Strange Application Behaviour

[essexboy]

Hmm this is an intriguing one, have you tried uninstalling IE9 and seeing if the same problem occurs with IE8

I can see no apparent malware and the main registry associations look good

I would like you to run the following programme, it would be best doing it overnight as it will take a while.  But it will rule out a malware cause

 

Download Dr Web from here http://www.freedrweb.com/?lng=en link on the top right of the page, tick the EULA and then download
 
It will download as an 8 digit file save it to your desktop

Restart in safe mode and run
Accept the enhanced version
Then run the quick scan
About halfway through you will be prompted to buy - just X the box closed
Once finished it will generate a log please attach that

[Z33RO]

Ok, im currently uninstalling IE9 and installing IE 8 once thats done and we get the results i will run the w2vx4cg3.exe in safemode and let it run for the day, its 11:07am here at the moment so i should have all day to run it

[Z33RO]

Hello,

Ok ive installed internet explorer 8 and it runs without sandbox!
Im just about to boot to safemode and run the program

[Z33RO]

I ran an express scan with dr.web but it didnt give me the option to save a log file, also it only took 18 minutes
is this ok? it said it didnt find anything

[essexboy]

Yep that looks good.  OK next question are you adding all programmes to the sandbox automatically ?

Check under the sandbox shields (if using AIS) that there are no programmes set to run automatically as changing to IE8 may indicate that as the problem

[Z33RO]

I re-ran the dr.web doing a complete scan and it found 3 suspicious files , java script from internet explorer files by the looks of things it let me save a log this time and ive been trying to upload for a while now, the log is 37 mb so it takes a long time to upload

I cant upload it here so ive uploaded it in wuala heres the link : http://www.wuala.com/Z33RO/Public/DoctorWeb
Follow the link above and you should see a file called CureIt.log inside that folder
(The File should appear in there soon its still uploading)

[Z33RO]

Ok, there are no files there under processes currently running virtualized, also i took IE 9 (at the time) out of virtualization before i uninstalled it

[essexboy]

Are you still getting the virtualisation problem ?

Downloading the log now

[Z33RO]

Yeh, i still get it,

[essexboy]

You also have a virtual machine on your system - is that running ?

[Z33RO]

No not at the moment, I barely ever use it

[essexboy]

Did the re-installation of IE8 enable it to run non-virtualised ?

Yet when you run any other programme it is virtualised

Could you modify AIS by going to Control panel and changing AIS to remove the sandbox element and then reboot and see if the same problems occur

[Z33RO]

I dont quite understand,
I do get a choice whether or not to run an application in sandbox or not, but some applications have a white screen when they boot up,

Yes when i reinstalled IE8 i managed to get it to run in both sandbox and non sandbox mode,
Do you still want me to try and remove the sandbox element?

[essexboy]

Yes please as it can be re-installed in a matter of moments using the same method

Also could you re-install live mail

Do you need a link for that ?

[Z33RO]

Ok, no thanks i got it