Topic: Help! My Internet Explorer-7 dosent work. I think my system has been infected

[cobaltazule]

Samker, are you there?
Friend I need your wisdom again. You helped me once before(about 2 months ago) and I need your help again.
My internet explorer-7 has stopped working on it's startup. Instead of going to http://Http://google.com(my default), it tries to go to "http://go.microsoft.com/fwlink/?LinkId=76277" or "http://go.microsoft.com/fwlink/?LinkId=69157" where I get a "this page cannot be displayed" notice. I have gone into tools and reset my search program as google, but this fwlink thing keeps poping up. In order for me to get out I have to manually type in the google address each time I start internet explorer. I have read about a virus called fwlnk.exe. Could this be a form of it?
Once I here from you I will download hijackthis and send the log.
Thank you samker

[Samker]

Hi again Cobaltazule,

Don't worry we will fix this also.  

Now please Scan your PC with:

- Kaspersky Online Scan: http://scforum.info/index.php/topic,734.0.html

- HijackThis: I think that you still have installed them? If you don't: search forum, download again and run.

After all that provide us both logs here (in your next reply)!

Regards,

Samker

[cobaltazule]

ok.
Thank you again. I will do it as soon as I get off work.

[cobaltazule]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:58:22 AM, on 10/4/2007
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Program Files\NetZero\exec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\ROBERT~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\Users\Robert Mansfield\AppData\Local\Temp\Temp5_HiJackThis.zip\HijackThis.exe
C:\Users\Robert Mansfield\AppData\Local\Temp\Temp5_HiJackThis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Pop-up Blocker - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ALaunch] C:\ACERSW\AUDIT\ALAUNCH.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.netzero.com
O15 - Trusted Zone: *.netzero.net
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 7229 bytes

[cobaltazule]

I hope this helps. The kASPERSKY antispyware is still running.  BUT I think it fixed something. My Internet Explorer is kinda working better. Now it is doing something different. as if it was brand new. Not all fixed, just a little. After work when I get a chance to look at it I'll repost and let you know. By the way Kaspersky is VERY slow. It has been scanning now for 6 hours and found nothing so far. Again, thank you my friend.

[cobaltazule]

Samker, I uninstalled Kaspersky.Not only was the program a waste of time,it detected nothing and was still runing a scan after 9 hours. I think I will reinstall ny Norton 360 which I took out to run your program. I am genuinely surprised. Always before you have given good advice. Kaspersky is garbage and I cannot recomend it. It is too slow and misses infections others catch. For example, I know I have a Trojan(forgot the name). Norton advises that to take it out would disable my browser so I leave it in. Norton says it is "low risk", yet kaspersky dosent even see it and I have downloaded all updates.
 My friend I think you guessed wrong on this program. Is there anything else I can supply you with?
your friend
       cobaltazule(my name is Robert)

[Samker]

Hi Robert and nice to meet you,

as I think (because of that I was send you PM) you make mistake because you don't understand my instruction!

You don't need to reinstall Norton, in my first post I give you link to Kaspersky Online Scan. Like the name said it work Online like Trend Micro House Call (I think that you already try them) and also have good log.

Now install again Norton and make any other online scan which we provide here (Symantec, McAfee, BitDefender ...) we need log from them to exclude possibility of some other infection.

Until that we will here analyze HJT log and give you some solutions.

Don't worry we will resolve this in short time.

Regards,

Samker

P.S.
In the future, every time when you have any doubts first ask because every mistake can crash your PC, especially working with HJT.

[Samker]

Hi Robert,

I'm just finish (first) checking of your HJT log.

It's look like most problems came from "NetZero". As I know:

NetZero is a nationwide Internet Service Provider, available in more than 8,000 cities across North America. NetZero offers unlimited paid service and a Free ISP.

Did you use theirs service for Internet Acces? Please provide us information about that so we know did you need this service anymore.

Of course we also need (unless two) logs & results of some Online AntiVirus Scans (Symantec, McAfee, Bitdefender, Trend Micro ... just choose, you also have all direct links inside of our Help Center).

Before all that: Uninstall Kaspersky AntiVirus & eTrust Internet Security Suite, after that install again your Norton.

Try to provide all information as soon as possible.

Samker

[cobaltazule]

 Ok.
 I will do as you ask and get it to you tonight.
I did run the Kaspersky on-line, but it found nothing wrong. I am confused about the log from that program. I did not see one available to send. I will look again.
 Also,yes netzero is my internet provider. It is a dail-up account and very slow but it is all that is available to me at this time. I really hope it is not the problem.That would not be good.
 Have you ever heard of this address that keeps poping up on my IE-7..."http://go.micrisoft.com/fwlink/?LinkId=76277 " ?  I have no idea what it is. I could'nt find it on the log.
 Anyway, I will get that to you as soon as possible.
regards
    Robert

[Samker]

I did run the Kaspersky on-line, but it found nothing wrong. I am confused about the log from that program. I did not see one available to send. I will look again.

Just select all scan report, copy and paste in your next reply (Like you do with HJT logs).

Also,yes netzero is my internet provider. It is a dail-up account and very slow but it is all that is available to me at this time. I really hope it is not the problem.That would not be good.

No, that isn't problem. I saw that, and that is one reason why you have "infection" at your system since they install their "spyware - adware" for advertising in exchange for free service.

Have you ever heard of this address that keeps poping up on my IE-7..."http://go.micrisoft.com/fwlink/?LinkId=76277 " ?  I have no idea what it is. I could'nt find it on the log.

This look like some "affiliate link ID", who know maybe this is another scam (micrisoft - microsoft). I'll later investigate this better.

Now, please provide us reports did Online AntiViruses find anything infected and new HJT (make log after uninstaling eTrust Internet Security Suite with eTrust PestPatrol Anti-Spyware and Kaspersky AV).

I'll wait your reply.

Samker