Trojan.Vundo won't die

Kinda confused here.

Symantec autoprotect keeps finding trojan.vundo viruses every day or so and says reboot required to fix it. Sometimes I reboot, sometimes I don't, it comes back again either way.

Google led me to your "Special Removal Procedures" page and I went through the one for Virtumonde/Trojan Vundo. However, the fixvundo.exe application keeps telling me that vundo was not found on my system. Yet, trojan.vundo keeps popping up in Symantec.

I'm so confused.

 

My apologies for posting before looking through all the other stuff on the board. Chalk me up as another one in too much of a hurry to do stuff right.

I saw the Read & Run Me First post shortly after posting this thread. Logs/reports are attached.


Little further info on the symptoms:
Every once in a while, my taskbar and desktop icons disappear for 10-15 seconds and then come back. I'm also getting IE pop-ups even though I use Firefox. I honestly wouldn't know if those are because of the vundo or because of something else entirely, but they seem to have all showed up at the same time.

Also, upon reboot after running combofix, an IE shortcut had appeared on my desktop. Is this normal?

 

I did the following:
Uninstalled J2SE Runtime 5.0
Rebooted
Installed Sun Java Runtime
Disabled System Restore
Rebooted
Enables System Restore



Spybot did not detect anything when I ran it just now. However, last night, it detected Virtumonde and said that it fixed it. However, this had happened several times before with Spybot saying it had fixed it, but the problem popping up again.


I will see if Symantec continues to detect vundo files. If it does, I will attach logs.



I believe wpd99.drv is a driver associated with pdf995, the program I use to print other types of files to PDF files. The Nov 26 date coincides with the last time I had used pdf995 to create a PDF (and the last time wpd99.drv had been modified coincided to the minute with the creation of my most recent PDF). Just now, I created a test PDF, and sure enough, the "Last modified on:" date for wpd99.drv updated to that moment. While Nov 26 is relatively near the start of my problems (though still a couple days before, I believe), I'm pretty sure that's a coincidence. I'm fairly certain wpd99.drv is not malicious, but I could be wrong.