Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

SHAREA~1/Mediabar/datamngr reappears after deletion

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

SHAREA~1/Mediabar/datamngr reappears after deletion

Unread postby StephenClark » September 18th, 2011, 9:30 pm

I had a BHO infection after being hijacked by a fake Shareaza site several months ago. Ad-Aware removed the infection, but each time I have restarted the machine the directory SHAREA~1/Mediabar/Datamngr appears in my Program Files(x86) folder. I deleted it and shredded the recycle bin, but the next time I restart, it appears again. The directory is empty, but I would like to prevent it from reappearing each time I restart the machine. I am running Windows 7 Pro 64-bit, with AVG, Ad-Aware, IObit Advanced System Care, SpywareBlaster, and Spybot S & D. None of these tools have been able to remove whatever is causing the problem. Please help!

I can't run any version of DDS, so here are the HiJackThis logs:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:18:50 PM, on 9/18/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files (x86)\Shareaza\RazaWebHook32.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: SDHelper - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: MediaBar - {d48c9ead-f59f-4dea-ac97-7065fea79f42} - (no file)
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [Advanced SystemCare 4] C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-653386636-3774905466-2443938687-1006\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-653386636-3774905466-2443938687-1006\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files (x86)\Shareaza\RazaWebHook64.dll/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://my.ebay.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\SHAREA~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\SHAREA~1\MediaBar\Datamngr\IEBHO.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Hooks Service (SDHookService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12698 bytes






Uninstall List:

Ad-Aware
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.1)
Advanced SystemCare 4
Apple Application Support
Apple Software Update
Canon Easy-WebPrint EX
Canon MP Navigator EX 4.0
Canon MP280 series User Registration
Canon My Printer
Canon Solution Menu EX
D3DX10
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DVD Profiler Version 3.7.2
EasyBCD 2.0
EasySaver B9.0904.1
HiJackThis
Internet TV for Windows Media Center
IObit Malware Fighter
Java(TM) 6 Update 27
Junk Mail filter update
Logitech Harmony Remote Software 7
Logitech SetPoint
Mesh Runtime
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 4.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
QuickTime
Remote Control USB Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft Excel 2010 (KB2553070)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2584066)
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Shareaza 2.5.5.0
Smart Defrag 2
Spybot - Search & Destroy 2
SpywareBlaster 4.4
The Weather Channel Desktop 6
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Outlook Social Connector (KB2583935)
Update for Microsoft Outlook Social Connector (KB2583935)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio 2008 x64 Redistributables
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mail
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Silverlight
Windows Media Player Firefox Plugin

End of Logs______________________________________
StephenClark
Regular Member
 
Posts: 46
Joined: September 18th, 2011, 5:17 pm
Advertisement
Register to Remove

Re: SHAREA~1/Mediabar/datamngr reappears after deletion

Unread postby askey127 » September 21st, 2011, 4:42 pm

Looking at your log.
Be back soon.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: SHAREA~1/Mediabar/datamngr reappears after deletion

Unread postby askey127 » September 21st, 2011, 4:58 pm

Hi StephenClark,
Shareaza is undoubtedly responsible for infections on your machine.
You have a few things to do here. Just take one item at a time.
-----------------------------------------------
Please Note Our Policy on the Use of P2P (Person to Person / Peer to Peer) file sharing programs
It is posted here: http://malwareremoval.com/forum/viewtopic.php?p=491394#p491394
As a condition of receiving our help, I have included the P2P program Shareaza in the removal instructions below, so we are not wasting our time.
If you have used this, and your computer is infected, you can be fairly confident this is a principal reason.
It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Frostwire, Vuze, Shareaza, Bitlord.
(Limewire has been shut down by the courts).
Criminals have "planted" thousands upon thousands of infections in the "free" shared files.
Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".
-----------------------------------------------------------
Remove Registry items with HijackThis. Start HijackThis. (Right-click and "Run as administrator" in Vista/Win7)
Click Do System Scan Only. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files (x86)\Shareaza\RazaWebHook32.dll
O3 - Toolbar: MediaBar - {d48c9ead-f59f-4dea-ac97-7065fea79f42} - (no file)
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKCU\..\Run: [Advanced SystemCare 4] C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files (x86)\Shareaza\RazaWebHook64.dll/3000
O15 - Trusted Zone: http://my.ebay.com
O20 - AppInit_DLLs: C:\PROGRA~2\SHAREA~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\SHAREA~1\MediaBar\Datamngr\IEBHO.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

Ad-Aware
IObit Malware Fighter
Java(TM) 6 Update 27
Shareaza 2.5.5.0
Smart Defrag 2
SpywareBlaster 4.4

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • Right click the icon and choose "Run as administrator" to run it.
  • Check the box at the top, labeled Include 64 bit scans
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
The Extras.txt file will only appear the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: SHAREA~1/Mediabar/datamngr reappears after deletion

Unread postby StephenClark » September 21st, 2011, 6:22 pm

Thank you for your helpful reply. I followed your instructions to the letter, with the following exception: there was no "O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files (x86)\Shareaza\RazaWebHook64.dll/3000" in the list this time. I carefully checked all the others that you recommended. I deleted all the programs that you listed, and the Shareaza Program Folder, and SHAREA~1/Mediabar/datamngr. When I rebooted, SHAREA~1/Mediabar/datamngr appeared again in Program Files (x86), as it has been doing. Here are the OTL logs:

OTL.txt:

OTL logfile created on: 9/21/2011 5:06:14 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Stephen Clark\Downloads
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 60.40% Memory free
8.00 Gb Paging File | 6.34 Gb Available in Paging File | 79.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 127.99 Gb Total Space | 45.54 Gb Free Space | 35.58% Space Free | Partition Type: NTFS
Drive D: | 104.89 Gb Total Space | 50.66 Gb Free Space | 48.29% Space Free | Partition Type: NTFS
Drive E: | 4.38 Gb Total Space | 1.94 Gb Free Space | 44.38% Space Free | Partition Type: UDF
Drive G: | 3.94 Gb Total Space | 0.71 Gb Free Space | 18.04% Space Free | Partition Type: FAT32
Drive H: | 149.05 Gb Total Space | 9.94 Gb Free Space | 6.67% Space Free | Partition Type: NTFS

Computer Name: STEPHEN5 | User Name: Stephen Clark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/21 17:03:16 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Stephen Clark\Downloads\OTL.exe
PRC - [2011/09/08 06:46:00 | 002,401,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011/09/01 06:16:22 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/08/09 16:40:34 | 000,763,224 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe
PRC - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/08/04 09:17:34 | 003,219,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
PRC - [2011/08/04 09:17:18 | 000,130,976 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe
PRC - [2011/08/04 09:17:06 | 000,169,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2011/08/04 09:17:04 | 001,149,864 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2011/08/04 09:16:58 | 001,082,800 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2011/08/03 06:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/08/03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/06/08 10:45:44 | 000,822,456 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009/08/24 14:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
PRC - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/09/01 06:16:22 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/23 01:43:40 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Users\Stephen Clark\AppData\Local\Temp\7zS4504\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/08/04 09:17:18 | 000,130,976 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe -- (SDHookService)
SRV - [2011/08/04 09:17:06 | 000,169,624 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe -- (SDWSCService)
SRV - [2011/08/04 09:17:04 | 001,149,864 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe -- (SDUpdateService)
SRV - [2011/08/04 09:16:58 | 001,082,800 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe -- (SDScannerService)
SRV - [2011/08/03 06:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/24 14:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 01:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 01:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 01:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/07/11 01:13:44 | 000,282,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/07/11 01:13:42 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/06/28 13:43:09 | 000,055,384 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SBREDrv.sys -- (SBRE)
DRV:64bit: - [2011/05/10 04:41:27 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/04/26 14:24:14 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/04/26 14:24:14 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/09 15:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/17 11:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009/06/17 11:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 11:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/10 16:01:07 | 000,543,744 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ltmdm64.sys -- (ltmodem5)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2007/04/09 10:09:46 | 000,012,288 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (UsbFltr)
DRV - [2011/09/21 16:59:16 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/08/26 15:11:26 | 000,035,256 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys -- (IObitUnlocker)
DRV - [2011/08/04 00:00:00 | 000,048,888 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys -- (SDHookDriver)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-653386636-3774905466-2443938687-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-653386636-3774905466-2443938687-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-653386636-3774905466-2443938687-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.weather.com/weather/map/interactive/77450
IE - HKU\S-1-5-21-653386636-3774905466-2443938687-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-653386636-3774905466-2443938687-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20110836,17793,0,19,0"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.weather.com/weather/map/interactive/77450|http://www.quattroworld.com/|http://my.ebay.com/ws/eBayISAPI.dll?MyEbayBeta&MyeBay=&guest=1|http://news.google.com/nwshp?hl=en&tab=wn&q=|http://www.google.com/ig|http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.9.1
FF - prefs.js..extensions.enabledItems: kodak-companion@mozilla.com:2.0
FF - prefs.js..extensions.enabledItems: amznUWL@amazon.com:2.12
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2011/09/20 12:14:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/07 13:51:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/14 13:14:17 | 000,000,000 | ---D | M]

[2011/05/12 16:03:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stephen Clark\AppData\Roaming\Mozilla\Extensions
[2011/09/18 15:00:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stephen Clark\AppData\Roaming\Mozilla\Firefox\Profiles\9g6r05oy.default\extensions
[2011/04/12 17:09:45 | 000,000,000 | ---D | M] ("Amazon Toolbar") -- C:\Users\Stephen Clark\AppData\Roaming\Mozilla\Firefox\Profiles\9g6r05oy.default\extensions\amznUWL@amazon.com
[2011/08/31 19:35:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/04/14 16:45:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/09/20 12:14:47 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4
() (No name found) -- C:\USERS\STEPHEN CLARK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9G6R05OY.DEFAULT\EXTENSIONS\KODAK-COMPANION@MOZILLA.COM.XPI
[2011/09/07 13:51:32 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/08/31 19:35:03 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/31 15:39:34 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/06/17 08:02:54 | 000,002,059 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\siteguardtb.xml

