Author Topic: [Resolved] Internet Explorer runs only as administrator  (Read 17036 times)

0 Members and 1 Guest are viewing this topic.

Offline medfcara

  • Bronze Member
  • Posts: 12
[Resolved] Internet Explorer runs only as administrator
« on: January 12, 2009, 07:23:01 am »
Hi!I have a question. I haven't changed anything on my PC (Windows Vista
Home Premium regularly updated with service pack etc, Norton 360 2.0), but
from yesterday i can't launch ie7. Only with right-click, run as
administrator. yesterday i try to launch a link from windows mail, but
nothing happened. so i tried to double click on ie icon and nothing
happened. with right-click-administrator all worked fine. so i changed the
default browser (Google chrome) and clicking on the link in windows mail all
worked fine. Naturally if I right-click the IE short-cut, go to Properties, the Advanced
button, and check on Always Run as Administrator all works fine, but it ask me if i
want continue etc..... if i start in "safe mode" i can run IE7 as non-administratorSo i think the issue is in "ie7".  scanned looking for malware, no infections (http://www.microsoft.com/security/malwareremove/default.mspx,
Ad-ware Lavasoft, Norton 360.... the last every day running). i would like to
understand why in safe mode all works fine, and other browers (Google
Chrome, Mozilla) work always  fine. Uninstalled Adobe flash player (read
about issues with this software):....nothing. I've also installed IE8 beta: the
only thing that has changed that when i launch IE8 i can see a sort of flash
(it seems the program that tries to run) and nothing else. as usual...right-click,
run as administrator, IE starts....   :-(
Any suggestion? I have seen that windows update have recently installed a new definition update for
windows defender (KB915597 definition 1.49.1455.0). May be related?
this is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.18.15, on 12/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\mobsync.exe
C:\Users\france\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http:\\www.samsungcomputer.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: D - {5ED3E349-330C-3C2C-9C2E-2511B5541A5B} - C:\Windows\system32\xwr72241.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Spb Wallet - {2913D3DD-9363-4C21-B205-C19A584A0674} - C:\Program Files\Spb Wallet\SpbWalletToolbar.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /F "C:\Windows\TEMP\E_SBB05.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [trueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\france\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O16 - DPF: {4819DFDF-ABC4-488C-A323-919848C51175} (Conviva Streaming Control) - http://portal3.rinera.com/download/ConvivaStreamingPlugin-1.7.0.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1224943572314
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D86378E8-EDEB-44C3-ACE1-94B61FB2155C} (VistaCertControl Control) - https://hb.THENAMEOFMYBANK.it/internetbanking/HomeBanking/Login2.0/RTLogin/CertControl/VistaCertControl.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IHXYMYBPI - Unknown owner - C:\Users\france\AppData\Local\Temp\IHXYMYBPI.exe (file missing)
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: YDOFM - Unknown owner - C:\Users\france\AppData\Local\Temp\YDOFM.exe (file missing)

--
End of file - 13553 bytes

thanx for your attention
« Last Edit: January 12, 2009, 01:04:44 pm by Hoov »



Offline PA Bear

  • Microsoft® MVP
  • Security Expert
  • Bronze Member
  • Posts: 38
~Robear Dyer (PA Bear)
AumHa VSOP, Admin & Moderator
MS MVP-IE, Mail, Security, Windows Client - since 2002Errabundi Saepe, Semper Certi

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 24985
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Internet Explorer runs only as administrator
« Reply #2 on: January 12, 2009, 01:14:22 pm »
Hello, welcome to SpywareHammer.

I go by Hoov, and I will be helping you with your problem. I must ask you to do a few things for me.

First, tell me everything that you have done, if anything, to try and fix this problem.

Second, please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

Third, follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go.

Fourth, Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

Now onto trying to fix your computer.

I am not so sure this is a malware problem. But I would like you to try a few things. First go to the add remove programs control panel and uninstall IE8 . It should give you an option to go back to IE7. If it does go ahead. If not you can get IE7 here .

Once you have it back to IE7
   1. In Internet Explorer 7, click the Tools menu, and then click Internet Options.
   2. On the Advanced tab, click Reset.
   3. In the Reset Internet Explorer Settings dialog box, click Reset.
   4. When Internet Explorer 7 finishes restoring the default settings, click Close, and then click OK two times.
   5. Close Internet Explorer 7. The changes take effect the next time that you open Internet Explorer 7.

