Key-Find has high Jacked my Browser
- Thread starter autographshark
- Start date
- Status
autographshark
New member
Hiyman Log
I was so tired I fell asleep at the PC trying to run the program after work, Sorry! I didn't see the save log last night on the first scan. Today I ran a new scan and here is the second log.
I was so tired I fell asleep at the PC trying to run the program after work, Sorry! I didn't see the save log last night on the first scan. Today I ran a new scan and here is the second log.
Code:
HitmanPro 3.7.9.216
www.hitmanpro.com
Computer name . . . . : PC801713467250
Windows . . . . . . . : 5.1.3.2600.X86/2
User name . . . . . . : PC801713467250\kenneth
License . . . . . . . : Trial (30 days left)
Scan date . . . . . . : 2014-04-08 08:47:39
Scan mode . . . . . . : Normal
Scan duration . . . . : 10m 18s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 23
Objects scanned . . . : 761,823
Files scanned . . . . : 23,613
Remnants scanned . . : 213,936 files / 524,274 keys
Cookies _____________________________________________________________________
C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:2o7.net
C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ads.pointroll.com
C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:adtechus.com
C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:advertising.com
C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:at.atwola.com
C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:atdmt.com
C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:casalemedia.com
C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:fastclick.net
C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:interclick.com
C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:kontera.com
C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:media6degrees.com
C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:mediaplex.com
C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:pointroll.com
C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:questionmarket.com
C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ru4.com
C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com
C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:yieldmanager.net
C:\Documents and Settings\kenneth\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:zedo.com
ken545
Emeritus-Security Expert
Hi,
I don't see Key-Find in the second Hitman scan so not sure if it was removed or not
Internet Explorer
Firefox
Chrome
Then let me know if key find is still present
I don't see Key-Find in the second Hitman scan so not sure if it was removed or not
Internet Explorer
- Open Internet Explorer
- Click on Tools up on the top right
- Click on Manage Add Ons
- Click on Search Providers
- Highlite Key-Find and select Delete
Firefox
- Open Firefox
- Up on the Top Right in the Search Box , click on the down arrow and select Manage Search Engines
- Highlite Key-Find and select Delete
Chrome
- Open Chrome
- Click the Chrome menu
on the browser toolbar.
- Click on Settings
- Then Manage Search Engines
- Highlite Key Find and select Delete
Then let me know if key find is still present
autographshark
New member
Browsers
I manged to get IE to accept the changes and it's slow loading but it goes to my set page.
Firefox the down arrow will not allow me to see anything but the current page which is Key-Find.
Google Chrome, I deleted it before from the settings so it doesn't show up in settings manage search engines but goes to Key-Find still upon opening Google Chrome. If I hit the home button it goes to my set home page then.
I manged to get IE to accept the changes and it's slow loading but it goes to my set page.
Firefox the down arrow will not allow me to see anything but the current page which is Key-Find.
Google Chrome, I deleted it before from the settings so it doesn't show up in settings manage search engines but goes to Key-Find still upon opening Google Chrome. If I hit the home button it goes to my set home page then.
ken545
Emeritus-Security Expert
Lets set your browsers back to default
- Click the Chrome menu on the browser toolbar.
- Select Settings.
- Scroll down to Show advanced settings...
- Down on the bottom you will see an option for RESET BROWSER SETTINGS
- Click on it and it will set Chome back to defaults
- Open Firefox
- Click on Help > Troubleshooting Information > Reset Firefox to its default state
- Open IE
- Go to Tools> Internet Options > Advanced Tab
- Reset Internet Explorer Setting
- Reset
- This will take a few seconds
- Close IE and then reopen it and see if it helped
autographshark
New member
I have an idea
That worked on IE and Firefox. I have an idea, what if we uninstall Google Chrome and re install it?
That worked on IE and Firefox. I have an idea, what if we uninstall Google Chrome and re install it?
ken545
Emeritus-Security Expert
That may not work because when a program is installed most times its not completely uninstalled, there could be registry keys and what not still laying around part of key-find may be in there. It appears that this infection is making the rounds and a tutorial has been written for it, so far we / you have done pretty good, but lets do a couple of more things to make sure its completely gone
First where going to run rKill, this wont remove key-find but it will stop it from running so that the next program can remove it
Now you should download Emsisoft Anti-Malware, which will clean the remnants of this infection for free. Please download and save the Emsisoft Anti-Malware setup program to your desktop from the link below:
We now need to clean up the various Windows shortcuts that have been hijacked by Key-Find Browser Hijacker .
To do this, please download Shortcut Cleaner from the following web page and save it to your Windows desktop.
Once the file is downloaded, double-click on the ss-cleaner.exe file that should now be on your desktop. If you are using Windows Vista, 7, or 8 you will need to allow it to run when the prompt appears. Shortcut Cleaner will now start and scan your computer for hijacked Windows shortcuts and if any are found it will automatically clean them for you. When it is done, it will show you a log that contains a list of shortcuts that were cleaned. When you have finished reviewing the log file, please close it and try setting Chome back to default as I posted previously
Any problems or questions let me know and also if key-find is gone
First where going to run rKill, this wont remove key-find but it will stop it from running so that the next program can remove it
- Please download rkill (Courtesy of Bleepingcomputer.com).
- There are 5 different versions of this tool. If one of them will not run, please try the next one in the list.
- Note: Vista and Windows 7 Users must right click and select "Run as Administrator" to run the tool.
- Note: You only need to get one of the tools to run, not all of them.
1. rkill.exe
2. rkill.com
3. rkill.scr
4. WiNlOgOn.exe
5. uSeRiNiT.exe
- Note: You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message.
Run rkill repeatedly until it's able to do it's job. This may take a few tries.
You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.
Now you should download Emsisoft Anti-Malware, which will clean the remnants of this infection for free. Please download and save the Emsisoft Anti-Malware setup program to your desktop from the link below:
- The download is fairly large, so please be patient while it downloads.
- Once the file has been downloaded, double-click on the EmsisoftAntiMalwareSetup.exe icon to start the program. If Windows Smart Screen issues an alert, please allow it to run anyway.
- If the setup program displays an alert about safe mode, please click on the Yes button to continue. You should now see a dialog asking what language you would like to use. Please select the language you wish to use and press the OK button.
- You will eventually get to a screen asking the mode that you wish to use Emsisoft Anti-Malware.
- Click the Freeware Mode
- You will now be at a screen asking if you wish to join Emsisoft's Anti-Malware network. Read the descriptions and uncheck the options that you wish to use. When you are ready click on the Next button.
- Emsisoft Anti-Malware will now begin to update it's virus detections.
- Please be patient as it may take a few minutes for the updates to finish downloading.
- When the updates are completed, click on the Clean computer now button. Emsisoft Anti-Malware will start to load its scanning engine and then display a screen asking what type of scan you would like to perform.
- Select the Deep scan
- When its done click on the Quarantine Selected Objects button, which will remove the infections and place them in the program's quarantine. You will now be at the last screen of the Emsisoft Anti-Malware setup program, which you can close. If Emsisoft prompts you to reboot your computer to finish the clean up process, please allow it to do so. Otherwise you can close the program.
We now need to clean up the various Windows shortcuts that have been hijacked by Key-Find Browser Hijacker .
To do this, please download Shortcut Cleaner from the following web page and save it to your Windows desktop.
Once the file is downloaded, double-click on the ss-cleaner.exe file that should now be on your desktop. If you are using Windows Vista, 7, or 8 you will need to allow it to run when the prompt appears. Shortcut Cleaner will now start and scan your computer for hijacked Windows shortcuts and if any are found it will automatically clean them for you. When it is done, it will show you a log that contains a list of shortcuts that were cleaned. When you have finished reviewing the log file, please close it and try setting Chome back to default as I posted previously
Any problems or questions let me know and also if key-find is gone
autographshark
New member
rkill log
Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 04/09/2014 11:55:11 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* System Restore Disabled
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = dword:00000001
* ALERT: ZEROACCESS rootkit symptoms found!
* C:\Recycler\S-1-5-18\$a1d0c5961d66e3a4bb4dbce057b0ee27\ [ZA Dir]
* C:\Recycler\S-1-5-18\$a1d0c5961d66e3a4bb4dbce057b0ee27\@ [ZA File]
* C:\Recycler\S-1-5-18\$a1d0c5961d66e3a4bb4dbce057b0ee27\L\ [ZA Dir]
* C:\Recycler\S-1-5-18\$a1d0c5961d66e3a4bb4dbce057b0ee27\U\ [ZA Dir]
* C:\Recycler\S-1-5-18\$a1d0c5961d66e3a4bb4dbce057b0ee27\U\00000001.@ [ZA File]
* C:\RECYCLER\S-1-5-21-2420282109-1773090242-3309790634-1007\$a1d0c5961d66e3a4bb4dbce057b0ee27\ [ZA Dir]
* C:\RECYCLER\S-1-5-21-2420282109-1773090242-3309790634-1007\$a1d0c5961d66e3a4bb4dbce057b0ee27\@ [ZA File]
* C:\RECYCLER\S-1-5-21-2420282109-1773090242-3309790634-1007\$a1d0c5961d66e3a4bb4dbce057b0ee27\L\ [ZA Dir]
* C:\RECYCLER\S-1-5-21-2420282109-1773090242-3309790634-1007\$a1d0c5961d66e3a4bb4dbce057b0ee27\U\ [ZA Dir]
* Reparse Point/Junctions Found (Most likely legitimate)!
* C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
* C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35 => C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 [Dir]
Checking Windows Service Integrity:
* System Restore Service (srservice) is not Running.
Startup Type set to: Automatic
* System Restore Filter Driver (sr) is not Running.
Startup Type set to: Disabled
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
Program finished at: 04/09/2014 11:57:14 AM
Execution time: 0 hours(s), 2 minute(s), and 3 seconds(s)
Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 04/09/2014 11:55:11 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* System Restore Disabled
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = dword:00000001
* ALERT: ZEROACCESS rootkit symptoms found!
* C:\Recycler\S-1-5-18\$a1d0c5961d66e3a4bb4dbce057b0ee27\ [ZA Dir]
* C:\Recycler\S-1-5-18\$a1d0c5961d66e3a4bb4dbce057b0ee27\@ [ZA File]
* C:\Recycler\S-1-5-18\$a1d0c5961d66e3a4bb4dbce057b0ee27\L\ [ZA Dir]
* C:\Recycler\S-1-5-18\$a1d0c5961d66e3a4bb4dbce057b0ee27\U\ [ZA Dir]
* C:\Recycler\S-1-5-18\$a1d0c5961d66e3a4bb4dbce057b0ee27\U\00000001.@ [ZA File]
* C:\RECYCLER\S-1-5-21-2420282109-1773090242-3309790634-1007\$a1d0c5961d66e3a4bb4dbce057b0ee27\ [ZA Dir]
* C:\RECYCLER\S-1-5-21-2420282109-1773090242-3309790634-1007\$a1d0c5961d66e3a4bb4dbce057b0ee27\@ [ZA File]
* C:\RECYCLER\S-1-5-21-2420282109-1773090242-3309790634-1007\$a1d0c5961d66e3a4bb4dbce057b0ee27\L\ [ZA Dir]
* C:\RECYCLER\S-1-5-21-2420282109-1773090242-3309790634-1007\$a1d0c5961d66e3a4bb4dbce057b0ee27\U\ [ZA Dir]
* Reparse Point/Junctions Found (Most likely legitimate)!
* C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
* C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35 => C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 [Dir]
Checking Windows Service Integrity:
* System Restore Service (srservice) is not Running.
Startup Type set to: Automatic
* System Restore Filter Driver (sr) is not Running.
Startup Type set to: Disabled
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
Program finished at: 04/09/2014 11:57:14 AM
Execution time: 0 hours(s), 2 minute(s), and 3 seconds(s)
ken545
Emeritus-Security Expert
Good, it found entries for the Zero Access Rootkit but we ran TDSSKiller and it didnt find it, those entries are in the recycle bin and are harmless and we can deal with this later, there is no rootkit involved here
Go ahead and run the next two programs in the order I posted please, first Emsisoft and then the shortcut cleaner
Go ahead and run the next two programs in the order I posted please, first Emsisoft and then the shortcut cleaner
autographshark
New member
Success!
Emsisoft anti-malware stated it's trail had been used on this PC. After running Shortcut Cleaner we have success! Reset Goggle Chrome and re opened with and Key-Find was gone. Don't forget I'm running XP and need to see if I can upgrade to Windows 7. Here is the Shortcut Cleaner Log.
Shortcut Cleaner 1.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
http://www.bleepingcomputer.com/download/shortcut-cleaner/
Windows Version: Microsoft Windows XP Service Pack 3
Program started at: 04/09/2014 01:22:07 PM.
Scanning for registry hijacks:
* HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command "@" hijacked!
* HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "@" hijacked!
Backup Registry file created at:
C:\Documents and Settings\kenneth\Desktop\sc-cleaner\sc-cleaner-04-09-2014-01-22-07.reg
Searching for Hijacked Shortcuts:
Searching C:\Documents and Settings\kenneth\Start Menu\
* Shortcut Cleaned: C:\Documents and Settings\kenneth\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => C:\Program Files\Internet Explorer\iexplore.exe http://www.key-find.com/?type=sc&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144
* Shortcut Cleaned: C:\Documents and Settings\kenneth\Start Menu\Programs\Internet Explorer.lnk => C:\Program Files\Internet Explorer\iexplore.exe http://www.key-find.com/?type=sc&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144
Searching C:\Documents and Settings\All Users\Start Menu\
* Shortcut Cleaned: C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome\Google Chrome.lnk => C:\Program Files\Google\Chrome\Application\chrome.exe http://www.key-find.com/?type=sc&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144
* Shortcut Cleaned: C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox\Mozilla Firefox (Safe Mode).lnk => C:\Program Files\Mozilla Firefox\firefox.exe http://www.key-find.com/?type=sc&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144
* Shortcut Cleaned: C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox\Mozilla Firefox.lnk => C:\Program Files\Mozilla Firefox\firefox.exe http://www.key-find.com/?type=sc&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144
Searching C:\Documents and Settings\kenneth\Application Data\Microsoft\Internet Explorer\Quick Launch\
* Shortcut Cleaned: C:\Documents and Settings\kenneth\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => C:\Program Files\Google\Chrome\Application\chrome.exe http://www.key-find.com/?type=sc&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144
* Shortcut Cleaned: C:\Documents and Settings\kenneth\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => C:\Program Files\Internet Explorer\iexplore.exe http://www.key-find.com/?type=sc&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144
Searching C:\Documents and Settings\All Users\Desktop\
* Shortcut Cleaned: C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk => C:\Program Files\Google\Chrome\Application\chrome.exe http://www.key-find.com/?type=sc&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144
Searching C:\Documents and Settings\kenneth\Desktop
8 bad shortcuts found.
Program finished at: 04/09/2014 01:22:18 PM
Execution time: 0 hours(s), 0 minute(s), and 11 seconds(s)
Emsisoft anti-malware stated it's trail had been used on this PC. After running Shortcut Cleaner we have success! Reset Goggle Chrome and re opened with and Key-Find was gone. Don't forget I'm running XP and need to see if I can upgrade to Windows 7. Here is the Shortcut Cleaner Log.
Shortcut Cleaner 1.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
http://www.bleepingcomputer.com/download/shortcut-cleaner/
Windows Version: Microsoft Windows XP Service Pack 3
Program started at: 04/09/2014 01:22:07 PM.
Scanning for registry hijacks:
* HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command "@" hijacked!
* HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "@" hijacked!
Backup Registry file created at:
C:\Documents and Settings\kenneth\Desktop\sc-cleaner\sc-cleaner-04-09-2014-01-22-07.reg
Searching for Hijacked Shortcuts:
Searching C:\Documents and Settings\kenneth\Start Menu\
* Shortcut Cleaned: C:\Documents and Settings\kenneth\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => C:\Program Files\Internet Explorer\iexplore.exe http://www.key-find.com/?type=sc&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144
* Shortcut Cleaned: C:\Documents and Settings\kenneth\Start Menu\Programs\Internet Explorer.lnk => C:\Program Files\Internet Explorer\iexplore.exe http://www.key-find.com/?type=sc&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144
Searching C:\Documents and Settings\All Users\Start Menu\
* Shortcut Cleaned: C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome\Google Chrome.lnk => C:\Program Files\Google\Chrome\Application\chrome.exe http://www.key-find.com/?type=sc&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144
* Shortcut Cleaned: C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox\Mozilla Firefox (Safe Mode).lnk => C:\Program Files\Mozilla Firefox\firefox.exe http://www.key-find.com/?type=sc&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144
* Shortcut Cleaned: C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox\Mozilla Firefox.lnk => C:\Program Files\Mozilla Firefox\firefox.exe http://www.key-find.com/?type=sc&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144
Searching C:\Documents and Settings\kenneth\Application Data\Microsoft\Internet Explorer\Quick Launch\
* Shortcut Cleaned: C:\Documents and Settings\kenneth\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => C:\Program Files\Google\Chrome\Application\chrome.exe http://www.key-find.com/?type=sc&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144
* Shortcut Cleaned: C:\Documents and Settings\kenneth\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => C:\Program Files\Internet Explorer\iexplore.exe http://www.key-find.com/?type=sc&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144
Searching C:\Documents and Settings\All Users\Desktop\
* Shortcut Cleaned: C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk => C:\Program Files\Google\Chrome\Application\chrome.exe http://www.key-find.com/?type=sc&ts=1396235048&from=tugs&uid=SAMSUNGXHM160HI_S18PJDNSA10144
Searching C:\Documents and Settings\kenneth\Desktop
8 bad shortcuts found.
Program finished at: 04/09/2014 01:22:18 PM
Execution time: 0 hours(s), 0 minute(s), and 11 seconds(s)
ken545
Emeritus-Security Expert
Good,
Glad we got rid of that pest
Go back to my post # 4 and I linked you to the Win 7 advisor. If it says you can upgrade let me know and I can link you to one of our sister sites that can help you with the upgrade, if it says its not compatible than your just going to have to live with it . You can look around Amazon or eBay for an OEM version of Win 7 upgrade
Let me know how it went
Glad we got rid of that pest
Go back to my post # 4 and I linked you to the Win 7 advisor. If it says you can upgrade let me know and I can link you to one of our sister sites that can help you with the upgrade, if it says its not compatible than your just going to have to live with it . You can look around Amazon or eBay for an OEM version of Win 7 upgrade
Let me know how it went
autographshark
New member
This is the information from the Windows 7 update advisor
Windows 7 Upgrade Advisor Report
Computer Name:
Operating System: Windows XP Professional
CPU: Intel(R) Atom(TM) CPU N270 @ 1.60GHz
Memory: 1.0 GB
System Details
Custom installation required You'll need to perform a custom installation of 32-bit Windows 7 and then reinstall your programs. Make sure to back up your files before you begin.
Go online to get important information about installing Windows 7 on a PC running Windows XP
Outlook Express This program is no longer included in Windows 7. You can get similar programs for Windows 7 from other software manufacturers.
Go to the Microsoft website to learn more
More info from Hewlett-Packard Hewlett-Packard has a website that might give you more information about getting Windows 7 running on your PC.
Visit the Hewlett-Packard website
Windows Aero support Your graphics adapter supports the Windows Aero user interface.
Go online to learn more about Windows Aero
CPU speed: 1.6 GHz Your CPU meets the 1 GHz minimum requirement.
1.0 GB of RAM Your PC meets the 1 GB minimum requirement.
99.6 GB free space available on C: Your hard disk meets the minimum requirement of 16 GB free space for 32-bit Windows 7.
Devices Status Details
Atheros AR8132 PCI-E Fast Ethernet Controller
Atheros Compatible This device is compatible with Windows 7.
Broadcom 802.11b/g WLAN
Broadcom Compatible This device is compatible with Windows 7.
Canon MG3200 series Printer
Canon Check Windows Update Check Windows Update after installing Windows 7 to make sure you have the latest driver for this device, otherwise it may not work.
HP Webcam-50
Alcor Compatible This device is compatible with Windows 7.
IDT High Definition Audio CODEC
IDT Check Windows Update Check Windows Update after installing Windows 7 to make sure you have the latest driver for this device, otherwise it may not work.
KODAK ESP 3200 Series AiO
Eastman Kodak Company Check Windows Update Check Windows Update after installing Windows 7 to make sure you have the latest driver for this device, otherwise it may not work.
Mobile Intel(R) 945 Express Chipset Family
Intel Corporation Compatible This device is compatible with Windows 7.
Mobile Intel(R) 945 Express Chipset Family
Intel Corporation Compatible This device is compatible with Windows 7.
USB Mass Storage Device
Compatible USB storage device Compatible This device is compatible with Windows 7.
Programs Status Details
Advanced Registry Optimizer
version 5.3
Sammsoft Update available We don't have compatibility information about this version of the program.
Get an update to a compatible version
HP BatteryCheck 2.10 A2
version 2.10 A2
Hewlett-Packard Company Free update available We don't have compatibility information about this version of the program.
Get a free update to a compatible version
HP QuickSync
version 5.1.234.4788
Hewlett-Packard Free update available We don't have compatibility information about this version of the program.
Get a free update to a compatible version
QuickBooks Pro 2006 Paid update available We don't have compatibility information about this version of the program.
Get a paid update to a compatible version
Windows Live Sign-in Assistant
version 5.000.818.5
Microsoft Corporation Free update available We don't have compatibility information about this version of the program.
Get a free update to a compatible version
Windows Live Essentials
version 14.0.8117.0416
Microsoft Corporation This program has earned Microsoft's Compatible with Windows 7 logo. A free update to a newer version is also available.
Get the free update
Learn more about the Compatible with Windows 7 logo
Microsoft Visual C++ 2005 Redistributable
version 8.0.61001
Microsoft Corporation This program has earned Microsoft's Compatible with Windows 7 logo.
Learn more about the Compatible with Windows 7 logo
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
version 9.0.30729.6161
Microsoft Corporation This program has earned Microsoft's Compatible with Windows 7 logo.
Learn more about the Compatible with Windows 7 logo
Roxio BackOnTrack
version 1.3.0
Roxio This program has earned Microsoft's Compatible with Windows 7 logo.
Learn more about the Compatible with Windows 7 logo
Microsoft Office Enterprise 2007
version 12.0.6612.1000
Microsoft Corporation This program has earned Microsoft's Compatible with Windows 7 logo. A paid update to a newer version is also available.
Get the paid update
Learn more about the Compatible with Windows 7 logo
Microsoft Works
version 9.7.0621
Microsoft Corporation This program has earned Microsoft's Compatible with Windows 7 logo. A paid update to a newer version is also available.
Learn more about the Compatible with Windows 7 logo
Adobe Reader 9.5.5 MUI
version 9.5.5
Adobe Systems Incorporated Free update available This program is compatible with Windows 7. A free update is also available.
Get the free update
Adobe Shockwave Player 11.5
version 11.5.2.602
Adobe Systems, Inc. Free update available This program is compatible with Windows 7. A free update is also available.
Get the free update
Java 7 Update 51
version 7.0.510
Oracle Free update available This program is compatible with Windows 7. A free update is also available.
Get the free update
Microsoft .NET Framework 1.1 Free update available This program is compatible with Windows 7. A free update is also available.
Get the free update
Microsoft .NET Framework 2.0 Service Pack 2
version 2.2.30729
Microsoft Corporation Free update available This program is compatible with Windows 7. A free update is also available.
Get the free update
OpenOffice.org 3.4
version 3.4.9590
OpenOffice.org Free update available This program is compatible with Windows 7. A free update is also available.
Get the free update
Windows Internet Explorer 8
version 20090308.140743
Microsoft Corporation Free update available This program is compatible with Windows 7. A free update is also available.
Get the free update
Active@ ISO Burner
version 2.5.1
LSoft Technologies Compatible This program is compatible with Windows 7.
Canon Easy-WebPrint EX
version 1.3.5.0
Canon Inc. Compatible This program is compatible with Windows 7.
Canon IJ Network Scanner Selector EX
Canon Inc. Compatible This program is compatible with Windows 7.
Canon IJ Network Tool
version 3.1.0
Canon Inc. Compatible This program is compatible with Windows 7.
Canon IJ Scan Utility
Canon Inc. Compatible This program is compatible with Windows 7.
Canon My Printer
version 3.0.0
Canon Inc. Compatible This program is compatible with Windows 7.
Emsisoft Anti-Malware
version 8.1
Emsisoft GmbH Compatible This program is compatible with Windows 7.
ERUNT 1.1j
Lars Hederer Compatible This program is compatible with Windows 7.
GoogleToolbarNotifier
version 4.1.509.1944
Google Inc. Compatible This program is compatible with Windows 7.
Microsoft .NET Framework 3.0 Service Pack 2
version 3.2.30729
Microsoft Corporation Compatible This program is compatible with Windows 7.
Microsoft .NET Framework 3.5 SP1
version 3.5
Microsoft Corporation Compatible This program is compatible with Windows 7.
Microsoft .NET Framework 4 Client Profile
version 4.0
Microsoft Corporation Compatible This program is compatible with Windows 7.
Microsoft .NET Framework 4 Extended
version 4.0
Microsoft Corporation Compatible This program is compatible with Windows 7.
Microsoft Live Search Toolbar
version 3.0.560.0
Microsoft Live Search Toolbar Compatible This program is compatible with Windows 7.
Microsoft Office PowerPoint Viewer 2007 (English)
version 12.0.6612.1000
Microsoft Corporation Compatible This program is compatible with Windows 7.
Microsoft Silverlight
version 5.1.30214.0
Microsoft Corporation Compatible This program is compatible with Windows 7.
Microsoft SQL Server 2005 Compact Edition [ENU]
version 3.1.0000
Microsoft Corporation Compatible This program is compatible with Windows 7.
Mobipocket Reader 6.2
version 6.2.608
Mobipocket.com Compatible This program is compatible with Windows 7.
RealPlayer
version 16.0.3
RealNetworks Compatible This program is compatible with Windows 7.
Turbo Lister 2
version 2.00.0000
eBay Inc. Compatible This program is compatible with Windows 7.
Windows 7 Upgrade Advisor
version 2.0.5000.0
Microsoft Corporation Compatible This program is compatible with Windows 7.
Windows Live Sync
version 14.0.8117.416
Microsoft Corporation Compatible This program is compatible with Windows 7.
Windows Live Upload Tool
version 14.0.8014.1029
Microsoft Corporation Compatible This program is compatible with Windows 7.
Windows Media Player 11 Compatible This program is compatible with Windows 7.
Windows XP Mode is an optional feature available in Windows 7 Professional and Windows 7 Ultimate that has extra system requirements.
Visit the Windows XP Mode website for more information
Requirement Details
Virtualization technology not supported Your PC does not support hardware assisted virtualization technology.
1.0 GB of RAM Your PC memory doesn't meet the 2 GB requirement for running Windows XP Mode on 32-bit Windows 7. When running XP Mode, you might experience poor performance.
Extra 15 GB of free space Your PC meets the minimum requirement of 15 GB extra space for installing and running Windows XP Mode.
Windows 7 Upgrade Advisor Report
Computer Name:
Operating System: Windows XP Professional
CPU: Intel(R) Atom(TM) CPU N270 @ 1.60GHz
Memory: 1.0 GB
System Details
Custom installation required You'll need to perform a custom installation of 32-bit Windows 7 and then reinstall your programs. Make sure to back up your files before you begin.
Go online to get important information about installing Windows 7 on a PC running Windows XP
Outlook Express This program is no longer included in Windows 7. You can get similar programs for Windows 7 from other software manufacturers.
Go to the Microsoft website to learn more
More info from Hewlett-Packard Hewlett-Packard has a website that might give you more information about getting Windows 7 running on your PC.
Visit the Hewlett-Packard website
Windows Aero support Your graphics adapter supports the Windows Aero user interface.
Go online to learn more about Windows Aero
CPU speed: 1.6 GHz Your CPU meets the 1 GHz minimum requirement.
1.0 GB of RAM Your PC meets the 1 GB minimum requirement.
99.6 GB free space available on C: Your hard disk meets the minimum requirement of 16 GB free space for 32-bit Windows 7.
Devices Status Details
Atheros AR8132 PCI-E Fast Ethernet Controller
Atheros Compatible This device is compatible with Windows 7.
Broadcom 802.11b/g WLAN
Broadcom Compatible This device is compatible with Windows 7.
Canon MG3200 series Printer
Canon Check Windows Update Check Windows Update after installing Windows 7 to make sure you have the latest driver for this device, otherwise it may not work.
HP Webcam-50
Alcor Compatible This device is compatible with Windows 7.
IDT High Definition Audio CODEC
IDT Check Windows Update Check Windows Update after installing Windows 7 to make sure you have the latest driver for this device, otherwise it may not work.
KODAK ESP 3200 Series AiO
Eastman Kodak Company Check Windows Update Check Windows Update after installing Windows 7 to make sure you have the latest driver for this device, otherwise it may not work.
Mobile Intel(R) 945 Express Chipset Family
Intel Corporation Compatible This device is compatible with Windows 7.
Mobile Intel(R) 945 Express Chipset Family
Intel Corporation Compatible This device is compatible with Windows 7.
USB Mass Storage Device
Compatible USB storage device Compatible This device is compatible with Windows 7.
Programs Status Details
Advanced Registry Optimizer
version 5.3
Sammsoft Update available We don't have compatibility information about this version of the program.
Get an update to a compatible version
HP BatteryCheck 2.10 A2
version 2.10 A2
Hewlett-Packard Company Free update available We don't have compatibility information about this version of the program.
Get a free update to a compatible version
HP QuickSync
version 5.1.234.4788
Hewlett-Packard Free update available We don't have compatibility information about this version of the program.
Get a free update to a compatible version
QuickBooks Pro 2006 Paid update available We don't have compatibility information about this version of the program.
Get a paid update to a compatible version
Windows Live Sign-in Assistant
version 5.000.818.5
Microsoft Corporation Free update available We don't have compatibility information about this version of the program.
Get a free update to a compatible version
Windows Live Essentials
version 14.0.8117.0416
Microsoft Corporation This program has earned Microsoft's Compatible with Windows 7 logo. A free update to a newer version is also available.
Get the free update
Learn more about the Compatible with Windows 7 logo
Microsoft Visual C++ 2005 Redistributable
version 8.0.61001
Microsoft Corporation This program has earned Microsoft's Compatible with Windows 7 logo.
Learn more about the Compatible with Windows 7 logo
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
version 9.0.30729.6161
Microsoft Corporation This program has earned Microsoft's Compatible with Windows 7 logo.
Learn more about the Compatible with Windows 7 logo
Roxio BackOnTrack
version 1.3.0
Roxio This program has earned Microsoft's Compatible with Windows 7 logo.
Learn more about the Compatible with Windows 7 logo
Microsoft Office Enterprise 2007
version 12.0.6612.1000
Microsoft Corporation This program has earned Microsoft's Compatible with Windows 7 logo. A paid update to a newer version is also available.
Get the paid update
Learn more about the Compatible with Windows 7 logo
Microsoft Works
version 9.7.0621
Microsoft Corporation This program has earned Microsoft's Compatible with Windows 7 logo. A paid update to a newer version is also available.
Learn more about the Compatible with Windows 7 logo
Adobe Reader 9.5.5 MUI
version 9.5.5
Adobe Systems Incorporated Free update available This program is compatible with Windows 7. A free update is also available.
Get the free update
Adobe Shockwave Player 11.5
version 11.5.2.602
Adobe Systems, Inc. Free update available This program is compatible with Windows 7. A free update is also available.
Get the free update
Java 7 Update 51
version 7.0.510
Oracle Free update available This program is compatible with Windows 7. A free update is also available.
Get the free update
Microsoft .NET Framework 1.1 Free update available This program is compatible with Windows 7. A free update is also available.
Get the free update
Microsoft .NET Framework 2.0 Service Pack 2
version 2.2.30729
Microsoft Corporation Free update available This program is compatible with Windows 7. A free update is also available.
Get the free update
OpenOffice.org 3.4
version 3.4.9590
OpenOffice.org Free update available This program is compatible with Windows 7. A free update is also available.
Get the free update
Windows Internet Explorer 8
version 20090308.140743
Microsoft Corporation Free update available This program is compatible with Windows 7. A free update is also available.
Get the free update
Active@ ISO Burner
version 2.5.1
LSoft Technologies Compatible This program is compatible with Windows 7.
Canon Easy-WebPrint EX
version 1.3.5.0
Canon Inc. Compatible This program is compatible with Windows 7.
Canon IJ Network Scanner Selector EX
Canon Inc. Compatible This program is compatible with Windows 7.
Canon IJ Network Tool
version 3.1.0
Canon Inc. Compatible This program is compatible with Windows 7.
Canon IJ Scan Utility
Canon Inc. Compatible This program is compatible with Windows 7.
Canon My Printer
version 3.0.0
Canon Inc. Compatible This program is compatible with Windows 7.
Emsisoft Anti-Malware
version 8.1
Emsisoft GmbH Compatible This program is compatible with Windows 7.
ERUNT 1.1j
Lars Hederer Compatible This program is compatible with Windows 7.
GoogleToolbarNotifier
version 4.1.509.1944
Google Inc. Compatible This program is compatible with Windows 7.
Microsoft .NET Framework 3.0 Service Pack 2
version 3.2.30729
Microsoft Corporation Compatible This program is compatible with Windows 7.
Microsoft .NET Framework 3.5 SP1
version 3.5
Microsoft Corporation Compatible This program is compatible with Windows 7.
Microsoft .NET Framework 4 Client Profile
version 4.0
Microsoft Corporation Compatible This program is compatible with Windows 7.
Microsoft .NET Framework 4 Extended
version 4.0
Microsoft Corporation Compatible This program is compatible with Windows 7.
Microsoft Live Search Toolbar
version 3.0.560.0
Microsoft Live Search Toolbar Compatible This program is compatible with Windows 7.
Microsoft Office PowerPoint Viewer 2007 (English)
version 12.0.6612.1000
Microsoft Corporation Compatible This program is compatible with Windows 7.
Microsoft Silverlight
version 5.1.30214.0
Microsoft Corporation Compatible This program is compatible with Windows 7.
Microsoft SQL Server 2005 Compact Edition [ENU]
version 3.1.0000
Microsoft Corporation Compatible This program is compatible with Windows 7.
Mobipocket Reader 6.2
version 6.2.608
Mobipocket.com Compatible This program is compatible with Windows 7.
RealPlayer
version 16.0.3
RealNetworks Compatible This program is compatible with Windows 7.
Turbo Lister 2
version 2.00.0000
eBay Inc. Compatible This program is compatible with Windows 7.
Windows 7 Upgrade Advisor
version 2.0.5000.0
Microsoft Corporation Compatible This program is compatible with Windows 7.
Windows Live Sync
version 14.0.8117.416
Microsoft Corporation Compatible This program is compatible with Windows 7.
Windows Live Upload Tool
version 14.0.8014.1029
Microsoft Corporation Compatible This program is compatible with Windows 7.
Windows Media Player 11 Compatible This program is compatible with Windows 7.
Windows XP Mode is an optional feature available in Windows 7 Professional and Windows 7 Ultimate that has extra system requirements.
Visit the Windows XP Mode website for more information
Requirement Details
Virtualization technology not supported Your PC does not support hardware assisted virtualization technology.
1.0 GB of RAM Your PC memory doesn't meet the 2 GB requirement for running Windows XP Mode on 32-bit Windows 7. When running XP Mode, you might experience poor performance.
Extra 15 GB of free space Your PC meets the minimum requirement of 15 GB extra space for installing and running Windows XP Mode.
ken545
Emeritus-Security Expert
Good Morning,
Looks like your good to go with Windows 7. Don't know if you know about the difference between 32 and 64 bit operating system, it has to do with the file structure and how your hard drive is formatted and stores files, the newer computers are all 64 bit which supports large hard drives. I upgraded my laptop from Vista to Win 7 32 bit a few years ago and its still running just fine. If you do a upgrade I believe it saves your settings and restores them, a clean install is always better but costs a bit more. Before you run out and buy either the full version or an upgrade lets let the experts at Whatthetech guide you through it.
www.whatthetech.com
You can go here and register, like Safer Networking its free , after your registered then go to there windows forum and post, just tell them you want to upgrade to Win 7 from XP, let them know you have not purchased Win 7 yet and ask them what they suggest, an upgrade or clean install. When you post also post the win 7 upgrade advisor report so they can see where you stand
Windows Forum
http://forums.whatthetech.com/index.php?showforum=119
Whatever way you go you should always back up any important files or pictures that you don't want to lose, you can get a nice external hard drive from Seagate at Costco, don't quote me but there around $50 or so, you should have one anyway in case of hard drive failure in the future
This is where I leave you as we just do malware removal on this forum, good luck in whatever you decide to do
Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.
Malwarebytes is the free version and yours to keep and will not be removed
Safe Surfn
Ken
Looks like your good to go with Windows 7. Don't know if you know about the difference between 32 and 64 bit operating system, it has to do with the file structure and how your hard drive is formatted and stores files, the newer computers are all 64 bit which supports large hard drives. I upgraded my laptop from Vista to Win 7 32 bit a few years ago and its still running just fine. If you do a upgrade I believe it saves your settings and restores them, a clean install is always better but costs a bit more. Before you run out and buy either the full version or an upgrade lets let the experts at Whatthetech guide you through it.
www.whatthetech.com
You can go here and register, like Safer Networking its free , after your registered then go to there windows forum and post, just tell them you want to upgrade to Win 7 from XP, let them know you have not purchased Win 7 yet and ask them what they suggest, an upgrade or clean install. When you post also post the win 7 upgrade advisor report so they can see where you stand
Windows Forum
http://forums.whatthetech.com/index.php?showforum=119
Whatever way you go you should always back up any important files or pictures that you don't want to lose, you can get a nice external hard drive from Seagate at Costco, don't quote me but there around $50 or so, you should have one anyway in case of hard drive failure in the future
This is where I leave you as we just do malware removal on this forum, good luck in whatever you decide to do
Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.
Malwarebytes is the free version and yours to keep and will not be removed
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.- Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
- WhattheTech
- Grinler BleepingComputer
- GeeksTo Go
- Dslreports
Safe Surfn
Ken
autographshark
New member
I wish to say thanks!
Hi, Ken from one Ken to another I would like to say thanks so much for your time and patience in this matter! I may have to get my wife's notebook cleaned and upgraded to windows 7 also. Again many thanks.
Ken:yahoo:
Hi, Ken from one Ken to another I would like to say thanks so much for your time and patience in this matter! I may have to get my wife's notebook cleaned and upgraded to windows 7 also. Again many thanks.
Ken:yahoo:
- Status