O1 HOSTS File: ([2011/09/19 15:59:35 | 000,436,492 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15019 more lines...
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SDHelper) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-653386636-3774905466-2443938687-1001..\Run: [DW6] C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKU\S-1-5-21-653386636-3774905466-2443938687-1006..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-653386636-3774905466-2443938687-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-653386636-3774905466-2443938687-1001\..Trusted Domains: cnn.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-653386636-3774905466-2443938687-1001\..Trusted Domains: ebay.com ([signin] https in Trusted sites)
O15 - HKU\S-1-5-21-653386636-3774905466-2443938687-1001\..Trusted Domains: weather.com ([desktopfw] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.230.224.34 216.230.227.34 216.230.224.34
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F97D7863-76EA-40EF-A1BA-75639BB3D602}: DhcpNameServer = 216.230.224.34 216.230.227.34 216.230.224.34
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SHAREA~1\MediaBar\Datamngr\x64\datamngr.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SHAREA~1\MediaBar\Datamngr\x64\IEBHO.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SYSTEM32\Userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/24 00:30:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/21 16:59:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SHAREA~1
[2011/09/21 11:49:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Unlocker
[2011/09/20 13:56:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011/09/18 20:15:55 | 000,000,000 | ---D | C] -- C:\Users\Stephen Clark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/09/18 20:15:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/09/18 15:43:20 | 000,000,000 | ---D | C] -- C:\Command Files
[2011/09/18 00:33:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011/09/17 22:54:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011/09/16 17:20:41 | 000,000,000 | ---D | C] -- C:\Users\Stephen Clark\AppData\Local\Sophos
[2011/09/16 16:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2011/09/16 16:11:36 | 000,000,000 | ---D | C] -- C:\stdtsa
[2011/09/15 13:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/09/08 17:59:02 | 000,000,000 | ---D | C] -- C:\Users\Stephen Clark\AppData\Roaming\HP
[2011/09/01 23:09:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2011/09/01 14:56:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Standalone LinkScanner
[2011/09/01 14:56:15 | 000,000,000 | ---D | C] -- C:\Users\Stephen Clark\AppData\Roaming\AVG2012
[2011/09/01 14:55:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/08/31 19:35:15 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/08/31 15:05:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/08/31 15:05:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011/08/26 22:20:11 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2011/08/26 22:15:45 | 000,000,000 | ---D | C] -- C:\Users\Stephen Clark\AppData\Roaming\Canon
[2011/08/26 22:06:21 | 000,000,000 | ---D | C] -- C:\Users\Stephen Clark\AppData\Local\Canon Easy-PhotoPrint EX
[2011/08/26 21:55:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV
[2011/08/26 21:45:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJSolutionMenuEX
[2011/08/26 21:44:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJMyPrinter
[2011/08/26 21:42:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP280 series User Registration
[2011/08/26 21:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2011/08/26 21:38:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP280 series
[2011/08/26 21:21:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEPPEX2
[2011/08/26 21:21:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonEPP
[2011/08/26 21:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJMSetup
[2011/08/26 21:14:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
[2011/08/26 21:12:48 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJWSpt
[2011/08/26 21:11:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2011/08/26 21:09:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP280 series Manual
[2011/08/26 21:09:41 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2011/08/26 21:09:24 | 000,307,200 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNC280L.dll
[2011/08/26 21:09:23 | 000,348,672 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC280L.dll
[2011/08/26 21:09:23 | 000,106,496 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNC280U.dll
[2011/08/26 21:09:23 | 000,015,872 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNHMCA.dll
[2011/08/26 21:09:22 | 001,354,240 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC280C.dll
[2011/08/26 21:09:22 | 000,112,128 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC280I.dll
[2011/08/26 21:09:21 | 000,017,920 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNHMCA6.dll
[2011/08/26 21:09:09 | 000,103,424 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNC280O.dll
[2011/08/26 21:08:53 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2011/08/26 21:07:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2011/08/26 14:36:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2011/08/25 15:08:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/08/25 15:08:26 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/08/25 15:08:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/08/25 15:08:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

========== Files - Modified Within 30 Days ==========

[2011/09/21 17:06:32 | 000,013,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/21 17:06:32 | 000,013,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/21 16:59:22 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2011/09/21 16:59:16 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2011/09/21 16:59:14 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011/09/21 16:59:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/21 16:58:59 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/21 15:28:51 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job
[2011/09/21 15:28:51 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job
[2011/09/21 15:28:51 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job
[2011/09/21 15:28:51 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job
[2011/09/21 15:28:51 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Scan (Full Scan).job
[2011/09/21 11:22:36 | 104,818,206 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/09/21 11:19:19 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/09/21 11:19:19 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/09/20 23:29:06 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/09/20 17:30:11 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2011/09/20 15:00:00 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2011/09/20 14:55:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2011/09/19 15:59:35 | 000,436,492 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/09/19 14:53:25 | 000,003,011 | ---- | M] () -- C:\Users\Stephen Clark\Desktop\Microsoft Outlook 2010.lnk
[2011/09/18 20:15:55 | 000,003,011 | ---- | M] () -- C:\Users\Stephen Clark\Desktop\HiJackThis.lnk
[2011/09/18 15:15:18 | 000,001,141 | ---- | M] () -- C:\Users\Stephen Clark\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2011/09/18 00:40:48 | 000,414,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/09/08 14:58:11 | 000,001,217 | ---- | M] () -- C:\Windows\SysNative\CoreTemp.ini
[2011/09/07 18:03:26 | 000,191,802 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2011/09/01 23:09:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/09/01 23:09:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/08/31 19:35:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/08/27 15:45:40 | 000,436,492 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110919-155935.backup
[2011/08/26 02:08:46 | 000,436,492 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110827-154540.backup
[2011/08/26 02:07:15 | 000,436,492 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110826-020846.backup
[2011/08/25 15:08:55 | 000,001,793 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2011/09/21 15:28:51 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job
[2011/09/21 15:28:51 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job
[2011/09/21 15:28:51 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job
[2011/09/21 15:28:51 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job
[2011/09/21 15:28:51 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Scan (Full Scan).job
[2011/09/18 20:15:55 | 000,003,011 | ---- | C] () -- C:\Users\Stephen Clark\Desktop\HiJackThis.lnk
[2011/09/01 23:09:55 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/09/01 23:09:55 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/08/31 15:05:40 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/08/26 21:31:29 | 000,001,217 | ---- | C] () -- C:\Windows\SysNative\CoreTemp.ini
[2011/08/26 21:09:24 | 000,012,800 | ---- | C] () -- C:\Windows\SysWow64\CNC1746D.TBL
[2011/08/26 21:09:24 | 000,012,800 | ---- | C] () -- C:\Windows\SysNative\CNC1746D.TBL
[2011/08/25 15:08:55 | 000,001,793 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/06/23 15:58:06 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2011/05/12 16:22:37 | 000,002,215 | ---- | C] () -- C:\Windows\wininit.ini
[2011/04/20 13:44:12 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/04/20 13:44:12 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/04/10 02:40:01 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011/04/09 00:51:28 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/06 16:15:16 | 011,010,048 | ---- | C] () -- C:\ProgramData\sandra.mda
[2009/08/27 02:04:12 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/09/01 14:56:17 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\AVG2012
[2011/09/01 14:56:16 | 000,000,000 | ---D | M] -- C:\Users\Kitty Clark.Stephen5\AppData\Roaming\AVG2012
[2011/07/15 19:52:24 | 000,000,000 | ---D | M] -- C:\Users\Kitty Clark.Stephen5\AppData\Roaming\IObit
[2011/07/15 19:52:24 | 000,000,000 | ---D | M] -- C:\Users\Kitty Clark.Stephen5\AppData\Roaming\Leadertech
[2011/09/01 14:56:15 | 000,000,000 | ---D | M] -- C:\Users\Stephen Clark\AppData\Roaming\AVG2012
[2011/08/26 22:20:11 | 000,000,000 | ---D | M] -- C:\Users\Stephen Clark\AppData\Roaming\Canon
[2011/09/21 11:45:55 | 000,000,000 | ---D | M] -- C:\Users\Stephen Clark\AppData\Roaming\IObit
[2011/09/21 16:54:49 | 000,000,000 | ---D | M] -- C:\Users\Stephen Clark\AppData\Roaming\Shareaza
[2011/09/21 15:28:51 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Scan (Full Scan).job
[2011/09/21 15:28:51 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 1).job
[2011/09/21 15:28:51 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 2).job
[2011/09/21 15:28:51 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 3).job
[2011/09/21 15:28:51 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 4).job
[2011/09/21 16:59:22 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
[2011/09/21 16:59:14 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011/09/20 17:30:11 | 000,000,332 | ---- | M] () -- C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
[2011/08/27 22:38:42 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 16 bytes -> C:\Users\Stephen Clark\Downloads:Shareaza.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Stephen Clark\Documents\Shareaza Downloads:Shareaza.GUID

< End of report >

Extras.txt:

OTL Extras logfile created on: 9/21/2011 5:06:14 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Stephen Clark\Downloads
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 60.40% Memory free
8.00 Gb Paging File | 6.34 Gb Available in Paging File | 79.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 127.99 Gb Total Space | 45.54 Gb Free Space | 35.58% Space Free | Partition Type: NTFS
Drive D: | 104.89 Gb Total Space | 50.66 Gb Free Space | 48.29% Space Free | Partition Type: NTFS
Drive E: | 4.38 Gb Total Space | 1.94 Gb Free Space | 44.38% Space Free | Partition Type: UDF
Drive G: | 3.94 Gb Total Space | 0.71 Gb Free Space | 18.04% Space Free | Partition Type: FAT32
Drive H: | 149.05 Gb Total Space | 9.94 Gb Free Space | 6.67% Space Free | Partition Type: NTFS

Computer Name: STEPHEN5 | User Name: Stephen Clark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Disabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Disabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC2
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D0AD116-BE74-4ADD-9E80-83199F53370F}" = AVG 2012
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series" = Canon MP280 series MP Drivers
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java(TM) 6 Update 26 (64-bit)
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{44C05FED-4BA8-4C65-A39D-FA83451E6ACB}" = AVG 2012
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}" = iTunes
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2012
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.58
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SP6" = Logitech SetPoint 6.15
"WinRAR archiver" = WinRAR 4.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0904.1
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy 2
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"Canon MP280 series User Registration" = Canon MP280 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"EasyBCD" = EasyBCD 2.0
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"InvelosDVDProfiler_is1" = DVD Profiler Version 3.7.2
"IObit Unlocker_is1" = IObit Unlocker
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Shareaza 3 MediaBar" = MediaBar
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/20/2011 4:58:44 PM | Computer Name = Stephen5 | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 6.0.2.4262, time
stamp: 0x4e6163d9 Faulting module name: SDHook32.dll, version: 2.0.5.1, time stamp:
0x4e36cc58 Exception code: 0xc0000417 Fault offset: 0x00034e67 Faulting process id:
0x1ffc Faulting application start time: 0x01cc77d7eeb062cf Faulting application path:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe Faulting module path: C:\Program
Files (x86)\Spybot - Search & Destroy 2\SDHook32.dll Report Id: 530619e3-e3cb-11e0-b314-6cf0497e3efa

Error - 9/20/2011 8:12:16 PM | Computer Name = Stephen5 | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
mDNS_reentrancy (0)

Error - 9/20/2011 8:12:16 PM | Computer Name = Stephen5 | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1)
!= mDNS_reentrancy (0)

Error - 9/20/2011 8:58:31 PM | Computer Name = Stephen5 | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
mDNS_reentrancy (0)

Error - 9/20/2011 8:58:31 PM | Computer Name = Stephen5 | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1)
!= mDNS_reentrancy (0)

Error - 9/20/2011 11:39:43 PM | Computer Name = Stephen5 | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
mDNS_reentrancy (0)

Error - 9/20/2011 11:39:43 PM | Computer Name = Stephen5 | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1)
!= mDNS_reentrancy (0)

