PDA

View Full Version : KEY-FIND.COM has hijacked my system also #2 Post



Nick Shadow
2014-04-06, 21:20
I was instructed to do the downloads and attach files for inspection. I have a couple of issues,

1. I cannot copy and paste the zipped "attach" file. The copy function works, the paste is unavailable. It is the same with the MBR.dat.

I could use some guidance.

2. When KEY-FIND has your (my system) any download, load, update must be very carefully inspected. I am constantly, while in the process, being redirected, offered software, and suggestions of things I cannot live with out. Further, Explorer crashes, warns and objects constantly during the process.

I am hoping this will assist others while fighting it

To the person assisting me. Thank you in advance. I would love to provide the additional files.

Nick






(Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521 BrowserJavaVersion: 10.51.2
Run by john at 12:44:04 on 2014-04-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6058.3250 [GMT -5:00]
.
AV: Spybot - Search and Destroy *Enabled/Updated* {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AV: Kaspersky Internet Security *Enabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
SP: Kaspersky Internet Security *Enabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Kaspersky Internet Security *Enabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\ProgramData\IePluginService\PluginService.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\taskhost.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
C:\Program Files (x86)\Re-markit Corp\Re-markit_wd.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Re-markit Corp\Re-markit158.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Program Files (x86)\FixCleaner\FixCleaner.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\windows\system32\Macromed\Flash\FlashUtil64_12_0_0_77_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\program files (x86)\hqvideoplus1.3\hqvideoplus1.3-bg.exe
C:\program files (x86)\mediaplayerplus\mediaplayerplus-bg.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bloomberg.com/
uSearch Bar = Preserve
uDefault_Page_URL = hxxp://www.key-find.com/?type=hp&ts=1396716590&from=tugs&uid=ST1000LM024XHN-M101MBB_S2RQJ9FBC07797
mStart Page = hxxp://www.key-find.com/?type=hp&ts=1396716590&from=tugs&uid=ST1000LM024XHN-M101MBB_S2RQJ9FBC07797
mSearch Page = hxxp://www.key-find.com/web/?type=ds&ts=1396716590&from=tugs&uid=ST1000LM024XHN-M101MBB_S2RQJ9FBC07797&q={searchTerms}
mDefault_Page_URL = hxxp://www.key-find.com/?type=hp&ts=1396716590&from=tugs&uid=ST1000LM024XHN-M101MBB_S2RQJ9FBC07797
mDefault_Search_URL = hxxp://www.key-find.com/web/?type=ds&ts=1396716590&from=tugs&uid=ST1000LM024XHN-M101MBB_S2RQJ9FBC07797&q={searchTerms}
uProxyServer = hxxp=127.0.0.1:13828
mWinlogon: Userinit = userinit.exe
BHO: HQVideoPlus1.3: {11111111-1111-1111-1111-110511311172} - C:\Program Files (x86)\HQVideoPlus1.3\HQVideoPlus1.3-bho.dll
BHO: MediaPlayerplus: {11111111-1111-1111-1111-110511421146} - C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-bho.dll
BHO: IETabPage Class: {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Samsung BHO Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - <orphaned>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [RIM PeerManager] "C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\john\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
uPolicies-Explorer: NoThumbnailCache = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ie_banner_deny.htm
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{3948824D-B2F4-423C-A1D2-78CAED095655} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{5122CF9C-D1ED-4500-A2EC-5209B8F68E16} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{5122CF9C-D1ED-4500-A2EC-5209B8F68E16}\77F6C6669656 : DHCPNameServer = 209.18.47.61 209.18.47.62
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: AutorunsDisabled - <Clsid value has no data>
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= C:\PROGRA~2\SupTab\SEARCH~1.DLL
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://www.key-find.com/?type=hp&ts=1396716590&from=tugs&uid=ST1000LM024XHN-M101MBB_S2RQJ9FBC07797
x64-mSearch Page = hxxp://www.key-find.com/web/?type=ds&ts=1396716590&from=tugs&uid=ST1000LM024XHN-M101MBB_S2RQJ9FBC07797&q={searchTerms}
x64-mDefault_Page_URL = hxxp://www.key-find.com/?type=hp&ts=1396716590&from=tugs&uid=ST1000LM024XHN-M101MBB_S2RQJ9FBC07797
x64-mDefault_Search_URL = hxxp://www.key-find.com/web/?type=ds&ts=1396716590&from=tugs&uid=ST1000LM024XHN-M101MBB_S2RQJ9FBC07797&q={searchTerms}
x64-BHO: HQVideoPlus1.3: {11111111-1111-1111-1111-110511311172} - C:\Program Files (x86)\HQVideoPlus1.3\HQVideoPlus1.3-bho64.dll
x64-BHO: MediaPlayerplus: {11111111-1111-1111-1111-110511421146} - C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-bho64.dll
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [IntelliType Pro] "C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-RunOnce: [46_939391117168] "C:\Users\john\AppData\Local\LMIR0001.tmp_r.bat"
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: AutorunsDisabled - <Clsid value has no data>
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\a2t44jh8.default-1396791581959\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\System32\drivers\klim6.sys [2012-8-2 29792]
R1 klpd;klpd;C:\windows\System32\drivers\klpd.sys [2013-4-12 15456]
R1 kltdi;kltdi;C:\windows\System32\drivers\kltdi.sys [2013-5-14 55904]
R1 kneps;kneps;C:\windows\System32\drivers\kneps.sys [2013-6-6 178272]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2012-2-1 13824]
R1 SDHookDriver;Hook Test Driver;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2014-4-6 63904]
R2 avp;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [2013-6-17 214512]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-6-13 498688]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-8-15 220504]
R2 IePluginService;IePlugin Service;C:\ProgramData\IePluginService\PluginService.exe -service --> C:\ProgramData\IePluginService\PluginService.exe -service [?]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Re-markit;Re-markit;C:\Program Files (x86)\Re-markit Corp\Re-markit158.exe [2014-4-5 143360]
R2 RIM MDNS;RIM MDNS;C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [2014-1-22 389632]
R2 RIM Tunnel Service;BlackBerry Link Communication Manager;C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [2014-1-22 1309696]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-4-6 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-4-6 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-4-6 171416]
R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\System32\drivers\TurboB.sys [2010-10-8 19192]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-2-1 364416]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-6-13 986112]
R3 BlackBerry Device Manager;BlackBerry Device Manager;C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [2014-1-21 585728]
R3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;C:\windows\System32\drivers\bpenum.sys [2011-5-18 84480]
R3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;C:\windows\System32\drivers\bpusb.sys [2011-5-18 83968]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2010-11-10 31088]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2012-2-1 186152]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2013-6-7 169752]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-11-6 342528]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\windows\System32\drivers\klkbdflt.sys [2013-5-5 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\windows\System32\drivers\klmouflt.sys [2013-5-5 29280]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2010-12-2 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2010-12-2 181248]
R3 rimvndis;BlackBerry Virtual Private Network;C:\windows\System32\drivers\rimvndis6_AMD64.sys [2013-9-12 17920]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-7-3 533096]
R3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2010-11-30 42392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;C:\windows\System32\drivers\bpmp.sys [2011-5-18 182272]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-3-12 111616]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-4 340240]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-3-5 19456]
S3 Samsung UPD Service;Samsung UPD Service;C:\windows\System32\SUPDSvc.exe [2012-2-1 166704]
S3 SWDUMon;SWDUMon;C:\windows\System32\drivers\SWDUMon.sys [2012-7-3 16152]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-2-21 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-3-5 30208]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-10-8 150016]
S3 usbrndis6;USB RNDIS6 Adapter;C:\windows\System32\drivers\usb80236.sys [2013-3-21 19968]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-5-12 1255736]
S4 klflt;klflt;C:\windows\System32\drivers\klflt.sys [2013-6-8 115296]
S4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-04-06 15:25:05 21040 ----a-w- C:\windows\System32\sdnclean64.exe
2014-04-06 15:25:04 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-04-06 15:19:40 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-06 14:57:39 354 ----a-w- C:\Users\john\AppData\Local\LMIR0001.tmp_r.bat
2014-04-06 13:10:35 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{42AAD976-9F39-4B8E-85F2-4BFF41E7086D}\offreg.dll
2014-04-05 21:50:47 -------- d-----w- C:\Program Files (x86)\SearchProtect
2014-04-05 16:52:21 -------- d-----w- C:\Program Files (x86)\Uninstaller
2014-04-05 16:51:14 -------- d-----w- C:\Users\john\AppData\Roaming\SupTab
2014-04-05 16:51:14 -------- d-----w- C:\ProgramData\IePluginService
2014-04-05 16:51:14 -------- d-----w- C:\Program Files (x86)\SupTab
2014-04-05 16:51:10 -------- d-----w- C:\Program Files (x86)\HaoZip
2014-04-05 16:50:18 -------- d-----w- C:\Program Files (x86)\MediaPlayerplus
2014-04-05 16:50:17 -------- d-----w- C:\Program Files (x86)\HQVideoPlus1.3
2014-04-05 16:49:47 -------- d-----w- C:\Users\john\AppData\Local\Programs
2014-04-05 16:49:45 -------- d-----w- C:\Program Files (x86)\Re-markit Corp
2014-04-04 13:22:34 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{42AAD976-9F39-4B8E-85F2-4BFF41E7086D}\mpengine.dll
2014-03-12 13:16:05 484864 ----a-w- C:\windows\System32\wer.dll
2014-03-12 13:15:36 624128 ----a-w- C:\windows\System32\qedit.dll
2014-03-12 13:15:36 509440 ----a-w- C:\windows\SysWow64\qedit.dll
.
==================== Find3M ====================
.
2014-04-05 17:13:54 16152 ----a-w- C:\windows\System32\drivers\SWDUMon.sys
2014-03-24 13:45:30 115296 ----a-w- C:\windows\System32\drivers\klflt.sys
2014-03-11 22:12:10 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-11 22:12:10 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-03-01 05:17:02 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-03-01 05:16:26 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-03-01 04:51:59 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-03-01 04:33:34 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-03-01 04:32:59 708608 ----a-w- C:\windows\System32\jscript9diag.dll
2014-03-01 04:23:49 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33 5768704 ----a-w- C:\windows\System32\jscript9.dll
2014-03-01 03:52:43 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35 553472 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11 2041856 ----a-w- C:\windows\System32\inetcpl.cpl
2014-03-01 03:14:15 4244480 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-03-01 03:10:28 2334208 ----a-w- C:\windows\System32\wininet.dll
2014-03-01 03:00:08 1964032 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- C:\windows\SysWow64\wininet.dll
2014-02-18 14:14:07 29280 ----a-w- C:\windows\System32\drivers\klkbdflt.sys
2014-02-07 01:23:30 3156480 ----a-w- C:\windows\System32\win32k.sys
2014-01-29 02:06:47 381440 ----a-w- C:\windows\SysWow64\wer.dll
2014-01-17 22:24:12 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx
2014-01-17 22:24:12 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts
.
============= FINISH: 12:45:08.03 ===============

Juliet
2014-04-06, 23:55
Don't worry about attaching zip files, just copy and paste the txt.'s in your reply

Please uninstall the following programs from your machine.
key-find uninstaller

If it's not there, just continue.


First where going to run rKill, this wont remove key-find but it will stop it from running so that the next program can remove it

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 6 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)
rkill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
rkill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
rkill.pif (http://download.bleepingcomputer.com/grinler/rkill.pif)
WiNlOgOn.exe (http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe)
uSeRiNiT.exe (http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe)



~~~~~~~~~~~~~~~~~~~

Note: You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message.

Run rkill repeatedly until it's able to do it's job. This may take a few tries.

You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.



Now you should download Emsisoft Anti-Malware (http://www.bleepingcomputer.com/download/emsisoft-antimalware/), which will clean the remnants of this infection for free. Please download and save the Emsisoft Anti-Malware setup program to your desktop from the link below:


The download is fairly large, so please be patient while it downloads.
Once the file has been downloaded, double-click on the EmsisoftAntiMalwareSetup.exe icon to start the program. If Windows Smart Screen issues an alert, please allow it to run anyway.
If the setup program displays an alert about safe mode, please click on the Yes button to continue. You should now see a dialog asking what language you would like to use. Please select the language you wish to use and press the OK button.
You will eventually get to a screen asking the mode that you wish to use Emsisoft Anti-Malware.
Click the Freeware Mode
You will now be at a screen asking if you wish to join Emsisoft's Anti-Malware network. Read the descriptions and uncheck the options that you wish to use. When you are ready click on the Next button.
Emsisoft Anti-Malware will now begin to update it's virus detections.
Please be patient as it may take a few minutes for the updates to finish downloading.
When the updates are completed, click on the Clean computer now button. Emsisoft Anti-Malware will start to load its scanning engine and then display a screen asking what type of scan you would like to perform.
Select the Deep scan
When its done click on the Quarantine Selected Objects button, which will remove the infections and place them in the program's quarantine. You will now be at the last screen of the Emsisoft Anti-Malware setup program, which you can close. If Emsisoft prompts you to reboot your computer to finish the clean up process, please allow it to do so. Otherwise you can close the program.






We now need to clean up the various Windows shortcuts that have been hijacked by Key-Find Browser Hijacker .
To do this, please download Shortcut Cleaner (http://www.bleepingcomputer.com/download/shortcut-cleaner/) from the following web page and save it to your Windows desktop.



Once the file is downloaded, double-click on the ss-cleaner.exe file that should now be on your desktop. If you are using Windows Vista, 7, or 8 you will need to allow it to run when the prompt appears. Shortcut Cleaner will now start and scan your computer for hijacked Windows shortcuts and if any are found it will automatically clean them for you. When it is done, it will show you a log that contains a list of shortcuts that were cleaned. When you have finished reviewing the log file, please close it and try setting Chome back to default as I posted previously


Any problems or questions let me know and also if key-find is gone.

Juliet
2014-04-21, 16:05
Due to the lack of feedback this Topic is closed.