digital LED strips. 2021-10-13 22:14 - 2021-10-07 19:32 - 001450200 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe 2021-10-01 15:07 - 2021-10-01 15:07 - 002045440 _____ (TODO: ) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\SMBCtrl.dll Error: (10/24/2021 06:01:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Engine Version: AM: 1.1.18600.4, NIS: 1.1.18600.4 FirewallRules: [{A73419CB-E557-4602-83F3-EED8A5A67B9A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) Task: {8a8c9b4d-3ba3-4f5f-8da4-8714c002e24f} - no filepath ========= End of CMD: ========= 2021-10-13 22:14 - 2021-10-07 19:32 - 001874648 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe Boot Mode: Normal ========= 2021-10-02 22:55 - 2021-10-24 19:42 - 000049844 _____ C:\Windows\system32\PerfStringBackup.INI Task: {bd098352-5f63-4d2b-8e01-ba6a347a2975} - no filepath FF Extension: (vidIQ Vision for YouTube) - C:\Users\Pepega\AppData\Roaming\Mozilla\Firefox\Profiles\q42kwfcc.default-release\Extensions\firefox@vid.io.xpi [2021-10-23] Engine Version: AM: 1.1.18600.4, NIS: 1.1.18600.4 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => could not remove, key could be protected Task: {a2a9bb80-76ce-4752-9e44-f43e01b26a35} - no filepath 2021-10-14 11:40 - 2021-10-14 11:40 - 000058304 _____ C:\Windows\system32\Drivers\49306c4f52694d334e5535714e6e6f30524534354d6a597a61564631576d56464f585a33.sys vs_clickoncesigntoolmsi (HKLM-x32\\{B00D9AE3-D2B9-4C16-AF48-B3AF4B46E67A}) (Version: 17.0.31703 - Microsoft Corporation) Hidden Task: {a4a7b095-aaa9-401c-a9d7-8abe8ea301af} - no filepath 0.0.0.0 vortex-win.data.microsoft.com 2021-10-02 23:25 - 2021-10-04 18:19 - 000000000 ____D C:\Windows\system32\1036 Loaded Profiles: Pepega ALASKA - 1072009 06/22/2021 VS Immersive Activate Helper (HKLM-x32\\{C0ACF658-B4DC-4CBB-B8F2-9E667D69919A}) (Version: 17.0.114.0 - Microsoft Corporation) Hidden 2021-10-24 20:41 - 2021-10-24 20:41 - 000000000 ____D C:\ProgramData\Norton Task: {57F289BA-DE1C-4DD8-95F8-ED9D13AD93D0} - System32\Tasks\NahimicSvc64Run => C:\Windows\system32\NahimicSvc64.exe [1067016 2020-12-10] (A-Volute SAS -> Nahimic)