2013-07-19

Hi, I know this thread is old, but I'm running into the same problem as the OP.

I'm using a netbook, model ASUS EeePC 1005-HAB, operating on Windows XP. I already reset to the fabric settings using the system image hosted in a hidden partition, and the search window (puppy dog included) keeps popping. It stops after a while, though, then comes back... quite randomly.

I already ran the MBAM and the OTL as suggested.

MBAM removed one registry entry. Anyway, here are the reports. I just noticed the MBAM report is in Spanish, sorry.

Thanks in advance.

Attachment 1977
Attachment 1975
Attachment 1976

*** MBAM-log.txt***

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Versión de la Base de Datos: v2013.07.19.08

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 7.0.5730.13

Rafael Villar Liñán :: EEE-RAFAEL [administrador]

19/07/2013 20:29:19

mbam-log-2013-07-19 (20-29-19).txt

Tipos de Análisis: Análisis Completo (C:\|)

Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opciones de análisis desactivados: P2P

Objetos examinados: 217459

Tiempo transcurrido: 16 minuto(s), 33 segundo(s)

Procesos en Memoria Detectados: 0

(No se han detectado elementos maliciosos)

Módulos de Memoria Detectados: 0

(No se han detectado elementos maliciosos)

Claves del Registro Detectados: 0

(No se han detectado elementos maliciosos)

Valores del Registro Detectados: 0

(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Detectados: 1

HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Malo: (1) Bueno: (0) -> En cuarentena y reparado con éxito.

Carpetas Detectadas: 0

(No se han detectado elementos maliciosos)

Archivos Detectados: 0

(No se han detectado elementos maliciosos)

fin)

*** END OF MBAM-log.txt ***

*** OTL.txt ***

OTL logfile created on: 19/07/2013 20:55:38 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Rafael Villar Liñán\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000C0A | Country: Spain | Language: ESN | Date Format: dd/MM/yyyy

1015,17 Mb Total Physical Memory | 699,54 Mb Available Physical Memory | 68,91% Memory free

2,38 Gb Paging File | 2,18 Gb Available in Paging File | 91,23% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 144,12 Gb Total Space | 137,22 Gb Free Space | 95,21% Space Free | Partition Type: NTFS

Computer Name: EEE-RAFAEL | User Name: Rafael Villar Liñán | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Rafael Villar Liñán\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)

PRC - C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)

PRC - C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found

DRV - (PDRFRAME) -- File not found

DRV - (PDRELI) -- File not found

DRV - (PDFRAME) -- File not found

DRV - (PDCOMP) -- File not found

DRV - (PCIDump) -- File not found

DRV - (lbrtfdc) -- File not found

DRV - (i2omgmt) -- File not found

DRV - (Changer) -- File not found

DRV - (BTWUSB) -- System32\Drivers\btwusb.sys File not found

DRV - (btwhid) -- system32\DRIVERS\btwhid.sys File not found

DRV - (BTWDNDIS) -- system32\DRIVERS\btwdndis.sys File not found

DRV - (BTDriver) -- system32\DRIVERS\btport.sys File not found

DRV - (btaudio) -- system32\drivers\btaudio.sys File not found

DRV - (SRS_PremiumSound_Service) -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386. sys ()

DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)

DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.)

DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)

DRV - (uvclf) -- C:\WINDOWS\system32\drivers\uvclf.sys (GenesysLogic Technologies, Inc.)

DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)

DRV - (AsusACPI) -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS (ASUSTeK Computer Inc.)

DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?...eferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eeepc.asus.com/global

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?...eferrer:source?}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

O1 HOSTS File: ([2008/04/14 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)

O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)

O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)

O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm File not found

O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.58.61.250 80.58.61.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{EEF44FE1-B6BC-4DDA-9A6C-1876EC7119F9}: DhcpNameServer = 80.58.61.250 80.58.61.254

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Eee PC Seashell_1.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Eee PC Seashell_1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/04/28 07:03:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/20 01:15:30 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Rafael Villar Liñán\Application Data\Microsoft

[2013/07/20 01:15:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Rafael Villar Liñán\SendTo

[2013/07/20 01:15:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Recent

[2013/07/20 01:15:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Application Data

[2013/07/20 01:15:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Start Menu\Programs\Startup

[2013/07/20 01:15:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Start Menu

[2013/07/20 01:15:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rafael Villar Liñán\My Documents\My Pictures

[2013/07/20 01:15:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rafael Villar Liñán\My Documents\My Music

[2013/07/20 01:15:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rafael Villar Liñán\My Documents

[2013/07/20 01:15:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Favorites

[2013/07/20 01:15:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Start Menu\Programs\Accessories

[2013/07/20 01:15:30 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Rafael Villar Liñán\Cookies

[2013/07/20 01:15:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Templates

[2013/07/20 01:15:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Rafael Villar Liñán\PrintHood

[2013/07/20 01:15:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Rafael Villar Liñán\NetHood

[2013/07/20 01:15:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Local Settings

