Annoying Yahoo search engine in all browsers

[acsalmeida]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-12-2013 01

Ran by ACSA at 2013-12-15 00:00:17 Run:3

Running from C:\Users\ACSA\Desktop\FRST

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

SearchScopes: HKCU - DefaultScope {78CA4453-2964-48D0-9F7D-E7E79C53B942} URL = http://br.search.yah...&type=402027&p={searchTerms}

SearchScopes: HKCU - {78CA4453-2964-48D0-9F7D-E7E79C53B942} URL = http://br.search.yah...&type=402027&p={searchTerms}

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.search.yah...r=spigot-yhp-ie

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE89D256EDC92CD01

CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx

CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.2.crx

CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx

CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\ACSA\AppData\Local\Slick Savings\coupons.crx

FF DefaultSearchEngine: Yahoo!

FF SelectedSearchEngine: Yahoo!

FF SearchPlugin: C:\Users\ACSA\AppData\Roaming\Mozilla\Firefox\Profiles\v1q90507.default\searchplugins\yahoo_ff.xml

FF Extension: Slick Savings - C:\Users\ACSA\AppData\Roaming\Mozilla\Firefox\Profiles\v1q90507.default\Extensions\savingsslider@mybrowserbar.com

FF Extension: Start Page - C:\Users\ACSA\AppData\Roaming\Mozilla\Firefox\Profiles\v1q90507.default\Extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}

C:\Program Files (x86)\Common Files\Spigot

C:\Users\ACSA\AppData\Local\Slick Savings

*****************

 

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{78CA4453-2964-48D0-9F7D-E7E79C53B942} => Key deleted successfully.

HKCR\CLSID\{78CA4453-2964-48D0-9F7D-E7E79C53B942} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP => Value deleted successfully.

HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj => Key deleted successfully.

C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx => Moved successfully.

HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj => Key deleted successfully.

C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.2.crx => Moved successfully.

HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp => Key deleted successfully.

C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx => Moved successfully.

HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk => Key deleted successfully.

C:\Users\ACSA\AppData\Local\Slick Savings\coupons.crx => Moved successfully.

Firefox DefaultSearchEngine deleted successfully.

Firefox SelectedSearchEngine deleted successfully.

C:\Users\ACSA\AppData\Roaming\Mozilla\Firefox\Profiles\v1q90507.default\searchplugins\yahoo_ff.xml => Moved successfully.

C:\Users\ACSA\AppData\Roaming\Mozilla\Firefox\Profiles\v1q90507.default\Extensions\savingsslider@mybrowserbar.com => Moved successfully.

C:\Users\ACSA\AppData\Roaming\Mozilla\Firefox\Profiles\v1q90507.default\Extensions\{58d2a791-6199-482f-a9aa-9b725ec61362} => Moved successfully.

C:\Program Files (x86)\Common Files\Spigot => Moved successfully.

C:\Users\ACSA\AppData\Local\Slick Savings => Moved successfully.

 

==== End of Fixlog ====

[MrCharlie]

Download and run Avast Browser Cleanup, see if it detects any bad items. If so have the program delete them.

Then.........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

 

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[acsalmeida]

ComboFix 13-12-13.01 - ACSA 15/12/2013  12:13:00.2.8 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.55.1033.18.8167.6445 [GMT -2:00]

Executando de: c:\users\ACSA\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\prefs.js

.

.

((((((((((((((((   Arquivos/Ficheiros criados de 2013-11-15 to 2013-12-15  ))))))))))))))))))))))))))))

.

.

2013-12-15 14:19 . 2013-12-15 14:19 -------- d-----w- c:\users\Public\AppData\Local\temp

2013-12-15 14:19 . 2013-12-15 14:19 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-12-14 21:30 . 2013-12-15 02:22 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DD9247B3-EC76-4795-858A-38E9A5075C9E}\offreg.dll

2013-12-14 19:53 . 2013-12-14 19:53 -------- d-----w- C:\FRST

2013-12-14 18:27 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DD9247B3-EC76-4795-858A-38E9A5075C9E}\mpengine.dll

2013-12-14 14:30 . 2013-12-14 14:31 -------- d-----w- C:\AdwCleaner

2013-12-14 11:18 . 2013-12-14 11:19 -------- d-----w- c:\program files\HitmanPro

2013-12-14 11:18 . 2013-12-14 11:28 -------- d-----w- c:\programdata\HitmanPro

2013-12-13 09:08 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-12-12 18:35 . 2013-12-12 19:55 -------- dc----w- c:\users\ACSA\AppData\Local\MigWiz

2013-12-12 02:21 . 2013-12-12 02:21 -------- d-----w- c:\programdata\Kaspersky Lab

2013-12-12 02:21 . 2013-12-12 02:21 -------- d-----w- c:\program files (x86)\Kaspersky Lab

2013-12-10 23:53 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe

2013-12-10 23:53 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe

2013-12-10 23:53 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL

2013-12-10 23:53 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL

2013-12-10 23:53 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll

2013-12-10 23:49 . 2013-10-30 01:24 3155968 ----a-w- c:\windows\system32\win32k.sys

