Hello again.
I'm ready to send this computer home as well, but thanks for helping me make sure, she won't just bring it back
OK here's the Symantec log. It exports it as a .csv, which I took from excel into notepad. The first bunch of lines are the column headings. If you can spread it out on a landscape sheet it may be readable.
Risk Action Count Filename Risk Type Original Location Computer User Status Current Location Primary Action Secondary Action Logged By Action Description Date
Trojan.Duntek Cleaned by deletion 2 A0069941.dll File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP689\ KRISTIE KRISTIE\Kristie Addington Infected C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP689\ Clean security risk Quarantine Auto-Protect scan 12/10/2007 23:12
Downloader Cleaned by deletion 2 A0069939.exe File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP689\ KRISTIE KRISTIE\Kristie Addington Infected C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP689\ Clean security risk Quarantine Auto-Protect scan 12/10/2007 23:12
Trojan.Vundo Cleaned by deletion 134 A0068566.dll File C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP679\ KRISTIE KRISTIE\Kristie Addington Infected C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP679\ Clean security risk Quarantine Auto-Protect scan 12/10/2007 23:12
GLP Deleted 1 catchme2007-11-27_214746.93.zip File; Macro C:\qoobox\Quarantine\ KRISTIE KRISTIE\Kristie Addington Deleted Deleted Delete Leave alone (log only) Manual scan The file was deleted successfully. 12/9/2007 19:15
?????? Left alone 1 catchme2007-11-27_214746.93.zip Compressed file C:\qoobox\Quarantine\ KRISTIE KRISTIE\Kristie Addington No infected items C:\qoobox\Quarantine\ Leave alone (log only) Leave alone (log only) Manual scan The file was left unchanged. 12/9/2007 9:43
Trojan.Vundo Cleaned by deletion 1 ddccy.dll File; Compressed file C:\qoobox\Quarantine\catchme2007-11-27_214746.93.zip KRISTIE KRISTIE\Kristie Addington Infected C:\qoobox\Quarantine\catchme2007-11-27_214746.93.zip Clean security risk Quarantine Manual scan 12/9/2007 9:43
Trojan.Duntek Cleaned by deletion 2 wyejpypn.dll.vir File C:\qoobox\Quarantine\C\WINDOWS\system32\ KRISTIE KRISTIE\Kristie Addington Infected C:\qoobox\Quarantine\C\WINDOWS\system32\ Clean security risk Quarantine Manual scan 12/9/2007 9:43
Downloader Cleaned by deletion 2 mrofinu572.exe.vir File C:\qoobox\Quarantine\C\WINDOWS\ KRISTIE KRISTIE\Kristie Addington Infected C:\qoobox\Quarantine\C\WINDOWS\ Clean security risk Quarantine Manual scan 12/9/2007 9:43
Symantec caught more vundos in the APTemp folder of Symantec, a file called APQ422C, with reboot required to fix it. The computer just restarted during the scan (laptop overheated?) and after the restart I rescanned with Symantec and it came up clean. I also rescanned with Spybot and AVG, and they came up clean as well (except for a HitBox cookie).
About the files under the qoobox\quarantine, I typed the files and folders out, then thought about trying to delete them again, and lo and behold the deleted just fine. In case you're interested, the stuff's below. The lines were tabbed so each line is a folder with subfolders and files
Thanks again
Under C
documents and settings
all users
Live safety center.ink.vir
online security guide.ink.vir
Kristie Addington
Favorites
online security guide.ink.vir
Program Files
screensavers.com
sssuninst.exe.vir
ActiveDesktop
bin
activedesktop.exe.vir
temp
1cb
syscheck.log.vir
avW9
tPho.log.vir
windows
cookies.ini.vir
system32
btepkr.dll.vir
ddccy.dll.vir
golpvcyl.ini.vir
lycvplog.dll.vir
pac.txt.vir
yccdd.ini2.vir
yccdd.ini.vir
zhdxikxx.dllbox.vir
ASKS~1
<no files>
drivers
core.cache.dsk.vir
core.sys.vir
n8
ensts2dll.exe.vir