And just in case I am wrong, please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    MBAM will automatically start and you will be asked to update the program before performing a scan.
    • If an update is found, the program will automatically update itself.
    • Press the OK button to close that box and continue.
    • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
    On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
    • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
    • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box and continue with the removal process.
    Back at the main Scanner screen:
    • Click on the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked, and click Remove Selected.
    • When removal is completed, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the contents of that report in your next reply and exit MBAM.
    Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

    Offline PA Bear

    • Microsoft® MVP
    • Security Expert
    • Bronze Member
    • Posts: 38
    Re: [In Progress] Internet Explorer runs only as administrator
    « Reply #3 on: January 12, 2009, 01:54:06 pm »
    <kibbitz>

    First go to the add remove programs control panel and uninstall IE8 . It should give you an option to go back to IE7. If it does go ahead. If not you can get IE7 here .

    Uninstalling IE8 Beta 2 will automatically return the Vista machine to IE7. One cannot reinstall IE7 in Vista. ;)

    How to uninstall Internet Explorer 8 Beta 2
    http://support.microsoft.com/kb/957700/

    NB: For best results, NAV should be disabled prior to uninstalling IE8 Beta 2.

    PS: Thanks for helping my OP, Hoov.

    </kibbitz>
    ~Robear Dyer (PA Bear)
    AumHa VSOP, Admin & Moderator
    MS MVP-IE, Mail, Security, Windows Client - since 2002Errabundi Saepe, Semper Certi

    Offline medfcara

    • Bronze Member
    • Posts: 12
    Re: [In Progress] Internet Explorer runs only as administrator
    « Reply #4 on: January 12, 2009, 02:00:24 pm »
    Thank You all. I'll follow your (and only your  ;)   ) instructions. I have already reset IE7 with no results.
    I'll let you know.

    Offline Hoov

    • Malware Removal Mentors
    • Global Moderator
    • Diamond Member
    • Posts: 24985
    • Unwilling part owner of Gov't. Motors and Chrysler
      • Hoov's Personal Site
    Re: [In Progress] Internet Explorer runs only as administrator
    « Reply #5 on: January 12, 2009, 02:24:15 pm »
    Just so that you know, you are not alone. I have found several people in the same situation. I am still trying to find out if anyone has found a solution.

    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

    Offline Hoov

    • Malware Removal Mentors
    • Global Moderator
    • Diamond Member
    • Posts: 24985
    • Unwilling part owner of Gov't. Motors and Chrysler
      • Hoov's Personal Site
    Re: [In Progress] Internet Explorer runs only as administrator
    « Reply #6 on: January 12, 2009, 02:31:54 pm »
    Something else that I would like you to try. Create a new limited user account, log into it, and see if IE7 works from there normally.

    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

    Offline medfcara

    • Bronze Member
    • Posts: 12
    Re: [In Progress] Internet Explorer runs only as administrator
    « Reply #7 on: January 12, 2009, 02:35:47 pm »
    Hi! I've uninstalled IE8. Vista has come back at restart at IE7 (same problem). Now Malwarebytes Anti-Malware is scanning. I've read your new suggestion while i was typing reply . I'll try it at the end of the scan. Have I to create a limited user account?

    Offline medfcara

    • Bronze Member
    • Posts: 12
    Re: [In Progress] Internet Explorer runs only as administrator
    « Reply #8 on: January 12, 2009, 02:44:15 pm »
    Hi! the scan has shown some files infected!!!!! removed. not restarted windows but NOW IE REGULARLY RUNS! this is the log file (I'm sorry it is in italian, i could install in english  :-\ ): now i restart and let you know! But i would like to say that:
    1) you're great (Hoov, Bear)!!! thanx a lot!!!
    2) what kind of anti-malware are Ad-Lavasoft and http://www.microsoft.com/security/malwareremove/default.mspx ????