2013-12-10 23:49 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll

2013-12-10 23:49 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll

2013-12-10 23:49 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll

2013-12-10 23:49 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll

2013-12-10 23:49 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll

2013-12-10 23:49 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2013-12-10 23:48 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx

2013-12-10 23:48 . 2013-10-12 02:31 202752 ----a-w- c:\windows\system32\scrrun.dll

2013-12-10 23:48 . 2013-10-12 02:04 121856 ----a-w- c:\windows\SysWow64\wshom.ocx

2013-12-10 23:48 . 2013-10-12 01:33 156160 ----a-w- c:\windows\system32\cscript.exe

2013-12-10 23:48 . 2013-10-12 01:15 141824 ----a-w- c:\windows\SysWow64\wscript.exe

2013-12-10 23:48 . 2013-10-12 02:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll

2013-12-10 23:48 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe

2013-12-10 23:48 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe

2013-12-10 23:48 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll

2013-12-10 23:48 . 2013-11-12 02:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2013-12-10 23:48 . 2013-10-04 02:16 116736 ----a-w- c:\windows\system32\drivers\drmk.sys

2013-12-10 23:48 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys

2013-12-10 20:39 . 2013-12-10 20:39 -------- d-----w- c:\programdata\Sophos

2013-12-10 20:39 . 2013-12-10 20:39 73728 ----a-r- c:\users\ACSA\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2013-12-10 20:39 . 2013-12-10 20:39 73728 ----a-r- c:\users\ACSA\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2013-12-10 20:39 . 2013-12-10 20:39 73728 ----a-r- c:\users\ACSA\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe

2013-12-10 20:39 . 2013-12-10 20:39 -------- d-----w- c:\program files (x86)\Sophos

2013-12-10 20:28 . 2013-12-10 20:28 388096 ----a-r- c:\users\ACSA\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2013-12-10 20:28 . 2013-12-10 20:28 -------- d-----w- c:\program files (x86)\Trend Micro

2013-12-10 13:55 . 2013-12-10 13:55 -------- d-----w- c:\windows\ERUNT

2013-12-07 21:12 . 2013-12-08 09:44 -------- d-----w- c:\users\ACSA\AppData\Roaming\AudioGate

2013-12-07 21:11 . 2013-12-07 21:11 -------- d-----w- c:\program files (x86)\KORG

2013-12-07 21:10 . 2013-12-07 21:10 -------- d-----w- c:\windows\Downloaded Installations

2013-12-07 11:12 . 2013-12-07 11:12 -------- d-----w- c:\users\ACSA\AppData\Roaming\RealHideIP

2013-12-07 11:12 . 2013-12-07 11:12 -------- d-----w- c:\programdata\RealHideIP

2013-12-07 07:56 . 2013-10-18 10:02 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7F419FF6-3443-4161-9BDC-13559DE23BCD}\gapaengine.dll

2013-12-04 10:11 . 2013-12-04 10:11 -------- d-----w- c:\windows\pt-br

2013-12-04 10:11 . 2013-12-04 10:11 -------- d-----w- c:\windows\en

2013-12-04 10:11 . 2013-12-04 10:11 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition

2013-12-04 10:10 . 2013-12-04 10:10 -------- d-----w- c:\windows\PCHEALTH

2013-12-04 10:10 . 2013-12-04 10:11 -------- d-----w- c:\program files (x86)\Windows Live

2013-12-04 10:04 . 2013-12-04 10:28 -------- d-----w- c:\users\ACSA\AppData\Local\Windows Live

2013-12-04 10:04 . 2013-12-04 10:04 -------- d-----w- c:\program files (x86)\Common Files\Windows Live

2013-12-03 02:03 . 2013-10-30 17:03 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys

2013-12-03 02:03 . 2013-10-30 17:02 32544 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll

2013-12-01 15:53 . 2013-12-01 15:53 -------- d-----w- c:\users\ACSA\AppData\Roaming\AVAST Software

2013-12-01 10:30 . 2013-12-01 10:30 -------- d-----w- c:\users\ACSA\.MCTranscodingSDK

2013-12-01 10:22 . 2013-12-01 10:22 -------- d-----w- c:\programdata\Geevs

2013-12-01 10:21 . 2013-12-01 10:30 -------- d-----w- c:\program files (x86)\Lightworks

2013-11-29 22:38 . 2013-12-02 17:42 -------- d-----w- c:\users\ACSA\AppData\Roaming\Abvent_Artlantis5

2013-11-29 22:30 . 2013-12-02 12:57 -------- d-----w- c:\programdata\Abvent

2013-11-29 22:08 . 2013-11-29 22:37 -------- d-----w- c:\program files\Artlantis Studio 5

2013-11-26 20:43 . 2013-11-26 20:43 -------- d-----w- c:\programdata\ProductData

2013-11-26 20:43 . 2013-11-26 20:43 -------- d-----w- c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}

2013-11-21 12:40 . 2013-11-21 12:40 -------- d-----w- c:\users\ACSA\AppData\Local\GAS Tecnologia

2013-11-21 12:40 . 2013-11-21 12:40 717985 ----a-w- c:\users\ACSA\AppData\Roaming\unins000.exe