Error - 9/20/2011 11:48:43 PM | Computer Name = Stephen5 | Source = Application Error | ID = 1000
Description = Faulting application name: OUTLOOK.EXE, version: 14.0.6025.1000, time
stamp: 0x4d949895 Faulting module name: SDHook32.dll, version: 2.0.5.1, time stamp:
0x4e36cc58 Exception code: 0xc0000417 Fault offset: 0x00034e67 Faulting process id:
0x17d8 Faulting application start time: 0x01cc781146348d66 Faulting application path:
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE Faulting module path:
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHook32.dll Report Id: 99295025-e404-11e0-9f59-6cf0497e3efa

Error - 9/21/2011 1:17:43 PM | Computer Name = Stephen5 | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 6.0.2.4262, time
stamp: 0x4e6163d9 Faulting module name: SDHook32.dll, version: 2.0.5.1, time stamp:
0x4e36cc58 Exception code: 0xc0000417 Fault offset: 0x00034e67 Faulting process id:
0x1960 Faulting application start time: 0x01cc7881e3dc5490 Faulting application path:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe Faulting module path: C:\Program
Files (x86)\Spybot - Search & Destroy 2\SDHook32.dll Report Id: 9d4b5961-e475-11e0-9335-6cf0497e3efa

Error - 9/21/2011 4:03:32 PM | Computer Name = Stephen5 | Source = Application Error | ID = 1000
Description = Faulting application name: Core Temp.exe, version: 1.0.0.0, time stamp:
0x4e5ff94d Faulting module name: Core Temp.exe, version: 1.0.0.0, time stamp: 0x4e5ff94d
Exception
code: 0xc0000005 Fault offset: 0x000000000002dbc6 Faulting process id: 0x7f8 Faulting
application start time: 0x01cc78997f136489 Faulting application path: C:\Program
Files\Core Temp\Core Temp.exe Faulting module path: C:\Program Files\Core Temp\Core
Temp.exe Report Id: c7c83089-e48c-11e0-a663-6cf0497e3efa

[ Media Center Events ]
Error - 5/6/2011 5:16:22 AM | Computer Name = Stephen5 | Source = MCUpdate | ID = 0
Description = 4:16:22 AM - Error connecting to the internet. 4:16:22 AM - Unable
to contact server..

Error - 5/6/2011 5:17:16 AM | Computer Name = Stephen5 | Source = MCUpdate | ID = 0
Description = 4:17:09 AM - Error connecting to the internet. 4:17:09 AM - Unable
to contact server..


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
StephenClark
Regular Member
 
Posts: 46
Joined: September 18th, 2011, 5:17 pm

Re: SHAREA~1/Mediabar/datamngr reappears after deletion

Unread postby askey127 » September 22nd, 2011, 9:34 am

If you click on Start, Computer, right click on an empty space and choose Properties, what exactly does it report as the Windows Edition?
If you have anything you have locked using IOBit Unlocker, please Unlock all of it before proceeding.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

Advanced SystemCare 4
IObit Unlocker
MediaBar
Java(TM) 6 Update 26 (64-bit)

Take extra care in answering questions posed by any Uninstaller.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :OTL
    @Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
    @Alternate Data Stream - 16 bytes -> C:\Users\Stephen Clark\Downloads:Shareaza.GUID
    [2011/09/21 11:45:55 | 000,000,000 | ---D | M] -- C:\Users\Stephen Clark\AppData\Roaming\IObit
    [2011/09/21 16:54:49 | 000,000,000 | ---D | M] -- C:\Users\Stephen Clark\AppData\Roaming\Shareaza
    [2011/09/21 15:28:51 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Scan (Full Scan).job
    [2011/09/21 15:28:51 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 1).job
    [2011/09/21 15:28:51 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 2).job
    [2011/09/21 15:28:51 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 3).job
    [2011/09/21 15:28:51 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 4).job
    [2011/07/15 19:52:24 | 000,000,000 | ---D | M] -- C:\Users\Kitty Clark.Stephen5\AppData\Roaming\IObit
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SHAREA~1\MediaBar\Datamngr\x64\datamngr.dll) - File not found
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SHAREA~1\MediaBar\Datamngr\x64\IEBHO.dll) - File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
    O15 - HKU\S-1-5-21-653386636-3774905466-2443938687-1001\..Trusted Domains: cnn.com ([www] http in Trusted sites)
    O15 - HKU\S-1-5-21-653386636-3774905466-2443938687-1001\..Trusted Domains: ebay.com ([signin] https in Trusted sites)
    O15 - HKU\S-1-5-21-653386636-3774905466-2443938687-1001\..Trusted Domains: weather.com ([desktopfw] https in Trusted sites)
    IE - HKU\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    DRV - [2011/08/26 15:11:26 | 000,035,256 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys -- (IObitUnlocker)
    SRV - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
    
    :Files
    C:\Users\Stephen Clark\Documents\Shareaza Downloads
    C:\Program Files (x86)\SHAREA~1
    
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

So we are looking for the answer as to the exact Windows Edition, and the contents of the new OTL log.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: SHAREA~1/Mediabar/datamngr reappears after deletion

Unread postby StephenClark » September 22nd, 2011, 3:53 pm

Thanks very much for your quick reply.

The Edition is Windows 7 Professional - Service Pack 1. It is a 64-bit version.

There was no program called Mediabar to uninstall.

SHAREA~1/Mediabar/datamngr is still there in Program Files(x86).

OTL log:

OTL logfile created on: 9/22/2011 2:39:42 PM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Stephen Clark\Downloads
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 56.93% Memory free
8.00 Gb Paging File | 6.18 Gb Available in Paging File | 77.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 127.99 Gb Total Space | 46.55 Gb Free Space | 36.37% Space Free | Partition Type: NTFS
Drive D: | 104.89 Gb Total Space | 50.24 Gb Free Space | 47.90% Space Free | Partition Type: NTFS
Drive E: | 4.38 Gb Total Space | 1.94 Gb Free Space | 44.38% Space Free | Partition Type: UDF
Drive G: | 3.94 Gb Total Space | 0.71 Gb Free Space | 18.04% Space Free | Partition Type: FAT32
Drive H: | 149.05 Gb Total Space | 9.94 Gb Free Space | 6.67% Space Free | Partition Type: NTFS

Computer Name: STEPHEN5 | User Name: Stephen Clark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/21 17:03:16 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Stephen Clark\Downloads\OTL.exe
PRC - [2011/09/08 06:46:00 | 002,401,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011/09/01 06:16:22 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/08/04 09:18:12 | 003,225,504 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2011/08/04 09:17:34 | 003,219,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
PRC - [2011/08/04 09:17:18 | 000,130,976 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe
PRC - [2011/08/04 09:17:06 | 000,169,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2011/08/04 09:17:04 | 001,149,864 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2011/08/04 09:16:58 | 001,082,800 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2011/08/03 06:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/08/03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/06/08 10:45:44 | 000,822,456 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/04/02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2009/08/24 14:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
PRC - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe


========== Modules (No Company Name) ==========

MOD - [2011/07/26 00:00:00 | 000,576,512 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/09/01 06:16:22 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/04 09:17:18 | 000,130,976 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe -- (SDHookService)
SRV - [2011/08/04 09:17:06 | 000,169,624 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe -- (SDWSCService)
SRV - [2011/08/04 09:17:04 | 001,149,864 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe -- (SDUpdateService)
SRV - [2011/08/04 09:16:58 | 001,082,800 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe -- (SDScannerService)
SRV - [2011/08/03 06:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/24 14:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 01:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 01:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 01:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/07/11 01:13:44 | 000,282,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/07/11 01:13:42 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/06/28 13:43:09 | 000,055,384 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SBREDrv.sys -- (SBRE)
DRV:64bit: - [2011/05/10 04:41:27 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/04/26 14:24:14 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/04/26 14:24:14 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/09 15:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/17 11:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009/06/17 11:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 11:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/10 16:01:07 | 000,543,744 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ltmdm64.sys -- (ltmodem5)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2007/04/09 10:09:46 | 000,012,288 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (UsbFltr)
DRV - [2011/09/22 14:35:48 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/08/04 00:00:00 | 000,048,888 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys -- (SDHookDriver)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.weather.com/weather/map/interactive/77450
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20110836,17793,0,19,0"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.weather.com/weather/map/interactive/77450|http://www.quattroworld.com/|http://my.ebay.com/ws/eBayISAPI.dll?MyEbayBeta&MyeBay=&guest=1|http://news.google.com/nwshp?hl=en&tab=wn&q=|http://www.google.com/ig|http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.9.1
FF - prefs.js..extensions.enabledItems: kodak-companion@mozilla.com:2.0
FF - prefs.js..extensions.enabledItems: amznUWL@amazon.com:2.12
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2011/09/20 12:14:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/07 13:51:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/14 13:14:17 | 000,000,000 | ---D | M]

[2011/05/12 16:03:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stephen Clark\AppData\Roaming\Mozilla\Extensions
[2011/09/18 15:00:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stephen Clark\AppData\Roaming\Mozilla\Firefox\Profiles\9g6r05oy.default\extensions
[2011/04/12 17:09:45 | 000,000,000 | ---D | M] ("Amazon Toolbar") -- C:\Users\Stephen Clark\AppData\Roaming\Mozilla\Firefox\Profiles\9g6r05oy.default\extensions\amznUWL@amazon.com
[2011/08/31 19:35:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/04/14 16:45:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/09/20 12:14:47 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4
() (No name found) -- C:\USERS\STEPHEN CLARK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9G6R05OY.DEFAULT\EXTENSIONS\KODAK-COMPANION@MOZILLA.COM.XPI
[2011/09/07 13:51:32 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/08/31 19:35:03 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/31 15:39:34 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/06/17 08:02:54 | 000,002,059 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\siteguardtb.xml

O1 HOSTS File: ([2011/09/19 15:59:35 | 000,436,492 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15019 more lines...
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SDHelper) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [DW6] C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.230.224.34 216.230.227.34 216.230.224.34
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F97D7863-76EA-40EF-A1BA-75639BB3D602}: DhcpNameServer = 216.230.224.34 216.230.227.34 216.230.224.34
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SYSTEM32\Userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/24 00:30:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/22 14:36:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SHAREA~1
[2011/09/22 14:33:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/22 14:07:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JAVA
[2011/09/20 13:56:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011/09/18 20:15:55 | 000,000,000 | ---D | C] -- C:\Users\Stephen Clark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/09/18 20:15:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/09/18 15:43:20 | 000,000,000 | ---D | C] -- C:\Command Files
[2011/09/18 00:33:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011/09/17 22:54:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011/09/16 17:20:41 | 000,000,000 | ---D | C] -- C:\Users\Stephen Clark\AppData\Local\Sophos
[2011/09/16 16:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2011/09/16 16:11:36 | 000,000,000 | ---D | C] -- C:\stdtsa
[2011/09/15 13:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/09/08 17:59:02 | 000,000,000 | ---D | C] -- C:\Users\Stephen Clark\AppData\Roaming\HP
[2011/09/01 23:09:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2011/09/01 14:56:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Standalone LinkScanner
[2011/09/01 14:56:15 | 000,000,000 | ---D | C] -- C:\Users\Stephen Clark\AppData\Roaming\AVG2012
[2011/09/01 14:55:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/08/31 15:05:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/08/31 15:05:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011/08/26 22:20:11 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2011/08/26 22:15:45 | 000,000,000 | ---D | C] -- C:\Users\Stephen Clark\AppData\Roaming\Canon
[2011/08/26 22:06:21 | 000,000,000 | ---D | C] -- C:\Users\Stephen Clark\AppData\Local\Canon Easy-PhotoPrint EX
[2011/08/26 21:55:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV
[2011/08/26 21:45:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJSolutionMenuEX
[2011/08/26 21:44:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJMyPrinter
[2011/08/26 21:42:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP280 series User Registration
[2011/08/26 21:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2011/08/26 21:38:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP280 series
[2011/08/26 21:21:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEPPEX2
[2011/08/26 21:21:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonEPP
[2011/08/26 21:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJMSetup
[2011/08/26 21:14:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
[2011/08/26 21:12:48 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJWSpt
[2011/08/26 21:11:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2011/08/26 21:09:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP280 series Manual
[2011/08/26 21:09:41 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2011/08/26 21:08:53 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2011/08/26 21:07:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2011/08/26 14:36:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2011/08/25 15:08:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/08/25 15:08:26 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/08/25 15:08:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/08/25 15:08:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

