Vundo and MS Juan Infection

[JeanInMontana]

Those are all in Temp files.

OK, empty the Recycle Bin, all your temp files and the quarantine folder for Symantic. Make sure MBAM quarantine is empty too. Update Symantec and scan again. Do the same with MBAM. Let me know what Symantec says, post the MBAM log and a new HJT log please.

I asked you back there to empty those.

Please get CCleaner Install the program run the scan. If you have any queries or comments then please use the Forum or contact us via this form..

NOTE: You may wish to save your cookies for sites you use often and have saved the passwords or use auto logon. Also Saved form information.

BUT since this is a malware issue, starting over is always a good plan.

You will be amazed at the amount of space on the HD you gain and probably notice improved performance.

After you run that, scan with Norton and see what it says. You can post that log in your response, saves me time.

[grapejoos]

I ran CCleaner and emptied the quarantine folders already, but Symanted detected new viruses since then. Please advise as to the proper method to remove them from my temporary files - just run CCleaner everytime Symantec finds something? Deleting the cookies is no big deal.

For now I will delete quarantine files and run CCleaner each time one is detected - let me know if there is a better way. Thanks.

Also, is AVG better than Symantec? I'm willing to try anything at this point.

[JeanInMontana]

Post the Symantec log not attached a new scan with updated MBAM and that log and new HJT log.

NO AVG is not better. Avira or Avast would be two better and free.

[grapejoos]

The relevant portion of what I think is the Symantec log is below. It's garbled, but this is how it comes out in notepad. It reported no errors. I should mention that I installed Winpatrol upon seeing your recommendation, and it told me that the following application was going to run on my next startup: is-A4QUG.exe. I denied permission but I can't figure out what it is.

Will post MBAM and HJT logs next. Thanks.

26061410131F,16,3,7,JASONDESKTOP,jason,,,,,,,16777216,"Manual LiveUpdate verified there are no new Virus Definitions available.",0,,0,,,,,0,,,,,,,,,,,{782B69E5-8BC7-49F6-AADA-E5CBD24506FD},,,,WORKGROUP,,10.0.2.2000,,,,,,,,,,,,,,,,0,,,,JASONDESKTOP

260614101321,3,2,1,JASONDESKTOP,jason,,,,,,,16777216,"Scan started on selected drives and folders and all extensions.",1216585179,,0,,,,,0,,,,,,,,,,,{782B69E5-8BC7-49F6-AADA-E5CBD24506FD},,,,WORKGROUP,,10.0.2.2000,,,,,,,,,,,,,,,,0,,,,JASONDESKTOP

260614101527,2,2,1,JASONDESKTOP,jason,,,,,,,16777216,"Scan Complete: Threats: 0 Scanned: 20665 Files/Folders/Drives Omitted: 0",1216585179,,0,0:0:20665:0,,,,0,,,,,,,,,,,{782B69E5-8BC7-49F6-AADA-E5CBD24506FD},,,,WORKGROUP,,10.0.2.2000,,,,,,,,,,,,,,,,0,,,,JASONDESKTOP

260614161702,16,3,7,JASONDESKTOP,jason,,,,,,,16777216,"Manual LiveUpdate verified there are no new Virus Definitions available.",0,,0,,,,,0,,,,,,,,,,,{782B69E5-8BC7-49F6-AADA-E5CBD24506FD},,,,WORKGROUP,,10.0.2.2000,,,,,,,,,,,,,,,,0,,,,JASONDESKTOP

Post the Symantec log not attached a new scan with updated MBAM and that log and new HJT log.

NO AVG is not better. Avira or Avast would be two better and free.

[grapejoos]

MBAM log:

Malwarebytes' Anti-Malware 1.22

Database version: 972

Windows 5.1.2600 Service Pack 3

1:09:40 AM 7/21/2008

mbam-log-7-21-2008 (01-09-40).txt

Scan type: Quick Scan

Objects scanned: 43917

Time elapsed: 4 minute(s), 38 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

[grapejoos]

HJT Log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:15:13 AM, on 7/21/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Fire-Trust SiteHound - {C86AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll

O3 - Toolbar: SiteHound - {73F7F495-A325-4C52-BE48-5F97FA511E89} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll

O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -on

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [statusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto

O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet

O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot

O4 - HKCU\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

O4 - HKCU\..\Run: [ATI Remote Control] "C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll

O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--

End of file - 9645 bytes

[JeanInMontana]

Scan Complete: Threats: 0

Those are not virus or malware. Two are saying there were no new virus definitions I don't know what the other is for sure, but it's not malware. Plus it shows 0 threats. I don't see anything to indicate infection. Do you have any symptoms?

[grapejoos]

Those are not virus or malware. Two are saying there were no new virus definitions I don't know what the other is for sure, but it's not malware. Plus it shows 0 threats. I don't see anything to indicate infection. Do you have any symptoms?

I must have misunderstood your previous post; I thought you wanted a new Symantec log. The Symantec log folder on my computer does not contain a full scan log from any of the scans that found threats; it seems to keep that in the separate threat log which i have attached twice.

I will paste the contents of the most recent threat log I attached for you (which reflects the last time any viruses were found). This log contains threats that were found several scans ago (none have been found since the 19th), all have been deleted from the quarantine folders, and I ran CCleaner to get rid of any temp files since the last scan identifying threats.

Symantec threat log (date found is the last field for each row):

Risk Action Count Filename Threat Type Original Location Computer User Status Current Location Primary Action Secondary Action Logged By Action Description Date

Trojan.Metajuan Deleted 2 A0079368.dll File C:\SYSTEM~1\_RESTO~1\RP752\ JASONDESKTOP JASONDESKTOP\SYSTEM Deleted Deleted Clean security risk Quarantine Auto-Protect scan The file was deleted successfully. 7/19/2008 7:27

Trojan.Metajuan Deleted 2 A0079367.dll File C:\SYSTEM~1\_RESTO~1\RP752\ JASONDESKTOP JASONDESKTOP\SYSTEM Deleted Deleted Clean security risk Quarantine Auto-Protect scan The file was deleted successfully. 7/19/2008 7:21

Trojan.Metajuan Deleted 2 A0079366.dll File C:\SYSTEM~1\_RESTO~1\RP752\ JASONDESKTOP JASONDESKTOP\SYSTEM Deleted Deleted Clean security risk Quarantine Auto-Protect scan The file was deleted successfully. 7/19/2008 3:40

Trojan.Vundo Deleted 1 A0079275.dll File C:\System Volume Information\_restore{CFBD5C93-64E1-4186-A4CE-B9CE68061660}\RP752\ JASONDESKTOP SYSTEM Deleted Deleted Clean security risk Quarantine Auto-Protect scan The file was deleted successfully. 7/19/2008 2:38

Trojan.Vundo Reboot Processing 145 Unavailable File; Macro Unavailable JASONDESKTOP SYSTEM Infected Unavailable Delete Leave alone (log only) Reboot Processing Performing Post-Reboot Risk Processing. 7/19/2008 2:25

Trojan.Vundo Reboot Required - Deleted 148 A0079274.dll File C:\SYSTEM~1\_RESTO~1\RP752\ JASONDESKTOP JASONDESKTOP\SYSTEM Deleted Deleted Reboot Required - Clean security risk Reboot Required - Quarantine Auto-Protect scan The file was deleted successfully. 7/19/2008 1:05

Trojan.Vundo Reboot Processing 147 rundll32.exe File; Macro C:\WINDOWS\system32\ JASONDESKTOP JASONDESKTOP\jason Infected C:\WINDOWS\system32\ Delete Leave alone (log only) Reboot Processing Performing Post-Reboot Risk Processing. 7/18/2008 22:16

Trojan.Metajuan Partial 2 VBRDC8.dll File C:\WINDOWS\Temp\ JASONDESKTOP JASONDESKTOP\jason Infected C:\WINDOWS\Temp\ Clean security risk Leave alone (log only) Manual Quarantine Scan Clean was partially successful. 7/18/2008 22:03

