Start:: CreateRestorePoint: CloseProcesses: File: C:\Program Files\WindowsOptions\nvidia_driver64\nvidia_driver64.exe File: C:\Program Files\WindowsOptions\nvidia_driver64\nvidia_drr64.exe Folder: C:\Program Files\WindowsOptions\nvidia_driver64 Task: {DA82B74B-081B-48E1-A022-BEF8455769C4} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe (No File) Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File) Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File) 2026-03-31 11:32 - 2026-03-31 11:32 - 000000026 _____ C:\Users\gogor\AppData\LocalLow\6fb93dbea7be2b9e574201807dd10a4496e6bede827df0d2f24ee20e113237e0 2026-03-31 11:16 - 2026-03-31 11:16 - 000023041 _____ C:\Users\gogor\AppData\LocalLow\3e9e11bc6b90f279509268cb061458c7541eb5ef51b2751ef74210073ce53ecb 2026-03-31 11:16 - 2026-03-31 11:16 - 000000026 _____ C:\Users\gogor\AppData\LocalLow\ec1fec5fcf09cb6a07bf20445e7a460af2c397b6f555f2ac05e6bc586c85dcff 2026-03-28 21:35 - 2026-03-31 11:32 - 000008648 _____ C:\Users\gogor\AppData\LocalLow\b0b91dc9b6d50ed4c2dc6f6e4caf481b578fa7ec54dc2a661002cff6278d1f80 2026-03-28 21:35 - 2026-03-28 21:35 - 000002264 _____ C:\Users\gogor\AppData\LocalLow\8a4a7220dcd078c02433b20b714cce832b9c1079a63ad8ac1741bfc2546c9d28 2026-03-27 18:32 - 2026-03-27 18:32 - 000002264 _____ C:\Users\gogor\AppData\LocalLow\1a20e1f2636d0a427698b0ccd59bda74ffd92d821e5682a5b71cc23d0940850e 2026-03-27 18:32 - 2026-03-27 18:32 - 000000026 _____ C:\Users\gogor\AppData\LocalLow\ba04f6b2307315d30d5f813cfc66ebd768839ae7bae68c5352e25f219ebb1fb6 2026-03-25 12:07 - 2026-03-25 12:07 - 000000396 _____ C:\Users\gogor\AppData\LocalLow\a72074c525737cc0086453db2e4176b9ad7434e761a60696887fee2b9f54fe65 2026-03-25 12:07 - 2026-03-25 12:07 - 000000026 _____ C:\Users\gogor\AppData\LocalLow\c516531506a05fd6ca2541ec156589cb223f4acbb8a9afad9deda005ee6aa915 2026-03-25 12:07 - 2026-03-25 12:07 - 000000026 _____ C:\Users\gogor\AppData\LocalLow\62cf2e39f12f583f4d64a39327a2050aa8867c0681fbea737be39dfa0a3080f0 2026-03-25 12:06 - 2026-03-25 12:06 - 000002264 _____ C:\Users\gogor\AppData\LocalLow\03611aada18f5c62501aad3d80107f01a4bda43299d3b61e234c7324ae9f942e 2026-03-24 14:17 - 2026-03-24 14:17 - 000002264 _____ C:\Users\gogor\AppData\LocalLow\275c0bef7de3f54bb9ac41f9ca15adc240f4435b7f5e1613c3bade861b3ff1a1 2026-03-24 11:29 - 2026-03-24 11:29 - 000006591 _____ C:\Users\gogor\AppData\LocalLow\f41c943f232cf7cb71b00abf62713b43804ce80cb71f026218542d0f79d29a2d 2026-03-24 11:29 - 2026-03-24 11:29 - 000006587 _____ C:\Users\gogor\AppData\LocalLow\b7edf3c866bde73af2d97944c5ddab8632bc9bdde4b0bb192ba21d34e6a16c93 2026-03-24 11:29 - 2026-03-24 11:29 - 000006586 _____ C:\Users\gogor\AppData\LocalLow\fb1ef91437b2c52b9310adf5a1d00a84e249981466863b9e1820ea6036b7c9e8 2026-03-24 11:29 - 2026-03-24 11:29 - 000006572 _____ C:\Users\gogor\AppData\LocalLow\7bfdd2079cc83f1cc34980a8e67011f48337a3ba8e95b3828e5e510423950d1a 2026-03-24 11:29 - 2026-03-24 11:29 - 000000026 _____ C:\Users\gogor\AppData\LocalLow\e76211ab8af3fbaab4b9326ad35b0a00969d95d0a64da56eb4ac7de2ee6b0277 