========== Files - Modified Within 30 Days ==========

[2011/09/22 14:43:11 | 000,013,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/22 14:43:11 | 000,013,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/22 14:36:33 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2011/09/22 14:35:42 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011/09/22 14:35:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/22 14:35:06 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/22 14:11:57 | 104,899,240 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/09/21 11:19:19 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/09/21 11:19:19 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/09/20 17:30:11 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2011/09/20 15:00:00 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2011/09/20 14:55:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2011/09/19 15:59:35 | 000,436,492 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/09/19 14:53:25 | 000,003,011 | ---- | M] () -- C:\Users\Stephen Clark\Desktop\Microsoft Outlook 2010.lnk
[2011/09/18 20:15:55 | 000,003,011 | ---- | M] () -- C:\Users\Stephen Clark\Desktop\HiJackThis.lnk
[2011/09/18 15:15:18 | 000,001,141 | ---- | M] () -- C:\Users\Stephen Clark\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2011/09/18 00:40:48 | 000,414,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/09/08 14:58:11 | 000,001,217 | ---- | M] () -- C:\Windows\SysNative\CoreTemp.ini
[2011/09/07 18:03:26 | 000,191,802 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2011/09/01 23:09:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/09/01 23:09:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/08/27 15:45:40 | 000,436,492 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110919-155935.backup
[2011/08/26 02:08:46 | 000,436,492 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110827-154540.backup
[2011/08/26 02:07:15 | 000,436,492 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110826-020846.backup
[2011/08/25 15:08:55 | 000,001,793 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2011/09/18 20:15:55 | 000,003,011 | ---- | C] () -- C:\Users\Stephen Clark\Desktop\HiJackThis.lnk
[2011/09/01 23:09:55 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/09/01 23:09:55 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/08/31 15:05:40 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/08/26 21:31:29 | 000,001,217 | ---- | C] () -- C:\Windows\SysNative\CoreTemp.ini
[2011/08/26 21:09:24 | 000,012,800 | ---- | C] () -- C:\Windows\SysWow64\CNC1746D.TBL
[2011/08/26 21:09:24 | 000,012,800 | ---- | C] () -- C:\Windows\SysNative\CNC1746D.TBL
[2011/08/25 15:08:55 | 000,001,793 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/06/23 15:58:06 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2011/05/12 16:22:37 | 000,002,215 | ---- | C] () -- C:\Windows\wininit.ini
[2011/04/20 13:44:12 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/04/20 13:44:12 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/04/10 02:40:01 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011/04/09 00:51:28 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/06 16:15:16 | 011,010,048 | ---- | C] () -- C:\ProgramData\sandra.mda
[2009/08/27 02:04:12 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/09/01 14:56:15 | 000,000,000 | ---D | M] -- C:\Users\Stephen Clark\AppData\Roaming\AVG2012
[2011/08/26 22:20:11 | 000,000,000 | ---D | M] -- C:\Users\Stephen Clark\AppData\Roaming\Canon
[2011/09/22 14:36:33 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
[2011/09/22 14:35:42 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011/09/20 17:30:11 | 000,000,332 | ---- | M] () -- C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
[2011/08/27 22:38:42 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Users\Stephen Clark\Downloads:Shareaza.GUID

< End of report >
StephenClark
Regular Member
 
Posts: 46
Joined: September 18th, 2011, 5:17 pm

Re: SHAREA~1/Mediabar/datamngr reappears after deletion

Unread postby askey127 » September 22nd, 2011, 7:03 pm

StephenClark,
---------------------------------------------
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Shareaza*
    
    :folderfind
    *Shareaza*
    
    :Regfind
    Shareaza
    
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: SHAREA~1/Mediabar/datamngr reappears after deletion

Unread postby StephenClark » September 22nd, 2011, 11:50 pm

For your information, I have restarted the machine several times before I received your latest reply above, and SHAREA~1/Mediabar/datamngr has not reappeared in Program Files (x86) again. The only other thing I did was disable the Port Forwarding in my router for port 6346, which Shareaza requires.

However on my wife's machine, which is on the same router, it is still reappearing after deletion and restart. I went ahead and ran SystemLook on my machine, and here is the log:

SystemLook 30.07.11 by jpshortstuff
Log created at 22:28 on 22/09/2011 by Stephen Clark
Administrator - Elevation successful

========== filefind ==========

Searching for "*Shareaza*"
C:\My Downloads Archive\Install Files\Shareaza_2.5.5.0_Win32.exe --a---- 7375010 bytes [00:33 28/06/2011] [00:37 28/06/2011] 7AB97EE33AE3C2CC1B44D005C1669D5E
C:\Users\Stephen Clark\Favorites\Directory Locations\Shareaza Downloads.lnk ------- 759 bytes [05:46 24/04/2010] [19:23 20/09/2011] F40BDD27FD334539C0F6608981C97F27

========== folderfind ==========

Searching for "*Shareaza*"
C:\Users\Stephen Clark\AppData\Local\Shareaza d------ [08:45 10/04/2011]
C:\_OTL\MovedFiles\09222011_143325\C_Users\Stephen Clark\AppData\Roaming\Shareaza d------ [23:16 17/04/2011]
C:\_OTL\MovedFiles\09222011_143325\C_Users\Stephen Clark\Documents\Shareaza Downloads d------ [19:29 22/09/2011]

