Google Redirect Virus [Solved]

I no longer notice redirect problems in IE; however, I do not use it as much as Firefox. Before the repair, I did have the problems in IE. In Firefox, it only occasionally redirects. Today it redirected me to "http://63.209.69.107/search/web/" a few times. It used to redirect on every Google search before the repair.

I did pick up something new today when testing Google searches (Rogue.InternetSecurity/Backdoor.IRCBot), but Malwarebytes seems to have removed it. The ESET and Kaspersky scans did not pick up anything today. Here is the OTL log:

OTL logfile created on: 4/3/2012 9:41:42 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.96 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 76.11% Memory free
3.81 Gb Paging File | 3.47 Gb Available in Paging File | 90.98% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 54.07 Gb Free Space | 72.57% Space Free | Partition Type: NTFS

Computer Name: DAVE | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/03 21:40:53 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2011/12/23 16:00:00 | 000,611,144 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK32.EXE
PRC - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011/09/22 12:03:02 | 003,080,264 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/04/02 18:33:16 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/04/13 19:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/12 18:09:16 | 002,521,880 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\UNS.exe
PRC - [2007/06/12 18:09:16 | 000,183,064 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe
PRC - [2007/06/12 18:09:14 | 000,408,344 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchk.exe
PRC - [2007/06/12 18:09:14 | 000,109,336 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2003/11/20 15:08:14 | 000,057,344 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe
PRC - [2003/11/06 16:51:32 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\FSRremoS.EXE
PRC - [2001/12/15 12:10:36 | 000,036,864 | ---- | M] (Zenographics) -- C:\WINDOWS\system32\zstatus.exe

========== Modules (No Company Name) ==========

MOD - [2010/11/17 14:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/11/05 08:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2003/11/06 16:51:32 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\FSRremoS.EXE

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\imonitor.dll -- (zpjava)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\usbser.dll -- (viairda)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rampartsvc.dll -- (SE27mgmt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Sus2pl.dll -- (rvscc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ctxcpuusync.dll -- (dcpflics)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pdlndint.dll -- (btwhid)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NVR0FLASHDev.dll -- (ATWPKT2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NCPro.dll -- (ativraxx)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\softfax.dll -- (athr)
SRV - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007/06/12 18:09:16 | 002,521,880 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\UNS.exe -- (UNS) Intel®
SRV - [2007/06/12 18:09:16 | 000,183,064 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv) Intel®
SRV - [2007/06/12 18:09:14 | 000,109,336 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel®

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\Senfilt.sys -- (SenFiltService)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2011/08/09 14:24:52 | 000,154,136 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2011/08/04 09:20:38 | 000,103,112 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2011/08/04 09:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2008/09/05 01:53:02 | 000,030,816 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2007/06/12 18:05:50 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2003/02/11 14:25:14 | 000,009,216 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pelusblf.sys -- (pelusblf)
DRV - [2003/01/10 14:55:32 | 000,016,384 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS -- (pelmouse)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADFA_enUS428
IE - HKCU\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.c...on=1.1.3001.0(B)
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...22&geo=US&ver=5
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3101810
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\Administrator\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/22 21:08:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/03/22 23:43:06 | 000,000,000 | ---D | M]

[2012/02/27 18:59:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012/03/22 02:10:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jmokftwi.default\extensions
[2012/03/06 18:08:38 | 000,000,915 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jmokftwi.default\searchplugins\conduit.xml
[2012/02/27 18:59:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JMOKFTWI.DEFAULT\EXTENSIONS\[email protected]
[2012/03/22 21:08:27 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/16 06:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 06:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/03/28 20:53:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [atchk] C:\Program Files\Intel\AMT\atchk.exe (Intel Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [hp 1000 firmware] C:\Program Files\hp LaserJet 1000\fwdl.exe (Zenographics)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1267538491453 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.co.../DellSystem.CAB (DellSystem.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E83028F-AB7C-47F6-99AB-FFE7E9CFB54B}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/01 18:06:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/03 21:40:49 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/03/28 22:09:54 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2012/03/28 22:08:04 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/03/28 20:41:00 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/03/28 20:40:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/03/28 20:40:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/03/28 20:40:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/03/28 20:40:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/03/28 20:40:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/03/28 20:39:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/28 20:37:58 | 004,448,457 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2012/03/28 20:14:53 | 000,649,489 | ---- | C] (maliprog @ Geekstogo) -- C:\Documents and Settings\Administrator\Desktop\GrabSample.exe
[2012/03/27 18:54:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\WinZip
[2012/03/27 18:53:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2012/03/27 18:53:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2012/03/27 18:53:31 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2012/03/27 18:34:05 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2012/03/27 18:23:00 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/27 18:17:09 | 002,068,016 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
[2012/03/23 01:32:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2012/03/23 00:48:05 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/03/22 23:43:05 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/03/22 23:43:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
[2012/03/22 23:43:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2012/03/22 21:01:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\NPE
[2012/03/22 20:39:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\LogMeIn Rescue Applet
[2012/03/22 20:27:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Tific
[2012/03/21 22:16:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp8610514F-18B1-03A5-16C7-FED07C0DD337-Signatures
[2012/03/20 19:36:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/03/20 00:46:13 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2012/03/20 00:42:53 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012/03/20 00:42:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Somoto
[2012/03/20 00:42:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
[2012/03/20 00:35:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2012/03/20 00:03:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/03/19 22:06:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\COMPUTER
[2012/03/19 21:13:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2012/03/19 21:13:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2012/03/17 11:50:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/03/17 11:49:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/03/17 11:28:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/03/16 23:43:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/03/16 23:43:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

