Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > General Computer Security
Reload this Page Trojan Murlo - need help to remove
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


General Computer Security Get Help With System Security - This forum is not for malware removal assistance. For malware removal assistance, read the sticky topic at the top of the Virus/Trojan/Spyware Help forum, or the "First Steps" link at the top right of each page.

Reply
 
LinkBack Thread Tools
Old 04-19-2007, 04:52 AM   #1 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 3
OS: Windows XP home


Trojan Murlo - need help to remove
Hello,

XSoftspySE has detected a trojan Murlo on my XP PC. I remove it from within XSoftspySE, but when I reboot the PC the trojan is back.

It also seems that for some reason it has blocked intrusion prevention on Norton 360 that is running. I am not able to turn intrusion prevention on.

Any hints or "reciepe" on how to remove trojan Murlo would be very appreciated.

Thanx,

Rune
raekken is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 04-19-2007, 06:24 AM   #2 (permalink)
Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 25,499
OS: Win XP Pro SP3 / Win 7 Pro

My System

Blog Entries: 10
Re: Trojan Murlo - need help to remove
Hi

Please follow the steps here

http://www.techsupportforum.com/secu...sting-log.html
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.



PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner
Glaswegian is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Old 04-19-2007, 03:30 PM   #3 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 3
OS: Windows XP home


Re: Trojan Murlo - need help to remove
Deckard's System Scanner v20070411.38
Run by Rune on 2007-04-19 at 23:16:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; System Restore is disabled (service is not running).


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Rune.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 23:20:22, on 19.04.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe
C:\windows\system32\spoolsv.exe
C:\Programfiler\Fellesfiler\Maxtor\Schedule2\schedul2.exe
C:\Programfiler\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programfiler\CPUCooL\CooLSrv.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe
C:\windows\System32\nvsvc32.exe
C:\Programfiler\Dantz\Retrospect\retrorun.exe
C:\Programfiler\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Programfiler\Spyware Doctor\svcntaux.exe
C:\Programfiler\Spyware Doctor\swdsvc.exe
C:\windows\System32\svchost.exe
C:\windows\System32\alg.exe
C:\windows\Explorer.EXE
C:\WINDOWS\MXOALDR.EXE
C:\Programfiler\BMExtreme\BMExtreme.exe
C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe
C:\Programfiler\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\Programfiler\Spyware Doctor\SDTrayApp.exe
C:\Programfiler\Maxtor\MaxBlast\MaxBlastMonitor.exe
C:\Programfiler\Maxtor\MaxBlast\TimounterMonitor.exe
C:\Programfiler\Fellesfiler\Maxtor\Schedule2\schedhlp.exe
C:\Programfiler\a-squared Anti-Malware\a2guard.exe
C:\Programfiler\SPYWAREfighter\spftray.exe
C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programfiler\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\windows\system32\ctfmon.exe
C:\Programfiler\MSN Messenger\msnmsgr.exe
C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
C:\Programfiler\SPYWAREfighter\spfprc.exe
C:\Programfiler\Spyware Doctor\update.exe
C:\Programfiler\SpywareGuard\sgmain.exe
C:\Programfiler\SpywareGuard\sgbhp.exe
C:\Documents and Settings\Rune\Skrivebord\dss.exe
C:\PROGRA~2\HIJACK~1\Rune.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.f2f.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.f2f.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programfiler\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar4.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar4.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [BMExtreme] C:\Programfiler\BMExtreme\BMExtreme.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programfiler\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SDTray] "C:\Programfiler\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [MaxBlastMonitor.exe] C:\Programfiler\Maxtor\MaxBlast\MaxBlastMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programfiler\Maxtor\MaxBlast\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programfiler\Fellesfiler\Maxtor\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Programfiler\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [spywarefighterguard] C:\Programfiler\SPYWAREfighter\spftray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SBCSTray] C:\Programfiler\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Programfiler\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Programfiler\Plaxo\2.6.2.7\PlaxoHelper.exe -a
O4 - Startup: SpywareGuard.lnk = C:\Programfiler\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programfiler\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.online.no/
O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - http://down.plaxo.com/down/release/instub.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {8E6AA867-94D4-4B4F-8791-1B048F8C122A} (WebInterface Class) - https://fastsend.com/products/Fsplugin.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programfiler\Fellesfiler\Maxtor\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Programfiler\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe
O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - C:\Programfiler\CPUCooL\CooLSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Programfiler\Dantz\Retrospect\retrorun.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Programfiler\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Programfiler\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Programfiler\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Programfiler\SPYWAREfighter\spfprc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe


-- File Associations -----------------------------------------------------------

.js - JSFile - shell\open\command - unable to read value


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\giveio.sys
R0 Pnp680 (SiI 680 ATA Controller) - c:\windows\system32\drivers\pnp680.sys
R0 SBHR - c:\windows\system32\drivers\sbhr.sys
R0 snapman (Acronis Snapshots Manager) - c:\windows\system32\drivers\snapman.sys
R0 speedfan - c:\windows\system32\speedfan.sys
R0 timounter (Acronis True Image Backup Archive Explorer) - c:\windows\system32\drivers\timntr.sys
R1 cdrbsvsd - c:\windows\system32\drivers\cdrbsvsd.sys
R1 IKFileFlt (File Filter Driver) - c:\windows\system32\drivers\ikfileflt.sys
R1 IKFileSec (File Security Driver) - c:\windows\system32\drivers\ikfilesec.sys
R1 IkSysFlt (System Filter Driver) - c:\windows\system32\drivers\iksysflt.sys
R1 IKSysSec (System Security Driver) - c:\windows\system32\drivers\iksyssec.sys
R1 ntiowp - c:\windows\system32\drivers\ntiowp.sys
R1 OMCI - c:\windows\system32\drivers\omci.sys
R1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys
R1 SRTSPX - c:\windows\system32\drivers\srtspx.sys
R2 BCMNTIO - c:\programfiler\checkit\diagnostics\bcmntio.sys
R2 MAPMEM - c:\programfiler\checkit\diagnostics\mapmem.sys
R2 ROB_A (Pinnacle WDM PCTV Audio Capture) - c:\windows\system32\drivers\rob_a.sys
R2 ROB_V (Pinnacle WDM PCTV Video Capture) - c:\windows\system32\drivers\rob_v.sys
R2 tifsfilter (Acronis True Image FS Filter) - c:\windows\system32\drivers\tifsfilt.sys
R3 aeaudio - c:\windows\system32\drivers\aeaudio.sys
R3 ASAPIW2K - c:\windows\system32\drivers\asapiw2k.sys
R3 MarvinBus (Pinnacle Marvin Bus) - c:\windows\system32\drivers\marvinbus.sys
R3 pctvvbi - c:\windows\system32\drivers\pctvvbi.sys
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys
R3 SBAPIFS - c:\windows\system32\drivers\sbapifs.sys (file missing)
R3 scsiscan (SCSI-skannerdriver) - c:\windows\system32\drivers\scsiscan.sys
R3 smwdm - c:\windows\system32\drivers\smwdm.sys
R3 SpyFighter (SpyFighter Guard Device) - c:\programfiler\spywarefighter\spyfighter.sys
R3 SRTSP - c:\windows\system32\drivers\srtsp.sys

