m2bach Posted February 16, 2009 ID:57065 Share Posted February 16, 2009 Dear Forum,Running Vista Business, 32 bit, SP1 and have been infected by a malware which gives me the fake Windows Security Alert that "Windows Firewall has blocked some features of this program". I am not running Windows firewall but use instead NIS 2009 along with Ad-Aware and Spyware Doctor. Still managed to get this malware into my system. Have read your instructions and have installed and applied Malwarebytes and HJT. Malware came back clean it seems... However, the fake Windows Security Alert still pops up as attached... your help is much appreciated. /MaxMalwarebytes' Anti-Malware 1.34Database version: 1765Windows 6.0.6001 Service Pack 12/16/2009 16:14:32mbam-log-2009-02-16 (16-14-32).txtScan type: Quick ScanObjects scanned: 66554Time elapsed: 8 minute(s), 10 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 16:33:07, on 2/16/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\System32\smss.exeC:\Windows\system32\csrss.exeC:\Windows\system32\csrss.exeC:\Windows\system32\wininit.exeC:\Windows\system32\services.exeC:\Windows\system32\winlogon.exeC:\Windows\system32\lsass.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exeC:\Program Files\Fingerprint Reader Suite\upeksvr.exeC:\Windows\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exeC:\Windows\system32\aestsrv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exeC:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exeC:\Windows\System32\svchost.exeC:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exeC:\Program Files\T3 Backup Light\aua\bin\AuaAcb.exeC:\Program Files\T3 Backup Light\bin\bsch.exeC:\Program Files\T3 Backup Light\aua\jvm\bin\AuaAcbJW.exeC:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exeC:\Program Files\T3 Backup Light\jvm\bin\bschJW.exeC:\Program Files\Spyware Doctor\pctsAuxs.exeC:\Program Files\Spyware Doctor\pctsSvc.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exec:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exec:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\Windows\system32\STacSV.exeC:\Windows\system32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\DRIVERS\ACFXAU32.exeC:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\OEM02Mon.exeC:\Windows\WindowsMobile\wmdc.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exeC:\Program Files\Dell\MediaDirect\PCMService.exeC:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exeC:\Windows\system32\svchost.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Dell Support Center\bin\sprtcmd.exeC:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exeC:\Windows\System32\rundll32.exeC:\Windows\System32\mobsync.exeC:\Windows\System32\rundll32.exeC:\Program Files\Fingerprint Reader Suite\psqltray.exeC:\Windows\System32\rundll32.exeC:\Windows\system32\svchost.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\Lavasoft\Ad-Aware\AAWTray.exeC:\Program Files\Spyware Doctor\pctsTray.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\T3 Backup Light\bin\btray.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Users\Max Bachrach\AppData\Roaming\Google\msvclock.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Program Files\Personal\bin\Personal.exeC:\Program Files\Norton Internet Security\Engine\16.2.0.7\WSCStub.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Windows\system32\wbem\wmiprvse.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/ig/dell?hl=en&cli...amp;ibd=0080108R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by DellR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dllO2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLLO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dllO2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dllO2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dllO2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dllO3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dllO3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dllO4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exeO4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /sO4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenterO4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exeO4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStartO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,StartO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exeO4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenterO4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenterO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [OBASystemTray ] "C:\Program Files\T3 Backup Light\bin\btray.exe"O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeO4 - HKCU\..\Run: [realtecks] "C:\Users\Max Bachrach\AppData\Roaming\Google\msvclock.exe" 2O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')O4 - Global Startup: Bluetooth.lnk = ?O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exeO4 - Global Startup: Personal.lnk = C:\Program Files\Personal\bin\Personal.exeO4 - Global Startup: QuickSet.lnk = ?O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlO8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlO8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmO8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dllO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dllO9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLLO9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO13 - Gopher Prefix: O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cabO16 - DPF: {9478041E-CAEC-44A5-8271-B56799715926} (ColorApplication Control) - http://clients.theshining.se/colorapp/ColorAppOnline.cabO16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://ascend.webex.com/client/T25L10NSP41...ex/ieatgpc1.cabO16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{3FB98BBD-ECB8-40E9-97C8-14566C0D01F3}: NameServer = 83.255.245.10,83.255.249.10O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dllO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLLO23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exeO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeO23 - Service: SmartGenie (LxrSGe10s) - Unknown owner - C:\Windows\SYSTEM32\LxrSge10s.exeO23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exeO23 - Service: AutoUpdateAgent (T3 Backup Light) (OBAAutoUpdate) - Unknown owner - C:\Program Files\T3 Backup Light\aua\bin\AuaAcb.exeO23 - Service: Online Backup Scheduler (T3 Backup Light) (OBAScheduler) - Unknown owner - C:\Program Files\T3 Backup Light\bin\bsch.exeO23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exeO23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exeO23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exeO23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exeO23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exeO23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exeO23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exeO23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exeO23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exeO23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exeO23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\ACFXAU32.exe--End of file - 17330 bytes Link to post Share on other sites More sharing options...
m2bach Posted February 17, 2009 Author ID:57146 Share Posted February 17, 2009 Any assistance available to my post? Been trying to solve the issue for 2 days now.NIS came up with a blocked alert for msnkpl32.dll... could this be my problem? Can I delete such file?... or....? Link to post Share on other sites More sharing options...
nosirrah Posted February 18, 2009 ID:57392 Share Posted February 18, 2009 C:\Users\Max Bachrach\AppData\Roaming\Google\msvclock.exeI think this file is a part of the problem . Please zip and attach a copy of it to a new post here so we can take a look at it :http://www.malwarebytes.org/forums/index.php?showforum=55 Link to post Share on other sites More sharing options...
nosirrah Posted February 18, 2009 ID:57395 Share Posted February 18, 2009 There is a decent chance that defs version 1773 will handle this for you Link to post Share on other sites More sharing options...
m2bach Posted February 19, 2009 Author ID:57803 Share Posted February 19, 2009 Nosirrah,Thanks for your reply. As I needed the computer for work I got Norton consultants to help me out. Unfortunately cost me $100... You were right though that it was the file msvclock.exe which created the problem.This post can be closed./M Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 19, 2009 Root Admin ID:57920 Share Posted February 19, 2009 Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you. Link to post Share on other sites More sharing options...
Recommended Posts