I was listening to my windows media player and there was a popup for a change/edit that was being requested from the spybot program. Instead of choosing to deny like I usually do, I clicked on allow. It was a complete accident because I was changing songs I was listening to and didn't realize until after I changed it what I actually did.
It was a reg change for mediaplayer, but I don't even know what it was for.

My sound went out right after it.

When I go into volume control I get this popup message:

There are no active mixer device available. To install mixer devices, go to Control Panel, click Printers and other hardware, and then click add hardware.

This program will now close.

When I try to play a burned CD, this is the message I get with Media Player.


Windows Media Player cannot play the file because there is a problem with your sound device. There might not be a sound device installed on your computer, it might be in use by another program, or it might not be functioning properly.

Try to reinstall audio drivers.
About that change, go to TeaTimer tray icon, right-click it and click on "Show resident log". Try to find that change and post it here.

... but I don't even know what it was for.
The Resident.log shows a summary of the changes to registry that TeaTimer interfaced with. There are several ways (4 listed below) to access the TeaTimer's Resident.log file:
Right click on the TeaTimer (Spybot-SD Resident) system tray icon and select Show Log.
Go into Spybot > Mode > Advanced Mode > Tools > Resident.
Go into Spybot > Mode > Advanced mode > Tools > View Reports > View Previous reports. Select the Resident.log file and open it.
Using Windows Explorer, navigate to the Resident.log file located in one of the following directories:
Windows 95 or 98:
C:\Windows\Application Data\Spybot - Search & Destroy\Logs
Windows ME:
C:\Windows\All Users\Application Data\Spybot - Search & Destroy\Logs
Windows NT, 2000 or XP:
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs
Windows Vista:
C:\ProgramData\Spybot - Search & Destroy\Logs
Double click on Resident.log file and it should open with Notepad.

I tried downloading the drivers and still no go.

I ran some other program for things, and according to that program I have a smitfraud virus. I've tried removing it, and nothing gets rid of it. Heck, even tried a place that had step for step instructions on how it's done, and those instructions must have been messing steps because I didn't see half the things mentioned.

Will a smitfraud virus cause my sound to crash? There is nothing else wrong that I know of or see. No extra popups...etc...Heck even tried a system restore and they all failed for as far back as a month...

This is what I have in the log for the mentioned parts around the time this happened:


1/19/2009 8:47:49 AM Allowed (based on user decision) value "WMPNSCFG" (new data: "") deleted in System Startup user entry!
1/19/2009 8:47:54 AM Allowed (based on user decision) value "WMPNSCFG" (new data: "C:\Program Files\Windows Media Player\WMPNSCFG.exe") added in System Startup user entry!
1/19/2009 8:56:08 AM Allowed (based on lassh blacklist) value "KernelFaultCheck" (new data: "%systemroot%\system32\dumprep 0 -k") added in System Startup global entry!
1/19/2009 8:57:18 AM Allowed (based on lassh blacklist) value "KernelFaultCheck" (new data: "") deleted in System Startup global entry!

ronin:

There is nothing wrong with allowing any of those registry changes. The removal and addition of the startup for "WMPNSCFG" would not have caused a problem with your sound card. However, the fact that entry was deleted and re-added would indicate that something was being done to Windows Media Player. Were you updating Windows Media Player?

The "KernelFaultCheck" entries that TeaTimer handled automatically indicate to me that your system took a dump because a problem was encountered. Did you get any notification that a process failed?

Nope wasn't updating it or anything.
And no notification about a process failing.
Just after I clicked allow at that time, my whole sound just went out.

Could it just be a coincedence and I blew my sound card or something and need a new one? Or any other ideas?

I'm thinking just take it to the shop to get a look about now. Even though I rarely use the sound, but if it's say a virus affecting my sound or something, I don't really want it to spread farther in time.

ronin:

I sorry, but the only thing that I can suggest is that you check the properties of the "C:\Program Files\Windows Media Player\WMPNSCFG.exe" file and make sure that nothing malicious replaced that file at the time the initial registry change occurred.

I ran some other program for things, and according to that program...

Which program have you run?

About sound, try to move and configure your speakers. It's possible that they can cause strange sounds or no sounds.
Can you run audio control panel of driver?

I ran this:

http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

And was told make no changes just to get a logfile.
Then from that logfile he told me this:

O18 - Filter hijack: text/html - {024dd02d-d437-47eb-bd5d-246e0ba0e5b8} - C:\WINDOWS\system32\msiebbar.dll

Is a problem. And something to do with smitfraud.


When I try to edit volume control I get this error:

When I go into volume control I get this popup message:

There are no active mixer device available. To install mixer devices, go to Control Panel, click Printers and other hardware, and then click add hardware.

The only sound I get, but I wouldnt even call it a sound, is when I turn my PC off, the speakers go the usual poooof if I have the volume all the way up...kind of just like its air.

Go to Control Panel > System.
Select "Hardware" tab and click on "Device Manager" button. Are there any devices which have yellow warning icon or red cross (x) icon in Device Manager?

Can you upload C:\WINDOWS\system32\msiebbar.dll to VirusTotal (http://www.virustotal.com)to scan for viruses and malware?

Nope, can't upload it because it's invisible I guess.
I don't remember offhand how to make invis files visible.

ronin:

That file may not even be on your system it may just be the registry entry pointing to the file. In either case, this discussion is getting beyond the scope of help normally offered in the Spybot-S&D (http://forums.spybot.info/forumdisplay.php?f=4) forum.

The O18 entry you posted appears to indicate that you possibly have or had a protocol hijacker.

You made reference to someone giving you advice to run HijackThis. I suggest that you either continue receiving help from that person or that you consider posting in the Malware Removal (http://forums.spybot.info/forumdisplay.php?f=22) forum and having someone take a look at your system (one or the other because it is unwise to receive malware removal help from two sources concurrently).

If you decide to have an experienced malware removal specialist assist you in the Malware Removal (http://forums.spybot.info/forumdisplay.php?f=22) forum on this site, please follow the procedure in the following link and produce a HijackThis log: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) ( http://forums.spybot.info/showthread.php?t=288).
After you have read and followed those instructions, start your own thread in the Malware Removal (http://forums.spybot.info/forumdisplay.php?f=22) forum, making sure to post the HijackThis log produced from those instructions.