Results 1 to 3 of 3

Thread: KEY-FIND.COM has hijacked my system also #2 Post

  1. #1
    Junior Member
    Join Date
    Apr 2014
    Posts
    2

    Default KEY-FIND.COM has hijacked my system also #2 Post

    I was instructed to do the downloads and attach files for inspection. I have a couple of issues,

    1. I cannot copy and paste the zipped "attach" file. The copy function works, the paste is unavailable. It is the same with the MBR.dat.

    I could use some guidance.

    2. When KEY-FIND has your (my system) any download, load, update must be very carefully inspected. I am constantly, while in the process, being redirected, offered software, and suggestions of things I cannot live with out. Further, Explorer crashes, warns and objects constantly during the process.

    I am hoping this will assist others while fighting it

    To the person assisting me. Thank you in advance. I would love to provide the additional files.

    Nick






    (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.16521 BrowserJavaVersion: 10.51.2
    Run by john at 12:44:04 on 2014-04-06
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6058.3250 [GMT -5:00]
    .
    AV: Spybot - Search and Destroy *Enabled/Updated* {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
    AV: Kaspersky Internet Security *Enabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
    SP: Kaspersky Internet Security *Enabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    FW: Kaspersky Internet Security *Enabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k GPSvcGroup
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\system32\WLANExt.exe
    C:\ProgramData\IePluginService\PluginService.exe
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
    C:\windows\system32\Dwm.exe
    C:\windows\system32\taskhost.exe
    C:\windows\Explorer.EXE
    C:\windows\system32\taskeng.exe
    C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
    C:\Program Files (x86)\Re-markit Corp\Re-markit_wd.exe
    C:\windows\system32\taskeng.exe
    C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe
    C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
    C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
    C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files (x86)\Re-markit Corp\Re-markit158.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
    C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
    C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
    C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    C:\windows\system32\wbem\unsecapp.exe
    C:\windows\system32\wbem\unsecapp.exe
    C:\windows\system32\igfxext.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
    C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
    C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
    C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
    C:\windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
    C:\Program Files (x86)\FixCleaner\FixCleaner.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\windows\system32\Macromed\Flash\FlashUtil64_12_0_0_77_ActiveX.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\program files (x86)\hqvideoplus1.3\hqvideoplus1.3-bg.exe
    C:\program files (x86)\mediaplayerplus\mediaplayerplus-bg.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.bloomberg.com/
    uSearch Bar = Preserve
    uDefault_Page_URL = hxxp://www.key-find.com/?type=hp&ts=1396716590&from=tugs&uid=ST1000LM024XHN-M101MBB_S2RQJ9FBC07797
    mStart Page = hxxp://www.key-find.com/?type=hp&ts=1396716590&from=tugs&uid=ST1000LM024XHN-M101MBB_S2RQJ9FBC07797
    mSearch Page = hxxp://www.key-find.com/web/?type=ds&ts=1396716590&from=tugs&uid=ST1000LM024XHN-M101MBB_S2RQJ9FBC07797&q={searchTerms}
    mDefault_Page_URL = hxxp://www.key-find.com/?type=hp&ts=1396716590&from=tugs&uid=ST1000LM024XHN-M101MBB_S2RQJ9FBC07797
    mDefault_Search_URL = hxxp://www.key-find.com/web/?type=ds&ts=1396716590&from=tugs&uid=ST1000LM024XHN-M101MBB_S2RQJ9FBC07797&q={searchTerms}
    uProxyServer = hxxp=127.0.0.1:13828
    mWinlogon: Userinit = userinit.exe
    BHO: HQVideoPlus1.3: {11111111-1111-1111-1111-110511311172} - C:\Program Files (x86)\HQVideoPlus1.3\HQVideoPlus1.3-bho.dll
    BHO: MediaPlayerplus: {11111111-1111-1111-1111-110511421146} - C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-bho.dll
    BHO: IETabPage Class: {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll
    BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
    BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
    BHO: Samsung BHO Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - <orphaned>
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    mRun: [RIM PeerManager] "C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe"
    mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    StartupFolder: C:\Users\john\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
    uPolicies-Explorer: NoThumbnailCache = dword:1
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ie_banner_deny.htm
    IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
    TCP: NameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{3948824D-B2F4-423C-A1D2-78CAED095655} : DHCPNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{5122CF9C-D1ED-4500-A2EC-5209B8F68E16} : DHCPNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{5122CF9C-D1ED-4500-A2EC-5209B8F68E16}\77F6C6669656 : DHCPNameServer = 209.18.47.61 209.18.47.62
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: AutorunsDisabled - <Clsid value has no data>
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Notify: SDWinLogon - SDWinLogon.dll
    AppInit_DLLs= C:\PROGRA~2\SupTab\SEARCH~1.DLL
    SSODL: WebCheck - <orphaned>
    x64-mStart Page = hxxp://www.key-find.com/?type=hp&ts=1396716590&from=tugs&uid=ST1000LM024XHN-M101MBB_S2RQJ9FBC07797
    x64-mSearch Page = hxxp://www.key-find.com/web/?type=ds&ts=1396716590&from=tugs&uid=ST1000LM024XHN-M101MBB_S2RQJ9FBC07797&q={searchTerms}
    x64-mDefault_Page_URL = hxxp://www.key-find.com/?type=hp&ts=1396716590&from=tugs&uid=ST1000LM024XHN-M101MBB_S2RQJ9FBC07797
    x64-mDefault_Search_URL = hxxp://www.key-find.com/web/?type=ds&ts=1396716590&from=tugs&uid=ST1000LM024XHN-M101MBB_S2RQJ9FBC07797&q={searchTerms}
    x64-BHO: HQVideoPlus1.3: {11111111-1111-1111-1111-110511311172} - C:\Program Files (x86)\HQVideoPlus1.3\HQVideoPlus1.3-bho64.dll
    x64-BHO: MediaPlayerplus: {11111111-1111-1111-1111-110511421146} - C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-bho64.dll
    x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
    x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
    x64-Run: [IntelliType Pro] "C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
    x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
    x64-RunOnce: [46_939391117168] "C:\Users\john\AppData\Local\LMIR0001.tmp_r.bat"
    x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: AutorunsDisabled - <Clsid value has no data>
    x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\a2t44jh8.default-1396791581959\
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\System32\drivers\klim6.sys [2012-8-2 29792]
    R1 klpd;klpd;C:\windows\System32\drivers\klpd.sys [2013-4-12 15456]
    R1 kltdi;kltdi;C:\windows\System32\drivers\kltdi.sys [2013-5-14 55904]
    R1 kneps;kneps;C:\windows\System32\drivers\kneps.sys [2013-6-6 178272]
    R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2012-2-1 13824]
    R1 SDHookDriver;Hook Test Driver;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2014-4-6 63904]
    R2 avp;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [2013-6-17 214512]
    R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-6-13 498688]
    R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-8-15 220504]
    R2 IePluginService;IePlugin Service;C:\ProgramData\IePluginService\PluginService.exe -service --> C:\ProgramData\IePluginService\PluginService.exe -service [?]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
    R2 Re-markit;Re-markit;C:\Program Files (x86)\Re-markit Corp\Re-markit158.exe [2014-4-5 143360]
    R2 RIM MDNS;RIM MDNS;C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [2014-1-22 389632]
    R2 RIM Tunnel Service;BlackBerry Link Communication Manager;C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [2014-1-22 1309696]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-4-6 3921880]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-4-6 1042272]
    R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-4-6 171416]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\System32\drivers\TurboB.sys [2010-10-8 19192]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-2-1 364416]
    R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-6-13 986112]
    R3 BlackBerry Device Manager;BlackBerry Device Manager;C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [2014-1-21 585728]
    R3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;C:\windows\System32\drivers\bpenum.sys [2011-5-18 84480]
    R3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;C:\windows\System32\drivers\bpusb.sys [2011-5-18 83968]
    R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2010-11-10 31088]
    R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2012-2-1 186152]
    R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2013-6-7 169752]
    R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-11-6 342528]
    R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\windows\System32\drivers\klkbdflt.sys [2013-5-5 29280]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\windows\System32\drivers\klmouflt.sys [2013-5-5 29280]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2010-12-2 80384]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2010-12-2 181248]
    R3 rimvndis;BlackBerry Virtual Private Network;C:\windows\System32\drivers\rimvndis6_AMD64.sys [2013-9-12 17920]
    R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-7-3 533096]
    R3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2010-11-30 42392]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
    S3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;C:\windows\System32\drivers\bpmp.sys [2011-5-18 182272]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-3-12 111616]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-4 340240]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-3-5 19456]
    S3 Samsung UPD Service;Samsung UPD Service;C:\windows\System32\SUPDSvc.exe [2012-2-1 166704]
    S3 SWDUMon;SWDUMon;C:\windows\System32\drivers\SWDUMon.sys [2012-7-3 16152]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-2-21 56832]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-3-5 30208]
    S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-10-8 150016]
    S3 usbrndis6;USB RNDIS6 Adapter;C:\windows\System32\drivers\usb80236.sys [2013-3-21 19968]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-5-12 1255736]
    S4 klflt;klflt;C:\windows\System32\drivers\klflt.sys [2013-6-8 115296]
    S4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2014-04-06 15:25:05 21040 ----a-w- C:\windows\System32\sdnclean64.exe
    2014-04-06 15:25:04 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2014-04-06 15:19:40 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
    2014-04-06 14:57:39 354 ----a-w- C:\Users\john\AppData\Local\LMIR0001.tmp_r.bat
    2014-04-06 13:10:35 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{42AAD976-9F39-4B8E-85F2-4BFF41E7086D}\offreg.dll
    2014-04-05 21:50:47 -------- d-----w- C:\Program Files (x86)\SearchProtect
    2014-04-05 16:52:21 -------- d-----w- C:\Program Files (x86)\Uninstaller
    2014-04-05 16:51:14 -------- d-----w- C:\Users\john\AppData\Roaming\SupTab
    2014-04-05 16:51:14 -------- d-----w- C:\ProgramData\IePluginService
    2014-04-05 16:51:14 -------- d-----w- C:\Program Files (x86)\SupTab
    2014-04-05 16:51:10 -------- d-----w- C:\Program Files (x86)\HaoZip
    2014-04-05 16:50:18 -------- d-----w- C:\Program Files (x86)\MediaPlayerplus
    2014-04-05 16:50:17 -------- d-----w- C:\Program Files (x86)\HQVideoPlus1.3
    2014-04-05 16:49:47 -------- d-----w- C:\Users\john\AppData\Local\Programs
    2014-04-05 16:49:45 -------- d-----w- C:\Program Files (x86)\Re-markit Corp
    2014-04-04 13:22:34 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{42AAD976-9F39-4B8E-85F2-4BFF41E7086D}\mpengine.dll
    2014-03-12 13:16:05 484864 ----a-w- C:\windows\System32\wer.dll
    2014-03-12 13:15:36 624128 ----a-w- C:\windows\System32\qedit.dll
    2014-03-12 13:15:36 509440 ----a-w- C:\windows\SysWow64\qedit.dll
    .
    ==================== Find3M ====================
    .
    2014-04-05 17:13:54 16152 ----a-w- C:\windows\System32\drivers\SWDUMon.sys
    2014-03-24 13:45:30 115296 ----a-w- C:\windows\System32\drivers\klflt.sys
    2014-03-11 22:12:10 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-03-11 22:12:10 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
    2014-03-01 05:17:02 2724864 ----a-w- C:\windows\System32\mshtml.tlb
    2014-03-01 05:16:26 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
    2014-03-01 04:52:55 66048 ----a-w- C:\windows\System32\iesetup.dll
    2014-03-01 04:51:59 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
    2014-03-01 04:33:52 139264 ----a-w- C:\windows\System32\ieUnatt.exe
    2014-03-01 04:33:34 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
    2014-03-01 04:32:59 708608 ----a-w- C:\windows\System32\jscript9diag.dll
    2014-03-01 04:23:49 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
    2014-03-01 04:11:20 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2014-03-01 03:54:33 5768704 ----a-w- C:\windows\System32\jscript9.dll
    2014-03-01 03:52:43 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
    2014-03-01 03:51:53 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
    2014-03-01 03:38:26 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
    2014-03-01 03:37:35 553472 ----a-w- C:\windows\SysWow64\jscript9diag.dll
    2014-03-01 03:35:11 2041856 ----a-w- C:\windows\System32\inetcpl.cpl
    2014-03-01 03:14:15 4244480 ----a-w- C:\windows\SysWow64\jscript9.dll
    2014-03-01 03:10:28 2334208 ----a-w- C:\windows\System32\wininet.dll
    2014-03-01 03:00:08 1964032 ----a-w- C:\windows\SysWow64\inetcpl.cpl
    2014-03-01 02:32:16 1820160 ----a-w- C:\windows\SysWow64\wininet.dll
    2014-02-18 14:14:07 29280 ----a-w- C:\windows\System32\drivers\klkbdflt.sys
    2014-02-07 01:23:30 3156480 ----a-w- C:\windows\System32\win32k.sys
    2014-01-29 02:06:47 381440 ----a-w- C:\windows\SysWow64\wer.dll
    2014-01-17 22:24:12 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx
    2014-01-17 22:24:12 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts
    .
    ============= FINISH: 12:45:08.03 ===============

  2. #2
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,847

    Default

    Don't worry about attaching zip files, just copy and paste the txt.'s in your reply

    Please uninstall the following programs from your machine.
    key-find uninstaller

    If it's not there, just continue.


    First where going to run rKill, this wont remove key-find but it will stop it from running so that the next program can remove it

    Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
    There are 6 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click and choose Run as Admin
    You only need to get one of them to run, not all of them.
    1. rkill.exe
    2. rkill.com
    3. rkill.scr
    4. rkill.pif
    5. WiNlOgOn.exe
    6. uSeRiNiT.exe



    ~~~~~~~~~~~~~~~~~~~

    • Note: You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message.

      Run rkill repeatedly until it's able to do it's job. This may take a few tries.

      You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.



    Now you should download Emsisoft Anti-Malware, which will clean the remnants of this infection for free. Please download and save the Emsisoft Anti-Malware setup program to your desktop from the link below:

    • The download is fairly large, so please be patient while it downloads.
    • Once the file has been downloaded, double-click on the EmsisoftAntiMalwareSetup.exe icon to start the program. If Windows Smart Screen issues an alert, please allow it to run anyway.
    • If the setup program displays an alert about safe mode, please click on the Yes button to continue. You should now see a dialog asking what language you would like to use. Please select the language you wish to use and press the OK button.
    • You will eventually get to a screen asking the mode that you wish to use Emsisoft Anti-Malware.
    • Click the Freeware Mode
    • You will now be at a screen asking if you wish to join Emsisoft's Anti-Malware network. Read the descriptions and uncheck the options that you wish to use. When you are ready click on the Next button.
    • Emsisoft Anti-Malware will now begin to update it's virus detections.
    • Please be patient as it may take a few minutes for the updates to finish downloading.
    • When the updates are completed, click on the Clean computer now button. Emsisoft Anti-Malware will start to load its scanning engine and then display a screen asking what type of scan you would like to perform.
    • Select the Deep scan
    • When its done click on the Quarantine Selected Objects button, which will remove the infections and place them in the program's quarantine. You will now be at the last screen of the Emsisoft Anti-Malware setup program, which you can close. If Emsisoft prompts you to reboot your computer to finish the clean up process, please allow it to do so. Otherwise you can close the program.






    We now need to clean up the various Windows shortcuts that have been hijacked by Key-Find Browser Hijacker .
    To do this, please download Shortcut Cleaner from the following web page and save it to your Windows desktop.



    Once the file is downloaded, double-click on the ss-cleaner.exe file that should now be on your desktop. If you are using Windows Vista, 7, or 8 you will need to allow it to run when the prompt appears. Shortcut Cleaner will now start and scan your computer for hijacked Windows shortcuts and if any are found it will automatically clean them for you. When it is done, it will show you a log that contains a list of shortcuts that were cleaned. When you have finished reviewing the log file, please close it and try setting Chome back to default as I posted previously


    Any problems or questions let me know and also if key-find is gone.
    Last edited by Juliet; 2014-04-09 at 18:58.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,847

    Default

    Due to the lack of feedback this Topic is closed.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •