Internet explorer only works with run as admin

[computerlamp10]

I installed opera webbrowser now, Im just on internet reading my mails and suddenly 10,20,30 tabs get opened with weird sites like poker sites, porn sites, airline company sites etc. and I was never on these sites.
I still think spyware, malware or virus is on my computer breeding around.

 

[cottonball]

We need to find out what is going on...

Please download RogueKiller:
Tlcharger RogueKiller (Site Officiel)

•When you get to the website, if the system is 32 bit, go to where it says:
(Download link) Lien de téléchargement:

•Click the dark-blue button to download.
•Save to the Desktop
•Close all windows and browsers
•Windows Vista/Seven: Right-click and select 'Run as Administrator'
•Press: SCAN
•A report opens on the Desktop: RKreport.txt

Please provide the RKreport.txt (Mode: Scan) in your reply.

Note
To find out if the system is 32 or 64 bit:
Click: Start
Type System in the Start Search box
Click System in the Programs list.
　
The operating system is displayed as follows:
For a 64-bit version operating system, under System > System type, it shows:
64-bit Operating System

For a 32-bit version operating system, under System > System type, it shows:
32-bit Operating System

 

[computerlamp10]

The logs:

RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : * [Admin rights]
Mode : Scan -- Date : 01/13/2013 13:26:20

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : EPSON Stylus S20 Series (c:\windows\system32\spool\drivers\w32x86\3\e_fatieae.exe /fu "c:\windows\temp\e_seb50.tmp" /ef "hkcu") -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3575484486-1740107179-1237025957-1001[...]\Run : EPSON Stylus S20 Series (c:\windows\system32\spool\drivers\w32x86\3\e_fatieae.exe /fu "c:\windows\temp\e_seb50.tmp" /ef "hkcu") -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500AAJS-00L7A0 ATA Device +++++
--- User ---
[MBR] bc065873730058af78243003e86e3c65
[BSP] b231e6d4f3f54ceda60435a72be55aab : MBR Code unknown
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 238475 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SAMSUNG HD502IJ ATA Device +++++
--- User ---
[MBR] 0b4f086ce85a2286e5fe62f8db703068
[BSP] e154f62720b43d62d187f71f87acf161 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_S_01132013_02d1326.txt >>
RKreport[1]_S_01132013_02d1325.txt ; RKreport[2]_S_01132013_02d1326.txt

 

[MillField]

I can't think of anything else to try after looking at these replies. But a valuable lesson: Never use Internet Explorer!

Chrome FTW

 

[computerlamp10]

Well the main problem is that I have somewhere malware, viruses or spyware on my computer, I have also problems with opera (see my previous reply's) so it is not only internet explorer

 

[cottonball]

computerlamp10,

'Something' is causing all those tabs to show up. We need to press on...

Please download the free version of Malwarebytes' Anti-Malware (MBAM) to the Desktop:

Malwarebytes : Malwarebytes Anti-Malware removes malware including viruses, spyware, worms and trojans, plus it protects your computer

(NOTE: If you already have MBAM installed, update it before running the scan.)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Check:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
*Click: Finish

* If an update is found, it downloads and installs the latest version.
* Close the browser, to make removal easier and more complete
* In MBAM, select: Perform Quick Scan
* Click: Scan
* When the scan is complete, click OK, then: Show Results
* Check all the items, and click: Remove Selected
* Restart the computer IF MBAM asks you to do so.

* When done, a log opens in Notepad.
* Please post the log in your reply.

Also, please post on whether you are still getting the undesirable tabs.

Thanks.

 

[Yevrag35]

Do what cottonball suggested above AFTER running a "kill malicious processes" application first.

My choice for one of those is RKill. (RKill Download)
Once you know that whatever is inside the computer is not running anymore, Malwarebytes can be much more effective at finding the infection.

Proof from Symantec.com:

"For a long time, malware has been able to detect the environment it is running in and hide itself from automated threat analysis systems. The list below is the measures malware takes avoid being detected by dynamic analyzer systems:

• Checks a certain registry entry and stops if it detects that it is running in a virtual environment.
• Checks video and mouse drivers and stops if it detects that it is running in a virtual environment.
• Enumerates the system service list and stops if it detects that it is running in a virtual environment.
• Executes special assembler code and stops if it detects that it is running in a virtual environment.
• Checks a certain communication port and stops if it detects that it is running in a virtual environment.
• Checks a certain process name and stops if it detects that it is being monitored.

If malware stops itself when it detects that it is running in a virtual environment, it may trick an automated threat analysis system into thinking that it is a clean program. It is also able to stop itself if it discovers a certain process name and detects that someone is monitoring it."

 

[cottonball]

Please correct me if I am wrong, but, I believe RKill terminates running processes, and does not delete any files.

After running RKill, you should not reboot the computer, as any malware processes that are configured to start automatically will just start again.

RogueKiller, which you already ran, goes beyond RKill, to give the option to delete the bad processes.

However, RogueKiller did not identify any bad processes in your case.

But, hey, running RKill may pick up something RogueKiller did not.

 

[computerlamp10]

Hello, sorry for the late reaction.
I will first install Malwarebytes' Anti-Malware and give you the results.