2026-03-24 11:29 - 2026-03-24 11:29 - 000000026 _____ C:\Users\gogor\AppData\LocalLow\5782cc34b5244fe4ac8701da3c1bdc26dd3de359991cb3def55ff33b93e98e7f 2026-03-24 11:29 - 2026-03-24 11:29 - 000000026 _____ C:\Users\gogor\AppData\LocalLow\576bf79226144da7523ab7fa90e4dc52d5ff7f052fec52952fe2e83df70d4e0b 2026-03-24 11:29 - 2026-03-24 11:29 - 000000026 _____ C:\Users\gogor\AppData\LocalLow\0bdd92fa3f1683bb286b3c4e1552250d8fbe475def5df97bb184d34e04055e09 AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [6968] HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\MRT: Restriction <==== ATTENTION HKLM\Software\Policies\...\system: [EnableSmartScreen] 0 <==== ATTENTION HKLM\SYSTEM\...\Terminal Server: [fDenyTSConnections] = 0 <==== ATTENTION HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\BraveSoftware\Brave: Restriction <==== ATTENTION R2 nvidia_driver64; C:\Program Files\WindowsOptions\nvidia_driver64\nvidia_driver64.exe [18243033 2026-03-24] (CloudBees, Inc.) [File not signed] [File is in use] <==== ATTENTION S2 nvidia_dr64; C:\Program Files\WindowsOptions\nvidia_dr64\nvidia_dr64.exe [18243033 2026-03-24] (CloudBees, Inc.) [File not signed] 2026-03-30 16:59 - 2026-03-30 17:00 - 000000000 ____D C:\ProgramData\IvMAc 2026-03-30 16:46 - 2026-03-30 16:46 - 000000000 ____D C:\ProgramData\MfWc4 2026-03-30 16:20 - 2026-03-30 16:20 - 000000000 ____D C:\ProgramData\5Y8fa 2026-03-30 12:21 - 2026-03-30 12:22 - 000000000 ____D C:\ProgramData\CxMHr 2026-03-29 20:12 - 2026-03-29 20:12 - 000000000 ____D C:\Users\gogor\AppData\Local\WindowsOptions 2026-03-29 19:33 - 2026-03-30 17:37 - 000000000 ____D C:\Program Files\WindowsOptions 2026-03-29 19:33 - 2026-03-29 19:33 - 000000000 ____D C:\ProgramData\wQ2JA 2026-03-29 19:33 - 2026-03-29 19:33 - 000000000 ____D C:\ProgramData\WindowsOptions 2025-12-01 13:52 - 2025-12-01 13:52 - 000000048 ____R () C:\Users\gogor\AppData\Local\8544BE776918F368025CA293E54C857B StartRegedit: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=dword:00000005 "ConsentPromptBehaviorUser"=dword:00000003 "EnableLUA"=dword:00000001 EndRegedit: StartPowershell: Try { $Paths=(Get-MpPreference).ExclusionPath $Extensions=(Get-MpPreference).ExclusionExtension $Processes=(Get-MpPreference).ExclusionProcess foreach ($Path in $Paths) { Remove-MpPreference -ExclusionPath $Path -force -ErrorAction Stop } foreach ($Extension in $Extensions) { Remove-MpPreference -ExclusionExtension $Extension -force -ErrorAction Stop } foreach ($Process in $Processes) { Remove-MpPreference -ExclusionProcess $Process -force -ErrorAction Stop } } Catch { Write-Error "Error occurred while removing Windows Defender exclusions: $_" } EndPowershell: cmd: sfc /scannow cmd: DISM.exe /Online /Cleanup-image /Scanhealth cmd: DISM.exe /Online /Cleanup-image /Restorehealth cmd: netsh winsock reset catalog cmd: netsh int ip reset C:\resettcpip.txt cmd: Bitsadmin /Reset /Allusers cmd: ipconfig /flushdns RemoveProxy: EmptyTemp: End::