========== Regfind ==========

Searching for "Shareaza"
[HKEY_CURRENT_USER\Software\Magnet\Handlers\Shareaza]
[HKEY_CURRENT_USER\Software\Magnet\Handlers\Shareaza]
@="Shareaza Peer to Peer"
[HKEY_CURRENT_USER\Software\Magnet\Handlers\Shareaza]
"Description"="Shareaza can automatically search for and download the selected content its peer-to-peer networks."
[HKEY_CURRENT_USER\Software\Magnet\Handlers\Shareaza]
"DefaultIcon"=""C:\Program Files (x86)\Shareaza\Shareaza.exe",-128"
[HKEY_CURRENT_USER\Software\Magnet\Handlers\Shareaza]
"ShellExecute"=""C:\Program Files (x86)\Shareaza\Shareaza.exe" "%URL""
[HKEY_CURRENT_USER\Software\Magnet\Handlers\Shareaza]
"DdeApplication"="Shareaza"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\shareaza]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\www.shareaza]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-shareaza-downloads.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\shareaza.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\shareazaweb.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\shareaza]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\www.shareaza]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-shareaza-downloads.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\shareaza.com]
[HKEY_CURRENT_USER\Software\Classes\Interface\{B43A9B10-3F72-4A96-BD40-C3B643FDF2F3}]
@="IShareazaFile"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\program files (x86)\shareaza\shareaza.exe"="Shareaza Ultimate File Sharing"
[HKEY_CURRENT_USER\Software\Classes\Shareaza.PreviewPlugin]
[HKEY_CURRENT_USER\Software\Classes\Shareaza.PreviewPlugin]
@="Shareaza Preview Plugin"
[HKEY_CURRENT_USER\Software\Classes\Shareaza.PreviewPlugin.1]
[HKEY_CURRENT_USER\Software\Classes\Shareaza.PreviewPlugin.1]
@="Shareaza Preview Plugin"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{251F45EE-7C3D-4D89-ADB8-974568419DBD}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\SkinScanSKS.dll"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{251F45EE-7C3D-4D89-ADB8-974568419DBD}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{2696CE9F-423F-4901-A109-0C85E6430266}\1.0]
@="Shareaza Image Viewer Plugin Type Library"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{2696CE9F-423F-4901-A109-0C85E6430266}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\ImageViewer.dll"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{2696CE9F-423F-4901-A109-0C85E6430266}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{2975FA55-CDD5-41AE-8120-EB82E1BF9826}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\7ZipBuilder.dll"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{2975FA55-CDD5-41AE-8120-EB82E1BF9826}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{3772E712-75B5-4AAF-B423-FD7C0399F13F}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\WindowsThumbnail.exe"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{3772E712-75B5-4AAF-B423-FD7C0399F13F}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{4E7B260F-E3A4-42DD-89D8-E0372158626E}\1.0]
@="Shareaza Media Player 1.0 Type Library"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{4E7B260F-E3A4-42DD-89D8-E0372158626E}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\MediaPlayer.exe"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{4E7B260F-E3A4-42DD-89D8-E0372158626E}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{607C3F69-850D-4413-A81A-CF1C849BF387}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\DocumentReader.dll"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{607C3F69-850D-4413-A81A-CF1C849BF387}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{6820AC10-8EE8-439B-9CB6-B17029025978}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\SWFPlugin.dll"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{6820AC10-8EE8-439B-9CB6-B17029025978}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{69A065D3-C03D-4FA2-9C43-CB38D2078567}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\RatDVDReader.dll"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{69A065D3-C03D-4FA2-9C43-CB38D2078567}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{6B207D90-4C7A-43C5-863C-AC110209D745}\1.0]
@="Shareaza Web Download Hook Library"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{6B207D90-4C7A-43C5-863C-AC110209D745}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\RazaWebHook32.dll"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{6B207D90-4C7A-43C5-863C-AC110209D745}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{6B3F5CE8-238C-4285-BE4B-EF7A9F71D1C2}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\MediaLibraryBuilder.exe"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{6B3F5CE8-238C-4285-BE4B-EF7A9F71D1C2}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{7B8046FF-0D3A-4D85-9424-7DFCCD1BCA45}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\GFLLibraryBuilder.dll"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{7B8046FF-0D3A-4D85-9424-7DFCCD1BCA45}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{9DB3D2BA-C333-4691-AFDC-52279AF2D71F}\1.0]
@="Shareaza Preview Plugin 1.0 Type Library"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{9DB3D2BA-C333-4691-AFDC-52279AF2D71F}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\Preview.dll"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{9DB3D2BA-C333-4691-AFDC-52279AF2D71F}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{ABC45D7F-EF52-4E5C-986A-93674FE3BBCC}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\VirusTotal.dll"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{ABC45D7F-EF52-4E5C-986A-93674FE3BBCC}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{D65FD676-83A0-40F7-9BF8-867AFE337FE1}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\ZIPBuilder.dll"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{D65FD676-83A0-40F7-9BF8-867AFE337FE1}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{EDB05406-0D3F-49F1-8ABC-9B53758008A0}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\RARBuilder.dll"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{EDB05406-0D3F-49F1-8ABC-9B53758008A0}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{FCCC9C8C-45EF-4EB4-8AB1-5235585A631D}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\GFLImageServices.dll"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{FCCC9C8C-45EF-4EB4-8AB1-5235585A631D}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{FD6EB3A2-CE8A-4A12-A065-0490816DF11F}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\MediaImageServices.exe"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{FD6EB3A2-CE8A-4A12-A065-0490816DF11F}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{B43A9B10-3F72-4A96-BD40-C3B643FDF2F3}]
@="IShareazaFile"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\ShareazaV7.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\Shareaza_V7_en_Setup.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Shareaza.PreviewPlugin]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Shareaza.PreviewPlugin]
@="Shareaza Preview Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Shareaza.PreviewPlugin\CurVer]
@="Shareaza.PreviewPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Shareaza.PreviewPlugin.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Shareaza.PreviewPlugin.1]
@="Shareaza Preview Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6B207D90-4C7A-43C5-863C-AC110209D745}\1.0]
@="Shareaza Web Download Hook Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6B207D90-4C7A-43C5-863C-AC110209D745}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\RazaWebHook32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6B207D90-4C7A-43C5-863C-AC110209D745}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6B207D90-4C7A-43C5-863C-AC110209D745}\1.0]
@="Shareaza Web Download Hook Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6B207D90-4C7A-43C5-863C-AC110209D745}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\RazaWebHook32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6B207D90-4C7A-43C5-863C-AC110209D745}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Shareaza Applications\Shareaza\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Shareaza Applications\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\19F900998848263499B3791AE1D04CCE]
"00000000000000000000000000000000"="C:\Users\STEPHE~1\AppData\Local\Temp\SetupDataMngr_Shareaza.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\shareaza]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\www.shareaza]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-shareaza-downloads.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\shareaza.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\shareaza]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\www.shareaza]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-shareaza-downloads.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\shareaza.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr]
"DLLPath"="C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\datamngr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr]
"Folder"="C:\Program Files (x86)\Shareaza Applications\MediaBar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr]
"Path"="C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr]
"UIPath"="C:\Program Files (x86)\Shareaza Applications\MediaBar\Datamngr\datamngrUI.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr\Files\Homepage]
"Value"="http://search.shareazaweb.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr\Files\Homepage]
"DefaultValue"="user_pref("browser.startup.homepage", "http://search.shareazaweb.com/");"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr\Files\SelectedSearch]
"Value"="Shareaza Web Search"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr\Files\UrlbarSearch]
"Value"="http://search.shareazaweb.com/web?src=ffb&systemid=3&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr\Files\UrlbarSearch]
"DefaultValue"="user_pref("keyword.URL", "http://search.shareazaweb.com/web?src=ffb&systemid=3&q=");"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr\List\Item2]
"Value"="http://search.shareazaweb.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{71C63272-91A7-436a-843D-A1C641D1C626}]
"URL"="http://search.shareazaweb.com/web?src=ieb&systemid=3&q={searchTerms}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{71C63272-91A7-436a-843D-A1C641D1C626}]
"SuggestionsURL_JSON"="http://search.shareazaweb.com/suggest.php?src=ieb&systemid=3&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ShareazaMediaBar_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ShareazaMediaBar_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Shareaza_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Shareaza_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Shareaza_V7_en_Setup_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Shareaza_V7_en_Setup_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\shareaza]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\www.shareaza]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-shareaza-downloads.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\shareaza.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\shareaza]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\www.shareaza]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-shareaza-downloads.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\shareaza.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Shareaza 3 MediaBar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{6B207D90-4C7A-43C5-863C-AC110209D745}\1.0]
@="Shareaza Web Download Hook Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{6B207D90-4C7A-43C5-863C-AC110209D745}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\RazaWebHook32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{6B207D90-4C7A-43C5-863C-AC110209D745}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{43DCA1EA-8FCF-433F-8156-049119A8F8A6}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=C:\Program Files (x86)\Shareaza Applications\Shareaza\Shareaza.exe|Name=Shareaza|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C3BF1148-BCD2-41F0-8432-9DC6A007CEE9}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|App=C:\Program Files (x86)\Shareaza Applications\Shareaza\Shareaza.exe|Name=Shareaza|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01781187-4806-4468-AD4C-059C9CAE71B1}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Shareaza Applications\Shareaza\Shareaza.exe|Name=Shareaza|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{EADF5A0A-B9AC-440D-AE31-4B4019F8B8FF}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Shareaza Applications\Shareaza\Shareaza.exe|Name=Shareaza|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{1DDB0E58-135C-4155-83C9-C68FE954DF78}C:\program files (x86)\shareaza\shareaza.exe"="v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\shareaza\shareaza.exe|Name=Shareaza Ultimate File Sharing|Desc=Shareaza Ultimate File Sharing|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"UDP Query User{5515DB6E-4462-4590-921F-8B96BA7C51D1}C:\program files (x86)\shareaza\shareaza.exe"="v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\shareaza\shareaza.exe|Name=Shareaza Ultimate File Sharing|Desc=Shareaza Ultimate File Sharing|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{43DCA1EA-8FCF-433F-8156-049119A8F8A6}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=C:\Program Files (x86)\Shareaza Applications\Shareaza\Shareaza.exe|Name=Shareaza|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C3BF1148-BCD2-41F0-8432-9DC6A007CEE9}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|App=C:\Program Files (x86)\Shareaza Applications\Shareaza\Shareaza.exe|Name=Shareaza|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01781187-4806-4468-AD4C-059C9CAE71B1}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Shareaza Applications\Shareaza\Shareaza.exe|Name=Shareaza|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{EADF5A0A-B9AC-440D-AE31-4B4019F8B8FF}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Shareaza Applications\Shareaza\Shareaza.exe|Name=Shareaza|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{1DDB0E58-135C-4155-83C9-C68FE954DF78}C:\program files (x86)\shareaza\shareaza.exe"="v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\shareaza\shareaza.exe|Name=Shareaza Ultimate File Sharing|Desc=Shareaza Ultimate File Sharing|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"UDP Query User{5515DB6E-4462-4590-921F-8B96BA7C51D1}C:\program files (x86)\shareaza\shareaza.exe"="v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\shareaza\shareaza.exe|Name=Shareaza Ultimate File Sharing|Desc=Shareaza Ultimate File Sharing|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{43DCA1EA-8FCF-433F-8156-049119A8F8A6}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=C:\Program Files (x86)\Shareaza Applications\Shareaza\Shareaza.exe|Name=Shareaza|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C3BF1148-BCD2-41F0-8432-9DC6A007CEE9}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|App=C:\Program Files (x86)\Shareaza Applications\Shareaza\Shareaza.exe|Name=Shareaza|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01781187-4806-4468-AD4C-059C9CAE71B1}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Shareaza Applications\Shareaza\Shareaza.exe|Name=Shareaza|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{EADF5A0A-B9AC-440D-AE31-4B4019F8B8FF}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Shareaza Applications\Shareaza\Shareaza.exe|Name=Shareaza|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{1DDB0E58-135C-4155-83C9-C68FE954DF78}C:\program files (x86)\shareaza\shareaza.exe"="v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\shareaza\shareaza.exe|Name=Shareaza Ultimate File Sharing|Desc=Shareaza Ultimate File Sharing|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"UDP Query User{5515DB6E-4462-4590-921F-8B96BA7C51D1}C:\program files (x86)\shareaza\shareaza.exe"="v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\shareaza\shareaza.exe|Name=Shareaza Ultimate File Sharing|Desc=Shareaza Ultimate File Sharing|"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\shareaza]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\www.shareaza]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-shareaza-downloads.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\shareaza.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\shareaza]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\www.shareaza]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-shareaza-downloads.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\shareaza.com]
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Magnet\Handlers\Shareaza]
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Magnet\Handlers\Shareaza]
@="Shareaza Peer to Peer"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Magnet\Handlers\Shareaza]
"Description"="Shareaza can automatically search for and download the selected content its peer-to-peer networks."
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Magnet\Handlers\Shareaza]
"DefaultIcon"=""C:\Program Files (x86)\Shareaza\Shareaza.exe",-128"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Magnet\Handlers\Shareaza]
"ShellExecute"=""C:\Program Files (x86)\Shareaza\Shareaza.exe" "%URL""
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Magnet\Handlers\Shareaza]
"DdeApplication"="Shareaza"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\shareaza]
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\www.shareaza]
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-shareaza-downloads.com]
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\shareaza.com]
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\shareazaweb.com]
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\shareaza]
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\www.shareaza]
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-shareaza-downloads.com]
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\shareaza.com]
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\Interface\{B43A9B10-3F72-4A96-BD40-C3B643FDF2F3}]
@="IShareazaFile"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\program files (x86)\shareaza\shareaza.exe"="Shareaza Ultimate File Sharing"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\Shareaza.PreviewPlugin]
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\Shareaza.PreviewPlugin]
@="Shareaza Preview Plugin"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\Shareaza.PreviewPlugin.1]
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\Shareaza.PreviewPlugin.1]
@="Shareaza Preview Plugin"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{251F45EE-7C3D-4D89-ADB8-974568419DBD}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\SkinScanSKS.dll"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{251F45EE-7C3D-4D89-ADB8-974568419DBD}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{2696CE9F-423F-4901-A109-0C85E6430266}\1.0]
@="Shareaza Image Viewer Plugin Type Library"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{2696CE9F-423F-4901-A109-0C85E6430266}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\ImageViewer.dll"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{2696CE9F-423F-4901-A109-0C85E6430266}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{2975FA55-CDD5-41AE-8120-EB82E1BF9826}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\7ZipBuilder.dll"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{2975FA55-CDD5-41AE-8120-EB82E1BF9826}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{3772E712-75B5-4AAF-B423-FD7C0399F13F}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\WindowsThumbnail.exe"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{3772E712-75B5-4AAF-B423-FD7C0399F13F}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{4E7B260F-E3A4-42DD-89D8-E0372158626E}\1.0]
@="Shareaza Media Player 1.0 Type Library"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{4E7B260F-E3A4-42DD-89D8-E0372158626E}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\MediaPlayer.exe"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{4E7B260F-E3A4-42DD-89D8-E0372158626E}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{607C3F69-850D-4413-A81A-CF1C849BF387}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\DocumentReader.dll"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{607C3F69-850D-4413-A81A-CF1C849BF387}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{6820AC10-8EE8-439B-9CB6-B17029025978}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\SWFPlugin.dll"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{6820AC10-8EE8-439B-9CB6-B17029025978}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{69A065D3-C03D-4FA2-9C43-CB38D2078567}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\RatDVDReader.dll"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{69A065D3-C03D-4FA2-9C43-CB38D2078567}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{6B207D90-4C7A-43C5-863C-AC110209D745}\1.0]
@="Shareaza Web Download Hook Library"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{6B207D90-4C7A-43C5-863C-AC110209D745}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\RazaWebHook32.dll"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{6B207D90-4C7A-43C5-863C-AC110209D745}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{6B3F5CE8-238C-4285-BE4B-EF7A9F71D1C2}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\MediaLibraryBuilder.exe"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{6B3F5CE8-238C-4285-BE4B-EF7A9F71D1C2}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{7B8046FF-0D3A-4D85-9424-7DFCCD1BCA45}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\GFLLibraryBuilder.dll"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{7B8046FF-0D3A-4D85-9424-7DFCCD1BCA45}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{9DB3D2BA-C333-4691-AFDC-52279AF2D71F}\1.0]
@="Shareaza Preview Plugin 1.0 Type Library"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{9DB3D2BA-C333-4691-AFDC-52279AF2D71F}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\Preview.dll"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{9DB3D2BA-C333-4691-AFDC-52279AF2D71F}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{ABC45D7F-EF52-4E5C-986A-93674FE3BBCC}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\VirusTotal.dll"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{ABC45D7F-EF52-4E5C-986A-93674FE3BBCC}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{D65FD676-83A0-40F7-9BF8-867AFE337FE1}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\ZIPBuilder.dll"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{D65FD676-83A0-40F7-9BF8-867AFE337FE1}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{EDB05406-0D3F-49F1-8ABC-9B53758008A0}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\RARBuilder.dll"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{EDB05406-0D3F-49F1-8ABC-9B53758008A0}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{FCCC9C8C-45EF-4EB4-8AB1-5235585A631D}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\GFLImageServices.dll"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{FCCC9C8C-45EF-4EB4-8AB1-5235585A631D}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{FD6EB3A2-CE8A-4A12-A065-0490816DF11F}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\MediaImageServices.exe"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{FD6EB3A2-CE8A-4A12-A065-0490816DF11F}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\Wow6432Node\Interface\{B43A9B10-3F72-4A96-BD40-C3B643FDF2F3}]
@="IShareazaFile"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\Interface\{B43A9B10-3F72-4A96-BD40-C3B643FDF2F3}]
@="IShareazaFile"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\program files (x86)\shareaza\shareaza.exe"="Shareaza Ultimate File Sharing"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\Shareaza.PreviewPlugin]
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\Shareaza.PreviewPlugin]
@="Shareaza Preview Plugin"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\Shareaza.PreviewPlugin.1]
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\Shareaza.PreviewPlugin.1]
@="Shareaza Preview Plugin"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{251F45EE-7C3D-4D89-ADB8-974568419DBD}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\SkinScanSKS.dll"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{251F45EE-7C3D-4D89-ADB8-974568419DBD}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{2696CE9F-423F-4901-A109-0C85E6430266}\1.0]
@="Shareaza Image Viewer Plugin Type Library"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{2696CE9F-423F-4901-A109-0C85E6430266}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\ImageViewer.dll"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{2696CE9F-423F-4901-A109-0C85E6430266}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{2975FA55-CDD5-41AE-8120-EB82E1BF9826}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\7ZipBuilder.dll"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{2975FA55-CDD5-41AE-8120-EB82E1BF9826}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{3772E712-75B5-4AAF-B423-FD7C0399F13F}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\WindowsThumbnail.exe"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{3772E712-75B5-4AAF-B423-FD7C0399F13F}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{4E7B260F-E3A4-42DD-89D8-E0372158626E}\1.0]
@="Shareaza Media Player 1.0 Type Library"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{4E7B260F-E3A4-42DD-89D8-E0372158626E}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\MediaPlayer.exe"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{4E7B260F-E3A4-42DD-89D8-E0372158626E}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{607C3F69-850D-4413-A81A-CF1C849BF387}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\DocumentReader.dll"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{607C3F69-850D-4413-A81A-CF1C849BF387}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{6820AC10-8EE8-439B-9CB6-B17029025978}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\SWFPlugin.dll"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{6820AC10-8EE8-439B-9CB6-B17029025978}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{69A065D3-C03D-4FA2-9C43-CB38D2078567}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\RatDVDReader.dll"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{69A065D3-C03D-4FA2-9C43-CB38D2078567}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{6B207D90-4C7A-43C5-863C-AC110209D745}\1.0]
@="Shareaza Web Download Hook Library"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{6B207D90-4C7A-43C5-863C-AC110209D745}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\RazaWebHook32.dll"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{6B207D90-4C7A-43C5-863C-AC110209D745}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{6B3F5CE8-238C-4285-BE4B-EF7A9F71D1C2}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\MediaLibraryBuilder.exe"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{6B3F5CE8-238C-4285-BE4B-EF7A9F71D1C2}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{7B8046FF-0D3A-4D85-9424-7DFCCD1BCA45}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\GFLLibraryBuilder.dll"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{7B8046FF-0D3A-4D85-9424-7DFCCD1BCA45}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{9DB3D2BA-C333-4691-AFDC-52279AF2D71F}\1.0]
@="Shareaza Preview Plugin 1.0 Type Library"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{9DB3D2BA-C333-4691-AFDC-52279AF2D71F}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\Preview.dll"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{9DB3D2BA-C333-4691-AFDC-52279AF2D71F}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{ABC45D7F-EF52-4E5C-986A-93674FE3BBCC}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\VirusTotal.dll"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{ABC45D7F-EF52-4E5C-986A-93674FE3BBCC}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{D65FD676-83A0-40F7-9BF8-867AFE337FE1}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\ZIPBuilder.dll"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{D65FD676-83A0-40F7-9BF8-867AFE337FE1}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{EDB05406-0D3F-49F1-8ABC-9B53758008A0}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\RARBuilder.dll"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{EDB05406-0D3F-49F1-8ABC-9B53758008A0}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{FCCC9C8C-45EF-4EB4-8AB1-5235585A631D}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\GFLImageServices.dll"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{FCCC9C8C-45EF-4EB4-8AB1-5235585A631D}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{FD6EB3A2-CE8A-4A12-A065-0490816DF11F}\1.0\0\win32]
@="C:\Program Files (x86)\Shareaza\MediaImageServices.exe"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{FD6EB3A2-CE8A-4A12-A065-0490816DF11F}\1.0\HELPDIR]
@="C:\Program Files (x86)\Shareaza"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\Wow6432Node\Interface\{B43A9B10-3F72-4A96-BD40-C3B643FDF2F3}]
@="IShareazaFile"
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\shareaza]
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\www.shareaza]
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-shareaza-downloads.com]
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\shareaza.com]
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\shareaza]
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\www.shareaza]
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-shareaza-downloads.com]
[HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\shareaza.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\shareaza]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\www.shareaza]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-shareaza-downloads.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\shareaza.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\shareaza]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\www.shareaza]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-shareaza-downloads.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\shareaza.com]

