Fix result of Farbar Recovery Scan Tool (x64) Version: 24-09-2016 02 Ran by deco (24-09-2016 20:36:19) Run:4 Running from C:\Users\deco\Downloads Loaded Profiles: deco (Available Profiles: deco & Guest & DefaultAppPool) Boot Mode: Normal ============================================== fixlist content: ***************** U3 idsvc; no ImagePath S3 SoundGridMIDI; \SystemRoot\system32\drivers\SoundGridMidi.sys [X] Task: {298C1599-D9DB-4C4A-BA02-088F48977A54} - System32\Tasks\WpsNotifyTask_sales in bloom => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsnotify.exe Task: {566F65A2-1225-4932-9D23-7B8A8D203CFA} - System32\Tasks\WpsUpdateTask_sales in bloom => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3406242734-3781281278-1370421689-1000Core.job => C:\Users\deco\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3406242734-3781281278-1370421689-1000UA.job => C:\Users\deco\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\WpsNotifyTask_sales in bloom.job => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsnotify.exe Task: C:\WINDOWS\Tasks\WpsUpdateTask_sales in bloom.job => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe AlternateDataStreams: C:\Windows:nlsPreferences [386] AlternateDataStreams: C:\ProgramData\Microsoft:INL1pHYdTghSiscdUO [2220] AlternateDataStreams: C:\ProgramData\Microsoft:JC00IUg3n1Mx2poMMk [2198] AlternateDataStreams: C:\ProgramData\Microsoft:Ys9gXmQ3SrbipY4xA65epdF [2474] AlternateDataStreams: C:\ProgramData\Microsoft:YSZUZXKIzleugtKMK [2260] AlternateDataStreams: C:\Users\deco\Local Settings:2qTWSJ0QW6qXwQQW47MlLy [2424] AlternateDataStreams: C:\Users\deco\Local Settings:5VfbgSCAXOk224D9qaxLT [2312] AlternateDataStreams: C:\Users\deco\AppData\Local:2qTWSJ0QW6qXwQQW47MlLy [2424] AlternateDataStreams: C:\Users\deco\AppData\Local:5VfbgSCAXOk224D9qaxLT [2312] AlternateDataStreams: C:\Users\deco\AppData\Local\Application Data:2qTWSJ0QW6qXwQQW47MlLy [2424] AlternateDataStreams: C:\Users\deco\AppData\Local\Application Data:5VfbgSCAXOk224D9qaxLT [2312] AlternateDataStreams: C:\Users\deco\AppData\Local\fxTJ3wOFPpr5:hmVaetgd9kzvQ7J84ObD [2278] CMD: sc config i8042prt start= disabled CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1" ***************** idsvc => service removed successfully SoundGridMIDI => service removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{298C1599-D9DB-4C4A-BA02-088F48977A54}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{298C1599-D9DB-4C4A-BA02-088F48977A54}" => key removed successfully C:\WINDOWS\System32\Tasks\WpsNotifyTask_sales in bloom => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WpsNotifyTask_sales in bloom" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{566F65A2-1225-4932-9D23-7B8A8D203CFA}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{566F65A2-1225-4932-9D23-7B8A8D203CFA}" => key removed successfully C:\WINDOWS\System32\Tasks\WpsUpdateTask_sales in bloom => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WpsUpdateTask_sales in bloom" => key removed successfully C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => moved successfully C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3406242734-3781281278-1370421689-1000Core.job => moved successfully C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3406242734-3781281278-1370421689-1000UA.job => moved successfully C:\WINDOWS\Tasks\WpsNotifyTask_sales in bloom.job => moved successfully C:\WINDOWS\Tasks\WpsUpdateTask_sales in bloom.job => moved successfully C:\Windows => ":nlsPreferences" ADS removed successfully. C:\ProgramData\Microsoft => ":INL1pHYdTghSiscdUO" ADS removed successfully. C:\ProgramData\Microsoft => ":JC00IUg3n1Mx2poMMk" ADS removed successfully. C:\ProgramData\Microsoft => ":Ys9gXmQ3SrbipY4xA65epdF" ADS removed successfully. C:\ProgramData\Microsoft => ":YSZUZXKIzleugtKMK" ADS removed successfully. "C:\Users\deco\Local Settings" => ":2qTWSJ0QW6qXwQQW47MlLy" ADS not found. "C:\Users\deco\Local Settings" => ":5VfbgSCAXOk224D9qaxLT" ADS not found. C:\Users\deco\AppData\Local => ":2qTWSJ0QW6qXwQQW47MlLy" ADS removed successfully. C:\Users\deco\AppData\Local => ":5VfbgSCAXOk224D9qaxLT" ADS removed successfully. "C:\Users\deco\AppData\Local\Application Data" => ":2qTWSJ0QW6qXwQQW47MlLy" ADS not found. "C:\Users\deco\AppData\Local\Application Data" => ":5VfbgSCAXOk224D9qaxLT" ADS not found. C:\Users\deco\AppData\Local\fxTJ3wOFPpr5 => ":hmVaetgd9kzvQ7J84ObD" ADS removed successfully. ========= sc config i8042prt start= disabled ========= [SC] ChangeServiceConfig SUCCESS ========= End of CMD: ========= ========= for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1" ========= Failed to clear log DebugChannel. The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled before performing the requested operation. Failed to clear log Microsoft-RMS-MSIPC/Debug. The instance name passed was not recognized as valid by a WMI data provider. Failed to clear log Microsoft-Windows-LiveId/Analytic. Access is denied. Failed to clear log Microsoft-Windows-LiveId/Operational. Access is denied. ========= End of CMD: ========= ==== End of Fixlog 20:37:01 ====