combofix log 11/29/07 Part 2 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group...
combofix log 11/29/07 Part 1 ComboFix 07-11-19.4C - Administrator 2007-11-29 21:05:33.3 - NTFSx86 Microsoft(R) Windows(R) Server 2003, Standard...
hijack this 11/29/07 OK here goes... The good thing is that I'm pretty sure I figured out who the offender was that started this and have made...
It's back Same deal - can't find c:\documents, can't open control panel. Posting the current hijack this log: Logfile of Trend Micro HijackThis...
final steps Awesome! I have cleaned up the listed e-mails and removed dss.exe and the deckard directory as well as emptied the recycle bin. I...
update I deleted C:\Program Files\WindowsUpdate\rteqegaxav.html and cleared the symantec quarantine. The bios was probably updated within the...
dss log 11-25-07 part 2 -- End of Deckard's System Scanner: finished at 2007-11-25 10:20:06 ------------
DSS log 11-25-07 whew that was a long log! Sorry this is from this morning but I couldn't post earlier due to site maintenance: Deckard's...
kaspersky 112507 part 6 E:\Accounts\65G\MyDoc\hairfieldm\LMA-Billing 9-26-2005.pdf Object is locked skipped...
kaspersky 112507 part 5 E:\Accounts\65G\MyDoc\hairfieldm\65G Order Form CHO.xls Object is locked skipped E:\Accounts\65G\MyDoc\hairfieldm\65G...
kaspersky 112507 part 4 E:\Accounts\65G\MyDoc\hairfielda\Track-it\blubul1a.gif Object is locked skipped...
kaspersky 112507 part 3 E:\Accounts\65G\MyDoc\hairfielda\My Pictures\65G Logo.gif Object is locked skipped E:\Accounts\65G\MyDoc\hairfielda\My...
kaspersky 112507 part 2 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate...
kaspersky 112507 part 1 I submitted the biosmsg file as requested. Here are the results of the kaspersky scan:...
combofix log/file info 11/24/07 ComboFix 07-11-19.3 - administrator 2007-11-24 9:07:40.3 - NTFSx86 Microsoft(R) Windows(R) Server 2003,...
hijack this 11/23/07 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:13, on 2007-11-23 Platform: Windows 2003 SP2 (WinNT 5.02.3790)...
new combofix log 11/23/07 ComboFix 07-11-19.3 - administrator 2007-11-23 18:07:57.2 - NTFSx86 Microsoft(R) Windows(R) Server 2003, Standard...
registry I would be comfortable editing the registry. Just let me know what needs to be done.
new logs - vundo/biosmsg/windrv results Vundofix.txt: Beginning removal... Attempting to delete C:\WINDOWS\system32\alfehlaa.dll...
Thank you! Will do. We do have local users surfing the web and unfortunately we can't change that completely, but we can certainly lock it down...
Separate names with a comma.