S3 MXOFX (USB Storage Adapter FX (MXO)) - c:\windows\system32\drivers\mxofx.sys
S3 Nokia USB Port - c:\windows\system32\drivers\nmwcdcj.sys
S3 SbcpHid - c:\windows\system32\drivers\sbcphid.sys
S3 SRTSPL - c:\windows\system32\drivers\srtspl.sys
S3 Wdm1 (USB Bridge Cable Driver) - c:\windows\system32\drivers\usbbc.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AcrSch2Svc (Acronis Scheduler2 Service) - "c:\programfiler\fellesfiler\maxtor\schedule2\schedul2.exe"
R2 AdobeActiveFileMonitor4.0 (Adobe Active File Monitor V4) - c:\programfiler\adobe\photoshop elements 4.0\photoshopelementsfileagent.exe
R2 CPUCooLServer (CPUCooLServer Service) - c:\programfiler\cpucool\coolsrv.exe
R2 LiveUpdate Notice Ex (LiveUpdate Notice Service Ex) - "c:\programfiler\fellesfiler\symantec shared\ccsvchst.exe" /h cccommon
R2 RetroLauncher (Retrospect Launcher) - c:\programfiler\dantz\retrospect\retrorun.exe
R2 SBCSSvc (Sunbelt CounterSpy Antispyware) - "c:\programfiler\sunbelt software\counterspy\sbcssvc.exe"
R2 sdAuxService (Spyware Doctor Auxiliary Service) - c:\programfiler\spyware doctor\svcntaux.exe
R2 sdCoreService (Spyware Doctor Service) - c:\programfiler\spyware doctor\swdsvc.exe
R3 ServiceLayer - "c:\programfiler\pc connectivity solution\servicelayer.exe"
R3 SPYWAREfighterRP - "c:\programfiler\spywarefighter\spfprc.exe"

S0 wscsvc (Security Center) - \systemroot\c:\windows\system32\svchost.exe -k netsvcs (file missing)
S2 LiveUpdate Notice Service - "c:\programfiler\fellesfiler\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /m "c:\programfiler\fellesfiler\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifeng.dll"
S3 clr_optimization_v2.0.50215_32 (.NET Runtime Optimization Service v2.0.50215_X86) - c:\windows\microsoft.net\framework\v2.0.50215\mscorsvw.exe
S3 FontCache6.0.5070.0 (WinFX Font Cache 6.0.5070.0) - c:\windows\microsoft.net\windows\v6.0.5070\presentationfontcache.exe
S3 InfoCard Service (Microsoft Digital Identity Service) - c:\windows\microsoft.net\framework\v2.0.50215\infocard.exe
S3 usnsvc (Messenger Sharing USN Journal Reader service) - c:\windows\system32\svchost.exe -k usnsvc
S4 itcppss (Indigo Tcp Port Sharing Service) - c:\windows\microsoft.net\framework\v2.0.50215\indigolistener.exe


-- Scheduled Tasks -------------------------------------------------------------

2007-04-19 21:23:55 432 --a------ C:\windows\Tasks\RegCure Program Check.job<REGCUR~1.JOB>
2007-04-19 07:56:00 366 --a------ C:\windows\Tasks\RegCure.job
2007-04-19 00:52:47 356 --a------ C:\windows\Tasks\XoftSpySE.job<XOFTSP~1.JOB>
2006-09-04 23:45:01 294 --a------ C:\windows\Tasks\XoftSpy.job


