Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo And Crypt That Won't Go Away. Outlook Is Messed Up


  • Please log in to reply
1 reply to this topic

#1 girlneedshelp

girlneedshelp

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 24 February 2008 - 07:05 PM

I have been dealing with trojans and malware for days. Feel like most of it is cleaned up as functionality is much better, but I still get warnings when I run scans. Still get the system32/fxcw.....dll error (or whatever?) when I start, but the file does not exist in system 32.

Outlook 2007 will not function. It opens, I see my files but will not connect and then freezes. Won't repair off the cd rom either. Don't have an outcmd.dat to delete as is suggested.

I have used so many programs now to correct this that I am dizzy:

Ad-ware, Search & Destroy, Spyblaster, combo fix, vundo.exe., bitdefender, hijack this, and purchased RegCure.
What am I doing wrong???

Please help.
Thanks,
R


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:26:27 PM, on 2/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\quickenw\QAGENT.EXE
C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Documents and Settings\RM\Local Settings\Application Data\Google\Update\1.0.103.3\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Documents and Settings\RM\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\rosesthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.huffingtonpost.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://securityresponse.symantec.com/avcenter/fix_homepage
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {66A12149-C2D5-4E22-A21A-D98ABC89D1E9} - (no file)
O2 - BHO: 0 - {A2DA4664-3FCA-4AF9-BC91-210A33AF8138} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: {cd2901d2-75fa-0ffb-7934-bfcc275c114c} - {c411c572-ccfb-4397-bff0-af572d1092dc} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\quickenw\QAGENT.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [e4b94219] rundll32.exe "C:\WINDOWS\system32\fwcplcxs.dll",b
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\RM\Local Settings\Application Data\Google\Update\1.0.103.3\GoogleUpdate.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\RM\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {5DE92616-77D2-40A9-BA35-B095FD211534} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} (Image Uploader Control) - http://pc-photo.lifepics.com/net/Uploader/LPUploader45.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - https://www.plaxo.com/activex/plx_upldr-2k-xp.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 14734 bytes



// Created on: 24/02/2008 11:12:01
//
//-----------------------------------------------------------------


Virus Statistics

Scan path : C:\
D:\
Folders : 8155
Files : 269802
Memory processes scanned : 62
Archives : 55363
Runtime packers : 7639
Identified viruses : 2
Infected files : 14
Memory processes infected : 0
Suspect files : 2
Warnings : 0
Disinfected files : 0
Deleted files : 11
Moved files : 3
I/O errors : 35
Scan time : 03:11:10
Scan speed (files/sec) : 23

Spyware Statistics

Registry keys scanned : 374
Registry keys infected : 0
Cookies scanned : 63
Cookies infected : 0
Spyware files infected : 0
Spyware threats detected : 0


Virus definitions : 983342
Scan plugins : 16
Archive plugins : 41
Unpack plugins : 7
Mail plugins : 6
System plugins : 5

Virus scan options

Detection
[X] Scan boot sectors
[X] Memory Processes
[ ] Scan archives
[X] Scan runtime packers
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Move to quarantine
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[X] Move to quarantine
[ ] Prompt user

Virus scan options
[X] Enable warnings
[ ] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\full_scan\1203880321.log

Spyware scan options

[X] Scan for riskware
[ ] Skip dial and applications from scan
[X] Registry keys
[X] Cookies


Summary:

C:\Documents and Settings\RM\My Documents\Deleted Items.bak=>(message 3452)=>[Subject: Mail Delivery System][Date: Wed, 8 Mar 2006 21:11:21 -0800]=>(MIME part)=>readme.zip=>readme.pif Infected: Trojan.Crypt.Fspm.J
C:\Documents and Settings\RM\My Documents\Deleted Items.bak=>(message 3452)=>[Subject: Mail Delivery System][Date: Wed, 8 Mar 2006 21:11:21 -0800]=>(MIME part)=>readme.zip=>readme.pif Deleted
C:\Documents and Settings\RM\My Documents\Deleted Items.bak=>(message 3452)=>[Subject: Mail Delivery System][Date: Wed, 8 Mar 2006 21:11:21 -0800]=>(MIME part)=>readme.zip Archive repacking successfully completed (actions successfully applied)
C:\Documents and Settings\RM\My Documents\Deleted Items.bak=>(message 3452)=>[Subject: Mail Delivery System][Date: Wed, 8 Mar 2006 21:11:21 -0800]=>(MIME part) Archive repacking successfully completed (actions successfully applied)
C:\Documents and Settings\RM\My Documents\Deleted Items.bak=>(message 3452) Archive repacking successfully completed (actions successfully applied)
C:\Documents and Settings\RM\My Documents\Deleted Items.bak Archive repacking has failed (marked actions not taken)
C:\Documents and Settings\RM\My Documents\Deleted Items.bak=>(message 3454)=>[Subject: cqethtqofhaok][Date: Thu, 9 Mar 2006 22:03:09 -0800]=>(MIME part)=>data.zip=>data.txt .exe Infected: Trojan.Crypt.Fspm.J
C:\Documents and Settings\RM\My Documents\Deleted Items.bak=>(message 3454)=>[Subject: cqethtqofhaok][Date: Thu, 9 Mar 2006 22:03:09 -0800]=>(MIME part)=>data.zip=>data.txt .exe Deleted
C:\Documents and Settings\RM\My Documents\Deleted Items.bak=>(message 3454)=>[Subject: cqethtqofhaok][Date: Thu, 9 Mar 2006 22:03:09 -0800]=>(MIME part)=>data.zip Archive repacking successfully completed (actions successfully applied)
C:\Documents and Settings\RM\My Documents\Deleted Items.bak=>(message 3454)=>[Subject: cqethtqofhaok][Date: Thu, 9 Mar 2006 22:03:09 -0800]=>(MIME part) Archive repacking successfully completed (actions successfully applied)
C:\Documents and Settings\RM\My Documents\Deleted Items.bak=>(message 3454) Archive repacking successfully completed (actions successfully applied)
C:\Documents and Settings\RM\My Documents\Deleted Items.bak Archive repacking has failed (marked actions not taken)
C:\Documents and Settings\RM\My Documents\Deleted Items.bak=>(message 3462)=>[Subject: HELLO][Date: Sat, 11 Mar 2006 17:08:39 -0800]=>(MIME part)=>file.zip=>file.scr Infected: Trojan.Crypt.Fspm.J
C:\Documents and Settings\RM\My Documents\Deleted Items.bak=>(message 3462)=>[Subject: HELLO][Date: Sat, 11 Mar 2006 17:08:39 -0800]=>(MIME part)=>file.zip=>file.scr Deleted
C:\Documents and Settings\RM\My Documents\Deleted Items.bak=>(message 3462)=>[Subject: HELLO][Date: Sat, 11 Mar 2006 17:08:39 -0800]=>(MIME part)=>file.zip Archive repacking successfully completed (actions successfully applied)
C:\Documents and Settings\RM\My Documents\Deleted Items.bak=>(message 3462)=>[Subject: HELLO][Date: Sat, 11 Mar 2006 17:08:39 -0800]=>(MIME part) Archive repacking successfully completed (actions successfully applied)
C:\Documents and Settings\RM\My Documents\Deleted Items.bak=>(message 3462) Archive repacking successfully completed (actions successfully applied)
C:\Documents and Settings\RM\My Documents\Deleted Items.bak Archive repacking has failed (marked actions not taken)
C:\Documents and Settings\RM\My Documents\Deleted Items.bak=>(message 3464)=>[Subject: STATUS][Date: Fri, 10 Mar 2006 21:21:44 -0800]=>(MIME part)=>message.scr Infected: Trojan.Crypt.Fspm.J
C:\Documents and Settings\RM\My Documents\Deleted Items.bak=>(message 3464)=>[Subject: STATUS][Date: Fri, 10 Mar 2006 21:21:44 -0800]=>(MIME part)=>message.scr Deleted
C:\Documents and Settings\RM\My Documents\Deleted Items.bak=>(message 3464)=>[Subject: STATUS][Date: Fri, 10 Mar 2006 21:21:44 -0800]=>(MIME part) Archive repacking successfully completed (actions successfully applied)
C:\Documents and Settings\RM\My Documents\Deleted Items.bak=>(message 3464) Archive repacking successfully completed (actions successfully applied)
C:\Documents and Settings\RM\My Documents\Deleted Items.bak Archive repacking has failed (marked actions not taken)
C:\Documents and Settings\RM\My Documents\Deleted Items.bak=>(message 3640)=>[Subject: Good day][Date: Sun, 5 Feb 2006 21:34:32 -0800]=>(MIME part)=>doc.zip=>doc.cmd Infected: Trojan.Crypt.Fspm.J
C:\Documents and Settings\RM\My Documents\Deleted Items.bak=>(message 3640)=>[Subject: Good day][Date: Sun, 5 Feb 2006 21:34:32 -0800]=>(MIME part)=>doc.zip=>doc.cmd Deleted
C:\Documents and Settings\RM\My Documents\Deleted Items.bak=>(message 3640)=>[Subject: Good day][Date: Sun, 5 Feb 2006 21:34:32 -0800]=>(MIME part)=>doc.zip Archive repacking successfully completed (actions successfully applied)
C:\Documents and Settings\RM\My Documents\Deleted Items.bak=>(message 3640)=>[Subject: Good day][Date: Sun, 5 Feb 2006 21:34:32 -0800]=>(MIME part) Archive repacking successfully completed (actions successfully applied)
C:\Documents and Settings\RM\My Documents\Deleted Items.bak=>(message 3640) Archive repacking successfully completed (actions successfully applied)
C:\Documents and Settings\RM\My Documents\Deleted Items.bak Archive repacking has failed (marked actions not taken)
C:\Documents and Settings\RM\My Documents\Deleted Items.bak=>(message 3646)=>[Subject: Mail Delivery System][Date: Mon, 6 Feb 2006 12:12:47 -0800]=>(MIME part)=>test.zip=>test.txt .scr Infected: Trojan.Crypt.Fspm.J
C:\Documents and Settings\RM\My Documents\Deleted Items.bak=>(message 3646)=>[Subject: Mail Delivery System][Date: Mon, 6 Feb 2006 12:12:47 -0800]=>(MIME part)=>test.zip=>test.txt .scr Deleted
C:\Documents and Settings\RM\My Documents\Deleted Items.bak=>(message 3646)=>[Subject: Mail Delivery System][Date: Mon, 6 Feb 2006 12:12:47 -0800]=>(MIME part)=>test.zip Archive repacking successfully completed (actions successfully applied)
C:\Documents and Settings\RM\My Documents\Deleted Items.bak=>(message 3646)=>[Subject: Mail Delivery System][Date: Mon, 6 Feb 2006 12:12:47 -0800]=>(MIME part) Archive repacking successfully completed (actions successfully applied)
C:\Documents and Settings\RM\My Documents\Deleted Items.bak=>(message 3646) Archive repacking successfully completed (actions successfully applied)
C:\Documents and Settings\RM\My Documents\Deleted Items.bak Archive repacking has failed (marked actions not taken)
C:\Program Files\Outlook Express\Deleted Items.dbx=>(message 3428)=>[Subject: Mail Delivery System][Date: Wed, 8 Mar 2006 21:11:21 -0800]=>(MIME part)=>readme.zip=>readme.pif Infected: Trojan.Crypt.Fspm.J
C:\Program Files\Outlook Express\Deleted Items.dbx=>(message 3428)=>[Subject: Mail Delivery System][Date: Wed, 8 Mar 2006 21:11:21 -0800]=>(MIME part)=>readme.zip=>readme.pif Deleted
C:\Program Files\Outlook Express\Deleted Items.dbx=>(message 3428)=>[Subject: Mail Delivery System][Date: Wed, 8 Mar 2006 21:11:21 -0800]=>(MIME part)=>readme.zip Archive repacking successfully completed (actions successfully applied)
C:\Program Files\Outlook Express\Deleted Items.dbx=>(message 3428)=>[Subject: Mail Delivery System][Date: Wed, 8 Mar 2006 21:11:21 -0800]=>(MIME part) Archive repacking successfully completed (actions successfully applied)
C:\Program Files\Outlook Express\Deleted Items.dbx=>(message 3428) Archive repacking successfully completed (actions successfully applied)
C:\Program Files\Outlook Express\Deleted Items.dbx Archive repacking has failed (marked actions not taken)
C:\Program Files\Outlook Express\Deleted Items.dbx=>(message 3437)=>[Subject: HELLO][Date: Sat, 11 Mar 2006 17:08:39 -0800]=>(MIME part)=>file.zip=>file.scr Infected: Trojan.Crypt.Fspm.J
C:\Program Files\Outlook Express\Deleted Items.dbx=>(message 3437)=>[Subject: HELLO][Date: Sat, 11 Mar 2006 17:08:39 -0800]=>(MIME part)=>file.zip=>file.scr Deleted
C:\Program Files\Outlook Express\Deleted Items.dbx=>(message 3437)=>[Subject: HELLO][Date: Sat, 11 Mar 2006 17:08:39 -0800]=>(MIME part)=>file.zip Archive repacking successfully completed (actions successfully applied)
C:\Program Files\Outlook Express\Deleted Items.dbx=>(message 3437)=>[Subject: HELLO][Date: Sat, 11 Mar 2006 17:08:39 -0800]=>(MIME part) Archive repacking successfully completed (actions successfully applied)
C:\Program Files\Outlook Express\Deleted Items.dbx=>(message 3437) Archive repacking successfully completed (actions successfully applied)
