I think I have the Conficker Worm. Please help

Posted 10/20/2009 11:16 AM
#78461
User avatar

heathermmowat26 Member

Date Joined Nov 2016
Total Posts: 2
I think I have the Conficker Worm on my desktop PC and cannot figure out how to get rid of it. I need some assistance please. Please don't make me download too many things just to fix my PC, otherwise I will try most other ideas someone may have. I am posting my ComboFix log for review. <br/>Thank you. <br/> <br/>ComboFix 09-10-19.01 - rnchi316 10/20/2009 3:56.2.1 - NTFSx86 <br/>Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1348 [GMT -7:00] <br/>Running from: c:\documents and settings\rnchi316\Desktop\ComboFix.exe <br/>AV: avast! antivirus 4.8.1356 [VPS 091019-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} <br/>. <br/> <br/>((((((((((((((((((((((((( Files Created from 2009-09-20 to 2009-10-20 ))))))))))))))))))))))))))))))) <br/>. <br/> <br/>2009-10-19 17:14 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys <br/>2009-10-19 17:14 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys <br/>2009-10-19 17:14 . 2009-09-15 10:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys <br/>2009-10-19 17:14 . 2009-09-15 10:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys <br/>2009-10-19 17:14 . 2009-09-15 10:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys <br/>2009-10-19 17:14 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys <br/>2009-10-19 17:14 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys <br/>2009-10-19 17:14 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr <br/>2009-10-19 17:14 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe <br/>2009-10-19 11:10 . 2009-10-19 11:10 -------- d-----w- c:\windows\system32\NtmsData <br/>2009-10-19 11:08 . 2009-10-19 11:08 -------- d-----w- c:\program files\CONEXANT <br/>2009-10-19 05:23 . 2009-10-19 20:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP <br/>2009-10-19 05:23 . 2009-10-19 05:23 -------- d-----w- c:\program files\SmartPCTools <br/>2009-10-19 04:49 . 2009-10-19 04:49 -------- d-----w- c:\documents and settings\rnchi316\Local Settings\Application Data\PCHealth <br/>2009-10-19 03:59 . 2009-10-19 03:59 -------- d-----w- c:\program files\Microsoft ActiveSync <br/>2009-10-19 03:36 . 2009-10-19 03:36 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip <br/>2009-10-19 03:09 . 2006-10-27 02:56 32592 ----a-w- c:\windows\system32\msonpmon.dll <br/>2009-10-19 03:08 . 2009-10-19 03:08 -------- d-----w- c:\program files\Microsoft Works <br/>2009-10-19 03:05 . 2009-10-19 03:59 -------- d-----w- c:\windows\SHELLNEW <br/>2009-10-19 03:05 . 2009-10-19 03:05 -------- d-----w- c:\documents and settings\rnchi316\Local Settings\Application Data\Microsoft Help <br/>2009-10-19 03:05 . 2009-10-19 09:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help <br/>2009-10-19 03:04 . 2009-10-19 03:04 -------- d-----r- C:\MSOCache <br/>2009-10-19 01:28 . 2009-10-19 12:02 -------- d-----w- c:\documents and settings\rnchi316\Local Settings\Application Data\Adobe <br/>2009-10-15 03:14 . 2009-10-15 03:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple <br/>2009-10-14 11:17 . 2009-09-06 07:09 126976 -c----w- c:\windows\system32\dllcache\ftpsvc2.dll <br/>2009-10-14 10:01 . 2008-04-14 12:42 221184 ----a-w- c:\windows\system32\wmpns.dll <br/>2009-10-14 08:20 . 2009-10-14 08:20 -------- d-----w- c:\documents and settings\rnchi316\Local Settings\Application Data\Identities <br/>2009-10-14 08:16 . 2009-10-14 08:16 -------- d-----w- c:\program files\Selectsoft <br/>2009-10-14 07:46 . 2009-10-14 07:46 -------- d-sh--w- c:\windows\ftpcache <br/>2009-10-14 07:10 . 2009-10-14 08:07 -------- d-----w- c:\program files\5555 games by selectsoft <br/>2009-10-14 02:17 . 2009-10-14 02:17 81920 ----a-w- c:\windows\ALCFDRTM.EXE <br/>2009-10-13 19:57 . 2009-10-13 19:57 -------- d-----w- c:\windows\Sun <br/>2009-10-13 19:56 . 2009-10-13 19:56 411368 ----a-w- c:\windows\system32\deploytk.dll <br/>2009-10-13 19:56 . 2009-10-13 19:56 -------- d-----w- c:\program files\Java <br/>2009-10-13 15:11 . 2009-08-13 15:16 512000 -c----w- c:\windows\system32\dllcache\jscript.dll <br/>2009-10-12 23:21 . 2009-10-12 23:21 -------- d-----w- c:\windows\system32\Lang <br/>2009-10-12 18:37 . 2009-10-12 18:37 -------- d-----w- c:\windows\system32\RTCOM <br/>2009-10-12 18:37 . 2008-04-14 12:41 4096 -c--a-w- c:\windows\system32\dllcache\ksuser.dll <br/>2009-10-12 18:37 . 2008-04-14 12:41 4096 ----a-w- c:\windows\system32\ksuser.dll <br/>2009-10-12 18:37 . 2008-04-14 07:49 146048 -c--a-w- c:\windows\system32\dllcache\portcls.sys <br/>2009-10-12 18:37 . 2008-04-14 07:49 146048 ----a-w- c:\windows\system32\drivers\portcls.sys <br/>2009-10-12 18:37 . 2008-04-14 07:15 60160 -c--a-w- c:\windows\system32\dllcache\drmk.sys <br/>2009-10-12 18:37 . 2008-04-14 07:15 60160 ----a-w- c:\windows\system32\drivers\drmk.sys <br/>2009-10-12 18:36 . 2009-10-12 18:36 -------- d-----w- c:\documents and settings\LocalService\Application Data\PeerNetworking <br/>2009-10-12 18:35 . 2004-11-02 15:58 163840 ----a-w- c:\windows\system32\igfxres.dll <br/>2009-10-12 18:01 . 2008-04-14 12:42 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe <br/>2009-10-12 16:45 . 2009-10-12 16:45 -------- d-----w- c:\documents and settings\rnchi316\Local Settings\Application Data\Yahoo <br/>2009-10-12 16:43 . 2009-10-12 17:03 -------- d-----w- c:\documents and settings\rnchi316\Local Settings\Application Data\Yahoo! <br/>2009-10-12 16:43 . 2009-10-12 18:01 -------- d-----w- c:\windows\ServicePackFiles <br/>2009-10-12 16:18 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys <br/>2009-10-12 16:18 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys <br/>2009-10-12 16:18 . 2009-05-21 18:46 268288 -c----w- c:\windows\system32\dllcache\httpext.dll <br/>2009-10-12 16:14 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys <br/>2009-10-12 16:14 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys <br/>2009-10-12 16:14 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys <br/>2009-10-12 16:14 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll <br/>2009-10-12 16:13 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll <br/>2009-10-12 16:12 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll <br/>2009-10-12 16:12 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll <br/>2009-10-12 16:12 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll <br/>2009-10-12 16:12 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe <br/>2009-10-12 16:12 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll <br/>2009-10-12 16:12 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll <br/>2009-10-12 16:12 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll <br/>2009-10-12 16:12 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll <br/>2009-10-12 16:12 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe <br/>2009-10-12 16:12 . 2009-08-05 03:44 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe <br/>2009-10-12 16:12 . 2009-08-04 15:13 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe <br/>2009-10-12 16:12 . 