1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Google Redirect Virus from MusicFrost

Discussion in 'Virus & Other Malware Removal' started by troncalli01, Jun 9, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. troncalli01

    troncalli01 Thread Starter

    Joined:
    Apr 7, 2010
    Messages:
    36
    I believe that I have the Google Redirect Virus, obtained from a MusicFrost download. This affects searching only from the Google search bar, not the google website itself.
    (I did notice a change in default names from Google to Google custom search, that cannot be manually changed from options or default settings.) I have run ZoneAlarm anti-virus, Eusing Registry Cleaner, and SuperAntiSpyware with no change. I have not noticed any major problems other than getting redirected to a different search engine.
    The programs/logs below were run after disabling ZoneAlarm Security.

    Thank you in advance for any suggestions/fixes that may help remove this virus.

    Tech Support Guy System Info Utility version 1.0.0.1
    OS Version: Microsoft® Windows Vista™ Business , Service Pack 2, 32 bit
    Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz, x64 Family 6 Model 23 Stepping 10
    Processor Count: 2
    RAM: 1943 Mb
    Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 748 Mb
    Hard Drives: C: Total - 141125 MB, Free - 84450 MB; Q: Total - 9999 MB, Free - 3827 MB; S: Total - 1498 MB, Free - 705 MB;
    Motherboard: LENOVO, 6475CTO, Not Available, VF26F93P00G
    Antivirus: ZoneAlarm Extreme Security Antivirus, Disabled

    Here are my logs:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:41:13 PM, on 6/9/2011
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.19019)
    Boot mode: Normal
    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10q_ActiveX.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.reuters.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: GSService - Unknown owner - C:\Windows\system32\GSService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\Windows\system32\ibmpmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: ZoneAlarm ForceField IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
    O23 - Service: lxebCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxebserv.exe
    O23 - Service: lxeb_device - - C:\Windows\system32\lxebcoms.exe
    O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: STSService - Unknown owner - C:\Program Files\SoundTaxi Media Suite\STSService.exe
    O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\Program Files\Lenovo\System Update\SUService.exe
    O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
    O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
    O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
    O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
    O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    --
    End of file - 6344 bytes

    .
    DDS (Ver_2011-06-03.01) - NTFSx86
    Internet Explorer: 8.0.6001.19019
    Run by Owner at 12:41:35 on 2011-06-09
    Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.1943.1142 [GMT -4:00]
    .
    AV: ZoneAlarm Extreme Security Antivirus *Disabled/Updated* {E9467272-859A-F159-FA9E-55E7E32D7A25}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: ZoneAlarm Extreme Security Anti-Spyware *Disabled/Updated* {52279396-A3A0-FED7-C02E-6E9598AA3098}
    FW: ZoneAlarm Extreme Security Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\ibmpmsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Intel\AMT\LMS.exe
    C:\Windows\system32\lxebcoms.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    C:\Windows\System32\TPHDEXLG.exe
    C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    c:\Program Files\Lenovo\System Update\SUService.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10q_ActiveX.exe
    C:\Windows\system32\msiexec.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.reuters.com/
    mURLSearchHooks: H - No File
    mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
    IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{A407F9B0-5E62-4960-A183-F08E5C1E6737} : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{B3B9084E-DF36-4BD5-87F2-2D5FB7B68FF5} : DhcpNameServer = 192.168.1.254
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    Notify: igfxcui - igfxdev.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\5p43keoo.default\
    FF - prefs.js: browser.startup.homepage -
    FF - prefs.js: keyword.URL - hxxp://search.musicfrost.com/results.php?q=
    FF - prefs.js: browser.search.selectedEngine - MFGSearch.NET
    FF - prefs.js: browser.startup.homepage - hxxp://search.musicfrost.com
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\MozillaDownload.dll
    FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\MozillaExtensions.dll
    FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: ForceField Toolbar: {FFB96CC1-7EB3-449D-B827-DB661701C6BB} - c:\program files\checkpoint\zaforcefield\TrustChecker
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-5-14 19496]
    R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-5-19 13480]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 67656]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2010-3-16 26352]
    R2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2010-3-16 493032]
    R2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe -service --> c:\windows\system32\lxebcoms.exe -service [?]
    R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-7-15 35088]
    R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2008-12-28 66848]
    R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2008-9-23 53325]
    R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-5-24 520192]
    R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2008-12-28 2058776]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2010-4-9 220152]
    R3 icsak;icsak;c:\program files\checkpoint\zaforcefield\ak\icsak.sys [2010-3-16 35568]
    R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2010-1-13 6628352]
    R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-2-22 37312]
    S1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-5-24 48192]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-9 136176]
    S2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxebserv.exe [2010-4-14 193192]
    S2 SessionLauncher;SessionLauncher; [x]
    S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-24 253952]
    S3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2008-12-28 3881472]
    S3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2008-12-28 54784]
    S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh6.sys [2009-5-5 671736]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-4-11 54632]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
    S3 GSService;GSService;c:\windows\system32\GSService.exe [2011-2-12 122880]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-9 136176]
    S3 intelkmd;intelkmd;c:\windows\system32\drivers\igdkmd32.sys [2009-5-7 4740096]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-1-20 21504]
    S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-25 1120752]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
    S3 STSService;STSService;c:\program files\soundtaxi media suite\STSService.exe [2011-2-1 385024]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2011-06-09 16:38:05 388096 ----a-r- c:\users\owner\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-06-09 16:38:04 -------- d-----w- c:\program files\Trend Micro
    2011-06-08 21:06:11 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-06-08 20:50:28 -------- d-----w- C:\lkouch12327657l
    2011-06-08 20:20:41 98816 ----a-w- c:\windows\sed.exe
    2011-06-08 20:20:41 518144 ----a-w- c:\windows\SWREG.exe
    2011-06-08 20:20:41 256512 ----a-w- c:\windows\PEV.exe
    2011-06-08 20:20:41 208896 ----a-w- c:\windows\MBR.exe
    2011-06-08 20:20:25 -------- d-----w- C:\lkouch123
    2011-06-08 19:15:56 -------- d-----w- c:\users\owner\appdata\roaming\SPE
    2011-05-21 03:00:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-19 19:05:22 200704 ----a-w- c:\windows\system32\vbalExpBar6.ocx
    2011-05-19 19:05:21 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
    2011-05-19 19:05:21 15360 ----a-w- c:\windows\system32\inetfr.DLL
    2011-05-19 19:05:21 119568 ----a-w- c:\windows\system32\VB6FR.DLL
    2011-05-19 19:05:21 115920 ----a-w- c:\windows\system32\msinet.OCX
    2011-05-19 19:05:21 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
    2011-05-19 19:05:20 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
    2011-05-19 19:05:20 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
    2011-05-19 19:05:20 -------- d-----w- c:\users\owner\appdata\roaming\FreeBurner
    2011-05-19 19:05:20 -------- d-----w- c:\program files\Free Easy Burner
    .
    ==================== Find3M ====================
    .
    2011-03-28 00:59:18 4096 ----a-w- c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui
    2011-03-28 00:59:17 369664 ----a-w- c:\windows\system32\WMPhoto.dll
    2011-03-28 00:59:17 252928 ----a-w- c:\windows\system32\dxdiag.exe
    2011-03-28 00:59:17 195584 ----a-w- c:\windows\system32\dxdiagn.dll
    2011-03-28 00:59:16 519680 ----a-w- c:\windows\system32\d3d11.dll
    2011-03-28 00:59:15 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2011-03-28 00:59:15 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
    2011-03-28 00:59:15 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
    .
    ============= FINISH: 12:42:26.11 ===============

    DDS (Ver_2011-06-03.01)
    .
    Microsoft® Windows Vista™ Business
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/28/2008 2:46:15 AM
    System Uptime: 6/8/2011 5:11:32 PM (19 hours ago)
    .
    Motherboard: LENOVO | | 6475CTO
    Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz | None | 2267/266mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 138 GiB total, 83.647 GiB free.
    D: is CDROM ()
    Q: is FIXED (NTFS) - 10 GiB total, 3.737 GiB free.
    S: is FIXED (NTFS) - 1 GiB total, 0.689 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0000
    Manufacturer: Microsoft
    Name: 6TO4 Adapter
    PNP Device ID: ROOT\*6TO4MP\0000
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0002
    Manufacturer: Microsoft
    Name: isatap.{A407F9B0-5E62-4960-A183-F08E5C1E6737}
    PNP Device ID: ROOT\*ISATAP\0002
    Service: tunnel
    .
    ==== System Restore Points ===================
    .
    RP376: 5/28/2011 12:39:51 PM - Scheduled Checkpoint
    RP377: 5/29/2011 1:51:26 AM - Scheduled Checkpoint
    RP378: 5/30/2011 12:04:14 AM - Scheduled Checkpoint
    RP379: 6/2/2011 4:39:24 PM - Scheduled Checkpoint
    RP380: 6/4/2011 12:00:06 AM - Scheduled Checkpoint
    RP381: 6/5/2011 12:01:54 AM - Scheduled Checkpoint
    RP382: 6/6/2011 12:21:37 AM - Scheduled Checkpoint
    RP383: 6/7/2011 12:00:42 AM - Scheduled Checkpoint
    RP384: 6/7/2011 11:20:03 PM - Windows Update
    RP385: 6/8/2011 2:20:49 PM - Scheduled Checkpoint
    RP386: 6/9/2011 12:34:51 PM - Removed HiJackThis
    RP387: 6/9/2011 12:37:35 PM - Installed HiJackThis
    .
    ==== Installed Programs ======================
    .
    .
    123 Free Solitaire 2009 v7.2
    ABBYY FineReader 6.0 Sprint
    Adobe Download Manager
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.3
    AnyMedia Player 1.2.7
    Apple Application Support
    Apple Software Update
    Ask Toolbar
    Catalyst Control Center InstallProxy
    Client Security - Password Manager
    Conexant 20561 SmartAudio HD
    Coupon Printer for Windows
    DirectXInstallService
    doPDF 6.2 printer
    Eusing Free Registry Cleaner
    Free Easy Burner V 4.4.1
    Google Toolbar for Internet Explorer
    Google Update Helper
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Intel PROSet Wireless
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Interface
    Intel(R) Network Connections Drivers
    Intel(R) PROSet/Wireless WiFi Software
    Intel® Active Management Technology
    InterVideo Register Manager
    InterVideo WinDVD
    IrfanView (remove only)
    Java(TM) 6 Update 7
    Junk Mail filter update
    Lenovo System Interface Driver
    Lenovo Welcome v1.0.24.3
    Lexmark Pro200-S500 Series
    Lexmark Toolbar
    Lexmark Tools for Office
    Mahjong Champ
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Live Add-in 1.5
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 Redistributable
    Mozilla Firefox (3.6.10)
    MP3 Rocket
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    On Screen Display
    Presentation Director
    Product Recovery Disc Burning Utility
    Productivity Center Supplement for ThinkPad
    PX Profile Update
    QuickTime
    Registry patch for Windows Vista USB S3 PM Enablement
    Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista
    Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista
    Registry patch to improve USB device detection on resume from sleep for Windows Vista
    Rescue and Recovery
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
    Roxio Activation Module
    Roxio Central Audio
    Roxio Central Copy
    Roxio Central Core
    Roxio Central Data
    Roxio Central Tools
    Roxio Creator Business Edition
    Roxio Express Labeler 3
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for 2007 Microsoft Office System (KB982312)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office Outlook 2007 (KB2288953)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office Publisher 2007 (KB982124)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Sonic CinePlayer Decoder Pack
    SoundTaxi Media Suite 4.1.7
    SUPERAntiSpyware Professional
    System Update
    ThinkPad EasyEject Utility
    ThinkPad FullScreen Magnifier
    ThinkPad Hotkey Features Setup
    ThinkPad Mobility Center Customization
    ThinkPad Modem Adapter
    ThinkPad Power Management Driver
    ThinkPad Power Manager
    ThinkPad UltraNav Driver
    ThinkPad UltraNav Utility
    ThinkVantage Active Protection System
    ThinkVantage Productivity Center
    ThinkVantage Status Gadget
    ThinkVantage Technologies Welcome Message
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (kb2410711)
    Wallpapers
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    WinPcap 4.1.2
    Xirrus Wi-Fi Inspector
    Xvid 1.2.1 final uninstall
    ZoneAlarm Extreme Security
    .
    ==== End Of File ===========================

    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit quick scan 2011-06-09 12:51:07
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9160827AS rev.3.CMG
    Running: GMER.exe; Driver: C:\Users\Owner\AppData\Local\Temp\pwlcrfog.sys

    ---- Devices - GMER 1.0.15 ----
    Device \FileSystem\Ntfs \Ntfs ISWKL.sys
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    Device \Driver\kbdclass \Device\KeyboardClass0 icsak.sys
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    Device \Driver\kbdclass \Device\KeyboardClass1 icsak.sys
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    ---- EOF - GMER 1.0.15 ----
     
  2. troncalli01

    troncalli01 Thread Starter

    Joined:
    Apr 7, 2010
    Messages:
    36
    I am not sure if this has affected my HijackThis log. I uninstalled the one I already had on my computer and downloaded the version that was on the forum with no change.

    "Error" shows as attached.
     

    Attached Files:

  3. troncalli01

    troncalli01 Thread Starter

    Joined:
    Apr 7, 2010
    Messages:
    36
  4. troncalli01

    troncalli01 Thread Starter

    Joined:
    Apr 7, 2010
    Messages:
    36
    I updated to Internet Explorer 9, and the problem no longer exists. Although, Internet 9 doesn't seem to have a Google search bar (it's not really needed with how searching works now). I downloaded Firefox and had the same search.musicfrost.com problem in the search bar!
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1001370