No sound in Browsers (IE, FF, or Opera) IE Tools Menu (Some itemshave Restrictions)

**gonaads** · August 20th, 2008

Seems after the bout with the spyware/trojan/virus thingy on the computer at work it seems to not have any sound in the web browsers, all of them. Now audio for any You Tube, News Videos, nothing. What's worse is that in IE when you click on "Tools" "Internet Options" I get and error stating that the operation was canceled due to restrictions on the computer. Now this is a Admin account and have all access. Also the "Phishing Filter Settings" under the IE "Tools" "Phishing Filter" gives the same error. The "Pop-Up Blocker" setting also under the "Tools" thing does do anything. I click on the "Pop-Up Blocker Settings" and it does nothing. So I am all confused. I did a Google for this problem and found many answers with Reg settings, Spybot-SD Imunize settings and so on, none have helped. Something is corrupt or there is a Reg setting that I can not pinpoint that is doing this.

The HijackThis log file is as follows.

Logfile of HijackThis v1.99.1
Scan saved at 2:10:03 PM, on 8/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
D:\Zone Labs\ZoneAlarm\zlclient.exe
D:\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
D:\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
D:\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\UPHClean\uphclean.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\HPZipm12.exe
D:\Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Jack\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{892FD2A0-7D08-4E37-ABD6-5E173986620E}: NameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{F492843C-3A30-4268-9EEF-05C637FE1957}: NameServer = 208.67.222.222,208.67.220.220
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winwea32 - winwea32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - D:\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

I hope some one here has some idea as to this problem. I have attached screen shots of the error. I have also attached a screen shot of a second error pop-up, but this only came up once as is not showing up anymore. Could have been a one time thing, not sure though.

**Johnny** · August 20th, 2008

Did you try a system restore ???

**Johnny** · August 20th, 2008

oh, something else - Get rid of norton ....

**gonaads** · August 20th, 2008

The only entries that confuse me are:

O11 - Options group: [INTERNATIONAL] International*

and the 3 that show "File missing"

But I think that damn lsass.exe is BAD. Googled and found info that it's linked to Optix.Pro virus.

Nope it's the Isass that is bad not the lsass (lower case L). What a pain.

**Johnny** · August 20th, 2008

yeah, that is what I found also.

I don't know if this will help or not.

http://www.microsoft.com/cze/securit...sser_info.mspx

**gonaads** · August 20th, 2008

Originally Posted by Johnny

Did you try a system restore ???

Originally Posted by Johnny

oh, something else - Get rid of norton ....

Question 1--- Not happening, had to turn off restore when dealing with original issue. Can only go back to yesterday, which is odd since I had to re-install Sytem Restore due to earlier issue.

No. 2--- No.

**LordOfLA** · August 20th, 2008

http://wiki.lunarsoft.net/wiki/Dial-a-fix

go download that - one of the buttons on the bottom right will let you remove restrictions and fix a bunch of stuff too.

**gonaads** · August 21st, 2008

Nope, didn't help. Thanks though. But hey, I fixed it! Woo Hoo! After a bunch of Googling I found a place where someone had the exact same crap. He though had not removed any of the malware, I had gotten some of it but this nasty had a big payload. Had to do some clever stuff and run a few things and then all was well at the work. Yay! God if only I would get payed like an IT guy for this shiit! And all the other shiit I have to deal with on this damn machine! I should kill it and then he HAS to upgrade it or get another machine! Woe! Kinda lost it there, heh.

Anyway, I will post the details of what was done for anyone that is interested (or not) and for the future reference if anyone should get into a situation such as this. Tomorrow. I am @ home and the log files and procedure is saved @ work. So there.

**Johnny** · August 21st, 2008

I am glad you got it fixed, naads

**gonaads** · August 21st, 2008

Thanks. And now for the gory details.

First the site that had the poor soul with the very similar problem was @ DSL Reports.

http://www.dslreports.com/forum/r209...7-Restrictions

The solution was dead on although this person's malware wasn't the same one as the one here @ work. But all roads to the solution were dead on.

First thing was to d/l and run ATF Cleaner.
Then d/l and run FixPolicies.exe
and so on. Click the link, read the post and you will get the rest.

Last item was Malwarebytes' Anti-Malware. Man this program works great.

And this be the log of said proggy and the nasties it found and deleted.

Malwarebytes' Anti-Malware 1.25
Database version: 1073
Windows 5.1.2600 Service Pack 3

7:52:25 PM 8/20/2008
mbam-log-08-20-2008 (19-52-25).txt

Scan type: Quick Scan
Objects scanned: 45650
Time elapsed: 5 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winwea32 (Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\winwea32.dll (Dialer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mit.bat (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\setupapi.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svchost.e~e (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

So if anyone gets into a situation like this, use the link and do as it says. You may have to adjust it like I did for your own issue. But it worked for me and this P.O.S. of a machine.

August 20th, 2008	Top \| #1
gonaads Beware the G-Man Joined: March 2002 Location: XP-erience, NTFS, OSNN, Bay Area, California Posts: 18,592 Reputation: 4070 Power: 323	No sound in Browsers (IE, FF, or Opera) IE Tools Menu (Some itemshave Restrictions) Seems after the bout with the spyware/trojan/virus thingy on the computer at work it seems to not have any sound in the web browsers, all of them. Now audio for any You Tube, News Videos, nothing. What's worse is that in IE when you click on "Tools" "Internet Options" I get and error stating that the operation was canceled due to restrictions on the computer. Now this is a Admin account and have all access. Also the "Phishing Filter Settings" under the IE "Tools" "Phishing Filter" gives the same error. The "Pop-Up Blocker" setting also under the "Tools" thing does do anything. I click on the "Pop-Up Blocker Settings" and it does nothing. So I am all confused. I did a Google for this problem and found many answers with Reg settings, Spybot-SD Imunize settings and so on, none have helped. Something is corrupt or there is a Reg setting that I can not pinpoint that is doing this. The HijackThis log file is as follows. Logfile of HijackThis v1.99.1 Scan saved at 2:10:03 PM, on 8/20/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe D:\Zone Labs\ZoneAlarm\zlclient.exe D:\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\system32\devldr32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe D:\Norton SystemWorks\Norton AntiVirus\navapsvc.exe D:\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe D:\NORTON~1\NORTON~2\NPROTECT.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe D:\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe D:\UPHClean\uphclean.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\HPZipm12.exe D:\Firefox\firefox.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Jack\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: officejet 6100.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O17 - HKLM\System\CCS\Services\Tcpip\..\{892FD2A0-7D08-4E37-ABD6-5E173986620E}: NameServer = 208.67.222.222 208.67.220.220 O17 - HKLM\System\CCS\Services\Tcpip\..\{F492843C-3A30-4268-9EEF-05C637FE1957}: NameServer = 208.67.222.222,208.67.220.220 O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winwea32 - winwea32.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\NORTON~1\NORTON~2\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - D:\Norton SystemWorks\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - D:\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe I hope some one here has some idea as to this problem. I have attached screen shots of the error. I have also attached a screen shot of a second error pop-up, but this only came up once as is not showing up anymore. Could have been a one time thing, not sure though. Attached Thumbnails
	*"I play violent video games, I could snap at any second."*

August 20th, 2008	Top \| #2
Johnny Heart Breaker Joined: January 2004 Location: Happy Valley Posts: 4,301 Reputation: 1623 Power: 135	Re: No sound in Browsers (IE, FF, or Opera) IE Tools Menu (Some itemshave Restriction Did you try a system restore ???
	Heart Breaker ...

August 20th, 2008	Top \| #3
Johnny Heart Breaker Joined: January 2004 Location: Happy Valley Posts: 4,301 Reputation: 1623 Power: 135	Re: No sound in Browsers (IE, FF, or Opera) IE Tools Menu (Some itemshave Restriction oh, something else - Get rid of norton ....
	Heart Breaker ...

August 20th, 2008	Top \| #4
gonaads Beware the G-Man Joined: March 2002 Location: XP-erience, NTFS, OSNN, Bay Area, California Posts: 18,592 Reputation: 4070 Power: 323	Re: No sound in Browsers (IE, FF, or Opera) IE Tools Menu (Some itemshave Restriction The only entries that confuse me are: O11 - Options group: [INTERNATIONAL] International* and the 3 that show "File missing" But I think that damn lsass.exe is BAD. Googled and found info that it's linked to Optix.Pro virus. Nope it's the Isass that is bad not the lsass (lower case L). What a pain.
	*"I play violent video games, I could snap at any second."*

August 20th, 2008	Top \| #5
Johnny Heart Breaker Joined: January 2004 Location: Happy Valley Posts: 4,301 Reputation: 1623 Power: 135	Re: No sound in Browsers (IE, FF, or Opera) IE Tools Menu (Some itemshave Restriction yeah, that is what I found also. I don't know if this will help or not. http://www.microsoft.com/cze/securit...sser_info.mspx
	Heart Breaker ...

