Hi, I know this thread is old, but I'm running into the same problem as the OP.
I'm using a netbook, model ASUS EeePC 1005-HAB, operating on Windows XP. I already reset to the fabric settings using the system image hosted in a hidden partition, and the search window (puppy dog included) keeps popping. It stops after a while, though, then comes back... quite randomly.
I already ran the MBAM and the OTL as suggested.
MBAM removed one registry entry. Anyway, here are the reports. I just noticed the MBAM report is in Spanish, sorry.
Thanks in advance.
Attachment 1977
Attachment 1975
Attachment 1976
*** MBAM-log.txt***
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Versión de la Base de Datos: v2013.07.19.08
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Rafael Villar Liñán :: EEE-RAFAEL [administrador]
19/07/2013 20:29:19
mbam-log-2013-07-19 (20-29-19).txt
Tipos de Análisis: Análisis Completo (C:\|)
Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opciones de análisis desactivados: P2P
Objetos examinados: 217459
Tiempo transcurrido: 16 minuto(s), 33 segundo(s)
Procesos en Memoria Detectados: 0
(No se han detectado elementos maliciosos)
Módulos de Memoria Detectados: 0
(No se han detectado elementos maliciosos)
Claves del Registro Detectados: 0
(No se han detectado elementos maliciosos)
Valores del Registro Detectados: 0
(No se han detectado elementos maliciosos)
Elementos de Datos del Registro Detectados: 1
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Malo: (1) Bueno: (0) -> En cuarentena y reparado con éxito.
Carpetas Detectadas: 0
(No se han detectado elementos maliciosos)
Archivos Detectados: 0
(No se han detectado elementos maliciosos)
fin)
*** END OF MBAM-log.txt ***
*** OTL.txt ***
OTL logfile created on: 19/07/2013 20:55:38 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Rafael Villar Liñán\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C0A | Country: Spain | Language: ESN | Date Format: dd/MM/yyyy
1015,17 Mb Total Physical Memory | 699,54 Mb Available Physical Memory | 68,91% Memory free
2,38 Gb Paging File | 2,18 Gb Available in Paging File | 91,23% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144,12 Gb Total Space | 137,22 Gb Free Space | 95,21% Space Free | Partition Type: NTFS
Computer Name: EEE-RAFAEL | User Name: Rafael Villar Liñán | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Rafael Villar Liñán\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (BTWUSB) -- System32\Drivers\btwusb.sys File not found
DRV - (btwhid) -- system32\DRIVERS\btwhid.sys File not found
DRV - (BTWDNDIS) -- system32\DRIVERS\btwdndis.sys File not found
DRV - (BTDriver) -- system32\DRIVERS\btport.sys File not found
DRV - (btaudio) -- system32\drivers\btaudio.sys File not found
DRV - (SRS_PremiumSound_Service) -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386. sys ()
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (uvclf) -- C:\WINDOWS\system32\drivers\uvclf.sys (GenesysLogic Technologies, Inc.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (AsusACPI) -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS (ASUSTeK Computer Inc.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?...eferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eeepc.asus.com/global
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?...eferrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
O1 HOSTS File: ([2008/04/14 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm File not found
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.58.61.250 80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{EEF44FE1-B6BC-4DDA-9A6C-1876EC7119F9}: DhcpNameServer = 80.58.61.250 80.58.61.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Eee PC Seashell_1.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Eee PC Seashell_1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/28 07:03:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/07/20 01:15:30 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Rafael Villar Liñán\Application Data\Microsoft
[2013/07/20 01:15:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Rafael Villar Liñán\SendTo
[2013/07/20 01:15:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Recent
[2013/07/20 01:15:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Application Data
[2013/07/20 01:15:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Start Menu\Programs\Startup
[2013/07/20 01:15:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Start Menu
[2013/07/20 01:15:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rafael Villar Liñán\My Documents\My Pictures
[2013/07/20 01:15:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rafael Villar Liñán\My Documents\My Music
[2013/07/20 01:15:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rafael Villar Liñán\My Documents
[2013/07/20 01:15:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Favorites
[2013/07/20 01:15:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Start Menu\Programs\Accessories
[2013/07/20 01:15:30 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Rafael Villar Liñán\Cookies
[2013/07/20 01:15:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Templates
[2013/07/20 01:15:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Rafael Villar Liñán\PrintHood
[2013/07/20 01:15:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Rafael Villar Liñán\NetHood
[2013/07/20 01:15:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Local Settings
[2013/07/20 01:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Local Settings\Application Data\SRS Labs
[2013/07/20 01:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael Villar Liñán\My Documents\My Videos
[2013/07/20 01:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael Villar Liñán\My Documents\My Office
[2013/07/20 01:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael Villar Liñán\My Documents\My Ebooks
