Denied Access to IE>Tools>Internet Options

Discussion in 'adware, spyware & hijack cleaning' started by 1aim4, May 6, 2004.

Thread Status:
Not open for further replies.
  1. 1aim4

    1aim4 Registered Member

    Joined:
    May 6, 2004
    Posts:
    3
    I tried to go to IE>Tools>Internet Options and I received this message... "RESTRICTIONS-This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator." I can, however, access Internet Properties by going through the Control Panel>Switch to classic view>Internet Options.

    I only use my one user administrator account. I created a new administrator account and was able to access IE>Tools>Internet Options with no problems.

    I switched back to my troubled administrator account and rebooted. I ran Spybot S&D v1.2, Spy Sweeper v2.6.1, and Norton AntiVirus 2003 scans; no threats found.

    I also have Javacool Software's SpywareBlaster v3.1, Norton Internet Security 2003 v6.0.4.35, Norton SystemWorks 2003 v6.01, all going out to the DSL line through a Network Everywhere (Linksys) router and Sprint DSL modem.

    I am not noticing anything unusual other than the denial of access to IE>Tools>Internet Options and the accompanying message. My "my.msn.com" home page comes up as always, I can retrieve my mail and send mail, I can System Restore, I don't usually get many pop-up ads and I am not getting any now.

    I'd like to know what the problem is and how I can fix it. Thank you.
    **********************************************************
    Logfile of HijackThis v1.97.7
    Scan saved at 3:06:22 PM, on 5/6/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\System32\gearsec.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton Internet Security\NISUM.EXE
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\snmp.exe
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Norton Internet Security\ccPxySvc.exe
    C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iTouch\iTouch.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
    C:\Program Files\FarStone\GameDrive\gdtask.exe
    C:\Program Files\VIAudioi\SBADeck\ADeck.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
    C:\Program Files\Forbes\ForbesAlerts.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Microsoft Plus! Digital Media Edition\Dancer\Dancer.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Lexico\CleverKeys\ClvrKeys.exe
    C:\Program Files\Sunbelt Software\AutoPilot\APControl.exe
    C:\PROGRA~1\SUNBEL~1\AUTOPI~1\System\VBSrv.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Documents and Settings\Preferred User\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\Program Files\Dragon Systems\NaturallySpeaking\Program\web_ie.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /scheduler
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [KeyStone Version Control] C:\Program Files\Keystone Learning\MeasureUp\cdtpUpdater.exe
    O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
    O4 - HKLM\..\Run: [GameDrive] C:\Program Files\FarStone\GameDrive\gdtask.exe /AutoRestore
    O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe
    O4 - HKCU\..\Run: [Forbes] C:\Program Files\Forbes\ForbesAlerts.exe
    O4 - HKCU\..\Run: [AccountLogon] C:\Program Files\AccountLogon\AccountLogon.exe /regserver
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
    O4 - HKCU\..\Run: [Dancer] "C:\Program Files\Microsoft Plus! Digital Media Edition\Dancer\Dancer.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - Global Startup: CleverKeys.lnk = C:\Program Files\Lexico\CleverKeys\ClvrKeys.exe
    O4 - Global Startup: AutpPilot Control.lnk = ?
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: AccountLogon - C:\WINDOWS\al-popup-Preferred User.html
    O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: iFinger (HKLM)
    O9 - Extra button: Researcher (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O9 - Extra button: AccountLogon (HKCU)
    O9 - Extra 'Tools' menuitem: AccountLogon (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {11F8D6A0-01C6-4A23-A40F-1C3A560B99EA} (MavenInstallerAXControl Class) - http://client.maven.net/client/mavenInstaller.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/28b2dcc88b8db4876119/netzip/RdxIE601.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38078.9942361111
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9.5/ticker.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab
     
  2. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi 1aim4,

    There isn't really anything in your log that I am seeing wrong.

    You may want to check out this link here (specifically the 3rd one by Pieter Arntz) and see if you've used one of the settings in SpybwareBlaster, or Spybot S&D that would lock your IE Control Panel:

    https://www.wilderssecurity.com/showthread.php?t=17397

    You can fix this entry in HijackThis. Close ALL browsers and place a check beside the following, then click *Fixed checked:

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/28b2dcc88b8db4...ip/RdxIE601.cab

    Reboot your computer.

    Please let us know if the link I've posted above resolves your problem.

    Regards,

    snap
     
  3. 1aim4

    1aim4 Registered Member

    Joined:
    May 6, 2004
    Posts:
    3
    Hi snap,
    I visited Spybot S&D's website prior to seeing your post and found the answer to my problem under their FAQ "I can't access my IE settings anymore!" I immediately came back to the forum to share the news. What a surprise to find your post supplying me with a link to the perfect solution.

    As it turns out, I had selected the lock IE features in the Spybot S&D advanced mode over a month ago, when I first got it, but had no occasion to go to the IE settings, thus, I didn't discover the lockout until now.

    As you know, I also have Spyware Blaster, and had my problem not been with my Spybot S&D settings, I may have been at a loss as to where to turn next. Your link provides the Spyware Blaster solution as well and would have saved the day.

    A million thanks. Great work!
    1aim4
     
  4. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    You are very welcome 1aim4, and I'm glad to hear you've got it fixed.
    The pictures Pieter posted in that link does help a great deal to understand where those settings are, and I'm glad he made it a sticky. :D

    Regards,

    snap
     
  5. 1aim4

    1aim4 Registered Member

    Joined:
    May 6, 2004
    Posts:
    3
    Hello again, snap,
    You're too quick! I realized that I had neglected to thank Pieter Arntz and came back to the forum to do that, and again, I was surprised to see that you had already posted a response.

    Thanks to Pieter for the great screenshots and solutions, and thanks again to you, snapdragin, for the link and the amazingly quick responses.

    All the best to you,
    1aim4 :D
     
Thread Status:
Not open for further replies.