﻿Fix result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by KROBOT at 2015-06-01 23:54:32 Run:1
Running from C:\Users\KROBOT\Desktop
Loaded Profiles: KROBOT (Available Profiles: KROBOT)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
File: C:\Users\KROBOT\AppData\Roaming\msdiar.dat
File: C:\Users\KROBOT\AppData\Roaming\msulfmp.dat
C:\Windows\SysWOW64\dcgmncvkvlcn.exe
C:\Users\KROBOT\AppData\Local\Adobe\Acrobat\AdobeUpdater.exe
C:\Windows\inf\msstp.vbe
C:\Windows\inf\ntvdm.vbe
C:\Windows\inf\ntvdm.inf

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKU\S-1-5-21-3260140517-497560047-1006625806-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR Extension: (bdfnieppndfdhcgbmhfdlgdjegclkomk) - C:\Users\KROBOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfnieppndfdhcgbmhfdlgdjegclkomk [2014-12-31]
CHR Extension: (ihncljabjemfknlkjmhcmhlajcnigaik) - C:\Users\KROBOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihncljabjemfknlkjmhcmhlajcnigaik [2014-12-30]

S3 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X]
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50976 2014-03-02] (AVG Technologies)
C:\windows\system32\drivers\avgtpx64.sys
S1 fjoyrvqj; \??\C:\windows\system32\drivers\fjoyrvqj.sys [X]
S1 hpfxcjci; \??\C:\windows\system32\drivers\hpfxcjci.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]

2015-05-30 21:56 - 2015-05-30 21:56 - 00112640 _____ (forum.viry.cz) C:\Users\KROBOT\Desktop\FRSTLauncher.exe
2015-05-30 21:56 - 2015-05-30 21:56 - 00024883 _____ () C:\Users\KROBOT\Desktop\FRST.txt
2015-05-29 22:40 - 2015-05-29 22:41 - 00000000 ____D () C:\AdwCleaner
2015-05-29 08:48 - 2015-05-29 12:53 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-29 08:48 - 2015-05-29 08:48 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-29 08:47 - 2015-05-29 09:00 - 00000000 ____D () C:\Users\KROBOT\Desktop\mbar
2015-05-29 08:47 - 2015-05-29 08:47 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys

Task: {09BCF824-2574-4929-A3D2-577A88C5DC56} - System32\Tasks\{F3891F0F-DF28-411E-A3B6-F328989C225A} => pcalua.exe -a "C:\Users\KROBOT\Desktop\Battlefield 3\OriginInstaller.exe" -d "C:\Users\KROBOT\Desktop\Battlefield 3"
Task: {40A49A00-ADD6-48AC-98D1-21A7B8505505} - System32\Tasks\{1AB1172A-BE5E-47D2-8213-4476C7F664A9} => pcalua.exe -a "C:\Users\KROBOT\Desktop\gta patch\setup.exe" -d "C:\Users\KROBOT\Desktop\gta patch"
Task: {98D3E9C6-7431-448B-A386-6DC38B113E18} - System32\Tasks\{55D5CB91-0A5D-442D-90DD-F626C56E9325} => pcalua.exe -a "C:\Users\KROBOT\Desktop\stalker cop.1\Redist\NetFX\dotnetfx35.exe" -d "C:\Users\KROBOT\Desktop\stalker cop.1\Redist\NetFX"
Task: {A69936EA-63A4-4915-8C06-679B19305937} - System32\Tasks\{60944505-56A7-635D-E054-184C1C0B3908} => C:\Users\KROBOT\AppData\Roaming\.minecraft\resources\newsound\ambient\mgpoyqu.exe [2014-06-06] ()
Task: {AE631B6C-5AB4-4761-B5F5-5B54175B01EF} - System32\Tasks\{6C4F973C-6E37-4816-BA24-1111B8E3B217} => pcalua.exe -a "C:\Program Files (x86)\moah\MoH - Airborne\UnrealEngine3\Binaries\moha_setup.exe" -d "C:\Program Files (x86)\moah\MoH - Airborne\UnrealEngine3\Binaries"
Task: {B52C7F7A-72D4-4CAC-8839-7B4E0F01B3D2} - System32\Tasks\{16CA05B6-1DE7-44DC-9D4D-57E4C4CD874B} => pcalua.exe -a "C:\Program Files (x86)\moah\MoH - Airborne\UnrealEngine3\Binaries\moha_setup.exe" -d "C:\Program Files (x86)\moah\MoH - Airborne\UnrealEngine3\Binaries"
Task: {CD99458E-D456-4348-9246-B7DCB80DE872} - System32\Tasks\{4C004811-3CA1-46B1-B347-998575B68711} => pcalua.exe -a "C:\Users\KROBOT\Desktop\m\MoH - Airborne\UnrealEngine3\Binaries\moha_setup.exe" -d "C:\Users\KROBOT\Desktop\m\MoH - Airborne\UnrealEngine3\Binaries"
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

AlternateDataStreams: C:\Users\KROBOT\AppData\Local\Temporary Internet Files:CLOaXf7drGM1knSQN2gOcfmT1Zqoy

IE trusted site: HKU\S-1-5-21-3260140517-497560047-1006625806-1001\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-3260140517-497560047-1006625806-1001\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-3260140517-497560047-1006625806-1001\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-3260140517-497560047-1006625806-1001\...\sony.com -> sony.com
Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========================= File: C:\Users\KROBOT\AppData\Roaming\msdiar.dat ========================