-- Files created between 2007-03-19 and 2007-04-19 -----------------------------

2007-04-19 22:51:18 21312 --a------ C:\windows\choice.exe
2007-04-19 22:01:37 0 d-------- C:\ie-spyad
2007-04-19 21:58:16 0 d-------- C:\Programfiler\SpywareGuard<SPYWAR~4>
2007-04-19 07:55:30 0 d-------- C:\Programfiler\RegCure
2007-04-19 01:00:31 0 d-------- C:\!KillBox
2007-04-19 00:52:12 0 d-------- C:\Programfiler\XoftSpySE<XOFTSP~1>
2007-04-18 07:28:53 356352 --a------ C:\windows\system32\eSellerateEngine.dll<ESELLE~2.DLL>
2007-04-18 07:28:52 494352 --a------ C:\windows\system32\SHDOC401.DLL
2007-04-18 07:28:50 0 d-------- C:\Programfiler\1 Click PC Fix 2007<1CLICK~1>
2007-04-18 0014 0 --a------ C:\windows\system32\SBRC.dat
2007-04-18 0014 0 --a------ C:\windows\system32\SBFC.dat
2007-04-17 23:27:46 15544 --a------ C:\windows\system32\drivers\sbhr.sys
2007-04-17 22:42:21 0 d-------- C:\Programfiler\Sunbelt Software<SUNBEL~1>
2007-04-17 22:00:04 3968 --a------ C:\windows\system32\drivers\AvgAsCln.sys
2007-04-17 20:07:38 0 d-------- C:\Programfiler\Fellesfiler\Application<APPLIC~1>
2007-04-17 2042 0 d-------- C:\Programfiler\SPYWAREfighter<SPYWAR~3>
2007-04-17 20:05:11 0 d-------- C:\Programfiler\a-squared Anti-Malware<A-SQUA~1>
2007-04-17 20:01:31 0 d-------- C:\Programfiler\FDRLab
2007-04-17 00:21:35 0 dr-h----- C:\Documents and Settings\Rune\Siste
2007-04-16 21:08:52 0 d-------- C:\Ny mappe<NYMAPP~1>
2007-04-13 21:13:48 392320 --a------ C:\windows\system32\drivers\timntr.sys
2007-04-13 21:13:48 32768 --a------ C:\windows\system32\drivers\tifsfilt.sys
2007-04-13 21:13:25 120992 --a------ C:\windows\system32\drivers\snapman.sys
2007-04-13 21:11:49 0 d-------- C:\Programfiler\Fellesfiler\Maxtor
2007-04-12 22:41:36 22112 -ra------ C:\windows\system32\drivers\COH_Mon.sys
2007-04-10 22:15:51 26064 --a------ C:\windows\system32\drivers\kcom.sys
2007-04-10 22:15:51 83536 --a------ C:\windows\system32\drivers\iksyssec.sys
2007-04-10 22:15:51 59984 --a------ C:\windows\system32\drivers\iksysflt.sys
2007-04-10 22:15:51 52304 --a------ C:\windows\system32\drivers\ikfilesec.sys<IKFILE~2.SYS>
2007-04-10 22:15:51 39248 --a------ C:\windows\system32\drivers\ikfileflt.sys<IKFILE~1.SYS>
2007-04-10 22:15:24 0 d-------- C:\Programfiler\Spyware Doctor<SPYWAR~2>
2007-04-10 22:15:09 626688 --a------ C:\windows\system32\msvcr80.dll
2007-04-06 23:01:31 0 d-------- C:\Programfiler\MagicDVDRipper<MAGICD~1>
2007-04-04 12:41:36 14368 --a------ C:\windows\system32\relog_ap.dll
2007-04-04 10:57:36 17440 --a------ C:\windows\system32\acrotls.dll
2007-04-04 02:11:37 0 d-------- C:\Movavi files<MOVAVI~1>
2007-04-04 00:57:19 0 d-------- C:\Programfiler\MOVAVI
2007-04-04 00:56:47 0 d-------- C:\Programfiler\Movavi Video Converter 5.1<MOVAVI~1.1>
2007-04-03 20:18:22 210464 --a------ C:\windows\system32\snapapi.dll
2007-03-28 23:21:07 0 d-------- C:\Programfiler\Norton 360<NORTON~1>
2007-03-28 23:19:44 48776 --a------ C:\windows\system32\S32EVNT1.DLL
2007-03-28 23:19:44 115000 --a------ C:\windows\system32\drivers\SYMEVENT.SYS
2007-03-28 21:53:35 0 d-------- C:\Documents and Settings\All Users\Symantec Temporary Files<SYMANT~1>
2007-03-25 15:20:54 0 d-------- C:\Programfiler\WinUHA