-= EOF =-
StephenClark
Regular Member
 
Posts: 46
Joined: September 18th, 2011, 5:17 pm

Re: SHAREA~1/Mediabar/datamngr reappears after deletion

Unread postby askey127 » September 23rd, 2011, 2:52 pm

It is taking a little while to sift through that mountain of Registry entries.
Be back as soon as I can.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: SHAREA~1/Mediabar/datamngr reappears after deletion

Unread postby StephenClark » September 23rd, 2011, 4:02 pm

Yes, I understand! I got tired of reading it myself. I am surprised that Shareaza left so many tracks.

Just for some background information, the original infection was iebho.dll, as indentifed by Ad-Aware, and it originated from a fake Shareaza site that offered an install file for a "new" version of Shareaza. I used this install file on both machines when I upgraded to Windows 7 x64 from Windows XP several months ago. The BHO screwed up Firefox searches and Explorer searches, and I suspect was sending keystrokes somewhere. Ad-Aware was able to remove the BHO itself and a few other files, and I was able to clean up Firefox and IE, but this niggling little directory I have not been able to get rid of. If we can discover how to do it, then I need to clean my wife's machine as well. Sometimes on Windows start on her machine, iebho.dll will try to execute, but Win 7 gives an error message about it being in the wrong format, or a corrupt file, and to reinstall the program or contact the vendor. This has been very annoying, and I am concerned that it may be doing other things that I am not aware of. I really do appreciate your determination to help me!
StephenClark
Regular Member
 
Posts: 46
Joined: September 18th, 2011, 5:17 pm

Re: SHAREA~1/Mediabar/datamngr reappears after deletion

Unread postby askey127 » September 24th, 2011, 7:31 am

StephenClark,
OK, let's go.
---------------------------------------------
Run a SystemLook Search
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *iebho*
    
    :folderfind
    *iebho*
    
    :Regfind
    iebho
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
    (Takes about 4 minutes on my XP net book)
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
----------------------------------------------
Perform a Custom Fix with OTL
Right click the OTL icon and choose "Run as administrator"
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Please make sure it's all there in the Custom Scans box when you get through.
    Code: Select all
    :Files
    C:\My Downloads Archive\Install Files\Shareaza_2.5.5.0_Win32.exe
    C:\Users\Stephen Clark\Favorites\Directory Locations\Shareaza Downloads.lnk
    C:\Users\Stephen Clark\AppData\Local\Shareaza
    