Trojan.Metajuan Partial 2 VBRC9AA.dll File C:\WINDOWS\Temp\ JASONDESKTOP JASONDESKTOP\jason Infected C:\WINDOWS\Temp\ Clean security risk Leave alone (log only) Manual Quarantine Scan Clean was partially successful. 7/18/2008 22:03

Trojan.Metajuan Partial 2 VBR82FD.TMP File C:\WINDOWS\Temp\ JASONDESKTOP JASONDESKTOP\jason Infected C:\WINDOWS\Temp\ Clean security risk Leave alone (log only) Manual Quarantine Scan Clean was partially successful. 7/18/2008 22:02

Trojan.Vundo Partial 4 VBR374E.TMP File C:\WINDOWS\Temp\ JASONDESKTOP JASONDESKTOP\jason Infected C:\WINDOWS\Temp\ Clean security risk Leave alone (log only) Manual Quarantine Scan Clean was partially successful. 7/18/2008 22:02

Trojan.Metajuan Partial 2 VBREF87.dll File C:\WINDOWS\Temp\ JASONDESKTOP JASONDESKTOP\jason Infected C:\WINDOWS\Temp\ Clean security risk Leave alone (log only) Manual Quarantine Scan Clean was partially successful. 7/18/2008 22:02

Trojan.Metajuan Quarantined 2 rdmkcsbe.dll File C:\WINDOWS\system32\ JASONDESKTOP JASONDESKTOP\jason Infected Quarantine Clean security risk Quarantine Manual scan The file was quarantined successfully. 7/18/2008 20:11

Trojan.Metajuan Quarantined 2 mqlwemrv.dll File C:\WINDOWS\system32\ JASONDESKTOP JASONDESKTOP\jason Infected Quarantine Clean security risk Quarantine Manual scan The file was quarantined successfully. 7/18/2008 20:10

Trojan.Metajuan Quarantined 2 jjxcge.dll File C:\WINDOWS\system32\ JASONDESKTOP JASONDESKTOP\jason Infected Quarantine Clean security risk Quarantine Manual scan The file was quarantined successfully. 7/18/2008 20:10

Trojan.Vundo Quarantined 4 kb671231[1] File C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\PMTVABSR\ JASONDESKTOP JASONDESKTOP\jason Infected Quarantine Clean security risk Quarantine Manual scan The file was quarantined successfully. 7/18/2008 19:26

Trojan.Metajuan Quarantined 2 kb767887[1] File C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\84Y4LWU8\ JASONDESKTOP JASONDESKTOP\jason Infected Quarantine Clean security risk Quarantine Manual scan The file was quarantined successfully. 7/18/2008 19:26

I have not noticed any symptoms, apart from Symantec finding the threats above, since upgrading to Service Pack 3. Since Symantec found the last threat on the 18th, I have not noticed anything other than the Winpatrol message I mentioned in my previous post.

Thanks again. Perhaps I will try one of the antivirus programs you recommended in hopes that it will generate more useful logs.

[grapejoos]

As an addendum, it appears that Symantec Antivirus deletes its comprehensive logs (stored in Documents and Settings/All Users/Application Data/Symantec..../Logs) every time the computer boots. I can't find a setting to change this poking around in the program, but hopefully there is some way to preserve them. Just FYI.

[JeanInMontana]

Those are not infections either. They are quarantine, temp files and the System Restore. That log is dated 7/18 & 19 3 .

JASONDESKTOP <==That is not a malware location. So either its in the recycle ben or you have a folder of malware on your desktop. If nothing has been found since the 19, and then it wasn't malware I'm sure your clean.

Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK.

Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it.

Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep MBAM and Spybot Search & Destroy and always immunize SBS&D when you update. You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use.

A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient.

Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan.

Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions.

SpywareBlaster from Javacool Software

WinPatrol by BillPStudios

SiteHound by FireTrust

RogueRemover

hpHosts

The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free

Also the full protection of MBAM is offered at a very low price. Give it a trial using the link in my signature

[JeanInMontana]

Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.

The fixes and advice in this thread are for this machine only. Do not apply to your machine. Please start a thread of your own and someone will be happy to help you.