========== Files - Modified Within 30 Days ==========

[2012/04/03 21:42:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D855DFAE-6614-4717-84E5-05867E2AD715}.job
[2012/04/03 21:40:53 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/04/03 21:31:54 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/03 21:31:35 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/03 21:31:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/03 20:47:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/03 19:13:44 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Internet Security.lnk
[2012/04/03 19:03:27 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Word.lnk
[2012/04/02 18:43:00 | 128,392,280 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\setup_11.0.0.1245.x01_2012_04_03_01_23.exe
[2012/03/29 08:24:18 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Excel 2003.lnk
[2012/03/28 20:53:57 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/03/28 20:41:04 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/03/28 20:38:07 | 004,448,457 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2012/03/28 20:14:54 | 000,649,489 | ---- | M] (maliprog @ Geekstogo) -- C:\Documents and Settings\Administrator\Desktop\GrabSample.exe
[2012/03/27 19:13:14 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\zxvccchm.exe
[2012/03/27 19:06:56 | 000,000,499 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.zip
[2012/03/27 18:53:47 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2012/03/27 18:53:47 | 000,001,670 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2012/03/27 18:44:14 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2012/03/27 18:34:14 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2012/03/27 18:23:56 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/27 18:17:33 | 002,068,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
[2012/03/23 18:24:26 | 000,251,062 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SysInspector-DAVE-120323-1818.zip
[2012/03/22 22:04:57 | 000,000,340 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\SMRResults250.dat
[2012/03/22 20:58:12 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/03/20 00:46:18 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2012/03/16 22:07:04 | 000,231,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/15 01:31:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/11 22:37:03 | 000,462,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/11 22:37:03 | 000,078,542 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/07 06:31:40 | 000,379,251 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\120306163603_0001.pdf
[2012/03/07 06:31:24 | 000,305,742 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\BCPS 3D GLOVER.pdf

========== Files Created - No Company Name ==========

[2012/04/03 19:13:44 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Internet Security.lnk
[2012/04/02 18:41:48 | 128,392,280 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\setup_11.0.0.1245.x01_2012_04_03_01_23.exe
[2012/03/28 20:41:04 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/03/28 20:41:02 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/03/28 20:40:05 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/03/28 20:40:05 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/03/28 20:40:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/03/28 20:40:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/03/28 20:40:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/03/27 19:13:13 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\zxvccchm.exe
[2012/03/27 19:03:38 | 000,000,499 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.zip
[2012/03/27 18:53:47 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2012/03/27 18:53:45 | 000,001,670 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2012/03/27 18:44:14 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2012/03/23 18:24:26 | 000,251,062 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SysInspector-DAVE-120323-1818.zip
[2012/03/22 22:04:57 | 000,000,340 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\SMRResults250.dat
[2012/03/22 20:46:05 | 000,000,438 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D855DFAE-6614-4717-84E5-05867E2AD715}.job
[2012/03/21 22:21:21 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/03/20 00:05:40 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/07 06:31:40 | 000,379,251 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\120306163603_0001.pdf
[2012/03/07 06:31:24 | 000,305,742 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\BCPS 3D GLOVER.pdf
[2012/02/26 19:12:57 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/16 22:00:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/02 03:52:56 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/12/02 00:01:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\bibstats
[2011/10/21 23:45:31 | 000,044,000 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/10/16 22:10:46 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2011/07/13 21:20:33 | 000,233,525 | ---- | C] () -- C:\WINDOWS\System32\isutil.dll
[2011/07/13 21:20:32 | 000,000,271 | ---- | C] () -- C:\WINDOWS\apptune.ini
[2011/07/13 21:17:06 | 000,159,803 | ---- | C] () -- C:\WINDOWS\closewnd.exe
[2011/05/17 21:18:53 | 000,009,692 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\17fm4hh3pcb7w11
[2011/05/17 21:18:53 | 000,009,692 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\17fm4hh3pcb7w11
[2011/01/12 21:10:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/11/30 16:11:35 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/11/30 15:21:25 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\FSRremoC.DLL
[2010/11/30 15:21:25 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\FSRremoS.EXE

========== LOP Check ==========

[2012/03/22 20:27:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Tific
[2010/03/02 10:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2011/04/16 09:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2012/03/22 23:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2012/01/02 21:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2011/06/21 21:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2012/03/27 18:54:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/01/02 09:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/04/03 21:42:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D855DFAE-6614-4717-84E5-05867E2AD715}.job

========== Purity Check ==========

< End of report >

Edited by malmbor, 03 April 2012 - 08:01 PM.

#16
malmbor

Posted 03 April 2012 - 07:52 PM

Advertisements

#17
maliprog

Posted 03 April 2012 - 11:27 PM

#18
malmbor

Posted 04 April 2012 - 05:37 PM

#19
maliprog

Posted 04 April 2012 - 11:18 PM

#20
malmbor

Posted 05 April 2012 - 04:37 PM

#21
maliprog

Posted 05 April 2012 - 11:07 PM

#22
malmbor

Posted 06 April 2012 - 07:35 PM

#23
maliprog

Posted 07 April 2012 - 03:37 AM

#24
maliprog

Posted 07 April 2012 - 03:38 AM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

Google Redirect Virus [Solved]

#16 malmbor Posted 03 April 2012 - 07:52 PM

Advertisements

#17 maliprog Posted 03 April 2012 - 11:27 PM

#18 malmbor Posted 04 April 2012 - 05:37 PM

#19 maliprog Posted 04 April 2012 - 11:18 PM

#20 malmbor Posted 05 April 2012 - 04:37 PM

#21 maliprog Posted 05 April 2012 - 11:07 PM

#22 malmbor Posted 06 April 2012 - 07:35 PM

#23 maliprog Posted 07 April 2012 - 03:37 AM

#24 maliprog Posted 07 April 2012 - 03:38 AM