Ok so gmer froze my computer so I couldn't save the log in fact gmer doesn't appear to be on my pc anywhere (had to do a cold shut-down) but here is avenger and hjt logs though. Still being annoyed as hell by pop-ups and in taskmanager I killed a process called 3232.exe and IEXPLORE.exe keeps popping into task manager and restarts everytime I kill the process.


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Service s\eukxhkdu
*******************
Script file located at: \??\C:\Documents and Settings\fuxwulvm.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\SYSTEM32\blklf.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\ws_3s32.dll deleted successfully.
File C:\WINDOWS\System32\rckabmoa.dll deleted successfully.

File C:\WINDOWS\system32\blklf.dll not found!
Deletion of file C:\WINDOWS\system32\blklf.dll failed!
Could not process line:
C:\WINDOWS\system32\blklf.dll
Status: 0xc0000034

Completed script processing.
*******************
Finished! Terminate.

Thanks,
Swizz

Attached Files

hijackthis.log (5.4 KB, 1 views)

Run HijackThis and place a tick by the following entries:
O2 - BHO: CIEPl Object - {F3727275-224F-4AB0-8642-7D461EFB82D8} - C:\WINDOWS\system32\blklf.dll (file missing)
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\System32\glhmcuxl.dll",setvm
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files...eBHInstall.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/in...eanerstart.cab
O20 - Winlogon Notify: blklf - blklf.dll (file missing)
O20 - Winlogon Notify: ws_3s32 - ws_3s32.dll (file missing)
O21 - SSODL: JtWWPczcl - {ECA19705-460B-3DAF-49A9-EC1ABFE6CE54} - C:\WINDOWS\system32\xpe.dll

Close all other windows except HijackThis and press "Fix Checked". Then close HijackThis and restart the computer.

Now delete the Avenger text file at:
C:\Avenger\.txt

Then run Avenger again, and check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens,copy and paste ALL the following text in the Quote box below:
Then click on 'Done'.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.

Post the new Avenger output.txt (C:\Avenger\.txt) and your HijackThis log into your next reply.

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Service s\yjkwjfvl
*******************
Script file located at: \??\C:\WINDOWS\System32\vumfqdyk.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\avp.exe deleted successfully.
File C:\WINDOWS\System32\glhmcuxl.dll deleted successfully.
File C:\WINDOWS\system32\xpe.dll deleted successfully.
Completed script processing.
*******************
Finished! Terminate.

Attached Files

hijackthis.log (5.1 KB, 1 views)

It seems to be reinstalling itself.

Please run HijackThis again and check these:
O2 - BHO: (no name) - {335DB538-08BF-4CB6-9E85-002757D58844} - C:\WINDOWS\System32\upveemph.dll
O21 - SSODL: JtWWPczcl - {ECA19705-460B-3DAF-49A9-EC1ABFE6CE54} - C:\WINDOWS\system32\xpe.dll (file missing)

Close all other windows except HijackThis and press "Fix Checked". Then close HijackThis and restart the computer.


Now delete the Avenger text file at:
C:\Avenger\.txt

Then run Avenger (yes I know, yet again), and check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens,copy and paste ALL the following text in the Quote box below:
Then click on 'Done'.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.

Post the new Avenger output.txt (C:\Avenger\.txt) and your HijackThis log into your next reply. Let's hope this will get rid of it.


Any other ideas valis?

Here are my logs, and while we're not on the subject....ever since this started (or during one of my repair attempts) I can't open pictures with windows picture and fax viewer (it seems as if the programs executable was removed or rendered useless) when I choose "open with" or when I double click a picture it just goes to the hourglass pointer for about half a second and then back to the standard arrow pointer, I can open the picture using all other associated programs (paint and internet explorer).

Anyways, here's the logs.

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Service s\xugvqwhn
*******************
Script file located at: \??\C:\WINDOWS\System32\sfjewegi.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\System32\upveemph.dll deleted successfully.
Completed script processing.
*******************
Finished! Terminate.

Attached Files

hijackthis.log (4.8 KB, 2 views)

Now run Panda ActiveScan.

• Once you are on the Panda site click the Scan your PC button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report.

Since the Vundo infection appears to be gone, I'm handing this back to you Valis.

While running Panda scan a pop-up came up telling me that I needed to insert Windows XP Service Pack 1 CD. After inserting disk and pressing re-try, was told it was wrong disk. System froze and could not even access task manager. Did a cold shut down using power button and on re-boot, I encountered just a black screen after it goes through start up menus. Am now working from a friend's house. What did I do???????

Swizz