Somehow this malware has gotten onto my sister's computer and I am trying to help her fix it. It redirects the home page from google to search.imesh.net. The computer is running awfully slow (not that it was very fast to begin with but now it is worse). Also, I don't know if this has anything to do with it but every time I log on the firewall is turned off and I have to turn it back on. If it is not this malware doing this I need to figure out what is causing that to happen. It's just a little Dell notepad but she is disabled and we are trying to teach her how to use a computer before getting her a laptop. She is not savvy enough to know to turn on the firewall every time she boots the computer, though I think we could train her. Any help with these issues would be appreciated. Below are the scans. I also did a scan with Microsoft Security Essentials and it came up clean.

Malware Bytes

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.20.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
User XP :: DARLAPTOP [administrator]

2/20/2013 2:09:06 PM
mbam-log-2013-02-20 (14-09-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211038
Time elapsed: 8 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

************************************

ASWMBR

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-20 14:32:36
-----------------------------
14:32:36.062 OS Version: Windows 5.1.2600 Service Pack 3
14:32:36.062 Number of processors: 1 586 0xD08
14:32:36.062 ComputerName: DARLAPTOP UserName: User XP
14:32:38.140 Initialize success
14:33:08.546 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
14:33:08.562 Disk 0 Vendor: FUJITSU_MHV2080AH 000000A0 Size: 76319MB BusType: 3
14:33:08.593 Disk 0 MBR read successfully
14:33:08.609 Disk 0 MBR scan
14:33:08.625 Disk 0 Windows XP default MBR code
14:33:08.640 Disk 0 Partition 1 80 (A) 06 FAT16 MSDOS5.0 2047 MB offset 63
14:33:08.640 Disk 0 Partition - 00 0F Extended LBA 74269 MB offset 4192965
14:33:08.671 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 74269 MB offset 4193028
14:33:08.687 Disk 0 scanning sectors +156296385
14:33:08.765 Disk 0 scanning D:\WINDOWS\system32\drivers
14:33:14.171 Service scanning
14:33:19.875 Service MpKsl244cbbad d:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2082D495-C2CD-4A38-84DF-0E7931F42885}\MpKsl244cbbad.sys **LOCKED** 32
14:33:27.265 Modules scanning
14:33:35.031 Disk 0 trace - called modules:
14:33:36.109 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
14:33:36.156 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89dedab8]
14:33:36.203 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89e58770]
14:33:36.250 Scan finished successfully
14:34:40.843 Disk 0 MBR has been saved successfully to "D:\Documents and Settings\User XP\Desktop\MBR.dat"
14:34:40.890 The log file has been saved successfully to "D:\Documents and Settings\User XP\Desktop\aswMBR02-20-13.txt"