-- Find3M Report ---------------------------------------------------------------

2007-04-19 22:26:02 0 d-------- C:\Programfiler\SpywareBlaster<SPYWAR~1>
2007-04-19 21:28:10 0 d-------- C:\Programfiler\Plaxo
2007-04-19 00:22:00 0 d-------- C:\Programfiler\Fellesfiler\Symantec Shared<SYMANT~1>
2007-04-18 18:33:24 0 d-------- C:\Programfiler\The Cleaner<THECLE~1>
2007-04-18 18:21:41 0 d-------- C:\Programfiler\xp-utilities<XP-UTI~1>
2007-04-17 20:07:38 0 d-------- C:\Programfiler\Fellesfiler<FELLES~1>
2007-04-13 22:08:11 0 d-------- C:\Programfiler\MSN Messenger<MSNMES~1>
2007-04-13 21:11:49 0 d-------- C:\Programfiler\Maxtor
2007-04-12 13:02:04 0 d-------- C:\Programfiler\XoftSpy
2007-04-10 22:15:24 0 d-------- C:\Documents and Settings\Rune\Programdata\PC Tools<PCTOOL~1>
2007-04-04 15:59:07 0 d-------- C:\Programfiler\BitComet
2007-04-01 21:30:57 0 d-------- C:\Programfiler\ICE Mirror<ICEMIR~1>
2007-03-31 20:16:19 429440 --a------ C:\windows\system32\perfh014.dat
2007-03-31 20:16:19 85840 --a------ C:\windows\system32\perfc014.dat
2007-03-30 16:44:52 186520 --a------ C:\windows\system32\SymNPPWA.dll
2007-03-29 00:00:28 0 d-------- C:\Documents and Settings\Rune\Programdata\Symantec
2007-03-28 23:24:41 0 d-------- C:\Programfiler\Symantec
2007-03-23 13:18:09 3532 --a------ C:\drmHeader.bin<DRMHEA~1.BIN>
2007-03-17 15:45:38 292864 --a------ C:\windows\system32\winsrv.dll
2007-03-15 02:42:38 0 d-------- C:\Programfiler\Windows Media Connect 2<WI4DF6~1>
2007-03-14 18:30:08 192 --a------ C:\windows\xpsysettings<XPSYSE~1>
2007-03-13 20:58:06 0 d-------- C:\Programfiler\Your Uninstaller 2006<YOURUN~1>
2007-03-13 19:30:06 0 d-------- C:\Programfiler\Microsoft.NET<MICROS~1.NET>
2007-03-09 09:57:40 27376 --a------ C:\windows\system32\SBBD.exe
2007-03-08 17:39:11 577536 --a------ C:\windows\system32\user32.dll
2007-03-08 17:39:11 40960 --a------ C:\windows\system32\mf3216.dll
2007-03-08 17:39:11 281600 --a------ C:\windows\system32\gdi32.dll
2007-03-08 17:38:06 1843584 --a------ C:\windows\system32\win32k.sys
2007-03-04 16:44:54 0 d-------- C:\Documents and Settings\Rune\Programdata\vlc
2007-03-03 02:33:30 0 d-------- C:\Programfiler\YourWare Solutions<YOURWA~1>
2007-03-01 12:03:00 0 d-------- C:\Programfiler\Java
2007-02-05 22:19:38 185344 --a------ C:\windows\system32\upnphost.dll
2007-01-30 01:03:46 572901 --a------ C:\Documents and Settings\Rune\Programdata\NMM-MetaData.db<NMM-ME~1.DB>