C:\Program Files\Outlook Express\Deleted Items.dbx Archive repacking has failed (marked actions not taken)
C:\Program Files\Outlook Express\Deleted Items.dbx=>(message 3439)=>[Subject: STATUS][Date: Fri, 10 Mar 2006 21:21:44 -0800]=>(MIME part)=>message.scr Infected: Trojan.Crypt.Fspm.J
C:\Program Files\Outlook Express\Deleted Items.dbx=>(message 3439)=>[Subject: STATUS][Date: Fri, 10 Mar 2006 21:21:44 -0800]=>(MIME part)=>message.scr Deleted
C:\Program Files\Outlook Express\Deleted Items.dbx=>(message 3439)=>[Subject: STATUS][Date: Fri, 10 Mar 2006 21:21:44 -0800]=>(MIME part) Archive repacking successfully completed (actions successfully applied)
C:\Program Files\Outlook Express\Deleted Items.dbx=>(message 3439) Archive repacking successfully completed (actions successfully applied)
C:\Program Files\Outlook Express\Deleted Items.dbx Archive repacking has failed (marked actions not taken)
C:\Program Files\Outlook Express\Deleted Items.dbx=>(message 3610)=>[Subject: Good day][Date: Sun, 5 Feb 2006 21:34:32 -0800]=>(MIME part)=>doc.zip=>doc.cmd Infected: Trojan.Crypt.Fspm.J
C:\Program Files\Outlook Express\Deleted Items.dbx=>(message 3610)=>[Subject: Good day][Date: Sun, 5 Feb 2006 21:34:32 -0800]=>(MIME part)=>doc.zip=>doc.cmd Deleted
C:\Program Files\Outlook Express\Deleted Items.dbx=>(message 3610)=>[Subject: Good day][Date: Sun, 5 Feb 2006 21:34:32 -0800]=>(MIME part)=>doc.zip Archive repacking successfully completed (actions successfully applied)
C:\Program Files\Outlook Express\Deleted Items.dbx=>(message 3610)=>[Subject: Good day][Date: Sun, 5 Feb 2006 21:34:32 -0800]=>(MIME part) Archive repacking successfully completed (actions successfully applied)
C:\Program Files\Outlook Express\Deleted Items.dbx=>(message 3610) Archive repacking successfully completed (actions successfully applied)
C:\Program Files\Outlook Express\Deleted Items.dbx Archive repacking has failed (marked actions not taken)
C:\Program Files\Outlook Express\Deleted Items.dbx=>(message 3616)=>[Subject: Mail Delivery System][Date: Mon, 6 Feb 2006 12:12:47 -0800]=>(MIME part)=>test.zip=>test.txt .scr Infected: Trojan.Crypt.Fspm.J
C:\Program Files\Outlook Express\Deleted Items.dbx=>(message 3616)=>[Subject: Mail Delivery System][Date: Mon, 6 Feb 2006 12:12:47 -0800]=>(MIME part)=>test.zip=>test.txt .scr Deleted
C:\Program Files\Outlook Express\Deleted Items.dbx=>(message 3616)=>[Subject: Mail Delivery System][Date: Mon, 6 Feb 2006 12:12:47 -0800]=>(MIME part)=>test.zip Archive repacking successfully completed (actions successfully applied)
C:\Program Files\Outlook Express\Deleted Items.dbx=>(message 3616)=>[Subject: Mail Delivery System][Date: Mon, 6 Feb 2006 12:12:47 -0800]=>(MIME part) Archive repacking successfully completed (actions successfully applied)
C:\Program Files\Outlook Express\Deleted Items.dbx=>(message 3616) Archive repacking successfully completed (actions successfully applied)
C:\Program Files\Outlook Express\Deleted Items.dbx Archive repacking has failed (marked actions not taken)
C:\VundoFix Backups\fwcplcxs.dll.bad Infected: Trojan.Vundo.DZK
C:\VundoFix Backups\fwcplcxs.dll.bad Disinfection failed
C:\VundoFix Backups\fwcplcxs.dll.bad Moved
C:\VundoFix Backups\mrburgah.dll.bad Infected: Trojan.Vundo.DZK
C:\VundoFix Backups\mrburgah.dll.bad Disinfection failed
C:\VundoFix Backups\mrburgah.dll.bad Moved
C:\VundoFix Backups\pmnno.dll.bad Infected: Trojan.Vundo.DZK
C:\VundoFix Backups\pmnno.dll.bad Disinfection failed
C:\VundoFix Backups\pmnno.dll.bad Moved

BC AdBot (Login to Remove)

 


#2 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:12:46 PM

Posted 07 March 2008 - 02:02 PM

Hello girlneedshelp and welcome to BleepingComputer!

Apollogies for the delay. The forum has been very busy lately and. If you are still having problems, then please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic: Preparation Guide For Use Before Posting A Hijackthis Log. Please also post the problems you are having.

When posting your log, please make sure you post the HijackThis log as a reply and not as an attachment. If we do not hear back from you within a couple of days we will need to close your topic.

Thanks,

Johannes

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users