MD5: 197AD26FB5E5E255927CC848779DCCAB
Creation and modification date: 2014-08-29 12:19 - 2014-08-29 12:19
Size: 0009554
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product Name: 
Description: 
File Version: 
Product Version: 
Copyright$creamod: 

====== End of File: ======


========================= File: C:\Users\KROBOT\AppData\Roaming\msulfmp.dat ========================

MD5: D8D82EC450C874A06759DEBD686DF1AC
Creation and modification date: 2014-08-29 12:19 - 2014-09-21 10:08
Size: 0000028
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product Name: 
Description: 
File Version: 
Product Version: 
Copyright$creamod: 

====== End of File: ======

"C:\Windows\SysWOW64\dcgmncvkvlcn.exe" => File/Folder not found.
"C:\Users\KROBOT\AppData\Local\Adobe\Acrobat\AdobeUpdater.exe" => File/Folder not found.
"C:\Windows\inf\msstp.vbe" => File/Folder not found.
"C:\Windows\inf\ntvdm.vbe" => File/Folder not found.
"C:\Windows\inf\ntvdm.inf" => File/Folder not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NvBackend => value Removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 => value Removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value Removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AdobeCEPServiceManager => value Removed successfully
HKU\S-1-5-21-3260140517-497560047-1006625806-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value Removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
C:\Users\KROBOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfnieppndfdhcgbmhfdlgdjegclkomk => Moved successfully.
C:\Users\KROBOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihncljabjemfknlkjmhcmhlajcnigaik => Moved successfully.
WinDefend => Service Removed successfully
avgtp => Service stopped successfully.
avgtp => Service Removed successfully
C:\windows\system32\drivers\avgtpx64.sys => Moved successfully.
fjoyrvqj => Service Removed successfully
hpfxcjci => Service Removed successfully
nvvad_WaveExtensible => Service Removed successfully
C:\Users\KROBOT\Desktop\FRSTLauncher.exe => Moved successfully.
"C:\Users\KROBOT\Desktop\FRST.txt" => File/Folder not found.
C:\AdwCleaner => Moved successfully.
C:\ProgramData\Malwarebytes' Anti-Malware (portable) => Moved successfully.
C:\windows\system32\Drivers\MBAMSwissArmy.sys => Moved successfully.
"C:\Users\KROBOT\Desktop\mbar" => File/Folder not found.
C:\windows\system32\Drivers\mbamchameleon.sys => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{09BCF824-2574-4929-A3D2-577A88C5DC56}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09BCF824-2574-4929-A3D2-577A88C5DC56}" => key Removed successfully
C:\Windows\System32\Tasks\{F3891F0F-DF28-411E-A3B6-F328989C225A} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F3891F0F-DF28-411E-A3B6-F328989C225A}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{40A49A00-ADD6-48AC-98D1-21A7B8505505}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40A49A00-ADD6-48AC-98D1-21A7B8505505}" => key Removed successfully
C:\Windows\System32\Tasks\{1AB1172A-BE5E-47D2-8213-4476C7F664A9} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1AB1172A-BE5E-47D2-8213-4476C7F664A9}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{98D3E9C6-7431-448B-A386-6DC38B113E18}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98D3E9C6-7431-448B-A386-6DC38B113E18}" => key Removed successfully
C:\Windows\System32\Tasks\{55D5CB91-0A5D-442D-90DD-F626C56E9325} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{55D5CB91-0A5D-442D-90DD-F626C56E9325}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A69936EA-63A4-4915-8C06-679B19305937}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A69936EA-63A4-4915-8C06-679B19305937}" => key Removed successfully
C:\Windows\System32\Tasks\{60944505-56A7-635D-E054-184C1C0B3908} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{60944505-56A7-635D-E054-184C1C0B3908}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE631B6C-5AB4-4761-B5F5-5B54175B01EF}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE631B6C-5AB4-4761-B5F5-5B54175B01EF}" => key Removed successfully
C:\Windows\System32\Tasks\{6C4F973C-6E37-4816-BA24-1111B8E3B217} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6C4F973C-6E37-4816-BA24-1111B8E3B217}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B52C7F7A-72D4-4CAC-8839-7B4E0F01B3D2}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B52C7F7A-72D4-4CAC-8839-7B4E0F01B3D2}" => key Removed successfully
C:\Windows\System32\Tasks\{16CA05B6-1DE7-44DC-9D4D-57E4C4CD874B} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{16CA05B6-1DE7-44DC-9D4D-57E4C4CD874B}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD99458E-D456-4348-9246-B7DCB80DE872}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD99458E-D456-4348-9246-B7DCB80DE872}" => key Removed successfully
C:\Windows\System32\Tasks\{4C004811-3CA1-46B1-B347-998575B68711} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4C004811-3CA1-46B1-B347-998575B68711}" => key Removed successfully
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
"C:\Users\KROBOT\AppData\Local\Temporary Internet Files" => ":CLOaXf7drGM1knSQN2gOcfmT1Zqoy" ADS not found.
"HKU\S-1-5-21-3260140517-497560047-1006625806-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com" => key Removed successfully
"HKU\S-1-5-21-3260140517-497560047-1006625806-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com" => key Removed successfully
"HKU\S-1-5-21-3260140517-497560047-1006625806-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com" => key Removed successfully
"HKU\S-1-5-21-3260140517-497560047-1006625806-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com" => key Removed successfully
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts restored successfully.
EmptyTemp: => Removed 4.5 GB temporary data.


The system needed a reboot. 

==== End of Fixlog 23:55:32 ====