Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-11-2013 01 Ran by Zer0 at 2013-11-12 19:23:24 Run:1 Running from C:\Users\Zer0\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** HKCU\...\Run: [IDMan] - C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3825232 2013-11-09] (Tonec Inc.) HKCU\...\Policies\Explorer: [HideSCAHealth] 1 HKU\Administrator\...\Run: [IDMan] - C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3825232 2013-11-09] (Tonec Inc.) HKU\Administrator\...\Run: [Doxeoqbuyh] - C:\Users\Administrator\AppData\Roaming\Uxeb\azro.exe BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.) BHO-x32: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.) BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO-x32: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.104.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.96.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll No File FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF Extension: IDM CC - C:\Users\Zer0\AppData\Roaming\IDM\idmmzcc5 FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Zer0\AppData\Roaming\IDM\idmmzcc5 FF Extension: IDM CC - C:\Users\Zer0\AppData\Roaming\IDM\idmmzcc5 CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx U3 ah9wk9ro; C:\Windows\System32\Drivers\ah9wk9ro.sys [0 ] (Microsoft Corporation) C:\ProgramData\hash.dat C:\Users\Zer0\jagex_cl_runescape_LIVE.dat C:\Users\Zer0\random.dat C:\Users\Zer0\AppData\Local\Temp\ntdll_dump.dll C:\Users\Zer0\AppData\Local\Temp\Quarantine.exe C:\ProgramData\8d9221f8-e7a0-45a5-9c38-fd27fa08bbc7 C:\ProgramData\62f33931-3f95-403b-bd84-bc136fa2417d C:\Users\Zer0\AppData\Local\1754111884ee9ab5277ca00.95260103 Task: {3D7CBBC4-1E1F-43A5-A94D-86E77D7C4772} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3687147164-1298252514-2334443246-1000Core => C:\Users\Zer0\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-16] (Facebook Inc.) Task: {8D087215-7BEF-4794-BB61-B8AD5137351E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3687147164-1298252514-2334443246-1000UA => C:\Users\Zer0\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-16] (Facebook Inc.) Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3687147164-1298252514-2334443246-1000UA.job => C:\Users\Zer0\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: {69CC9C0D-7708-452D-B211-DF3AB0654EC3} - System32\Tasks\{3B36327A-2EF7-2E0A-3E55-08186775483F} => C:\Users\Zer0\AppData\Roaming\.minecraft\bin\backup\xmzzdgi.exe ***************** HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\IDMan => Value deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => Value deleted successfully. HKU\Administrator\Software\Microsoft\Windows\CurrentVersion\Run\\IDMan => Value deleted successfully. HKU\Administrator\Software\Microsoft\Windows\CurrentVersion\Run\\Doxeoqbuyh => Value deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} => Key deleted successfully. HKCR\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found. HKLM\Software\Wow6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.0 => Key deleted successfully. C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll not found. HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.104.0 => Key deleted successfully. C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll not found. HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.96.0 => Key deleted successfully. C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll not found. C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} => Moved successfully. C:\Users\Zer0\AppData\Roaming\IDM\idmmzcc5 => Moved successfully. HKCU\Software\Mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com => Value deleted successfully. C:\Users\Zer0\AppData\Roaming\IDM\idmmzcc5 not found. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jeaohhlajejodfjadcponpnjgkiikocn => Key deleted successfully. C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx => Moved successfully. ah9wk9ro => Service deleted successfully. C:\ProgramData\hash.dat => Moved successfully. C:\Users\Zer0\jagex_cl_runescape_LIVE.dat => Moved successfully. C:\Users\Zer0\random.dat => Moved successfully. C:\Users\Zer0\AppData\Local\Temp\ntdll_dump.dll => Moved successfully. C:\Users\Zer0\AppData\Local\Temp\Quarantine.exe => Moved successfully. C:\ProgramData\8d9221f8-e7a0-45a5-9c38-fd27fa08bbc7 => Moved successfully. C:\ProgramData\62f33931-3f95-403b-bd84-bc136fa2417d => Moved successfully. C:\Users\Zer0\AppData\Local\1754111884ee9ab5277ca00.95260103 => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D7CBBC4-1E1F-43A5-A94D-86E77D7C4772} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D7CBBC4-1E1F-43A5-A94D-86E77D7C4772} => Key deleted successfully. C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3687147164-1298252514-2334443246-1000Core => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-3687147164-1298252514-2334443246-1000Core => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D087215-7BEF-4794-BB61-B8AD5137351E} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D087215-7BEF-4794-BB61-B8AD5137351E} => Key deleted successfully. C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3687147164-1298252514-2334443246-1000UA => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-3687147164-1298252514-2334443246-1000UA => Key deleted successfully. C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3687147164-1298252514-2334443246-1000UA.job => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{69CC9C0D-7708-452D-B211-DF3AB0654EC3} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69CC9C0D-7708-452D-B211-DF3AB0654EC3} => Key deleted successfully. C:\Windows\System32\Tasks\{3B36327A-2EF7-2E0A-3E55-08186775483F} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3B36327A-2EF7-2E0A-3E55-08186775483F} => Key deleted successfully. ==== End of Fixlog ====