Help please; Logs Posted

Hello this is my first post. I think I have went through all the steps you wanted me to do before posting and here are my attachments. I cleaned everything that was found with these tools (safe mode, scanned multiple times, etc.) but there still seems to be something on my computer because I have a bubble coming up in the system tray that says

Security Warning: your computer may be infected with harmful or unwanted software!

Thanks for your help in this matter.

 

Here are the three other logs.

*EDIT* Also I seem to be getting popups in Internet Explorer even though I use Firefox2.0...not too sure what that's all about. Hope that narrows it down some

 

Please see the below thread on how to install and run VundoFix.

• Virtumonde aka Trojan Vundo Fix w/ Tool ...

Once you complete the above, reboot and attach the log from the scan along with a fresh HJT log.

 

Thanks for the quick response!

I ran the VundoFix program and it found 5 files;1 of which could not be deleted w/o restarting but I think it picked it up the second time. Sorry, I didn't save any log from it though. Here is my new HJT log.

 

Scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

O2 - BHO: (no name) - {03DAD93E-1BA5-E895-4783-0B10367FC116} - C:\WINDOWS\system32\ktxkmbd.dll (file missing)
O2 - BHO: (no name) - {11851D71-5DA5-4CDB-9216-37B9FFADFA79} - C:\WINDOWS\system32\awtss.dll (file missing)
O2 - BHO: (no name) - {3EE20413-CEA6-C47B-D38E-B76940DC8F91} - (no file)
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - (no file)

O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvfoc.dll,startup
O4 - HKLM\..\Run: [vdwxmxc.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\vdwxmxc.dll,ymcuewd
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O20 - Winlogon Notify: winjyg32 - winjyg32.dll (file missing)

Again, make sure ALL browser windows are closed when you click FIX.

Now, Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial. Now, navigate to and DELETE the following if they should remain:

C:\WINDOWS\system32\drvfoc.dll

C:\WINDOWS\system32\vdwxmxc.dll

Next, run CCleaner to clean up cookies and temp files.

After you complete the above, REBOOT and proceed with the rest of this fix...

Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

• Disable and Re-enable System Restore
  
  
• Turn OFF System Restore to flush any bad Restore Points.
  
  
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete the above reboot once more and then scan with HijackThis and attach the new log.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

I was able to find all of the HJT objects to delete, then i went to safe mode and got rid of the two .dll files. Here is my fresh HJT log. You've been a great help, thanks for the quick responses!

The bubble that was in my system tray no longer is there so here is to hoping everything is in the clear!

 

Your HJT log looks good, are you having any further problems?

 

After running for a couple days my computer hasn't had any popups or system tray annoyances. Thanks so much bjgarrick!

 

Your Welcome!

You should see this article on How to Protect yourself from malware!

Surf Safely!