Fix result of Farbar Recovery Scan Tool (x64) Version: 26-12-2019
Ran by Simi (26-12-2019 19:57:45) Run:1
Running from C:\Users\Simi\Desktop
Loaded Profiles: Simi (Available Profiles: Simi)
Boot Mode: Normal
==============================================

fixlist content:
*****************
File: C:\WINDOWS\system32\svchost.exe
File: C:\WINDOWS\SysWOW64\svchost.exe
File: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
CMD: sc config wuauserv start= disabled
HKU\S-1-5-21-739093134-1882289950-3713944110-1003\...\MountPoints2: {4cb3aa2d-cb1b-11e9-bcc6-000272a56266} - "G:\HiSuiteDownLoader.exe
Task: {0B303A5A-4BCC-458F-A5C6-9F236EF895CB} - System32\Tasks\Microsoft\Windows\Wininet\Winlogui => winlogui.exe <==== ATTENTION
Task: {60FBF3D2-2520-4DAC-9625-C9ACD785E3D6} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\winrmsrv => winrmsrv.exe <==== ATTENTION
Task: {6CBA7021-553B-4CE2-83F9-157E3946188E} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
Task: {A1C46BE1-3CBA-47FD-AC92-D3FF0766E7A0} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost <==== ATTENTION
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} =>  -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
CMD: mkdir C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer
CMD: mkdir C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:


*****************


========================= File: C:\WINDOWS\system32\svchost.exe ========================

C:\WINDOWS\system32\svchost.exe
Catalog: C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.388.cat
File is digitally signed
MD5: 9520A99E77D6196D0D09833146424113
Creation and modification date: 2019-03-19 05:44 - 2019-03-19 05:44
Size: 000053744
Attributes: ----A
Company Name: Microsoft Windows Publisher -> Microsoft Corporation
Internal Name: svchost.exe
Original Name: svchost.exe
Product: Microsoft® Windows® Operating System
Description: Host Process for Windows Services
File Version: 10.0.18362.1 (WinBuild.160101.0800)
Product Version: 10.0.18362.1
Copyright: © Microsoft Corporation. All rights reserved.
VirusTotal: https://www.virustotal.com/file/dd191a5b23df92e12a8852291f9fb5ed594b76a28a5a464418442584afd1e048/analysis/1577370982/

====== End of File: ======


========================= File: C:\WINDOWS\SysWOW64\svchost.exe ========================

C:\WINDOWS\SysWOW64\svchost.exe
Catalog: C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0012~31bf3856ad364e35~amd64~~10.0.18362.388.cat
File is digitally signed
MD5: A7296C1245EE76768D581C6330DADE06
Creation and modification date: 2019-03-19 05:45 - 2019-03-19 05:45
Size: 000045448
Attributes: ----A
Company Name: Microsoft Windows Publisher -> Microsoft Corporation
Internal Name: svchost.exe
Original Name: svchost.exe
Product: Microsoft® Windows® Operating System
Description: Host Process for Windows Services
File Version: 10.0.18362.1 (WinBuild.160101.0800)
Product Version: 10.0.18362.1
Copyright: © Microsoft Corporation. All rights reserved.
VirusTotal: https://www.virustotal.com/file/5be0de7f915ba819d4ba048db7a2a87f6f3253fdd4865dc418181a0d6a031caa/analysis/1577194826/

====== End of File: ======


========================= File: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys ========================

"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys" => not found
====== End of File: ======


========= sc config wuauserv start= disabled =========

[SC] ChangeServiceConfig SUCCESS

========= End of CMD: =========

HKU\S-1-5-21-739093134-1882289950-3713944110-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4cb3aa2d-cb1b-11e9-bcc6-000272a56266} => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0B303A5A-4BCC-458F-A5C6-9F236EF895CB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B303A5A-4BCC-458F-A5C6-9F236EF895CB}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Wininet\Winlogui => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Wininet\Winlogui" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{60FBF3D2-2520-4DAC-9625-C9ACD785E3D6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60FBF3D2-2520-4DAC-9625-C9ACD785E3D6}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Windows Error Reporting\winrmsrv => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Error Reporting\winrmsrv" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6CBA7021-553B-4CE2-83F9-157E3946188E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6CBA7021-553B-4CE2-83F9-157E3946188E}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\StartupCheckLibrary" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A1C46BE1-3CBA-47FD-AC92-D3FF0766E7A0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1C46BE1-3CBA-47FD-AC92-D3FF0766E7A0}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\WDI\SrvHost => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WDI\SrvHost" => removed successfully
C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => moved successfully
HKLM\Software\MozillaPlugins\wacom.com/WacomTabletPlugin => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\wacom.com/WacomTabletPlugin => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MagicISO => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MagicISO => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\MagicISO => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully

========= mkdir C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer =========


========= End of CMD: =========


========= mkdir C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database =========


========= End of CMD: =========


========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========

Failed to clear log Microsoft-Windows-LiveId/Analytic.
Access is denied.
Failed to clear log Microsoft-Windows-LiveId/Operational.
Access is denied.

========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 19:58:06 ====