﻿Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by FlanK3rPC at 2015-01-10 17:07:59 Run:1
Running from C:\Users\FlanK3rPC\Desktop
Loaded Profile: FlanK3rPC (Available profiles: FlanK3rPC)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-303234811-3137648231-2145477389-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-303234811-3137648231-2145477389-1000\...\Run: [Facebook Update] => "C:\Users\FlanK3rPC\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-303234811-3137648231-2145477389-1000\...\Run: [FLANK3RPC-PC] => C:\Users\FlanK3rPC\AppData\Roaming\defin.exe [1507930 2014-11-29] (best)
HKU\S-1-5-21-303234811-3137648231-2145477389-1000\...\MountPoints2: {3b00d62b-f81b-11e2-8d88-000c6e00001e} - N:\Autorun.exe
HKU\S-1-5-21-303234811-3137648231-2145477389-1000\...\MountPoints2: {3b00d639-f81b-11e2-8d88-000c6e00001e} - M:\Autorun.exe
HKU\S-1-5-21-303234811-3137648231-2145477389-1000\...\MountPoints2: {5751df3f-4de8-11e4-9102-000c6e00001e} - M:\Startme.exe
HKU\S-1-5-21-303234811-3137648231-2145477389-1000\...\MountPoints2: {5b07e5e2-8723-11e3-8d2c-000c6e00001e} - M:\AutoRun.exe
HKU\S-1-5-21-303234811-3137648231-2145477389-1000\...\MountPoints2: {fcc7e4f7-d0c7-11e2-911d-000c6e00001e} - N:\Startme.exe
Startup: C:\Users\FlanK3rPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlanK3rPC.exe (best)
BootExecute: autocheck autochk * sdnclean64.exe
C:\Users\FlanK3rPC\AppData\Roaming\defin.exe
C:\Users\FlanK3rPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlanK3rPC.exe

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR StartupUrls: Default -> "hxxp://startsear.info"
R3 ALSysIO; \??\C:\Users\FLANK3~1\AppData\Local\Temp\ALSysIO64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]

2015-01-10 14:03 - 2015-01-10 14:03 - 00021359 _____ () C:\Users\FlanK3rPC\Desktop\FRST.txt
2015-01-10 09:41 - 2015-01-10 09:41 - 02191360 _____ () C:\Users\FlanK3rPC\Downloads\adwcleaner_4.107 (1).exe
2015-01-10 09:41 - 2015-01-10 09:41 - 02191360 _____ () C:\Users\FlanK3rPC\Desktop\adwcleaner_4.107 (2).exe
2015-01-10 09:39 - 2015-01-10 09:44 - 00000000 ____D () C:\AdwCleaner
2015-01-10 09:39 - 2015-01-10 09:39 - 02191360 _____ () C:\Users\FlanK3rPC\Downloads\adwcleaner_4.107.exe
2015-01-09 23:52 - 2015-01-09 23:52 - 00000000 ____D () C:\rsit
2015-01-09 23:52 - 2015-01-09 23:52 - 00000000 ____D () C:\Program Files (x86)\trend micro

2015-01-02 08:40 - 2014-11-29 17:13 - 01683104 ___SH () C:\Users\FlanK3rPC\AppData\Roaming\FlanK3rPC.exe
2014-12-31 15:17 - 2014-11-29 17:14 - 01507930 ___SH (best) C:\Users\FlanK3rPC\AppData\Roaming\defin.exe

2015-01-10 09:49 - 2014-09-07 22:14 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-10 09:32 - 2014-09-07 22:14 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

Task: {149DE348-598F-494A-8520-DCB6AAFE8DAB} - System32\Tasks\{EEF6AE17-B9BB-48D6-BFC4-C2259A2A1994} => pcalua.exe -a C:\Users\FlanK3rPC\AppData\Local\Pokki\Engine\HostAppService.exe -c /UNINSTALL149b46d4a102c0304583931ceaa3f0bf19785ee3
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-303234811-3137648231-2145477389-1000Core.job => C:\Users\FlanK3rPC\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-303234811-3137648231-2145477389-1000UA.job => C:\Users\FlanK3rPC\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
CMD: del %appdata%\*.exe
Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\GrooveMonitor => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-303234811-3137648231-2145477389-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => value deleted successfully.
HKU\S-1-5-21-303234811-3137648231-2145477389-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update => value deleted successfully.
HKU\S-1-5-21-303234811-3137648231-2145477389-1000\Software\Microsoft\Windows\CurrentVersion\Run\\FLANK3RPC-PC => value deleted successfully.
"HKU\S-1-5-21-303234811-3137648231-2145477389-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b00d62b-f81b-11e2-8d88-000c6e00001e}" => Key deleted successfully.
HKCR\CLSID\{3b00d62b-f81b-11e2-8d88-000c6e00001e} => Key not found. 
"HKU\S-1-5-21-303234811-3137648231-2145477389-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b00d639-f81b-11e2-8d88-000c6e00001e}" => Key deleted successfully.
HKCR\CLSID\{3b00d639-f81b-11e2-8d88-000c6e00001e} => Key not found. 
"HKU\S-1-5-21-303234811-3137648231-2145477389-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5751df3f-4de8-11e4-9102-000c6e00001e}" => Key deleted successfully.
HKCR\CLSID\{5751df3f-4de8-11e4-9102-000c6e00001e} => Key not found. 
"HKU\S-1-5-21-303234811-3137648231-2145477389-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5b07e5e2-8723-11e3-8d2c-000c6e00001e}" => Key deleted successfully.
HKCR\CLSID\{5b07e5e2-8723-11e3-8d2c-000c6e00001e} => Key not found. 
"HKU\S-1-5-21-303234811-3137648231-2145477389-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fcc7e4f7-d0c7-11e2-911d-000c6e00001e}" => Key deleted successfully.
HKCR\CLSID\{fcc7e4f7-d0c7-11e2-911d-000c6e00001e} => Key not found. 
C:\Users\FlanK3rPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlanK3rPC.exe => Moved successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully.
C:\Users\FlanK3rPC\AppData\Roaming\defin.exe => Moved successfully.
"C:\Users\FlanK3rPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlanK3rPC.exe" => File/Directory not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
Chrome StartupUrls deleted successfully.
ALSysIO => Service stopped successfully.
ALSysIO => Service deleted successfully.
GPUZ => Service deleted successfully.
C:\Users\FlanK3rPC\Desktop\FRST.txt => Moved successfully.
C:\Users\FlanK3rPC\Downloads\adwcleaner_4.107 (1).exe => Moved successfully.
C:\Users\FlanK3rPC\Desktop\adwcleaner_4.107 (2).exe => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\FlanK3rPC\Downloads\adwcleaner_4.107.exe => Moved successfully.
C:\rsit => Moved successfully.
C:\Program Files (x86)\trend micro => Moved successfully.
C:\Users\FlanK3rPC\AppData\Roaming\FlanK3rPC.exe => Moved successfully.
"C:\Users\FlanK3rPC\AppData\Roaming\defin.exe" => File/Directory not found.
C:\Program Files (x86)\Spybot - Search & Destroy 2 => Moved successfully.
C:\ProgramData\Spybot - Search & Destroy => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{149DE348-598F-494A-8520-DCB6AAFE8DAB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{149DE348-598F-494A-8520-DCB6AAFE8DAB}" => Key deleted successfully.
C:\Windows\System32\Tasks\{EEF6AE17-B9BB-48D6-BFC4-C2259A2A1994} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EEF6AE17-B9BB-48D6-BFC4-C2259A2A1994}" => Key deleted successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-303234811-3137648231-2145477389-1000Core.job => Moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-303234811-3137648231-2145477389-1000UA.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.

=========  del %appdata%\*.exe =========

Nelze najt C:\Users\FlanK3rPC\AppData\Roaming\*.exe.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 1.8 GB temporary data.


The system needed a reboot. 

==== End of Fixlog 17:08:10 ====