CMD: Type "c:\Users\Eve8500\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClearHistory.cmd" HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File SearchScopes: HKLM-x32 -> DefaultScope value is missing SearchScopes: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004 -> {58CC1F7C-3B97-4FFD-85DA-ADB5A3B7339F} URL = FF Extension: (No Name) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [not found] S2 EraserSvc11720; "C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\NIS.exe" /h ccCommon [X] S4 Freemake Improver; "C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe" [X] R3 ALSysIO; \??\C:\Users\Eve8500\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION U2 ccEvtMgr; no ImagePath U2 ccSetMgr; no ImagePath S4 cpuz130; \??\C:\Users\Eve8500\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X] <==== ATTENTION S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X] U3 navapsvc; no ImagePath S4 NvStUSB; \SystemRoot\system32\drivers\nvstusb.sys [X] U3 SAVRT; no ImagePath U1 SAVRTPEL; no ImagePath U3 TlntSvr; no ImagePath U2 V2iMount; no ImagePath Folder: C:\Windows\system32\unknown ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} => -> No File ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => -> No File ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-10-10] (NVIDIA Corporation) ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File Task: C:\Windows\Tasks\EPSON XP-430 Series Update {4A56D1E7-2A67-44BE-B66A-E9C9E979C81A}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSPAE.EXE:/EXE:{4A56D1E7-2A67-44BE-B66A-E9C9E979C81A} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi AlternateDataStreams: C:\Windows\system32\msln.exe:f8062285dd853682c1b03611e5f3cd34 [282] AlternateDataStreams: C:\ProgramData\Temp:1CE11B51 [120] AlternateDataStreams: C:\ProgramData\Temp:285774C5 [202] AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125] AlternateDataStreams: C:\ProgramData\Temp:9638A27E [128] MSCONFIG\startupfolder: C:^Users^Eve8500^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^stop acronis.bat => C:\Windows\pss\stop acronis.bat.Startup MSCONFIG\startupreg: ABNotify => C:\Program Files (x86)\AOMEI Backupper\ABNotify.exe -auto MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" MSCONFIG\startupreg: AcronisTibMounterMonitor => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe MSCONFIG\startupreg: Bomgar_Cleanup_ZD6834250912113 => cmd.exe /C rd /S /Q "C:\ProgramData\apple-scc-0000000052EED2B9" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD6834250912113 /f MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\EpmNews.exe MSCONFIG\startupreg: EaseUS EPM Tray Agent => "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\TrayPopupE\TrayTipAgentE.exe" MSCONFIG\startupreg: EPLTarget => MSCONFIG\startupreg: Fitbit Connect => "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun MSCONFIG\startupreg: SearchProtection => "C:\Users\Eve8500\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart MSCONFIG\startupreg: SilentCleanService => C:\Program Files (x86)\iMobie\AnyTrans\${CHECK_RUNSERVICE_NAME} MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" CMD: netsh winsock reset catalog FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" Reboot: