Browser hijacked, infected with Win32.Zbot

This afternoon when I booted up my computer, my antivirus software Nod32 alerted me that a possible variant of Win32.Spy.Zbot was running in memory and that it could not quarantine or clean the infection. I may have been infected yesterday when I first received notice of a blocked attack from a blogspot page. After running a full system scan, the problem was still not resolved. My Firefox was hijacked, and results from search engines such as Google and Bing redirect to sites like "Yokosearch", in the manner of another thread, which is what led me to your forums. I'm running Windows 7, I use Nod32, I run Adblock and Noscript in Firefox and Windows Firewall is enabled.

I attempted to run System Restore, but it is unable to access either of the restore points prior to the hijack. I ran Malwarebytes, which again detected the malware, but again did not solve the browser redirect issue. An online scan using ESET's web-based antivirus tool did not resolve the issue either, nor did Microsoft Security Essentials. An OTL log is attached.

OTL logfile created on: 11/10/2011 12:51:49 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Chris\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.73 Gb Available Physical Memory | 36.59% Memory free
4.00 Gb Paging File | 2.22 Gb Available in Paging File | 55.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 321.53 Gb Free Space | 34.52% Space Free | Partition Type: NTFS

Computer Name: NERV-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/09 21:43:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Downloads\OTL.exe
PRC - [2011/09/29 00:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/08/31 17:00:48 | 001,047,208 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/08/30 14:36:33 | 002,810,880 | ---- | M] (mIRC Co. Ltd.) -- C:\Program Files (x86)\mIRC\mirc.exe
PRC - [2010/06/24 19:08:40 | 004,657,152 | ---- | M] (Livestation) -- C:\Program Files (x86)\Livestation\Livestation.exe
PRC - [2010/02/22 15:50:16 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2007/05/28 10:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/29 00:53:40 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/03/22 19:55:05 | 006,053,536 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2010/05/12 01:20:18 | 004,691,987 | ---- | M] () -- C:\Program Files (x86)\Livestation\avcodec-52.dll
MOD - [2010/05/12 01:20:18 | 000,730,643 | ---- | M] () -- C:\Program Files (x86)\Livestation\avformat-52.dll
MOD - [2010/05/12 01:20:18 | 000,209,427 | ---- | M] () -- C:\Program Files (x86)\Livestation\swscale-0.dll
MOD - [2010/05/12 01:20:18 | 000,079,891 | ---- | M] () -- C:\Program Files (x86)\Livestation\avutil-50.dll
MOD - [2009/11/15 22:41:56 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Livestation\QtCore4.dll
MOD - [2009/11/04 14:11:32 | 000,536,576 | ---- | M] () -- C:\Program Files (x86)\Livestation\live555.dll
MOD - [2009/04/22 13:35:14 | 000,025,600 | ---- | M] () -- C:\Program Files (x86)\Livestation\plugins\imageformats\qico4.dll
MOD - [2009/04/22 13:35:04 | 000,290,816 | ---- | M] () -- C:\Program Files (x86)\Livestation\plugins\imageformats\qtiff4.dll
MOD - [2009/04/22 13:34:50 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Livestation\plugins\imageformats\qsvg4.dll
MOD - [2009/04/22 13:34:44 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\Livestation\plugins\imageformats\qmng4.dll
MOD - [2009/04/22 13:34:24 | 000,021,504 | ---- | M] () -- C:\Program Files (x86)\Livestation\plugins\imageformats\qgif4.dll
MOD - [2009/04/22 13:34:20 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Livestation\plugins\imageformats\qjpeg4.dll
MOD - [2009/04/22 13:30:12 | 009,187,328 | ---- | M] () -- C:\Program Files (x86)\Livestation\QtWebKit4.dll
MOD - [2009/04/22 12:13:34 | 000,266,240 | ---- | M] () -- C:\Program Files (x86)\Livestation\QtSvg4.dll
MOD - [2009/04/22 12:12:44 | 000,258,048 | ---- | M] () -- C:\Program Files (x86)\Livestation\phonon4.dll
MOD - [2009/04/22 12:07:14 | 000,446,464 | ---- | M] () -- C:\Program Files (x86)\Livestation\QtOpenGL4.dll
MOD - [2009/04/22 11:58:12 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Livestation\QtGui4.dll
MOD - [2009/04/22 11:43:42 | 000,913,408 | ---- | M] () -- C:\Program Files (x86)\Livestation\QtNetwork4.dll
MOD - [2009/04/22 11:42:20 | 000,344,064 | ---- | M] () -- C:\Program Files (x86)\Livestation\QtXml4.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/08 11:29:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/02/22 15:52:54 | 000,042,336 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2010/02/22 15:50:16 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/16 16:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/28 10:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/08 12:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/09/08 12:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/09/08 10:52:40 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/11/09 14:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/09/11 14:39:30 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/09/11 14:39:26 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/09/11 02:55:04 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/03/29 18:41:12 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/02/22 15:51:46 | 000,124,760 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2010/02/22 15:50:12 | 000,139,704 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010/02/22 15:47:40 | 000,163,888 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2009/08/20 17:20:18 | 000,356,096 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/08/20 17:20:18 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009/08/20 17:20:18 | 000,092,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009/08/20 17:20:18 | 000,063,488 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009/07/13 19:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 19:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/22 15:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/04/21 10:53:10 | 000,025,752 | ---- | M] (XBCD Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xbcd.sys -- (XBCD)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/02/07 12:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2005/05/13 15:00:58 | 000,117,884 | ---- | M] (Redcl0ud) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\xbcd.sys -- (XBCD)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 61 7D BD 7B 1E 86 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.1
FF - prefs.js..extensions.enabledItems: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2010/03/24 00:08:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/03 22:35:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/03 22:35:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/03/24 00:08:42 | 000,000,000 | ---D | M]

[2010/03/23 18:14:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2011/11/03 15:05:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\0i6g3i9s.default\extensions
[2011/10/03 22:36:00 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\0i6g3i9s.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011/10/03 22:36:04 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\0i6g3i9s.default\extensions\[email protected]
[2010/11/16 03:54:20 | 000,005,251 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\0i6g3i9s.default\searchplugins\magiccardsinfo.xml
[2010/06/27 23:12:44 | 000,001,556 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\0i6g3i9s.default\searchplugins\wowhead.xml
[2010/04/04 21:49:11 | 000,002,064 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\0i6g3i9s.default\searchplugins\youtube-video-search.xml
[2011/10/03 22:35:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/09/25 14:35:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/07/22 18:25:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\CHRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0I6G3I9S.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/09/29 00:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/07/22 18:25:22 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/06/09 05:41:48 | 000,081,920 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
[2010/01/13 16:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011/09/28 18:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/11/10 00:44:10 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O2 - BHO: (vshare.tv Bar Toolbar) - {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll (Conduit Ltd.)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files (x86)\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (vshare.tv Bar Toolbar) - {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (vshare.tv Bar Toolbar) - {7AEB3EFD-E564-43F1-B658-5058A7C5743B} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [Livestation] C:\Program Files (x86)\Livestation\Livestation.exe (Livestation)
O4 - HKCU..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC9CD149-488C-4BC8-B47C-8B6E96AB0A05}: DhcpNameServer = 68.87.68.166 68.87.74.166
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC9CD149-488C-4BC8-B47C-8B6E96AB0A05}: NameServer = 8.8.8.8,8.8.4.4
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8decc34c-bd82-11df-ba78-002421b62e70}\Shell - "" = AutoRun
O33 - MountPoints2\{8decc34c-bd82-11df-ba78-002421b62e70}\Shell\AutoRun\command - "" = I:\OblivionLauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/10 00:36:44 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/11/10 00:25:17 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\GooredFix Backups
[2011/11/10 00:24:15 | 001,563,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Chris\Desktop\TDSSKiller.exe
[2011/11/10 00:16:36 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes
[2011/11/10 00:16:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/10 00:16:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/10 00:16:26 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/10 00:16:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/10 00:12:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/11/10 00:12:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/11/09 23:53:04 | 000,374,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2011/11/09 22:05:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/09 21:32:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/10/29 20:33:33 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cockatrice
[2011/10/29 20:33:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cockatrice
[2011/10/29 20:33:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cockatrice
[2011/10/16 23:39:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/10/16 23:39:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011/10/16 23:39:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2010/03/29 18:41:12 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Chris\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/11/10 00:51:37 | 000,013,536 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/10 00:51:37 | 000,013,536 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/10 00:50:15 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/11/10 00:46:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/10 00:46:22 | 1610,014,720 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/10 00:44:10 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/11/10 00:16:30 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/10 00:13:14 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/11/10 00:12:50 | 000,798,614 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/10 00:12:50 | 000,664,020 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/10 00:12:50 | 000,122,838 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/09 23:42:39 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.old
[2011/11/09 15:36:10 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/07 16:27:58 | 001,563,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Chris\Desktop\TDSSKiller.exe
[2011/11/04 19:01:21 | 000,000,236 | ---- | M] () -- C:\Windows\kaillera.ini
[2011/11/01 22:15:22 | 000,001,041 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\vso_ts_preview.xml
[2011/10/17 00:39:25 | 288,812,586 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/17 00:34:14 | 000,000,023 | ---- | M] () -- C:\Windows\BlendSettings.ini

========== Files Created - No Company Name ==========

[2011/11/10 00:16:30 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/10 00:12:40 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/11/09 23:53:40 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/11/09 21:34:14 | 000,302,592 | ---- | C] () -- C:\Users\Chris\Desktop\gmer.exe
[2011/10/22 16:04:19 | 000,000,236 | ---- | C] () -- C:\Windows\kaillera.ini
[2011/10/17 00:34:14 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011/09/14 10:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/08/24 19:19:10 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/08/12 16:28:33 | 000,000,298 | ---- | C] () -- C:\Windows\vtmb.ini
[2011/08/03 23:57:19 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/08/03 23:17:47 | 000,007,604 | ---- | C] () -- C:\Users\Chris\AppData\Local\Resmon.ResmonCfg
[2011/03/17 16:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/02/15 18:02:34 | 000,798,614 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/04/23 17:33:25 | 000,121,448 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/03/29 18:41:51 | 000,001,041 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\vso_ts_preview.xml
[2010/03/29 18:41:12 | 000,099,384 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\inst.exe
[2010/03/29 18:41:12 | 000,007,859 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.cat
[2010/03/29 18:41:12 | 000,001,167 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.inf
[2010/03/23 18:13:50 | 000,000,990 | ---- | C] () -- C:\Users\Chris\AppData\Local\7F68A003.il
[2010/03/23 18:13:50 | 000,000,832 | ---- | C] () -- C:\Users\Chris\AppData\Local\IndexIE_7F68A003.il
[2010/03/23 13:05:55 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:EF6E4E62
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:C8B8CEBD

< End of report >

#1
YTheAlien

Posted 10 November 2011 - 01:05 AM

Advertisements

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us