[2013/07/20 01:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Local Settings\Application Data\Microsoft Help
[2013/07/20 01:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Local Settings\Application Data\Microsoft
[2013/07/20 01:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Application Data\InstallShield
[2013/07/20 01:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Application Data\Identities
[2013/07/20 01:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Desktop
[2013/07/20 01:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Local Settings\Application Data\ApplicationHistory
[2013/07/20 01:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Local Settings\Application Data\Adobe
[2013/07/20 01:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Application Data\Adobe
[2013/07/19 20:53:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rafael Villar Liñán\Desktop\OTL.exe
[2013/07/19 20:28:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Application Data\Malwarebytes
[2013/07/19 20:27:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/19 20:27:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/07/19 20:27:42 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/07/19 20:27:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/07/19 20:27:08 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rafael Villar Liñán\Desktop\mbam-setup-1.75.0.1300.exe
[2013/07/19 20:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael Villar Liñán\Application Data\Macromedia
[2013/07/19 19:26:48 | 000,000,000 | ---D | C] -- C:\rom
[2013/07/19 19:25:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/07/20 01:15:49 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Rafael Villar Liñán\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/07/20 01:15:43 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Rafael Villar Liñán\Desktop\Windows Media Player.lnk
[2013/07/20 01:14:45 | 000,000,068 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2013/07/20 01:13:10 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2013/07/20 01:13:07 | 000,005,208 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2013/07/19 20:53:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rafael Villar Liñán\Desktop\OTL.exe
[2013/07/19 20:52:47 | 000,401,964 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/07/19 20:52:47 | 000,063,094 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/07/19 20:47:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/07/19 20:27:22 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rafael Villar Liñán\Desktop\mbam-setup-1.75.0.1300.exe
[2013/07/19 19:32:14 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/07/20 01:15:43 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\Rafael Villar Liñán\Desktop\Windows Media Player.lnk
[2013/07/20 01:15:31 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Rafael Villar Liñán\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/07/20 01:15:31 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\Rafael Villar Liñán\Desktop\Install Norton Internet Security.lnk
[2013/07/20 01:15:31 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Rafael Villar Liñán\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2013/07/20 01:15:30 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Rafael Villar Liñán\Start Menu\Programs\Remote Assistance.lnk
[2013/07/20 01:15:30 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Rafael Villar Liñán\Start Menu\Programs\Internet Explorer.lnk
[2013/07/20 01:15:30 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Rafael Villar Liñán\Start Menu\Programs\Windows Media Player.lnk
[2013/07/20 01:15:30 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Rafael Villar Liñán\Start Menu\Programs\Outlook Express.lnk
========== ZeroAccess Check ==========
[2009/05/05 18:13:45 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc8 7-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/03/03 01:04:03 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA 9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 14:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CD B-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 14:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2009/05/05 18:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wireless LAN Card
========== Purity Check ==========
< End of report >
*** END OF OTL.txt ***
*** EXTRAS.txt***
OTL Extras logfile created on: 19/07/2013 20:55:38 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Rafael Villar Liñán\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C0A | Country: Spain | Language: ESN | Date Format: dd/MM/yyyy
1015,17 Mb Total Physical Memory | 699,54 Mb Available Physical Memory | 68,91% Memory free
2,38 Gb Paging File | 2,18 Gb Available in Paging File | 91,23% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144,12 Gb Total Space | 137,22 Gb Free Space | 95,21% Space Free | Partition Type: NTFS
Computer Name: EEE-RAFAEL | User Name: Rafael Villar Liñán | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res. dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res. dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = USB2.0 UVC Camera Device
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{47BACF74-5A07-48BD-BADB-A769550F0F5A}" = FontResizer
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN Card
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1
"{B9BDA46B-2E17-4F43-9D7A-9B1E09A0A4D8}" = Data Sync
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C72CA49A-9237-4810-8449-45DA3BD26D64}" = EzMessenger
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Eee Docking_is1" = Eee Docking 1.3.1.0
"EeePC_1005HA" = EeePC_1005HA Screen Saver
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versión 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
< End of report >
*** END OF EXTRAS.txt ***
Attached Files
OTL.Txt
(31.9 KB)Extras.Txt
(23.6 KB)mbam-log-2013-07-19 (20-29-19).txt
(2.5 KB)