2013-11-20 15:23 . 2013-11-11 15:02 6674208 ----a-w- c:\windows\system32\nvcpl.dll

2013-11-20 15:23 . 2013-11-11 15:02 3490080 ----a-w- c:\windows\system32\nvsvc64.dll

2013-11-20 15:23 . 2013-11-11 15:01 922912 ----a-w- c:\windows\system32\nvvsvc.exe

2013-11-20 15:23 . 2013-11-11 15:01 63776 ----a-w- c:\windows\system32\nvshext.dll

2013-11-20 15:23 . 2013-11-11 15:01 219424 ----a-w- c:\windows\system32\nvmctray.dll

2013-11-20 15:23 . 2013-11-11 15:01 3467927 ----a-w- c:\windows\system32\nvcoproc.bin

2013-11-19 15:15 . 2013-10-14 20:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE

.

.

.

(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-12-15 02:16 . 2013-06-10 18:08 31088 ----a-w- c:\windows\SysWow64\drivers\gbpndisrd.sys

2013-12-13 23:58 . 2012-09-15 04:23 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2013-12-13 17:52 . 2012-09-15 04:23 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2013-12-11 21:02 . 2013-09-22 11:09 867360 ----a-w- c:\windows\PE_Rom.dll

2013-12-10 23:49 . 2012-09-15 01:52 90708896 ----a-w- c:\windows\system32\MRT.exe

2013-12-04 10:11 . 2012-07-17 16:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-12-01 09:45 . 2013-07-10 19:03 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-12-01 09:45 . 2013-07-10 19:03 205320 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-12-01 09:45 . 2013-01-12 09:44 409832 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-12-01 09:45 . 2013-01-12 09:44 65264 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-12-01 09:45 . 2013-01-12 09:44 1032416 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-12-01 09:45 . 2013-01-12 09:44 38984 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2013-12-01 09:45 . 2013-01-12 09:44 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-12-01 09:45 . 2013-01-12 09:44 84328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-12-01 09:45 . 2013-01-12 09:44 334648 ----a-w- c:\windows\system32\aswBoot.exe

2013-12-01 09:45 . 2013-01-12 09:44 43152 ----a-w- c:\windows\avastSS.scr

2013-11-29 16:56 . 2013-10-28 20:17 1096480 ----a-w- c:\windows\system32\nvspcap64.dll

2013-11-29 16:56 . 2013-10-28 20:17 979744 ----a-w- c:\windows\SysWow64\nvspcap.dll

2013-11-19 10:21 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe

2013-11-14 11:38 . 2013-09-24 14:53 43216 ----a-w- c:\windows\system32\cmdcsr.dll

2013-11-11 17:47 . 2013-11-11 17:47 38960 ----a-w- c:\windows\SysWow64\RGBAcodec.dll

2013-11-05 10:38 . 2013-11-05 10:38 110080 ----a-r- c:\users\ACSA\AppData\Roaming\Microsoft\Installer\{72AAF455-1E54-475B-B0AB-5413C78D0E63}\IconF7A21AF7.exe

2013-11-05 10:38 . 2013-11-05 10:38 110080 ----a-r- c:\users\ACSA\AppData\Roaming\Microsoft\Installer\{72AAF455-1E54-475B-B0AB-5413C78D0E63}\IconD7F16134.exe

2013-11-05 10:38 . 2013-11-05 10:38 110080 ----a-r- c:\users\ACSA\AppData\Roaming\Microsoft\Installer\{72AAF455-1E54-475B-B0AB-5413C78D0E63}\Icon1226A4C5.exe

2013-11-01 11:06 . 2012-09-15 04:23 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2013-10-30 17:02 . 2013-10-19 11:27 35104 ----a-w- c:\windows\system32\nvaudcap64v.dll

2013-10-29 18:52 . 2012-09-16 01:11 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2013-10-26 08:26 . 2012-09-15 01:20 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-10-26 08:26 . 2012-09-15 01:20 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-10-18 10:02 . 2012-10-03 10:22 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2013-10-16 00:48 . 2013-10-27 08:02 1884448 ----a-w- c:\windows\system32\nvdispco6433158.dll

2013-10-16 00:48 . 2013-10-27 08:02 1511712 ----a-w- c:\windows\system32\nvdispgenco6433158.dll

2013-10-13 11:27 . 2013-10-13 11:27 119808 ----a-r- c:\users\ACSA\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe

2013-10-12 02:30 . 2013-11-14 01:54 830464 ----a-w- c:\windows\system32\nshwfp.dll

2013-10-12 02:29 . 2013-11-14 01:54 859648 ----a-w- c:\windows\system32\IKEEXT.DLL

2013-10-12 02:29 . 2013-11-14 01:54 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL

2013-10-12 02:03 . 2013-11-14 01:54 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll

2013-10-12 02:01 . 2013-11-14 01:54 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL

2013-10-08 09:50 . 2013-10-27 20:20 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-10-05 20:25 . 2013-11-14 01:55 1474048 ----a-w- c:\windows\system32\crypt32.dll