[2013/07/20 01:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Local Settings\Application Data\SRS Labs

[2013/07/20 01:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael Villar Liñán\My Documents\My Videos

[2013/07/20 01:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael Villar Liñán\My Documents\My Office

[2013/07/20 01:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael Villar Liñán\My Documents\My Ebooks

[2013/07/20 01:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Local Settings\Application Data\Microsoft Help

[2013/07/20 01:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Local Settings\Application Data\Microsoft

[2013/07/20 01:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Application Data\InstallShield

[2013/07/20 01:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Application Data\Identities

[2013/07/20 01:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Desktop

[2013/07/20 01:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Local Settings\Application Data\ApplicationHistory

[2013/07/20 01:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Local Settings\Application Data\Adobe

[2013/07/20 01:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Application Data\Adobe

[2013/07/19 20:53:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rafael Villar Liñán\Desktop\OTL.exe

[2013/07/19 20:28:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Application Data\Malwarebytes

[2013/07/19 20:27:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/07/19 20:27:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2013/07/19 20:27:42 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2013/07/19 20:27:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2013/07/19 20:27:08 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rafael Villar Liñán\Desktop\mbam-setup-1.75.0.1300.exe

[2013/07/19 20:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Application Data\Macromedia

[2013/07/19 19:26:48 | 000,000,000 | ---D | C] -- C:\rom

[2013/07/19 19:25:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/20 01:15:49 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Rafael Villar Liñán\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2013/07/20 01:15:43 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Rafael Villar Liñán\Desktop\Windows Media Player.lnk

[2013/07/20 01:14:45 | 000,000,068 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf

[2013/07/20 01:13:10 | 000,000,211 | RHS- | M] () -- C:\boot.ini

[2013/07/20 01:13:07 | 000,005,208 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF

[2013/07/19 20:53:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rafael Villar Liñán\Desktop\OTL.exe

[2013/07/19 20:52:47 | 000,401,964 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2013/07/19 20:52:47 | 000,063,094 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2013/07/19 20:47:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/07/19 20:27:22 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rafael Villar Liñán\Desktop\mbam-setup-1.75.0.1300.exe

[2013/07/19 19:32:14 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/20 01:15:43 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\Rafael Villar Liñán\Desktop\Windows Media Player.lnk

[2013/07/20 01:15:31 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Rafael Villar Liñán\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2013/07/20 01:15:31 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\Rafael Villar Liñán\Desktop\Install Norton Internet Security.lnk

[2013/07/20 01:15:31 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Rafael Villar Liñán\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

[2013/07/20 01:15:30 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Rafael Villar Liñán\Start Menu\Programs\Remote Assistance.lnk

[2013/07/20 01:15:30 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Rafael Villar Liñán\Start Menu\Programs\Internet Explorer.lnk

[2013/07/20 01:15:30 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Rafael Villar Liñán\Start Menu\Programs\Windows Media Player.lnk

[2013/07/20 01:15:30 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Rafael Villar Liñán\Start Menu\Programs\Outlook Express.lnk

========== ZeroAccess Check ==========

[2009/05/05 18:13:45 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc8 7-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2009/03/03 01:04:03 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA 9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 14:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CD B-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 14:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2009/05/05 18:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wireless LAN Card

========== Purity Check ==========

< End of report >

*** END OF OTL.txt ***

*** EXTRAS.txt***

OTL Extras logfile created on: 19/07/2013 20:55:38 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Rafael Villar Liñán\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000C0A | Country: Spain | Language: ESN | Date Format: dd/MM/yyyy

1015,17 Mb Total Physical Memory | 699,54 Mb Available Physical Memory | 68,91% Memory free

2,38 Gb Paging File | 2,18 Gb Available in Paging File | 91,23% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 144,12 Gb Total Space | 137,22 Gb Free Space | 95,21% Space Free | Partition Type: NTFS

Computer Name: EEE-RAFAEL | User Name: Rafael Villar Liñán | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res. dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res. dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]

"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery

"{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = USB2.0 UVC Camera Device

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{47BACF74-5A07-48BD-BADB-A769550F0F5A}" = FontResizer

"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update

"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC

"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6

"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid

"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail

"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer

"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0

"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety

"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN Card

"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar

"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack

"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1

"{B9BDA46B-2E17-4F43-9D7A-9B1E09A0A4D8}" = Data Sync

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials

"{C72CA49A-9237-4810-8449-45DA3BD26D64}" = EzMessenger

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Eee Docking_is1" = Eee Docking 1.3.1.0

"EeePC_1005HA" = EeePC_1005HA Screen Saver

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versión 1.75.0.1300

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WinLiveSuite_Wave3" = Windows Live Essentials

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

< End of report >

*** END OF EXTRAS.txt ***

Attached Files

OTL.Txt‎
(31.9 KB)

Extras.Txt‎
(23.6 KB)

mbam-log-2013-07-19 (20-29-19).txt‎
(2.5 KB)

Show more