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\windows\\system32\\ctfmon.exe"
"msnmsgr"="\"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe\" /background"
"swg"="C:\\Programfiler\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"FreeRAM XP"="\"C:\\Programfiler\\YourWare Solutions\\FreeRAM XP Pro\\FreeRAM XP Pro.exe\" -win"
"PlaxoUpdate"="C:\\Programfiler\\Plaxo\\2.6.2.7\\PlaxoHelper.exe -a"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"nwiz"="nwiz.exe /install"
"MXO Auto Loader"="C:\\WINDOWS\\MXOALDR.EXE"
"BMExtreme"="C:\\Programfiler\\BMExtreme\\BMExtreme.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunJavaUpdateSched"="\"C:\\Programfiler\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"Acrobat Assistant 7.0"="\"C:\\Programfiler\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
"PCSuiteTrayApplication"="C:\\Programfiler\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup"
"ccApp"="\"C:\\Programfiler\\Fellesfiler\\Symantec Shared\\ccApp.exe\""
"Symantec PIF AlertEng"="\"C:\\Programfiler\\Fellesfiler\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Programfiler\\Fellesfiler\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\""
"SDTray"="\"C:\\Programfiler\\Spyware Doctor\\SDTrayApp.exe\""
"MaxBlastMonitor.exe"="C:\\Programfiler\\Maxtor\\MaxBlast\\MaxBlastMonitor.exe"
"AcronisTimounterMonitor"="C:\\Programfiler\\Maxtor\\MaxBlast\\TimounterMonitor.exe"
"Acronis Scheduler2 Service"="\"C:\\Programfiler\\Fellesfiler\\Maxtor\\Schedule2\\schedhlp.exe\""
"a-squared"="\"C:\\Programfiler\\a-squared Anti-Malware\\a2guard.exe\""
"spywarefighterguard"="C:\\Programfiler\\SPYWAREfighter\\spftray.exe"
@=""
"!AVG Anti-Spyware"="\"C:\\Programfiler\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"SBCSTray"="C:\\Programfiler\\Sunbelt Software\\CounterSpy\\SBCSTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Omnipage"="C:\\Programfiler\\ScanSoft\\OmniPagePro11.0\\opware32.exe"
"QuickTime Task"="\"C:\\Programfiler\\QuickTime\\qttask.exe\" -atboottime"
"Adobe Photo Downloader"="\"C:\\Programfiler\\Adobe\\Photoshop Elements 4.0\\apdproxy.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Acrobat Assistant.lnk]
"backup"="C:\\WINDOWS\\pss\\Acrobat Assistant.lnkCommon Startup"
"location"="Common Startup"
"item"="Acrobat Assistant"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Gamma Loader.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^NkbMonitor.exe.lnk]
"backup"="C:\\WINDOWS\\pss\\NkbMonitor.exe.lnkCommon Startup"
"location"="Common Startup"
"item"="NkbMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rune^Start-meny^Programmer^Oppstart^capster PC oppstartsstyring.lnk]
"backup"="C:\\WINDOWS\\pss\\capster PC oppstartsstyring.lnkStartup"
"location"="Startup"
"item"="capster PC oppstartsstyring"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DirectCD"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="gcasServ"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Programfiler\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nbj"
"hkey"="HKCU"
"command"="\"C:\\Programfiler\\Ahead\\Nero BackItUp\\nbj.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCLEPCI]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PPE"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Programfiler\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"PcSync"="C:\\Programfiler\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\SBCSSvc
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_SBAPIFS


-- End of Deckard's System Scanner: finished at 2007-04-19 at 23:23:35 ---------
Attached Files
File Type: txt extra.txt (28.3 KB, 0 views)
raekken is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Old 04-20-2007, 07:27 AM   #4 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 51
OS: XP home


Re: Trojan Murlo - need help to remove
Hello there. I was having problems with the murlo trojan and like you Xoftspy was removig it but it was back on reboot. This morning on reboot it was gone but I run xoftspy 4.22. If your version doesn't deal with it, it might be an idea to get 4.22.
kaloochi is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Old 04-20-2007, 01:35 PM   #5 (permalink)
Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 25,499
OS: Win XP Pro SP3 / Win 7 Pro

My System

Blog Entries: 10
Re: Trojan Murlo - need help to remove
raekken - please post your log in this forum

http://www.techsupportforum.com/secu...this-log-help/

and add a description of your problem - we'll then have a look and provide instructions to clean your system, if required. Please note that the HJT forum is constantly busy, so I would ask that you be patient while waiting for a reply.
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.



PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner
Glaswegian is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 04:25 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85