Farbar Recovery Scan Tool (x64) Version: 14-12-2020 Ran by vtmck (14-12-2020 21:50:34) Running from C:\Users\vtmck\OneDrive\Desktop Boot Mode: Normal ================== Search Registry: "cmd.exe" =========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\cmd.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\shell\runas\command] ""="%SystemRoot%\System32\cmd.exe /C "%1" %*" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00021400-0000-0000-C000-000000000046}\shell\cmd\command] ""="cmd.exe /s /k pushd "%V"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\shell\cmd\command] ""="cmd.exe /s /k pushd "%V"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cmdfile\shell\runas\command] ""="%SystemRoot%\System32\cmd.exe /C "%1" %*" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\background\shell\cmd\command] ""="cmd.exe /s /k pushd "%V"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shell\cmd\command] ""="cmd.exe /s /k pushd "%V"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shell\cmd\command] ""="cmd.exe /s /k pushd "%V"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00021400-0000-0000-C000-000000000046}\shell\cmd\command] ""="cmd.exe /s /k pushd "%V"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\shell\cmd\command] ""="cmd.exe /s /k pushd "%V"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aff735eb-cdf9-4894-aa69-3e3131128618}] "AppName"="cmd.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEDIAG.EXE] ""="C:\Program Files\Internet Explorer\IEDIAGCMD.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEDIAGCMD.EXE] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEDIAGCMD.EXE] ""="C:\Program Files\Internet Explorer\IEDIAGCMD.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RetailDemo\ServiceReadWrite\ProcessCloseExclusionList] "cmd.exe"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34E8CE7D-77E5-4405-AE3D-26816C4C69C8}] "Description"="$(@%SystemRoot%\system32\dsregcmd.exe,-102)" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F8F5002-8ACA-43DD-A747-2F4CA7E36AF8}] "Description"="$(@%SystemRoot%\system32\dsregcmd.exe,-101)" [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Intel\GFX\Uninstall] "process5"="process=hkcmd.exe error= usequence=-10 group=GFX" [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aff735eb-cdf9-4894-aa69-3e3131128618}] "AppName"="cmd.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\App Paths\IEDIAG.EXE] ""="C:\Program Files\Internet Explorer\IEDIAGCMD.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\App Paths\IEDIAGCMD.EXE] [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\App Paths\IEDIAGCMD.EXE] ""="C:\Program Files\Internet Explorer\IEDIAGCMD.EXE" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot] "AlternateShell"="cmd.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment] "ComSpec"="%SystemRoot%\system32\cmd.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-1792065088-1724429800-3796853536-1001] "\Device\HarddiskVolume3\Windows\System32\cmd.exe"="0x37EF28EE86D2D60100000000000000000000000002000000" [HKEY_USERS\S-1-5-21-1792065088-1724429800-3796853536-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppLaunch] "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\cmd.exe"="4" [HKEY_USERS\S-1-5-21-1792065088-1724429800-3796853536-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched] "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\cmd.exe"="101" [HKEY_USERS\S-1-5-21-1792065088-1724429800-3796853536-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\ShowJumpView] "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\cmd.exe"="7" [HKEY_USERS\S-1-5-21-1792065088-1724429800-3796853536-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] "C:\Windows\System32\cmd.exe.FriendlyAppName"="Windows Command Processor" [HKEY_USERS\S-1-5-21-1792065088-1724429800-3796853536-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] "C:\Windows\System32\cmd.exe.ApplicationCompany"="Microsoft Corporation" ====== End of Search ======