2013-10-05 19:57 . 2013-11-14 01:55 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll

2013-10-05 12:10 . 2013-10-05 12:10 883928 ----a-w- c:\windows\system32\drivers\Rt64win7.sys

2013-10-05 12:10 . 2013-10-05 12:10 74456 ----a-w- c:\windows\system32\RtNicProp64.dll

2013-10-05 12:10 . 2011-06-10 09:34 108760 ----a-w- c:\windows\system32\RTNUninst64.dll

2013-10-05 12:08 . 2013-10-05 12:08 858032 ----a-w- c:\windows\system32\tossaeapo64.dll

2013-10-05 12:08 . 2013-10-05 12:08 2103040 ----a-w- c:\windows\system32\WavesGUILib64.dll

2013-10-05 12:08 . 2013-10-05 12:08 148912 ----a-w- c:\windows\system32\toseaeapo64.dll

2013-10-05 12:08 . 2013-10-05 12:08 569256 ----a-w- c:\windows\system32\tosasfapo64.dll

2013-10-05 12:08 . 2013-10-05 12:08 836544 ----a-w- c:\windows\system32\tadefxapo264.dll

2013-10-05 12:08 . 2013-10-05 12:08 65944 ----a-w- c:\windows\system32\tepeqapo64.dll

2013-10-05 12:08 . 2013-10-05 12:08 148416 ----a-w- c:\windows\system32\tadefxapo.dll

2013-10-05 12:08 . 2013-10-05 12:08 1361336 ----a-w- c:\windows\system32\tosade.dll

2013-10-05 12:08 . 2013-10-05 12:08 916016 ----a-w- c:\windows\system32\SFSS_APO.dll

2013-10-05 12:08 . 2013-10-05 12:08 834328 ----a-w- c:\windows\system32\slcnt64.dll

2013-10-05 12:08 . 2013-10-05 12:08 635160 ----a-w- c:\windows\system32\sltech64.dll

2013-10-05 12:08 . 2013-10-05 12:08 528152 ----a-w- c:\windows\system32\sl3apo64.dll

2013-10-05 12:08 . 2013-10-05 12:08 215320 ----a-w- c:\windows\system32\slprp64.dll

2013-10-05 12:08 . 2013-10-05 12:08 221024 ----a-w- c:\windows\system32\SFNHK64.dll

2013-10-05 12:08 . 2013-10-05 12:08 81248 ----a-w- c:\windows\system32\SFCOM64.dll

2013-10-05 12:08 . 2013-10-05 12:08 78688 ----a-w- c:\windows\system32\SFAPO64.dll

2013-10-05 12:08 . 2013-10-05 12:08 331880 ----a-w- c:\windows\system32\RtlCPAPI64.dll

2013-10-05 12:08 . 2013-10-05 12:08 2794056 ----a-w- c:\windows\system32\RtPgEx64.dll

2013-10-05 12:08 . 2013-10-05 12:08 1662024 ----a-w- c:\windows\system32\RTSnMg64.cpl

2013-10-05 12:08 . 2013-10-05 12:08 3425608 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys

2013-10-05 12:08 . 2013-10-05 12:08 748376 ----a-w- c:\windows\system32\RTKSMSettingsIPC.dll

2013-10-05 12:08 . 2013-10-05 12:08 4819224 ----a-w- c:\windows\system32\RTKSMlfx.dll

2013-10-05 12:08 . 2013-10-05 12:08 149608 ----a-w- c:\windows\system32\RtkCfg64.dll

2013-10-05 12:08 . 2013-10-05 12:08 14952 ----a-w- c:\windows\system32\RtkCoLDR64.dll

2013-10-05 12:08 . 2013-10-05 12:08 3693640 ----a-w- c:\windows\system32\RtkAPO64.dll

2013-10-05 12:08 . 2013-10-05 12:08 78680 ----a-w- c:\windows\system32\RTEEG64A.dll

2013-10-05 12:08 . 2013-10-05 12:08 613448 ----a-w- c:\windows\system32\RtDataProc64.dll

2013-10-05 12:08 . 2013-10-05 12:08 375128 ----a-w- c:\windows\system32\RTEEP64A.dll

2013-10-05 12:08 . 2013-10-05 12:08 310104 ----a-w- c:\windows\system32\RP3DHT64.dll

2013-10-05 12:08 . 2013-10-05 12:08 310104 ----a-w- c:\windows\system32\RP3DAA64.dll

2013-10-05 12:08 . 2013-10-05 12:08 204120 ----a-w- c:\windows\system32\RTEED64A.dll

2013-10-05 12:08 . 2013-10-05 12:08 1284680 ----a-w- c:\windows\system32\RTCOM64.dll

2013-10-05 12:08 . 2013-10-05 12:08 101208 ----a-w- c:\windows\system32\RTEEL64A.dll

2013-10-05 12:08 . 2013-10-05 12:08 1003592 ----a-w- c:\windows\system32\RtkApi64.dll

2013-10-05 12:08 . 2013-10-05 12:08 24962560 ----a-w- c:\windows\system32\RCoRes64.dat

2013-10-05 12:08 . 2013-10-05 12:08 75024 ----a-w- c:\windows\system32\R4EEG64A.dll