2009-08-04 14:20 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe <br/>2009-10-12 16:11 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll <br/>2009-10-12 16:10 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll <br/>2009-10-12 16:10 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe <br/>2009-10-12 16:06 . 2007-07-27 17:41 26488 ----a-w- c:\windows\system32\spupdsvc.exe <br/>2009-10-12 16:06 . 2009-10-14 21:40 -------- d--h--w- c:\windows\$hf_mig$ <br/>2009-10-12 15:42 . 2008-12-16 12:30 354304 -c----w- c:\windows\system32\dllcache\winhttp.dll <br/>2009-10-12 15:28 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll <br/>2009-10-12 15:28 . 2003-03-18 19:14 499712 ----a-w- c:\windows\system32\MSVCP71.dll <br/>2009-10-12 15:28 . 2003-02-21 03:42 348160 ----a-w- c:\windows\system32\MSVCR71.dll <br/>2009-10-12 15:28 . 2009-10-12 15:28 -------- d-----w- c:\program files\Alwil Software <br/>2009-10-12 15:16 . 2009-10-12 15:23 664 ----a-w- c:\windows\system32\d3d9caps.dat <br/>2009-10-12 14:46 . 2009-10-12 15:16 -------- d-----w- c:\documents and settings\rnchi316\Application Data\Apple Computer <br/>2009-10-12 14:46 . 2009-05-18 21:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys <br/>2009-10-12 14:46 . 2008-04-17 20:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll <br/>2009-10-12 14:45 . 2009-10-12 14:45 -------- d-----w- c:\program files\iPod <br/>2009-10-12 14:45 . 2009-10-12 14:46 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} <br/>2009-10-12 14:45 . 2009-10-12 14:46 -------- d-----w- c:\program files\iTunes <br/>2009-10-12 14:45 . 2009-10-12 14:45 -------- d-----w- c:\program files\Bonjour <br/>2009-10-12 14:44 . 2009-10-12 14:45 -------- d-----w- c:\program files\QuickTime <br/>2009-10-12 14:44 . 2009-10-12 14:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer <br/>2009-10-12 14:44 . 2009-10-12 14:44 -------- d-----w- c:\documents and settings\rnchi316\Local Settings\Application Data\Apple <br/>2009-10-12 14:44 . 2009-10-12 14:44 -------- d-----w- c:\program files\Apple Software Update <br/>2009-10-12 14:44 . 2009-10-12 14:46 -------- dc----w- c:\windows\system32\DRVSTORE <br/>2009-10-12 14:44 . 2009-08-29 02:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys <br/>2009-10-12 14:44 . 2009-08-29 02:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll <br/>2009-10-12 14:43 . 2009-10-12 14:45 -------- d-----w- c:\program files\Common Files\Apple <br/>2009-10-12 14:43 . 2009-10-12 14:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple <br/>2009-10-12 14:42 . 2009-10-20 08:35 -------- d-----w- c:\documents and settings\rnchi316\Local Settings\Application Data\Apple Computer <br/>2009-10-12 14:16 . 2009-10-12 14:16 0 ----a-w- c:\windows\nsreg.dat <br/>2009-10-12 14:16 . 2009-10-12 14:16 -------- d-----w- c:\documents and settings\rnchi316\Local Settings\Application Data\Mozilla <br/>2009-10-12 14:10 . 2009-10-12 14:10 -------- d-s---w- c:\documents and settings\rnchi316\UserData <br/>2009-10-12 14:08 . 2009-10-12 14:08 -------- d-----w- c:\program files\Intel <br/>2009-10-12 14:08 . 2009-10-19 10:54 -------- d-----w- C:\Intel10.3 <br/>2009-10-12 13:30 . 2009-10-12 13:30 -------- d-----w- c:\documents and settings\rnchi316\WINDOWS <br/>2009-10-12 13:30 . 1998-10-29 23:45 306688 ----a-w- c:\windows\IsUninst.exe <br/>2009-10-12 13:15 . 2008-04-14 12:42 10752 ----a-w- c:\windows\system32\smtpapi.dll <br/>2009-10-12 12:21 . 2009-10-12 12:21 -------- d-----w- c:\windows\system32\wbem\Repository <br/>2009-10-12 12:08 . 2009-10-19 01:28 -------- d-----w- c:\program files\Common Files\Adobe <br/>2009-10-12 12:08 . 2009-10-12 12:08 -------- d-----w- c:\windows\system32\Adobe <br/> <br/>. <br/>(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>2009-10-19 12:14 . 2001-08-23 12:00 42809 ----a-w- c:\windows\system32\key01.sys <br/>2009-10-19 12:13 . 2004-08-03 12:56 194560 ----a-w- c:\windows\system32\certcli.dll <br/>2009-10-19 06:13 . 2009-10-12 11:20 28656 ----a-w- c:\documents and settings\rnchi316\Local Settings\Application Data\GDIPFONTCACHEV1.DAT <br/>2009-10-12 23:39 . 2009-10-12 16:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion <br/>2009-10-12 16:43 . 2009-10-12 16:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! <br/>2009-10-12 16:43 . 2009-10-12 16:41 -------- d-----w- c:\program files\Yahoo! <br/>2009-10-12 16:43 . 2009-10-12 16:43 -------- d-----w- c:\documents and settings\rnchi316\Application Data\Yahoo! <br/>2009-10-12 11:59 . 2009-10-12 11:59 -------- d-----w- c:\program files\NETGEAR <br/>2009-10-12 11:59 . 2009-10-12 11:59 -------- d-----w- c:\program files\InstallShield Installation Information <br/>2009-10-12 11:10 . 2009-10-12 11:10 -------- d-----w- c:\program files\microsoft frontpage <br/>2009-10-12 11:07 . 2009-10-12 11:07 21640 ----a-w- c:\windows\system32\emptyregdb.dat <br/>2009-09-25 05:37 . 2004-08-03 12:56 667136 ----a-w- c:\windows\system32\wininet.dll <br/>2009-09-25 05:37 . 2004-08-03 12:56 81920 ----a-w- c:\windows\system32\ieencode.dll <br/>2009-09-11 14:18 . 2004-08-03 12:56 136192 ----a-w- c:\windows\system32\msv1_0.dll <br/>2009-09-04 21:03 . 2004-08-03 12:56 58880 ----a-w- c:\windows\system32\msasn1.dll <br/>2009-08-26 08:00 . 2004-08-03 12:56 247326 ----a-w- c:\windows\system32\strmdll.dll <br/>2009-08-05 09:01 . 2004-08-03 12:56 204800 ----a-w- c:\windows\system32\mswebdvd.dll <br/>2009-08-05 03:44 . 2004-08-03 11:20 2189184 ------w- c:\windows\system32\ntoskrnl.exe <br/>2009-08-04 14:20 . 2004-08-03 22:59 2066048 ------w- c:\windows\system32\ntkrnlpa.exe <br/>2009-07-29 04:37 . 2004-08-03 12:56 119808 ----a-w- c:\windows\system32\t2embed.dll <br/>2009-07-29 04:37 . 2001-08-23 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll <br/>. <br/> <br/>((((((((((((((((((((((((((((( SnapShot@2009-10-13_02.22.35 ))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>+ 2006-10-26 20:40 . 2006-10-26 20:40 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80KOR.dll <br/>+ 2006-10-26 20:40 . 2006-10-26 20:40 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80JPN.dll <br/>+ 2006-10-26 20:40 . 2006-10-26 20:40 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ITA.dll <br/>+ 2006-10-26 20:40 . 2006-10-26 20:40 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80FRA.dll <br/>+ 2006-10-26 20:40 . 2006-10-26 20:40 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ESP.dll <br/>+ 2006-10-26 20:40 . 2006-10-26 20:40 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ENU.dll <br/>+ 2006-10-26 20:40 . 2006-10-26 20:40 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80DEU.dll <br/>+ 2006-10-26 20:40 . 2006-10-26 20:40 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHT.dll <br/>+ 2006-10-26 20:40 . 2006-10-26 20:40 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHS.dll <br/>+ 2006-10-26 20:40 . 2006-10-26 20:40 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80u.dll <br/>+ 2006-10-26 20:40 . 2006-10-26 20:40 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80.dll <br/>+ 2006-10-26 20:40 . 2006-10-26 20:40 95744 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll <br/>+ 2009-10-13 15:09 . 2009-10-13 15:09 16384 c:\windows\Temp\Perflib_Perfdata_684.dat <br/>+ 2009-10-19 20:56 . 2009-10-19 20:56 16384 c:\windows\Temp\Perflib_Perfdata_11c.dat <br/>+ 2004-08-03 12:56 . 2008-05-09 10:53 90112 c:\windows\system32\wshext.dll <br/>- 2004-08-03 12:56 . 2008-04-14 12:42 90112 c:\windows\system32\wshext.dll <br/>+ 2004-08-03 12:56 . 2009-06-25 08:25 54272 c:\windows\system32\wdigest.dll <br/>+ 2006-07-24 17:50 . 2006-07-24 17:50 47920 c:\windows\system32\VBAME.DLL <br/>+ 2009-10-19 03:09 . 2006-10-27 02:56 33104 c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll <br/>+ 2009-10-19 03:09 . 2006-10-27 02:56 67408 c:\windows\system32\spool\drivers\w32x86\msonpui.dll <br/>+ 2009-10-19 03:09 . 2006-10-27 02:56 67408 c:\windows\system32\spool\drivers\w32x86\3\msonpui.dll <br/>- 2009-10-12 16:06 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll <br/>+ 2009-10-12 16:06 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll <br/>- 2004-08-03 12:56 . 2009-02-03 19:59 56832 c:\windows\system32\secur32.dll <br/>+ 2004-08-03 12:56 . 2009-06-25 08:25 56832 c:\windows\system32\secur32.dll <br/>+ 2006-07-24 17:50 . 2006-07-24 17:50 39728 c:\windows\system32\SCP32.DLL <br/>+ 2001-08-23 12:00 . 2009-10-19 11:09 58836 c:\windows\system32\perfc009.dat <br/>+ 1998-08-09 11:07 . 1998-08-09 11:07 94208 c:\windows\system32\MSSTKPRP.DLL <br/>+ 1998-06-17 19:08 . 1998-06-17 19:08 53248 c:\windows\system32\MFC42ENU.DLL <br/>- 2009-10-12 18:03 . 2008-04-14 12:41 86016 c:\windows\system32\mdmxsdk.dll <br/>+ 2009-10-12 18:03 . 2004-03-17 18:00 86016 c:\windows\system32\mdmxsdk.dll <br/>+ 2004-06-09 23:06 . 2004-06-09 23:06 99544 c:\windows\system32\Macromed\Flash\GetFlash.exe <br/>+ 2004-10-28 22:29 . 2004-10-28 22:29 39018 c:\windows\system32\hsfci012.dll <br/>+ 2006-10-26 21:10 . 2006-10-26 21:10 33088 c:\windows\system32\FM20ENU.DLL <br/>+ 2009-10-12 17:58 . 2004-03-17 18:04 13059 c:\windows\system32\drivers\mdmxsdk.sys <br/>+ 2004-08-03 10:59 . 2009-06-24 11:18 92928 c:\windows\system32\drivers\ksecdd.sys <br/>+ 2008-05-09 10:53 . 2008-05-09 10:53 90112 c:\windows\system32\dllcache\wshext.dll <br/>+ 2009-06-25 08:25 . 2009-06-25 08:25 54272 c:\windows\system32\dllcache\wdigest.dll <br/>- 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll <br/>+ 2009-02-03 19:59 . 2009-06-25 08:25 56832 c:\windows\system32\dllcache\secur32.dll <br/>+ 2009-09-04 21:03 . 2009-09-04 21:03 58880 c:\windows\system32\dllcache\msasn1.dll <br/>+ 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys <br/>- 2001-08-23 12:00 . 2001-08-23 12:00 42809 c:\windows\system32\dllcache\key01.sys <br/>+ 2001-08-23 12:00 . 2009-10-19 12:14 42809 c:\windows\system32\dllcache\key01.sys <br/>- 2009-06-26 16:50 . 2009-06-26 16:50 81920 c:\windows\system32\dllcache\ieencode.dll <br/>+ 2009-06-26 16:50 . 2009-09-25 05:37 81920 c:\windows\system32\dllcache\ieencode.dll <br/>- 2009-10-12 18:07 . 2008-07-08 13:02 26488 c:\windows\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\spcustom.dll <br/>- 2009-10-12 18:07 . 2008-07-08 13:02 17272 c:\windows\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\spmsg.dll <br/>+ 2009-10-19 03:06 . 2009-10-19 03:06 48128 c:\windows\Installer\15bee118.msi <br/>+ 2009-10-19 03:36 . 2009-10-19 03:36 29184 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BA}\IconCD95F6617.exe <br/>+ 2009-10-19 03:09 . 2009-10-19 04:14 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe <br/>+ 2009-10-19 03:09 . 2009-10-19 04:14 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe <br/>+ 2009-10-19 03:09 . 2009-10-19 04:14 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe <br/>+ 2009-10-19 03:59 . 2009-10-19 04:16 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe <br/>+ 2009-10-19 03:59 . 