Fix result of Farbar Recovery Scan Tool (x64) Version: 15-06-2017 01 Ran by Cin (17-06-2017 14:51:23) Run:3 Running from G:\ Loaded Profiles: Cin (Available Profiles: Cin) Boot Mode: Normal ============================================== fixlist content: ***************** HKU\S-1-5-21-709221880-3219919037-1249648889-1000\...\Run: [PlayNC Launcher] => [X] BootExecute: autocheck autochk * sdnclean64.exe BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> E:\Program Files\Java\jre7\bin\ssv.dll [2013-05-12] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> E:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-05-12] (Oracle Corporation) FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2013-05-12] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> E:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-05-12] (Oracle Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File] FF Plugin HKU\S-1-5-21-709221880-3219919037-1249648889-1000: @doubletwist.com/NPPodcast -> C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll [No File] FF Plugin HKU\S-1-5-21-709221880-3219919037-1249648889-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File] R2 WMPNetworkSvc; "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe" [X] R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-04-14] () S3 AsrIbDrv; \??\C:\Windows\SysWOW64\Drivers\AsrIbDrv.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 MSICDSetup; \??\D:\CDriver64.sys [X] S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X] S3 WinRing0_1_2_0; \??\E:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X] Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION Task: {8C945A35-5D40-41BC-A0C1-50EEAA9EA51D} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION Task: {ABCF096C-3463-4414-A6D5-452B08448EA2} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION Task: {D4AB738A-5CD6-47C5-BFEC-A03207B3264D} - System32\Tasks\Razer_Game_Booster_AutoUpdate => E:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-709221880-3219919037-1249648889-1000Core1d236cf5c9c877b.job => C:\Users\Cin\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-709221880-3219919037-1249648889-1000UA1d236cf5caadf91.job => C:\Users\Cin\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe CMD: sc config "Origin Web Helper Service" start= disabled C:\Users\Cin\AppData\Roaming\Wondershare E:\Cin\AppData\Roaming\Wondershare CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1" ***************** HKU\S-1-5-21-709221880-3219919037-1249648889-1000\Software\Microsoft\Windows\CurrentVersion\Run\\PlayNC Launcher => value removed successfully HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key removed successfully HKLM\Software\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key removed successfully HKLM\Software\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key removed successfully HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2 => key removed successfully C:\Windows\system32\npDeployJava1.dll => moved successfully HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2 => key removed successfully E:\Program Files\Java\jre7\bin\plugin2\npjp2.dll => moved successfully HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin => key removed successfully HKU\S-1-5-21-709221880-3219919037-1249648889-1000\Software\MozillaPlugins\@doubletwist.com/NPPodcast => key removed successfully C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll => not found. HKU\S-1-5-21-709221880-3219919037-1249648889-1000\Software\MozillaPlugins\ubisoft.com/uplaypc => key removed successfully C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll => not found. WMPNetworkSvc => Unable to stop service. HKLM\System\CurrentControlSet\Services\WMPNetworkSvc => key removed successfully WMPNetworkSvc => service removed successfully ESProtectionDriver => Service stopped successfully. HKLM\System\CurrentControlSet\Services\ESProtectionDriver => key removed successfully ESProtectionDriver => service removed successfully HKLM\System\CurrentControlSet\Services\AsrIbDrv => key removed successfully AsrIbDrv => service removed successfully HKLM\System\CurrentControlSet\Services\EagleX64 => key removed successfully EagleX64 => service removed successfully HKLM\System\CurrentControlSet\Services\MSICDSetup => key removed successfully MSICDSetup => service removed successfully HKLM\System\CurrentControlSet\Services\NTIOLib_1_0_C => key removed successfully NTIOLib_1_0_C => service removed successfully HKLM\System\CurrentControlSet\Services\WinRing0_1_2_0 => key removed successfully WinRing0_1_2_0 => service removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8C945A35-5D40-41BC-A0C1-50EEAA9EA51D} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C945A35-5D40-41BC-A0C1-50EEAA9EA51D} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ABCF096C-3463-4414-A6D5-452B08448EA2} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ABCF096C-3463-4414-A6D5-452B08448EA2} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4E5ACF-89F7-4220-BA21-81EE183975E2} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D4AB738A-5CD6-47C5-BFEC-A03207B3264D} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4AB738A-5CD6-47C5-BFEC-A03207B3264D} => key removed successfully C:\Windows\System32\Tasks\Razer_Game_Booster_AutoUpdate => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Razer_Game_Booster_AutoUpdate => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector => key removed successfully C:\Windows\Tasks\Adobe Flash Player Updater.job => moved successfully C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-709221880-3219919037-1249648889-1000Core1d236cf5c9c877b.job => moved successfully C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-709221880-3219919037-1249648889-1000UA1d236cf5caadf91.job => moved successfully C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully ========= sc config "Origin Web Helper Service" start= disabled ========= [SC] ChangeServiceConfig SUCCESS ========= End of CMD: ========= C:\Users\Cin\AppData\Roaming\Wondershare => moved successfully E:\Cin\AppData\Roaming\Wondershare => moved successfully ========= for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1" ========= ========= End of CMD: ========= ==== End of Fixlog 14:51:39 ====