2013-10-05 12:08 . 2013-10-05 12:08 7164176 ----a-w- c:\windows\system32\R4EEP64A.dll

2013-10-05 12:08 . 2013-10-05 12:08 434960 ----a-w- c:\windows\system32\R4EED64A.dll

2013-10-05 12:08 . 2013-10-05 12:08 142408 ----a-w- c:\windows\system32\RCoInstII64.dll

2013-10-05 12:08 . 2013-10-05 12:08 141584 ----a-w- c:\windows\system32\R4EEL64A.dll

2013-10-05 12:08 . 2013-10-05 12:08 124176 ----a-w- c:\windows\system32\R4EEA64A.dll

2013-10-05 12:08 . 2013-10-05 12:08 9123608 ----a-w- c:\windows\system32\MaxxAudioVnA64.dll

2013-10-05 12:08 . 2013-10-05 12:08 906800 ----a-w- c:\windows\system32\MISS_APO.dll

2013-10-05 12:08 . 2013-10-05 12:08 394616 ----a-w- c:\windows\system32\MaxxVolumeSDAPO.dll

2013-10-05 12:08 . 2013-10-05 12:08 3138304 ----a-w- c:\windows\system32\MaxxAudioVnN64.dll

2013-10-05 12:08 . 2013-10-05 12:08 14035712 ----a-w- c:\windows\system32\MaxxAudioRealtek64.dll

2013-10-05 12:08 . 2013-10-05 12:08 2032896 ----a-w- c:\windows\system32\MaxxAudioEQ64.dll

2013-10-05 12:08 . 2013-10-05 12:08 1903872 ----a-w- c:\windows\system32\MaxxAudioRealtek264.dll

2013-10-05 12:08 . 2013-10-05 12:08 920320 ----a-w- c:\windows\system32\MaxxAudioAPOShell64.dll

2013-10-05 12:08 . 2013-10-05 12:08 722688 ----a-w- c:\windows\system32\MaxxAudioAPO5064.dll

2013-10-05 12:08 . 2013-10-05 12:08 612728 ----a-w- c:\windows\system32\MaxxAudioAPO4064.dll

2013-10-05 12:08 . 2013-10-05 12:08 603984 ----a-w- c:\windows\system32\KAAPORT64.dll

2013-10-05 12:08 . 2013-10-05 12:08 395208 ----a-w- c:\windows\system32\MaxxAudioAPO30.dll

2013-10-05 12:08 . 2013-10-05 12:08 712296 ----a-w- c:\windows\system32\DTSSymmetryDLL64.dll

2013-10-05 12:08 . 2013-10-05 12:08 693352 ----a-w- c:\windows\system32\DTSVoiceClarityDLL64.dll

2013-10-05 12:08 . 2013-10-05 12:08 501192 ----a-w- c:\windows\system32\DTSU2PLFX64.dll

.

.

((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 130736 ----a-w- c:\users\ACSA\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 130736 ----a-w- c:\users\ACSA\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 130736 ----a-w- c:\users\ACSA\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-12-11 1823656]

"FMCore.exe"="c:\program files (x86)\Extensis\Suitcase Fusion 4\FMCore.exe" [2012-12-11 9440256]

"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2013-02-05 1081224]

"Akamai NetSession Interface"="c:\users\ACSA\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-09-15 39408]

"KSS"="c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2012-12-07 202328]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-09-05 937920]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]

"WD Drive Unlocker"="c:\program files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe" [2012-09-06 1688008]

"WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2012-09-19 5236664]

"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-13 204136]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]

"AdobeCEPServiceManager"="c:\program files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" [2013-03-13 1039248]

"ASUS ShellProcess Execute"="c:\program files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe" [2010-09-29 252544]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

"20131121"="c:\program files\AVAST Software\Avast\setup\emupdate\a8726356-a695-4a0f-a368-9e52a6bc90b3.exe" [2013-11-23 180184]

"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-12-01 3568312]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2013-02-05 1081224]

"Advanced SystemCare 7"="c:\program files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" [2013-11-11 2283808]

.

c:\users\ACSA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

CurseClientStartup.ccip [2013-7-26 0]

Dropbox.lnk - c:\users\ACSA\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

CodecPackUpdateChecker.lnk - c:\windows\SysWOW64\C2MP\UpdateChecker.exe [2013-9-1 48248]

CodeMeter Control Center.lnk - c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe [2013-4-3 8486776]

Servidor de rede.lnk - c:\program files (x86)\WIBUKEY\Server\WkSvMgr.exe [2012-9-15 5724472]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

2013-09-23 17:16 1598520 ----a-w- c:\program files (x86)\GbPlugin\gbiehabn.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ   autocheck autochk *\0SmartDefragBootTime.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys;c:\windows\SYSNATIVE\drivers\gbpkm.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 AIDA64Driver;FinalWire AIDA64 Kernel Driver; [x]

R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]

R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]

R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]

R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]

R3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo64.sys;c:\program files\PerformanceTest\DirectIo64.sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]

R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S0 aswRvrt;avast! Revert; [x]

S0 aswVmm;avast! VM Monitor; [x]

S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys;c:\windows\SYSNATIVE\DRIVERS\mv91cons.sys [x]

S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys;c:\windows\SYSNATIVE\DRIVERS\mv91xx.sys [x]

S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]

S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]

S2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [x]

S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [x]

S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [x]

S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]

S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]

S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [x]

S2 DTSAudioService;DTSAudioService;c:\program files\Realtek\Audio\HDA\DTSAudioService64.exe;c:\program files\Realtek\Audio\HDA\DTSAudioService64.exe [x]

S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.exe [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]

S2 KSS;Kaspersky Security Scan Service;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [x]

S2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]

S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]

S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]

S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]

S2 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [x]

S2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe;c:\program files\Macrium\Reflect\ReflectService.exe [x]

S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]

S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]

S2 WDRulesService;WD Rules;c:\program files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [x]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]

S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]

S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]

S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]

S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]

.

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-12-15 c:\windows\Tasks\Driver Booster Update.job

- c:\program files (x86)\IObit\Driver Booster\AutoUpdate.exe [2013-10-05 13:01]

.

2013-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-15 01:41]

.

2013-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-15 01:41]

.

2013-12-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2759933643-2614577016-1710804323-1000Core.job

- c:\users\ACSA\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-15 01:52]

.

2013-12-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2759933643-2614577016-1710804323-1000UA.job

- c:\users\ACSA\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-15 01:52]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-12-01 09:45 326944 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 164016 ----a-w- c:\users\ACSA\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 164016 ----a-w- c:\users\ACSA\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 164016 ----a-w- c:\users\ACSA\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 164016 ----a-w- c:\users\ACSA\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-10-05 7188040]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-03-21 472992]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]

"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-27 613536]

"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-27 379040]

"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-10-05 1308232]

"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-08 1028384]

"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-11-29 1096480]

"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-11-29 2273056]

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SYSTEM32\blank.htm

uInternet Settings,ProxyOverride = <local>

Trusted Zone: dvrdns.org\marahu

Trusted Zone: realsecureweb.com.br\wwws

Trusted Zone: santander.com.br\www

Trusted Zone: santanderempresarial.com.br\www

Trusted Zone: santandernet.com.br\www

Trusted Zone: santandernet.com.br\wwws

Trusted Zone: santandernet.com.br\wwws2

Trusted Zone: santandernetibe.com.br\www

Trusted Zone: secureweb.com.br\www

TCP: DhcpNameServer = 187.22.0.61 187.22.0.66

TCP: Interfaces\{A014895A-EA50-48E7-B92D-4BA595890AA7}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

TCP: Interfaces\{C87D9D7B-D12F-42F4-B4C5-1659882566C7}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

.

- - - - ORFÃOS REMOVIDOS - - - -

.

Wow6432Node-HKLM-Run-tvncontrol - c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

HKLM-Run-COMODO Internet Security - c:\program files\COMODO\COMODO Internet Security\cistray.exe

.

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,40,79,bd,b1,0c,b4,82,4f,b7,06,45,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,40,79,bd,b1,0c,b4,82,4f,b7,06,45,\

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]

"v5Licence0"="15-KW8D-Q66T-N1JP-Q254-ZNFC-28KZ4MN"

"Activated"="Y"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2013-12-15  12:20:48

ComboFix-quarantined-files.txt  2013-12-15 14:20

.

Pré-execução: 165.860.872.192 bytes free

Pós execução: 165.774.454.784 bytes free

.

- - End Of File - - 870C52419CC78AAE506697E990E70E1C

[MrCharlie]

You have multiple versions of Java on the system, please uninstall the old ones from your add/remove programs:

Java 7 Update 45 (x32 Version: 7.0.450) <---OK

Java™ 6 Update 32 (x32 Version: 6.0.320)<----uninstall
Java™ 7 Update 5 (64-bit) (Version: 7.0.50)<---uninstall

Then.......

Go here and follow the instructions to clear your Java Cache


Next:

I see you have CCleaner on the system, it's out or date though.
Open up the program and click on the "Check for Updates" button, should be on the bottom righthand corner of the main page,
Download and install the new version, you can do this right over the top of the old one.

No run it and clean out temp files including cookies.

Then click on "Tools" > "Startup" > click on each browser tab and disable all extensions and any odd plug-ins.

See how it is, you'll have to reset all your search engines.

Let me know.....MrC

[acsalmeida]

Ok, uninstalled versions of Java and cleared the cache
I ran CCleaner (update to new versdion) and cleaned the temporary files and cookies
I have disabled all extensions (IE and Chrome)
I reset all the search engines, closed and reopened the browsers, Yahho is still there... 

[MrCharlie]

Lets run a different scan and see if it shows anything:

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassociates.com/OT-Tools/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

[acsalmeida]

Here we go

 

OTL.Txt

 

Extras.Txt

 

 

[MrCharlie]

Hijacks like this usually come with another program you installed.

Everytime the program starts it re-installs Yahoo.

Think back to when this started and what programs you installed.

-------------------------

Please do this:

Run OTL

• • Under the Custom Scans/Fixes box at the bottom, paste in bold:
    :OTL
    @Alternate Data Stream - 1485 bytes -> C:\Users\ACSA\AppData\Local\7D3pn4Otqu:MPmoYbYFSazOUSCOwa1Kqnb
    @Alternate Data Stream - 1376 bytes -> C:\Users\ACSA\AppData\Local\Temp:0NEkqv9XiqGAvWUqf7wT
    @Alternate Data Stream - 1288 bytes -> C:\Users\ACSA\Local Settings:t8G6tbQRuEHRJYDyzvvuGm
    IE - HKU\S-1-5-21-2759933643-2614577016-1710804323-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://br.search.yahoo.com/?type=402027&fr=spigot-yhp-ie
    IE - HKU\S-1-5-21-2759933643-2614577016-1710804323-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
    IE - HKU\S-1-5-21-2759933643-2614577016-1710804323-1000\..\SearchScopes,DefaultScope = {78CA4453-2964-48D0-9F7D-E7E79C53B942}
    IE - HKU\S-1-5-21-2759933643-2614577016-1710804323-1000\..\SearchScopes\{78CA4453-2964-48D0-9F7D-E7E79C53B942}: "URL" = http://br.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=402027&p={searchTerms}
    :Commands
    [EMPTYJAVA]
    [emptytemp]
    [EMPTYFLASH]

 

• Then click the Run Fix button at the top
• Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
• Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
  -----------------------------------------
  Please run a free online scan with the ESET Online Scanner (it may take a while to run)
  Note: You will need to use Internet Explorer for this scan.
  First please Disable any Antivirus you have active, as shown in This Topic
  Note: Don't forget to re-enable it after the scan.
  http://www.eset.eu/online-scanner
  Tick the box next to YES, I accept the Terms of Use.
  Click Start
  When asked, allow the ActiveX control to install
  Click Start
  Make sure that the options Remove found threats is unchecked and the option Scan unwanted applications is checked
  Click Advanced settings and select the following:Click Start
  Wait for the scan to finish
  If threats were found:
  Click on "list of threats found"
  Click on "export to text file" and save it as ESET SCAN and save to the desktop
  Click on back
  Put a checkmark in "Uninstall application on close"
  Click on finish
  Post back the log.
  MrC

[acsalmeida]

Here is the OTL log file... going to the ESET online scan, back soon

All processes killed

========== OTL ==========

ADS C:\Users\ACSA\AppData\Local\7D3pn4Otqu:MPmoYbYFSazOUSCOwa1Kqnb deleted successfully.

ADS C:\Users\ACSA\AppData\Local\Temp:0NEkqv9XiqGAvWUqf7wT deleted successfully.

Unable to delete ADS C:\Users\ACSA\Local Settings:t8G6tbQRuEHRJYDyzvvuGm .

HKU\S-1-5-21-2759933643-2614577016-1710804323-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKU\S-1-5-21-2759933643-2614577016-1710804323-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!

HKEY_USERS\S-1-5-21-2759933643-2614577016-1710804323-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-2759933643-2614577016-1710804323-1000\Software\Microsoft\Internet Explorer\SearchScopes\{78CA4453-2964-48D0-9F7D-E7E79C53B942}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78CA4453-2964-48D0-9F7D-E7E79C53B942}\ not found.

========== COMMANDS ==========

 

[EMPTYJAVA]

 

User: ACSA

->Java cache emptied: 161360 bytes

 

User: All Users

 

User: Default

 

User: Default User

 

User: Public

 

Total Java Files Cleaned = 0,00 mb

 

 

[EMPTYTEMP]

 

User: ACSA

->Temp folder emptied: 172676 bytes

->Temporary Internet Files folder emptied: 386096 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 53111046 bytes

->Flash cache emptied: 56996 bytes

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56475 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 13370 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46494 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42272109 bytes

RecycleBin emptied: 4618136 bytes

 

Total Files Cleaned = 96,00 mb

 

 

[EMPTYFLASH]

 

User: ACSA

->Flash cache emptied: 0 bytes

 

User: All Users

 

User: Default

->Flash cache emptied: 0 bytes

 

User: Default User

->Flash cache emptied: 0 bytes

 

User: Public

 

Total Flash Files Cleaned = 0,00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 12152013_164409

 

Files\Folders moved on Reboot...

C:\Users\ACSA\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File move failed. C:\Users\ACSA\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

File move failed. C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

[acsalmeida]

The ESET website is saying that my IE is not supported, here is the print screen. Should I download the ESET smart installer?

 

[MrCharlie]

Yes, go ahead and do that....MrC

[acsalmeida]

Scanned during the night and here is the result.

 

ESET.txt

[acsalmeida]

Hijacks like this usually come with another program you installed.

Everytime the program starts it re-installs Yahoo.

Think back to when this started and what programs you installed.

 

I remember having installed the following programs in recent months:

 

• Artlantis Studio 5 (Demo)
• Windows Movimaker
• AudioGate (Korg)
• SolveigMM AVI Trimmer (Video Editor)
• Lightworks (Video editor)
• EZ Vinyl Tape Converter
• JDiskReport
• SpyHunter (Demo)
• NVidia update
• Battlefield 4 (game Update)

[MrCharlie]

Definitely uninstall this:----->SpyHunter (Demo)

The rest of those programs aren't malicious but still can be responsible for the hijack.

Can you manually delete these:

C:\Users\ACSA\Downloads\WoT\World_of_Tanks_Cheats_Gold_EXP_2013_Cheat_Engine_Hack_Tool_ExP_v9.0.rar_downloader.exe

Win32/Rapider.C application

D:\Program Files (x86)\Babylon

a variant of Win32/Toolbar.Conduit.B application

D:\Program Files (x86)\myBabylon_English

 a variant of Win32/Toolbar.Conduit.B application

D:\Program Files (x86)\Vuze

a variant of Win32/AdInstaller application

E:\PROGRAMAS\Advanced System Care6.0.exe

Win32/ELEX.A.Gen application

E:\PROGRAMAS\Format Factroy 3.0.1

a variant of Win32/Hao123.A application

H:\Downloads\SoftonicDownloader_for_pinnacle-videospin.exe

Win32/SoftonicDownloader application

H:\Downloads\SoftonicDownloader_for_virtualdub.exe

Win32/SoftonicDownloader application

L:\H\Downloads\SoftonicDownloader_for_pinnacle-videospin.exe

Win32/SoftonicDownloader application

L:\H\Downloads\SoftonicDownloader_for_virtualdub.exe

Win32/SoftonicDownloader application

 

Let me know...MrC

[acsalmeida]

I uninstalled SpyHunter and deleted the others,
 

Yahoo still there.

You said: "Everytime the program starts it re-installs Yahoo."  Should I try to end one by one processes on the Windows task Manager? Guess newbie

[MrCharlie]

Yes, that was my next suggestion.

Another thing to try is, reset the browsers and then reboot into safe mode with networking and see if they stay the same or revert back to Yahoo.

MrC

[dwilmot]

I sympathise with you as I have the same problem and it seems that Malwarebytes and many other removers/disinfecters can't find it never mind get rid of it.

This is what I get when I search in Google address bar                          http://us.yhs4.search.yahoo.com/

and now I am getting Bing turn up in IE.

It is impossible to remove them as they do not show up when you go to Internet Options to set the search engines.

I did a search on http://us.yhs4.search.yahoo.com/

and got to this page........... which has a removal method. It is a bit too complicated for me and I am not sure if it is legit and if it would work.

Can anyone confirm that this might work??

This is the link     http://blog.mitechmate.com/remove-us-yhs4-search-yahoo-com-redirect-fake-yahoo-search-removal-guide/

I have also tried Avast Browser tool bar removal............ doesn't work

Panda removal tool.................. doesn't work..

WTF ! there must be something that will fix it.

[acsalmeida]

MrC

First test completed successfully!

I reseted both browsers and restarted in safe mode... the problem is gone.

Now we need to figure out which running program is causing the problem. Which one would you start shutting down?

Talk to you tomorrow. Thanks again

[acsalmeida]

I sympathise with you as I have the same problem and it seems that Malwarebytes and many other removers/disinfecters can't find it never mind get rid of it.

This is what I get when I search in Google address bar                          http://us.yhs4.search.yahoo.com/

and now I am getting Bing turn up in IE.

It is impossible to remove them as they do not show up when you go to Internet Options to set the search engines.

I did a search on http://us.yhs4.search.yahoo.com/

and got to this page........... which has a removal method. It is a bit too complicated for me and I am not sure if it is legit and if it would work.

Can anyone confirm that this might work??

This is the link     http://blog.mitechmate.com/remove-us-yhs4-search-yahoo-com-redirect-fake-yahoo-search-removal-guide/

I have also tried Avast Browser tool bar removal............ doesn't work

Panda removal tool.................. doesn't work..

WTF ! there must be something that will fix it.

 

I'm not expert, but I think you should follow the instructions you posted, since your problem is different than mine. I believe those directions can solve your issue

[MrCharlie]

 

MrC

First test completed successfully!

I reseted both browsers and restarted in safe mode... the problem is gone.

Now we need to figure out which running program is causing the problem. Which one would you start shutting down?

Talk to you tomorrow. Thanks again

 

 

GREAT!  MrC

[acsalmeida]

Update.

After I finished the process SmartDefrag2 the issue is resolved, open IE and it opened the initial page Google that I had changed. I uninstalled SmartDefrag2 and rebooted the PC , but when reopen IE, Yahoo came back ... the siege began...

[acsalmeida]

Problem almost solved!

The Advanced System Care 7 has a  Homepage Protection device that does not allow changing the search system, after turned off and even deleting the Yahoo search engine, it comes back when you restart the browser, but now not as an annoying default search engine anymore. 

[MrCharlie]

OK...MrC

[acsalmeida]

After some more tests, it seems that was solved. Keep an eye on the Advanced System Care 7.

Thank you very much for your support MrC.

[MrCharlie]

Good.....

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• If you get Unsupported operating system. Aborting now, just reboot and try again.
• A Notepad document should open automatically called checkup.txt.
• Please Post the contents of that document.
• Do Not Attach It!!!

MrC