    Malwarebytes' Anti-Malware 1.32
    Versione del database: 1647
    Windows 6.0.6001 Service Pack 1

    12/01/2009 21.36.29
    mbam-log-2009-01-12 (21-36-06).txt

    Tipo di scansione: Scansione rapida
    Elementi scansionati: 60686
    Tempo trascorso: 6 minute(s), 14 second(s)

    Processi delle memoria infetti: 0
    Moduli della memoria infetti: 0
    Chiavi di registro infette: 6
    Valori di registro infetti: 0
    Elementi dato del registro infetti: 0
    Cartelle infette: 0
    File infetti: 4

    Processi delle memoria infetti:
    (Nessun elemento malevolo rilevato)

    Moduli della memoria infetti:
    (Nessun elemento malevolo rilevato)

    Chiavi di registro infette:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5ed3e349-330c-3c2c-9c2e-2511b5541a5b} (Trojan.Vundo.H) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{5ed3e349-330c-3c2c-9c2e-2511b5541a5b} (Trojan.Vundo.H) -> No action taken.
    HKEY_CLASSES_ROOT\TypeLib\{1b340d9f-ef7b-3709-9af7-930aa2c380c5} (Trojan.Vundo.H) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{8dc5b11d-185a-37a4-8423-9f1e503d2421} (Trojan.Vundo.H) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5ed3e349-330c-3c2c-9c2e-2511b5541a5b} (Trojan.Vundo.H) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe (Trojan.Agent) -> No action taken.

    Valori di registro infetti:
    (Nessun elemento malevolo rilevato)

    Elementi dato del registro infetti:
    (Nessun elemento malevolo rilevato)

    Cartelle infette:
    (Nessun elemento malevolo rilevato)

    File infetti:
    C:\Windows\System32\xwr72241.dll (Trojan.Vundo.H) -> No action taken.
    C:\Windows\System32\qdbon.dll (Trojan.Vundo.H) -> No action taken.
    C:\Windows\System32\wr72241.dll (Trojan.Vundo.H) -> No action taken.
    C:\Windows\System32\klomp.exe (Trojan.Agent) -> No action taken.

    Offline medfcara

    • Bronze Member
    • Posts: 12
    Re: [In Progress] Internet Explorer runs only as administrator
    « Reply #9 on: January 12, 2009, 02:54:20 pm »
    Problem solved. Now IE runs regularly. Thanx you all. May I post this link in other forum where i asked for help?

    Offline Hoov

    • Malware Removal Mentors
    • Global Moderator
    • Diamond Member
    • Posts: 24985
    • Unwilling part owner of Gov't. Motors and Chrysler
      • Hoov's Personal Site
    Re: [In Progress] Internet Explorer runs only as administrator
    « Reply #10 on: January 12, 2009, 03:12:40 pm »
    HMM, you said you removed them, but the log says no action taken. Did you fix them in a second scan? And you can forget about the creation of another user account. :-[

    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

    Offline Hoov

    • Malware Removal Mentors
    • Global Moderator
    • Diamond Member
    • Posts: 24985
    • Unwilling part owner of Gov't. Motors and Chrysler
      • Hoov's Personal Site
    Re: [In Progress] Internet Explorer runs only as administrator
    « Reply #11 on: January 12, 2009, 03:14:17 pm »
    Yes you can post the link. But don't leave just yet. Give us a new Malwarebytes' Anti-Malware log and a new Hijackthis log. If they are both clean, then there will be a bit of a cleanup (have to make sure you are good) and then we will be done.

    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

    Offline medfcara

    • Bronze Member
    • Posts: 12
    Re: [In Progress] Internet Explorer runs only as administrator
    « Reply #12 on: January 12, 2009, 03:18:23 pm »
    I fixed at the end of the scan, when it asked about action. Now, after restart, i'm running a deep scan. The problem seems solved. have i to create a new user account? is this useful to understand what happened? Ok.... i've read now you last suggestion. After deep scan i'll give new logs (Malwsarebytes' and Hijachthis).

    Offline Hoov

    • Malware Removal Mentors
    • Global Moderator
    • Diamond Member
    • Posts: 24985
    • Unwilling part owner of Gov't. Motors and Chrysler
      • Hoov's Personal Site
    Re: [In Progress] Internet Explorer runs only as administrator
    « Reply #13 on: January 12, 2009, 03:20:41 pm »
    Good. If its all clear as I suspect, I will give you my cleanup speech and all will be well. Depending on how big your system, the full Malwarebytes' Anti-Malware scan could take hours.

    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

    Offline medfcara

    • Bronze Member
    • Posts: 12
    Re: [In Progress] Internet Explorer runs only as administrator
    « Reply #14 on: January 12, 2009, 03:21:42 pm »
    have to do a quick scan?