    :Reg
    [-HKEY_CURRENT_USER\Software\Magnet\Handlers\Shareaza]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\shareaza]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\www.shareaza]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-shareaza-downloads.com]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\shareaza.com]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\shareazaweb.com]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\shareaza]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\www.shareaza]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-shareaza-downloads.com]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\shareaza.com]
    [-HKEY_CURRENT_USER\Software\Classes\Interface\{B43A9B10-3F72-4A96-BD40-C3B643FDF2F3}]
    [-HKEY_CURRENT_USER\Software\Classes\Shareaza.PreviewPlugin]
    [-HKEY_CURRENT_USER\Software\Classes\TypeLib\{251F45EE-7C3D-4D89-ADB8-974568419DBD}]
    [-HKEY_CURRENT_USER\Software\Classes\TypeLib\{2696CE9F-423F-4901-A109-0C85E6430266}]
    [-HKEY_CURRENT_USER\Software\Classes\TypeLib\{2975FA55-CDD5-41AE-8120-EB82E1BF9826}]
    [-HKEY_CURRENT_USER\Software\Classes\TypeLib\{3772E712-75B5-4AAF-B423-FD7C0399F13F}]
    [-HKEY_CURRENT_USER\Software\Classes\TypeLib\{4E7B260F-E3A4-42DD-89D8-E0372158626E}]
    [-HKEY_CURRENT_USER\Software\Classes\TypeLib\{607C3F69-850D-4413-A81A-CF1C849BF387}]
    [-HKEY_CURRENT_USER\Software\Classes\TypeLib\{6820AC10-8EE8-439B-9CB6-B17029025978}]
    [-HKEY_CURRENT_USER\Software\Classes\TypeLib\{69A065D3-C03D-4FA2-9C43-CB38D2078567}]
    [-HKEY_CURRENT_USER\Software\Classes\TypeLib\{6B207D90-4C7A-43C5-863C-AC110209D745}]
    [-HKEY_CURRENT_USER\Software\Classes\TypeLib\{6B3F5CE8-238C-4285-BE4B-EF7A9F71D1C2}]
    [-HKEY_CURRENT_USER\Software\Classes\TypeLib\{7B8046FF-0D3A-4D85-9424-7DFCCD1BCA45}]
    [-HKEY_CURRENT_USER\Software\Classes\TypeLib\{9DB3D2BA-C333-4691-AFDC-52279AF2D71F}]
    [-HKEY_CURRENT_USER\Software\Classes\TypeLib\{ABC45D7F-EF52-4E5C-986A-93674FE3BBCC}]
    [-HKEY_CURRENT_USER\Software\Classes\TypeLib\{D65FD676-83A0-40F7-9BF8-867AFE337FE1}]
    [-HKEY_CURRENT_USER\Software\Classes\TypeLib\{EDB05406-0D3F-49F1-8ABC-9B53758008A0}]
    [-HKEY_CURRENT_USER\Software\Classes\TypeLib\{FCCC9C8C-45EF-4EB4-8AB1-5235585A631D}]
    [-HKEY_CURRENT_USER\Software\Classes\TypeLib\{FD6EB3A2-CE8A-4A12-A065-0490816DF11F}]
    [-HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{B43A9B10-3F72-4A96-BD40-C3B643FDF2F3}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\ShareazaV7.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\Shareaza_V7_en_Setup.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Shareaza.PreviewPlugin]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6B207D90-4C7A-43C5-863C-AC110209D745}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{6B207D90-4C7A-43C5-863C-AC110209D745}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\shareaza]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\www.shareaza]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-shareaza-downloads.com]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\shareaza.com]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\shareaza]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\www.shareaza]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-shareaza-downloads.com]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\shareaza.com]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ShareazaMediaBar_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ShareazaMediaBar_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Shareaza_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Shareaza_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Shareaza_V7_en_Setup_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Shareaza_V7_en_Setup_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\shareaza]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\www.shareaza]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-shareaza-downloads.com]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\shareaza.com]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\shareaza]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\www.shareaza]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-shareaza-downloads.com]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\shareaza.com]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Shareaza 3 MediaBar]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{6B207D90-4C7A-43C5-863C-AC110209D745}]
    [-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\shareaza]
    [-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\www.shareaza]
    [-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-shareaza-downloads.com]
    [-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\shareaza.com]
    [-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\shareaza]
    [-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\www.shareaza]
    [-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-shareaza-downloads.com]
    [-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\shareaza.com]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Magnet\Handlers\Shareaza]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\shareaza]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\www.shareaza]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-shareaza-downloads.com]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\shareaza.com]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\shareazaweb.com]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\shareaza]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\www.shareaza]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-shareaza-downloads.com]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\shareaza.com]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\Interface\{B43A9B10-3F72-4A96-BD40-C3B643FDF2F3}]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\Shareaza.PreviewPlugin]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{251F45EE-7C3D-4D89-ADB8-974568419DBD}]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{2696CE9F-423F-4901-A109-0C85E6430266}]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{2975FA55-CDD5-41AE-8120-EB82E1BF9826}]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{3772E712-75B5-4AAF-B423-FD7C0399F13F}]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{4E7B260F-E3A4-42DD-89D8-E0372158626E}]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{607C3F69-850D-4413-A81A-CF1C849BF387}]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{6820AC10-8EE8-439B-9CB6-B17029025978}]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\shareaza]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\www.shareaza]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-shareaza-downloads.com]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\shareaza.com]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\shareaza]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\www.shareaza]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-shareaza-downloads.com]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\shareaza.com]
    [-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\shareaza]
    [-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\www.shareaza]
    [-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-shareaza-downloads.com]
    [-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\shareaza.com]
    [-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\shareaza]
    [-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\www.shareaza]
    [-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-shareaza-downloads.com]
    [-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\shareaza.com]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{69A065D3-C03D-4FA2-9C43-CB38D2078567}]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{6B207D90-4C7A-43C5-863C-AC110209D745}]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{6B3F5CE8-238C-4285-BE4B-EF7A9F71D1C2}]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{7B8046FF-0D3A-4D85-9424-7DFCCD1BCA45}]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{9DB3D2BA-C333-4691-AFDC-52279AF2D71F}]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{ABC45D7F-EF52-4E5C-986A-93674FE3BBCC}]
    [=HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{D65FD676-83A0-40F7-9BF8-867AFE337FE1}]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{EDB05406-0D3F-49F1-8ABC-9B53758008A0}]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{FCCC9C8C-45EF-4EB4-8AB1-5235585A631D}]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\TypeLib\{FD6EB3A2-CE8A-4A12-A065-0490816DF11F}]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\Wow6432Node\Interface\{B43A9B10-3F72-4A96-BD40-C3B643FDF2F3}]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\Interface\{B43A9B10-3F72-4A96-BD40-C3B643FDF2F3}]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\Shareaza.PreviewPlugin]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{251F45EE-7C3D-4D89-ADB8-974568419DBD}]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{2696CE9F-423F-4901-A109-0C85E6430266}\1.0]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{2975FA55-CDD5-41AE-8120-EB82E1BF9826}]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{3772E712-75B5-4AAF-B423-FD7C0399F13F}]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{4E7B260F-E3A4-42DD-89D8-E0372158626E}]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{607C3F69-850D-4413-A81A-CF1C849BF387}]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{6820AC10-8EE8-439B-9CB6-B17029025978}]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{69A065D3-C03D-4FA2-9C43-CB38D2078567}]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{6B207D90-4C7A-43C5-863C-AC110209D745}]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{6B3F5CE8-238C-4285-BE4B-EF7A9F71D1C2}]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{7B8046FF-0D3A-4D85-9424-7DFCCD1BCA45}]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{9DB3D2BA-C333-4691-AFDC-52279AF2D71F}]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{ABC45D7F-EF52-4E5C-986A-93674FE3BBCC}]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{D65FD676-83A0-40F7-9BF8-867AFE337FE1}]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{EDB05406-0D3F-49F1-8ABC-9B53758008A0}]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{FCCC9C8C-45EF-4EB4-8AB1-5235585A631D}]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\TypeLib\{FD6EB3A2-CE8A-4A12-A065-0490816DF11F}]
    [-HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\Wow6432Node\Interface\{B43A9B10-3F72-4A96-BD40-C3B643FDF2F3}]
    [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\program files (x86)\shareaza\shareaza.exe"=-
    [HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\program files (x86)\shareaza\shareaza.exe"=-
    [HKEY_USERS\S-1-5-21-653386636-3774905466-2443938687-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\program files (x86)\shareaza\shareaza.exe"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{43DCA1EA-8FCF-433F-8156-049119A8F8A6}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{C3BF1148-BCD2-41F0-8432-9DC6A007CEE9}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01781187-4806-4468-AD4C-059C9CAE71B1}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{EADF5A0A-B9AC-440D-AE31-4B4019F8B8FF}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "TCP Query User{1DDB0E58-135C-4155-83C9-C68FE954DF78}C:\program files (x86)\shareaza\shareaza.exe"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "UDP Query User{5515DB6E-4462-4590-921F-8B96BA7C51D1}C:\program files (x86)\shareaza\shareaza.exe"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{43DCA1EA-8FCF-433F-8156-049119A8F8A6}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{C3BF1148-BCD2-41F0-8432-9DC6A007CEE9}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01781187-4806-4468-AD4C-059C9CAE71B1}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{EADF5A0A-B9AC-440D-AE31-4B4019F8B8FF}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "TCP Query User{1DDB0E58-135C-4155-83C9-C68FE954DF78}C:\program files (x86)\shareaza\shareaza.exe"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "UDP Query User{5515DB6E-4462-4590-921F-8B96BA7C51D1}C:\program files (x86)\shareaza\shareaza.exe"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{43DCA1EA-8FCF-433F-8156-049119A8F8A6}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{C3BF1148-BCD2-41F0-8432-9DC6A007CEE9}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01781187-4806-4468-AD4C-059C9CAE71B1}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{EADF5A0A-B9AC-440D-AE31-4B4019F8B8FF}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "TCP Query User{1DDB0E58-135C-4155-83C9-C68FE954DF78}C:\program files (x86)\shareaza\shareaza.exe"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "UDP Query User{5515DB6E-4462-4590-921F-8B96BA7C51D1}C:\program files (x86)\shareaza\shareaza.exe"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{71C63272-91A7-436a-843D-A1C641D1C626}] /64
    "URL"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{71C63272-91A7-436a-843D-A1C641D1C626}] /64
    "SuggestionsURL_JSON"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{71C63272-91A7-436a-843D-A1C641D1C626}]
    "URL"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{71C63272-91A7-436a-843D-A1C641D1C626}]
    "SuggestionsURL_JSON"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\Shareaza Applications\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\19F900998848263499B3791AE1D04CCE]
    "00000000000000000000000000000000"=-
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: SHAREA~1/Mediabar/datamngr reappears after deletion

Unread postby StephenClark » September 24th, 2011, 1:09 pm

OK, here are the latest logs. SHAREA~1/Mediabar/datamngr has not appeared in Program Files (x86) again.

SystemLook 30.07.11 by jpshortstuff
Log created at 11:45 on 24/09/2011 by Stephen Clark
Administrator - Elevation successful

========== filefind ==========

Searching for "*iebho*"
No files found.

========== folderfind ==========

Searching for "*iebho*"
No folders found.

========== Regfind ==========

Searching for "iebho"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr]
"ShortDllPath"="C:\PROGRA~2\SHAREA~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\SHAREA~1\MediaBar\Datamngr\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr]
"ShortDllPath64"="C:\PROGRA~2\SHAREA~1\MediaBar\Datamngr\x64\datamngr.dll C:\PROGRA~2\SHAREA~1\MediaBar\Datamngr\x64\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr\IEBHO]

-= EOF =-



OTL logfile created on: 9/24/2011 11:56:45 AM - Run 3
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Stephen Clark\Downloads
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 60.96% Memory free
8.00 Gb Paging File | 6.37 Gb Available in Paging File | 79.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 127.99 Gb Total Space | 47.56 Gb Free Space | 37.16% Space Free | Partition Type: NTFS
Drive D: | 104.89 Gb Total Space | 49.16 Gb Free Space | 46.87% Space Free | Partition Type: NTFS
Drive E: | 4.38 Gb Total Space | 1.94 Gb Free Space | 44.38% Space Free | Partition Type: UDF
Drive G: | 3.94 Gb Total Space | 0.71 Gb Free Space | 18.04% Space Free | Partition Type: FAT32
Drive H: | 149.05 Gb Total Space | 9.94 Gb Free Space | 6.67% Space Free | Partition Type: NTFS

Computer Name: STEPHEN5 | User Name: Stephen Clark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/21 17:03:16 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Stephen Clark\Downloads\OTL.exe
PRC - [2011/09/08 06:46:00 | 002,401,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011/09/01 06:16:22 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/08/04 09:18:12 | 003,225,504 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2011/08/04 09:17:34 | 003,219,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
PRC - [2011/08/04 09:17:18 | 000,130,976 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe
PRC - [2011/08/04 09:17:06 | 000,169,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2011/08/04 09:17:04 | 001,149,864 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2011/08/04 09:16:58 | 001,082,800 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2011/08/03 06:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/08/03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/06/08 10:45:44 | 000,822,456 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/04/02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2009/08/24 14:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
PRC - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe


========== Modules (No Company Name) ==========

MOD - [2011/07/26 00:00:00 | 000,576,512 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/09/01 06:16:22 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/04 09:17:18 | 000,130,976 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe -- (SDHookService)
SRV - [2011/08/04 09:17:06 | 000,169,624 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe -- (SDWSCService)
SRV - [2011/08/04 09:17:04 | 001,149,864 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe -- (SDUpdateService)
SRV - [2011/08/04 09:16:58 | 001,082,800 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe -- (SDScannerService)
SRV - [2011/08/03 06:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/24 14:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 01:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 01:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 01:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/07/11 01:13:44 | 000,282,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/07/11 01:13:42 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/06/28 13:43:09 | 000,055,384 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SBREDrv.sys -- (SBRE)
DRV:64bit: - [2011/05/10 04:41:27 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/04/26 14:24:14 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/04/26 14:24:14 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/09 15:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/17 11:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009/06/17 11:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 11:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/10 16:01:07 | 000,543,744 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ltmdm64.sys -- (ltmodem5)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2007/04/09 10:09:46 | 000,012,288 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (UsbFltr)
DRV - [2011/09/24 11:53:38 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/08/04 00:00:00 | 000,048,888 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys -- (SDHookDriver)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.weather.com/weather/map/interactive/77450
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20110836,17793,0,19,0"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.weather.com/weather/map/interactive/77450|http://www.quattroworld.com/|http://my.ebay.com/ws/eBayISAPI.dll?MyEbayBeta&MyeBay=&guest=1|http://news.google.com/nwshp?hl=en&tab=wn&q=|http://www.google.com/ig|http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.9.1
FF - prefs.js..extensions.enabledItems: kodak-companion@mozilla.com:2.0
FF - prefs.js..extensions.enabledItems: amznUWL@amazon.com:2.12
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2011/09/20 12:14:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/07 13:51:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/14 13:14:17 | 000,000,000 | ---D | M]

[2011/05/12 16:03:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stephen Clark\AppData\Roaming\Mozilla\Extensions
[2011/09/18 15:00:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stephen Clark\AppData\Roaming\Mozilla\Firefox\Profiles\9g6r05oy.default\extensions
[2011/04/12 17:09:45 | 000,000,000 | ---D | M] ("Amazon Toolbar") -- C:\Users\Stephen Clark\AppData\Roaming\Mozilla\Firefox\Profiles\9g6r05oy.default\extensions\amznUWL@amazon.com
[2011/08/31 19:35:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/04/14 16:45:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/09/20 12:14:47 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4
() (No name found) -- C:\USERS\STEPHEN CLARK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9G6R05OY.DEFAULT\EXTENSIONS\KODAK-COMPANION@MOZILLA.COM.XPI
[2011/09/07 13:51:32 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/08/31 19:35:03 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/31 15:39:34 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/06/17 08:02:54 | 000,002,059 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\siteguardtb.xml

O1 HOSTS File: ([2011/09/23 17:10:11 | 000,436,492 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15019 more lines...
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SDHelper) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [DW6] C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.230.224.34 216.230.227.34 216.230.224.34
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F97D7863-76EA-40EF-A1BA-75639BB3D602}: DhcpNameServer = 216.230.224.34 216.230.227.34 216.230.224.34
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SYSTEM32\Userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/24 00:30:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/22 14:33:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/22 14:07:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JAVA
[2011/09/20 13:56:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011/09/18 20:15:55 | 000,000,000 | ---D | C] -- C:\Users\Stephen Clark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/09/18 20:15:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/09/18 15:43:20 | 000,000,000 | ---D | C] -- C:\Command Files
[2011/09/18 00:33:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011/09/17 22:54:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011/09/16 17:20:41 | 000,000,000 | ---D | C] -- C:\Users\Stephen Clark\AppData\Local\Sophos
[2011/09/16 16:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2011/09/15 13:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/09/08 17:59:02 | 000,000,000 | ---D | C] -- C:\Users\Stephen Clark\AppData\Roaming\HP
[2011/09/01 23:09:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2011/09/01 14:56:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Standalone LinkScanner
[2011/09/01 14:56:15 | 000,000,000 | ---D | C] -- C:\Users\Stephen Clark\AppData\Roaming\AVG2012
[2011/09/01 14:55:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/08/31 15:05:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/08/31 15:05:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011/08/26 22:20:11 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2011/08/26 22:15:45 | 000,000,000 | ---D | C] -- C:\Users\Stephen Clark\AppData\Roaming\Canon
[2011/08/26 22:06:21 | 000,000,000 | ---D | C] -- C:\Users\Stephen Clark\AppData\Local\Canon Easy-PhotoPrint EX
[2011/08/26 21:55:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV
[2011/08/26 21:45:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJSolutionMenuEX
[2011/08/26 21:44:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJMyPrinter
[2011/08/26 21:42:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP280 series User Registration
[2011/08/26 21:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2011/08/26 21:38:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP280 series
[2011/08/26 21:21:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEPPEX2
[2011/08/26 21:21:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonEPP
[2011/08/26 21:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJMSetup
[2011/08/26 21:14:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
[2011/08/26 21:12:48 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJWSpt
[2011/08/26 21:11:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2011/08/26 21:09:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP280 series Manual
[2011/08/26 21:09:41 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2011/08/26 21:08:53 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2011/08/26 21:07:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2011/08/26 14:36:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2011/08/25 15:08:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/08/25 15:08:26 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/08/25 15:08:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/08/25 15:08:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

========== Files - Modified Within 30 Days ==========

[2011/09/24 11:53:53 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2011/09/24 11:53:36 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011/09/24 11:53:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/24 11:53:23 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/24 11:13:45 | 000,013,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/24 11:13:45 | 000,013,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/24 11:11:58 | 105,014,696 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/09/23 17:49:29 | 000,218,859 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2011/09/23 17:10:11 | 000,436,492 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/09/22 17:46:19 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2011/09/22 16:41:57 | 000,436,492 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110923-171011.backup
[2011/09/22 15:00:00 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2011/09/22 14:55:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2011/09/21 11:19:19 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/09/21 11:19:19 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/09/19 15:59:35 | 000,436,492 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110922-164157.backup
[2011/09/19 14:53:25 | 000,003,011 | ---- | M] () -- C:\Users\Stephen Clark\Desktop\Microsoft Outlook 2010.lnk
[2011/09/18 20:15:55 | 000,003,011 | ---- | M] () -- C:\Users\Stephen Clark\Desktop\HiJackThis.lnk
[2011/09/18 15:15:18 | 000,001,141 | ---- | M] () -- C:\Users\Stephen Clark\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2011/09/18 00:40:48 | 000,414,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/09/08 14:58:11 | 000,001,217 | ---- | M] () -- C:\Windows\SysNative\CoreTemp.ini
[2011/09/01 23:09:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/09/01 23:09:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/08/27 15:45:40 | 000,436,492 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110919-155935.backup
[2011/08/26 02:08:46 | 000,436,492 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110827-154540.backup
[2011/08/26 02:07:15 | 000,436,492 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110826-020846.backup
[2011/08/25 15:08:55 | 000,001,793 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2011/09/18 20:15:55 | 000,003,011 | ---- | C] () -- C:\Users\Stephen Clark\Desktop\HiJackThis.lnk
[2011/09/01 23:09:55 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/09/01 23:09:55 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/08/31 15:05:40 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/08/26 21:31:29 | 000,001,217 | ---- | C] () -- C:\Windows\SysNative\CoreTemp.ini
[2011/08/26 21:09:24 | 000,012,800 | ---- | C] () -- C:\Windows\SysWow64\CNC1746D.TBL
[2011/08/26 21:09:24 | 000,012,800 | ---- | C] () -- C:\Windows\SysNative\CNC1746D.TBL
[2011/08/25 15:08:55 | 000,001,793 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/06/23 15:58:06 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2011/05/12 16:22:37 | 000,002,215 | ---- | C] () -- C:\Windows\wininit.ini
[2011/04/20 13:44:12 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/04/20 13:44:12 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/04/10 02:40:01 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011/04/09 00:51:28 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/06 16:15:16 | 011,010,048 | ---- | C] () -- C:\ProgramData\sandra.mda
[2009/08/27 02:04:12 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/09/01 14:56:15 | 000,000,000 | ---D | M] -- C:\Users\Stephen Clark\AppData\Roaming\AVG2012
[2011/08/26 22:20:11 | 000,000,000 | ---D | M] -- C:\Users\Stephen Clark\AppData\Roaming\Canon
[2011/09/24 11:53:53 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
[2011/09/24 11:53:36 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011/09/22 17:46:19 | 000,000,332 | ---- | M] () -- C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
[2011/08/27 22:38:42 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Users\Stephen Clark\Downloads:Shareaza.GUID

< End of report >
StephenClark
Regular Member
 
Posts: 46
Joined: September 18th, 2011, 5:17 pm

Re: SHAREA~1/Mediabar/datamngr reappears after deletion

Unread postby askey127 » September 24th, 2011, 2:31 pm

StephenClark,
One or two final things.
First we can get rid of the last reference to IEBHO.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :OTL
    
    :Services
    
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr]
    
    :Commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • You don't need to post the resulting log.
----------------------------------------------
Now about AVG:
I would not recommend this antivirus, because it installs its "LinkScanner" toolbar.
That is really nothing but a paid toolbar from ask.com, which will give you its own self serving advice, and maybe some redirects.
Calling this a security tool is make-believe.
AVG has been widely derided for this. Avira now does the same thing.
Ask.com pays them well so they don't seem to mind any ethical complications.

I would suggest you uninstall AVG, and immediately install Microsoft Security Essentials, or a paid AV like Kaspersky or ESET.
This, however, is up to you.
Microsoft Security Essentials is here: http://www.microsoft.com/en-us/security ... fault.aspx

I don't need to tell you to stay away from P2P programs, I trust.
Most Forums will not be gracious if it's apparent that a second malware removal visit is required because of P2P.
Also please avoid registry cleaners, boosters, optimizers, etc. They are very risky and don't do any good.

You should be good to go.
Nice work.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: SHAREA~1/Mediabar/datamngr reappears after deletion

Unread postby StephenClark » September 24th, 2011, 3:13 pm

OK, thanks for your advice, and the info about AVG. Can we try to clean my wife's machine now? It is identical to mine in hardware and operating system, and has all the same software. Or, do I need to post a new thread about her machine? Thanks so much for your help, and I will take your advice to heart.
StephenClark
Regular Member
 
Posts: 46
Joined: September 18th, 2011, 5:17 pm

Re: SHAREA~1/Mediabar/datamngr reappears after deletion

Unread postby askey127 » September 24th, 2011, 3:41 pm

We like to keep a separate topic for each machine, because these logs are used for teaching, so please start a new topic.
She can post the two logs directly from OTL first, without using DDS.
Mention Shareaza and link to this topic in the first post.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 29 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware