No sound in Browsers (IE, FF, or Opera) IE Tools Menu (Some itemshave Restrictions)

Discussion in 'Windows Desktop Systems' started by gonaads, Aug 20, 2008.

  1. gonaads

    gonaads Beware the G-Man Political User Folding Team

    Seems after the bout with the spyware/trojan/virus thingy on the computer at work it seems to not have any sound in the web browsers, all of them. Now audio for any You Tube, News Videos, nothing. What's worse is that in IE when you click on "Tools" "Internet Options" I get and error stating that the operation was canceled due to restrictions on the computer. Now this is a Admin account and have all access. Also the "Phishing Filter Settings" under the IE "Tools" "Phishing Filter" gives the same error. The "Pop-Up Blocker" setting also under the "Tools" thing does do anything. I click on the "Pop-Up Blocker Settings" and it does nothing. So I am all confused. I did a Google for this problem and found many answers with Reg settings, Spybot-SD Imunize settings and so on, none have helped. Something is corrupt or there is a Reg setting that I can not pinpoint that is doing this.

    The HijackThis log file is as follows.

    Logfile of HijackThis v1.99.1
    Scan saved at 2:10:03 PM, on 8/20/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    D:\Zone Labs\ZoneAlarm\zlclient.exe
    D:\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    D:\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    D:\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    D:\NORTON~1\NORTON~2\NPROTECT.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    D:\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    D:\UPHClean\uphclean.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\HPZipm12.exe
    D:\Firefox\firefox.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Jack\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: officejet 6100.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O17 - HKLM\System\CCS\Services\Tcpip\..\{892FD2A0-7D08-4E37-ABD6-5E173986620E}: NameServer = 208.67.222.222 208.67.220.220
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F492843C-3A30-4268-9EEF-05C637FE1957}: NameServer = 208.67.222.222,208.67.220.220
    O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winwea32 - winwea32.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\NORTON~1\NORTON~2\NPROTECT.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SAVScan - Symantec Corporation - D:\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - D:\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    I hope some one here has some idea as to this problem. I have attached screen shots of the error. I have also attached a screen shot of a second error pop-up, but this only came up once as is not showing up anymore. Could have been a one time thing, not sure though.
     

    Attached Files:

  2. Johnny

    Johnny .. Commodore .. Political User

    Messages:
    5,015
    Location:
    Happy Valley
    Re: No sound in Browsers (IE, FF, or Opera) IE Tools Menu (Some itemshave Restriction

    Did you try a system restore ???
     
  3. Johnny

    Johnny .. Commodore .. Political User

    Messages:
    5,015
    Location:
    Happy Valley
    Re: No sound in Browsers (IE, FF, or Opera) IE Tools Menu (Some itemshave Restriction

    oh, something else - Get rid of norton ....
     
  4. gonaads

    gonaads Beware the G-Man Political User Folding Team

    Re: No sound in Browsers (IE, FF, or Opera) IE Tools Menu (Some itemshave Restriction

    The only entries that confuse me are:

    O11 - Options group: [INTERNATIONAL] International*

    and the 3 that show "File missing"

    But I think that damn lsass.exe is BAD. Googled and found info that it's linked to Optix.Pro virus.

    Nope it's the Isass that is bad not the lsass (lower case L). What a pain.
     
  5. Johnny

    Johnny .. Commodore .. Political User

    Messages:
    5,015
    Location:
    Happy Valley
  6. gonaads

    gonaads Beware the G-Man Political User Folding Team

    Re: No sound in Browsers (IE, FF, or Opera) IE Tools Menu (Some itemshave Restriction

    Question 1--- Not happening, had to turn off restore when dealing with original issue. Can only go back to yesterday, which is odd since I had to re-install Sytem Restore due to earlier issue.

    No. 2--- No.
     
  7. LordOfLA

    LordOfLA Godlike!

    Messages:
    7,027
    Location:
    Maidenhead, Berkshire, UK
    Re: No sound in Browsers (IE, FF, or Opera) IE Tools Menu (Some itemshave Restriction

    http://wiki.lunarsoft.net/wiki/Dial-a-fix

    go download that - one of the buttons on the bottom right will let you remove restrictions and fix a bunch of stuff too.
     
  8. gonaads

    gonaads Beware the G-Man Political User Folding Team

    Re: No sound in Browsers (IE, FF, or Opera) IE Tools Menu (Some itemshave Restriction

    Nope, didn't help. Thanks though. But hey, I fixed it! Woo Hoo! After a bunch of Googling I found a place where someone had the exact same crap. He though had not removed any of the malware, I had gotten some of it but this nasty had a big payload. Had to do some clever stuff and run a few things and then all was well at the work. Yay! God if only I would get payed like an IT guy for this shiit! And all the other shiit I have to deal with on this damn machine! I should kill it and then he HAS to upgrade it or get another machine! <insert pause> Woe! Kinda lost it there, heh. :nervous:

    Anyway, I will post the details of what was done for anyone that is interested (or not) and for the future reference if anyone should get into a situation such as this. Tomorrow. I am @ home and the log files and procedure is saved @ work. So there. :)
     
  9. Johnny

    Johnny .. Commodore .. Political User

    Messages:
    5,015
    Location:
    Happy Valley
    Re: No sound in Browsers (IE, FF, or Opera) IE Tools Menu (Some itemshave Restriction

    I am glad you got it fixed, naads
     
  10. gonaads

    gonaads Beware the G-Man Political User Folding Team

    Re: No sound in Browsers (IE, FF, or Opera) IE Tools Menu (Some itemshave Restriction

    Thanks. And now for the gory details.

    First the site that had the poor soul with the very similar problem was @ DSL Reports.

    http://www.dslreports.com/forum/r20960870-Trojan-IE7-Restrictions

    The solution was dead on although this person's malware wasn't the same one as the one here @ work. But all roads to the solution were dead on.

    First thing was to d/l and run ATF Cleaner.
    Then d/l and run FixPolicies.exe
    and so on. Click the link, read the post and you will get the rest.

    Last item was Malwarebytes' Anti-Malware. Man this program works great.

    And this be the log of said proggy and the nasties it found and deleted.

    So if anyone gets into a situation like this, use the link and do as it says. You may have to adjust it like I did for your own issue. But it worked for me and this P.O.S. of a machine. :D