********************************
DDS Attach

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/9/2011 3:45:56 PM
System Uptime: 2/20/2013 1:39:44 PM (2 hours ago)
.
Motherboard: Dell Inc. | | 0MG948
Processor: Intel(R) Pentium(R) M processor 1.73GHz | Microprocessor | 1729/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (FAT32) - 2 GiB total, 1.691 GiB free.
D: is FIXED (NTFS) - 73 GiB total, 62.49 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Device ID: PCI\VEN_8086&DEV_2592&SUBSYS_018F1028&REV_03\3&61AAA01&0&10
Manufacturer: Intel Corporation
Name: Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
PNP Device ID: PCI\VEN_8086&DEV_2592&SUBSYS_018F1028&REV_03\3&61AAA01&0&10
Service: ialm
.
Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Device ID: PCI\VEN_8086&DEV_2792&SUBSYS_018F1028&REV_03\3&61AAA01&0&11
Manufacturer: Intel Corporation
Name: Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
PNP Device ID: PCI\VEN_8086&DEV_2792&SUBSYS_018F1028&REV_03\3&61AAA01&0&11
Service: ialm
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom NetXtreme 57xx Gigabit Controller
Device ID: PCI\VEN_14E4&DEV_1677&SUBSYS_018F1028&REV_01\4&2959CBDC&0&00E0
Manufacturer: Broadcom
Name: Broadcom NetXtreme 57xx Gigabit Controller
PNP Device ID: PCI\VEN_14E4&DEV_1677&SUBSYS_018F1028&REV_01\4&2959CBDC&0&00E0
Service: b57w2k
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: MAC Bridge Miniport
Device ID: ROOT\MS_BRIDGEMP\0000
Manufacturer: Microsoft
Name: MAC Bridge Miniport
PNP Device ID: ROOT\MS_BRIDGEMP\0000
Service: BridgeMP
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Infrared Port
Device ID: ROOT\MS_IRDAMINIPORT\0000
Manufacturer: Microsoft
Name: Infrared Port
PNP Device ID: ROOT\MS_IRDAMINIPORT\0000
Service: Rasirda
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3)
Broadcom Gigabit Integrated Controller
C-Major Audio
Conexant D110 MDC V.92 Modem
Encompass360 NetBranch Installation Manager
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HTC Driver Installer
HTC Sync
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PROSet/Wireless WiFi Software
Java Auto Updater
Java(TM) 6 Update 25
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
.
==== Event Viewer Messages From Past Week ========
.
2/20/2013 1:41:40 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.2229.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x80004002 Error description: No such interface supported
2/17/2013 1:25:55 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.2229.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x80004002 Error description: No such interface supported
2/16/2013 6:54:22 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.2229.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x80004002 Error description: No such interface supported
2/16/2013 6:33:01 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.2229.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x80004002 Error description: No such interface supported
2/16/2013 6:19:50 PM, error: System Error [1003] - Error code 100000ea, parameter1 89c00ca0, parameter2 89de5c90, parameter3 b8d5fcb4, parameter4 00000001.
2/16/2013 5:51:19 PM, error: Service Control Manager [7023] - The Remote Access Connection Manager service terminated with the following error: The specified module could not be found.
2/16/2013 5:51:18 PM, error: Rasman [20063] - Remote Access Connection Manager failed to start because the Point to Point Protocol failed to initialize. The specified module could not be found.
2/16/2013 5:39:38 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.2229.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x80004002 Error description: No such interface supported
2/16/2013 5:29:33 PM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
2/16/2013 5:29:32 PM, error: Service Control Manager [7001] - The Remote Access Auto Connection Manager service depends on the Remote Access Connection Manager service which failed to start because of the following error: The specified module could not be found.
2/16/2013 5:29:29 PM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: The specified module could not be found.
2/16/2013 5:29:29 PM, error: Service Control Manager [7001] - The Infrared Monitor service depends on the IrDA Protocol service which failed to start because of the following error: The system cannot find the file specified.
2/16/2013 5:29:29 PM, error: Service Control Manager [7000] - The IrDA Protocol service failed to start due to the following error: The system cannot find the file specified.
2/13/2013 4:46:33 PM, error: Dhcp [1002] - The IP address lease 192.168.2.6 for the Network Card with network address 00166FA749A2 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
2/13/2013 4:45:36 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.1318.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/13/2013 4:45:36 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.1318.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
2/13/2013 4:45:36 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.1318.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
.
==== End Of File ===========================


