IE8 InPrivate Browsing started when Outlook E-mail Links Clicked

[johnprice]

IE8

Outlook 2007

Whenever a link is clicked in an e-mail IE8 opens an InPrivate Browsing Window.

Output from DDS below -

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_12

Run by JohnP at 10:21:49 on 2012-08-17

.

============== Running Processes ===============

.

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://thehub/Pages/IntranetMainPageLight.aspx

uSearch Page = hxxp://www.live.com

uInternet Settings,ProxyOverride =

*.local;*.instemlss.co.uk;*.instem.com;*.instem-china.cn;172.16.190.*;193.1.1.*;192.168.67.*;172.26.2.*;192.168.10.*;10.10.150.*;116.193.57.38;63.131.133.5;*

.biowisdomsrs.com;*.biowisdom.com;london1.gcmobility.net;newyork1.gcmobility.net;instem.planflex.net;instemcustomercenter.com;<local>

uInternet Settings,ProxyServer = instem.dme.shieldlive.com:8080

mWinlogon: Userinit=c:\windows\system32\KUsrInit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120417162719.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll

TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll

TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [iSUSPM] "c:\documents and settings\all users\application data\macrovision\flexnet connect\6\ISUSPM.exe" -scheduler

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [MCTCIDUtil] c:\windows\system32\MCTCIDUtil.exe

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [Adobe] RUNDLL32.EXE "c:\documents and settings\johnp\local settings\application data\adobe\uqhmmbbw.dll",EditHhCtrlScript

uRun: [govShell] c:\documents and settings\johnp\govknxo.exe

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [DpAgent] c:\program files\digitalpersona\bin\dpagent.exe

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2

mRun: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

mRun: [safeBootTrayManager] "c:\program files\safeboot tray manager\SbTrayManager.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [CardDetectorZTEMF636] c:\program files\carddetector\ztemf636\CardDetector.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [mxvgautil] c:\windows\system32\mxvgautil.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE

mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey

mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\johnp\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\docume~1\johnp\startm~1\programs\startup\phonem~1.lnk - c:\program files\avaya\ip office\phone manager\PhoneManager.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\omniqu~2.lnk - c:\program files\surfwall ie authentification client app\AuthPluginTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\omniqu~1.lnk - c:\program files\surfwall ie authentification client app\IEOnlyApp.exe

mPolicies-system: EnableLUA = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

LSP: %SystemRoot%\system32\vsocklib.dll

Trusted Zone: planflex.net\instem

Trusted Zone: planflex.net\instemar2

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://bq.bp.2020.net/Core/Player/2020PlayerAX_Win32.cab

DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} - hxxps://vpn.birkdalehigh.sefton.sch.uk/XTSAC.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252673611188

DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} - hxxps://vpn.birkdalehigh.sefton.sch.uk/MLWebCacheCleaner.cab

DPF: {7C896371-4B7F-4B34-95B1-24851F5DED24} - hxxp://gsd-vs/VirtualServer/activex/VMRCActiveXClient.cab

DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574}

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://vmwaresupport.webex.com/client/T27L/support/ieatgpc.cab

DPF: {E734BF43-7194-4E3A-832F-307606DDF665} - hxxps://cs.conferenceservers.com/components/WDPLUGIN.CAB

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab

DPF: {F5764ADF-CD9C-4FB7-AC55-C64A63EEDB7C} - file://stn-ctx01/f$/Landesk/res/prereqcheck.cab

TCP: DhcpNameServer = 193.1.1.254 172.25.2.7 172.16.190.33

TCP: Interfaces\{6210BC23-62BE-46A0-A64A-8755746416F9} : DhcpNameServer = 193.1.1.254 172.25.2.7 172.16.190.33

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Notify: DPWLN - c:\program files\digitalpersona\bin\DPWLEvHd.dll

Notify: GoToAssist - c:\program files\citrix\gotoassist\800\G2AWinLogon.dll

Notify: igfxcui - igfxdev.dll

Notify: kwinhook - kwinhook.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

LSA: Notification Packages = SbNp scecli DPPWDFLT

Hosts: 64.213.209.18 london1.gcmobility.net

============= SERVICES / DRIVERS ===============

.

.

=============== Created Last 30 ================

.

2012-08-17 09:22:05 -------- d-----w- c:\program files\temp

2012-08-17 09:01:28 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-08-16 10:24:57 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy

2012-08-16 10:24:15 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-08-15 14:32:59 111616 ----a-w- c:\documents and settings\johnp\govknxo.exe

2012-07-20 11:42:23 -------- d-----w- c:\documents and settings\johnp\temp

2012-07-20 09:14:25 -------- d-----w- c:\program files\common files\EPSON Projector

2012-07-20 09:13:47 -------- d-----w- c:\documents and settings\all users\application data\SEIKO EPSON CORPORATION

2012-07-20 09:13:40 7680 ----a-w- c:\windows\system32\drivers\EMP_Vd1.sys

2012-07-20 09:13:40 6400 ----a-w- c:\windows\system32\drivers\EMP_Map.sys

2012-07-20 09:13:40 3712 ----a-w- c:\windows\system32\drivers\EMP_MirrNP.sys

2012-07-20 09:13:40 20480 ----a-w- c:\windows\system32\drivers\ENP_NSWD.sys

2012-07-20 09:13:40 13184 ----a-w- c:\windows\system32\EMP_Vd1.dll

2012-07-20 09:13:40 12160 ----a-w- c:\windows\system32\EMP_MirrNP.dll

2012-07-20 09:13:39 17792 ----a-w- c:\windows\system32\drivers\EMP_NSAU.sys

2012-07-20 09:13:30 -------- d-----w- c:\program files\EPSON Projector

.

==================== Find3M ====================

.

2012-08-13 06:23:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-13 06:23:11 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll

2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-03 13:40:18 1875072 ----a-w- c:\windows\system32\win32k.sys

2012-07-03 12:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll

2012-07-02 17:49:32 43520 ------w- c:\windows\system32\licmgr10.dll

2012-07-02 17:49:32 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-07-02 12:05:43 385024 ------w- c:\windows\system32\html.iec

2012-06-06 07:49:52 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 14:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 14:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 14:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 14:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 14:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 14:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 14:18:58 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 14:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll

.

============= FINISH: 10:27:57.13 ===============

[screen317]

Hi and welcome to Malwarebytes.

I'm pretty sure this is just a setting in Outlook and isn't malware.

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!