Latest News Posts

Latest Forum Posts

Latest Member Blogs

August 20th, 2008	Top \| #6
gonaads Beware the G-Man Joined: March 2002 Location: XP-erience, NTFS, OSNN, Bay Area, California Posts: 18,592 Reputation: 4070 Power: 323	Re: No sound in Browsers (IE, FF, or Opera) IE Tools Menu (Some itemshave Restriction Originally Posted by Johnny Did you try a system restore ??? Originally Posted by Johnny oh, something else - Get rid of norton .... Question 1--- Not happening, had to turn off restore when dealing with original issue. Can only go back to yesterday, which is odd since I had to re-install Sytem Restore due to earlier issue. No. 2--- No.
	*"I play violent video games, I could snap at any second."*

August 20th, 2008	Top \| #7
LordOfLA Godlike! Joined: February 2004 Location: Birmingham, UK Posts: 6,818 Blog Entries: 5 Reputation: 3651 Power: 179	Re: No sound in Browsers (IE, FF, or Opera) IE Tools Menu (Some itemshave Restriction http://wiki.lunarsoft.net/wiki/Dial-a-fix go download that - one of the buttons on the bottom right will let you remove restrictions and fix a bunch of stuff too.
	If HK-47 and GLaDOS had a child, the character they create would cause the video game world to overdose on awesome. -sheridanmovieguy: Dragon age forum user.

August 21st, 2008	Top \| #8
gonaads Beware the G-Man Joined: March 2002 Location: XP-erience, NTFS, OSNN, Bay Area, California Posts: 18,592 Reputation: 4070 Power: 323	Re: No sound in Browsers (IE, FF, or Opera) IE Tools Menu (Some itemshave Restriction Nope, didn't help. Thanks though. But hey, I fixed it! Woo Hoo! After a bunch of Googling I found a place where someone had the exact same crap. He though had not removed any of the malware, I had gotten some of it but this nasty had a big payload. Had to do some clever stuff and run a few things and then all was well at the work. Yay! God if only I would get payed like an IT guy for this shiit! And all the other shiit I have to deal with on this damn machine! I should kill it and then he HAS to upgrade it or get another machine! Woe! Kinda lost it there, heh. Anyway, I will post the details of what was done for anyone that is interested (or not) and for the future reference if anyone should get into a situation such as this. Tomorrow. I am @ home and the log files and procedure is saved @ work. So there.
	*"I play violent video games, I could snap at any second."*

August 21st, 2008	Top \| #9
Johnny Heart Breaker Joined: January 2004 Location: Happy Valley Posts: 4,301 Reputation: 1623 Power: 135	Re: No sound in Browsers (IE, FF, or Opera) IE Tools Menu (Some itemshave Restriction I am glad you got it fixed, naads
	Heart Breaker ...

August 21st, 2008	Top \| #10
gonaads Beware the G-Man Joined: March 2002 Location: XP-erience, NTFS, OSNN, Bay Area, California Posts: 18,592 Reputation: 4070 Power: 323	Re: No sound in Browsers (IE, FF, or Opera) IE Tools Menu (Some itemshave Restriction Thanks. And now for the gory details. First the site that had the poor soul with the very similar problem was @ DSL Reports. http://www.dslreports.com/forum/r209...7-Restrictions The solution was dead on although this person's malware wasn't the same one as the one here @ work. But all roads to the solution were dead on. First thing was to d/l and run ATF Cleaner. Then d/l and run FixPolicies.exe and so on. Click the link, read the post and you will get the rest. Last item was Malwarebytes' Anti-Malware. Man this program works great. And this be the log of said proggy and the nasties it found and deleted. Malwarebytes' Anti-Malware 1.25 Database version: 1073 Windows 5.1.2600 Service Pack 3 7:52:25 PM 8/20/2008 mbam-log-08-20-2008 (19-52-25).txt Scan type: Quick Scan Objects scanned: 45650 Time elapsed: 5 minute(s), 31 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winwea32 (Dialer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\winwea32.dll (Dialer) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mit.bat (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Program Files\Internet Explorer\setupapi.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\svchost.e~e (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully. So if anyone gets into a situation like this, use the link and do as it says. You may have to adjust it like I did for your own issue. But it worked for me and this P.O.S. of a machine.
	*"I play violent video games, I could snap at any second."*

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Avatar restrictions	LordOfLA	Site Problems & Feedback	10	April 3rd, 2006 12:40pm
School Restrictions	ZAnwar	Windows Desktop Systems	16	June 12th, 2002 4:38pm
Superuser restrictions	sadsonic	Windows Desktop Systems	5	May 15th, 2002 2:29pm
winxp pro restrictions!!! HELP???	DAZZ	Windows Desktop Systems	6	January 16th, 2002 6:10pm
How To Set User Restrictions??!	ThePunkerGuy	Windows Desktop Systems	10	January 4th, 2002 4:18am