DDS

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by User XP at 15:00:50 on 2013-02-20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1455 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
d:\Program Files\Microsoft Security Client\MsMpEng.exe
D:\Program Files\Intel\WiFi\bin\S24EvMon.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\SCardSvr.exe
D:\Program Files\Intel\WiFi\bin\EvtEng.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
D:\Program Files\Intel\WiFi\bin\WLKeeper.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
D:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
D:\Program Files\Microsoft Security Client\msseces.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\WINDOWS\system32\wbem\unsecapp.exe
D:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
D:\Program Files\Common Files\Teleca Shared\logger.exe
D:\Program Files\Common Files\Teleca Shared\Generic.exe
D:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
D:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
D:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
D:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
D:\WINDOWS\System32\alg.exe
D:\Documents and Settings\User XP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\User XP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\User XP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\User XP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
D:\WINDOWS\system32\svchost.exe -k NetworkService
D:\WINDOWS\system32\svchost.exe -k LocalService
D:\WINDOWS\system32\svchost.exe -k LocalService
D:\WINDOWS\system32\svchost.exe -k bthsvcs
D:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?l=dis&o=15866
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - d:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - d:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
uRun: [Google Update] "d:\documents and settings\user xp\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [MSMSGS] "d:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "d:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [DW6] "d:\program files\the weather channel fw\desktop\DesktopWeather.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [igfxtray] d:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] d:\windows\system32\hkcmd.exe
mRun: [igfxpers] d:\windows\system32\igfxpers.exe
mRun: [IntelZeroConfig] "d:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "d:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [SunJavaUpdateSched] "d:\program files\common files\java\java update\jusched.exe"
mRun: [Mobile Connectivity Suite] "d:\program files\htc\htc sync\application launcher\Application Launcher.exe" /startoptions
mRun: [Adobe ARM] "d:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "d:\program files\microsoft security client\msseces.exe" -hide -runkey
mRunOnce: [Malwarebytes Anti-Malware] d:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [DWQueuedReporting] "d:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{FA792F11-65CA-431C-8DC4-4503E192AFB6} : DHCPNameServer = 192.168.0.1 205.171.3.25
Notify: igfxcui - igfxdev.dll
AppInit_DLLs=
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\wpdshserviceobj.dll
Hosts: 127.0.0.1 mpa.one.microsoft.com
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;d:\windows\system32\drivers\MpFilter.sys [2011-4-18 193552]
R1 MpKsl244cbbad;MpKsl244cbbad;d:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2082d495-c2cd-4a38-84df-0e7931f42885}\MpKsl244cbbad.sys [2013-2-20 29904]
R3 GTIPCI21;GTIPCI21;d:\windows\system32\drivers\gtipci21.sys [2011-5-9 88192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;d:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-02-20 21:32:37 29904 ----a-w- d:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2082d495-c2cd-4a38-84df-0e7931f42885}\MpKsl244cbbad.sys
2013-02-20 20:56:05 -------- d-----w- d:\documents and settings\user xp\application data\Malwarebytes
2013-02-20 20:55:26 -------- d-----w- d:\documents and settings\all users\application data\Malwarebytes
2013-02-20 20:55:23 21104 ----a-w- d:\windows\system32\drivers\mbam.sys
2013-02-20 20:55:23 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2013-02-13 23:58:56 6991832 ----a-w- d:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2082d495-c2cd-4a38-84df-0e7931f42885}\mpengine.dll
2013-02-01 05:16:56 6991832 ----a-w- d:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-01-30 19:13:07 -------- d-----w- d:\documents and settings\user xp\local settings\application data\The Weather Channel
2013-01-29 20:24:01 -------- d-----w- d:\documents and settings\user xp\Incomplete
2013-01-29 20:23:38 -------- d-----w- d:\documents and settings\user xp\local settings\application data\APN
2013-01-29 20:23:10 -------- d-----w- d:\documents and settings\all users\application data\Ask
2013-01-29 20:22:50 -------- d-----w- d:\program files\MP3 Rocket Downloader
2013-01-29 20:22:42 -------- d-----w- d:\documents and settings\user xp\application data\MP3Rocket
2013-01-29 20:17:51 -------- d-----w- d:\documents and settings\user xp\local settings\application data\Real
2013-01-29 20:14:47 -------- d-----w- d:\program files\The Weather Channel FW
2013-01-29 19:06:11 -------- d-----w- d:\documents and settings\all users\application data\B5D
2013-01-29 02:55:28 -------- d-----w- d:\documents and settings\user xp\AppData
2013-01-29 02:55:27 -------- d-----w- d:\documents and settings\user xp\application data\searchresultstb
2013-01-29 02:54:08 -------- d-----w- d:\documents and settings\all users\application data\boost_interprocess
2013-01-29 02:49:31 -------- d-----w- d:\program files\iMesh Applications
2013-01-29 02:43:29 -------- d-----w- d:\documents and settings\user xp\local settings\application data\PackageAware
.
==================== Find3M ====================
.
2013-01-30 10:53:21 232336 ------w- d:\windows\system32\MpSigStub.exe
2012-12-16 12:23:59 290560 ----a-w- d:\windows\system32\atmfd.dll
.
============= FINISH: 15:01:15.98 ===============