2009-10-19 04:16 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe <br/>+ 2009-10-19 03:59 . 2009-10-19 04:16 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe <br/>+ 2009-10-19 03:59 . 2009-10-19 04:16 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe <br/>+ 2009-10-19 03:59 . 2009-10-19 04:16 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe <br/>+ 2009-10-19 03:59 . 2009-10-19 04:16 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe <br/>+ 2009-10-19 03:59 . 2009-10-19 04:16 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe <br/>+ 2006-10-26 20:40 . 2006-10-26 20:40 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll <br/>+ 2006-10-26 20:40 . 2006-10-26 20:40 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll <br/>+ 2006-10-26 20:40 . 2006-10-26 20:40 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll <br/>- 2004-08-03 12:56 . 2008-04-14 12:42 155648 c:\windows\system32\wscript.exe <br/>+ 2004-08-03 12:56 . 2008-05-08 11:24 155648 c:\windows\system32\wscript.exe <br/>- 2004-08-03 12:56 . 2008-04-14 12:42 485376 c:\windows\system32\wmspdmod.dll <br/>+ 2004-08-03 12:56 . 2009-04-03 19:15 485376 c:\windows\system32\wmspdmod.dll <br/>+ 2004-08-03 12:56 . 2009-07-12 19:21 233472 c:\windows\system32\wmpdxm.dll <br/>- 2004-08-03 12:56 . 2008-04-14 12:42 233472 c:\windows\system32\wmpdxm.dll <br/>+ 2006-10-26 20:45 . 2006-10-26 20:45 293376 c:\windows\system32\WISPTIS.EXE <br/>+ 2009-10-19 10:25 . 2008-03-25 05:05 332672 c:\windows\system32\WgaTray.exe <br/>+ 2009-10-19 10:25 . 2008-03-25 05:05 200064 c:\windows\system32\WgaLogon.dll <br/>+ 2004-08-03 12:56 . 2008-05-09 10:53 430080 c:\windows\system32\vbscript.dll <br/>+ 2004-08-03 12:56 . 2009-09-25 05:37 627712 c:\windows\system32\urlmon.dll <br/>+ 2009-10-19 03:09 . 2006-10-27 02:56 864080 c:\windows\system32\spool\drivers\w32x86\msonpdrv.dll <br/>+ 2009-10-19 03:09 . 2006-10-27 02:56 864080 c:\windows\system32\spool\drivers\w32x86\3\msonpdrv.dll <br/>- 2004-08-03 12:56 . 2008-04-14 12:42 172032 c:\windows\system32\scrrun.dll <br/>+ 2004-08-03 12:56 . 2008-05-09 10:53 172032 c:\windows\system32\scrrun.dll <br/>- 2004-08-03 12:56 . 2008-04-14 12:42 180224 c:\windows\system32\scrobj.dll <br/>+ 2004-08-03 12:56 . 2008-05-09 10:53 180224 c:\windows\system32\scrobj.dll <br/>+ 2004-08-03 12:56 . 2009-06-25 08:25 147456 c:\windows\system32\schannel.dll <br/>+ 2009-10-12 12:21 . 2009-10-19 17:09 201176 c:\windows\system32\Restore\rstrlog.dat <br/>+ 2000-04-03 17:52 . 2000-04-03 17:52 151552 c:\windows\system32\RDOCURS.DLL <br/>+ 2001-08-23 12:00 . 2009-10-19 11:09 367864 c:\windows\system32\perfh009.dat <br/>+ 2006-07-24 17:50 . 2006-07-24 17:50 125744 c:\windows\system32\MSSTDFMT.DLL <br/>+ 2000-05-11 13:06 . 2000-05-11 13:06 397312 c:\windows\system32\MSRDO20.DLL <br/>+ 2004-08-03 12:56 . 2009-06-25 08:25 730112 c:\windows\system32\lsasrv.dll <br/>- 2004-08-03 12:56 . 2008-04-14 12:42 103936 c:\windows\system32\logagent.exe <br/>+ 2004-08-03 12:56 . 2008-06-10 10:11 103936 c:\windows\system32\logagent.exe <br/>+ 2004-08-03 12:56 . 2009-06-25 08:25 301568 c:\windows\system32\kerberos.dll <br/>+ 2004-08-03 12:56 . 2009-08-13 15:16 512000 c:\windows\system32\jscript.dll <br/>- 2004-08-03 12:56 . 2008-04-14 12:41 512000 c:\windows\system32\jscript.dll <br/>+ 2009-10-13 19:56 . 2009-10-13 19:56 149280 c:\windows\system32\javaws.exe <br/>+ 2009-10-13 19:56 . 2009-10-13 19:56 145184 c:\windows\system32\javaw.exe <br/>+ 2009-10-13 19:56 . 2009-10-13 19:56 145184 c:\windows\system32\java.exe <br/>+ 2006-10-26 20:45 . 2006-10-26 20:45 207360 c:\windows\system32\INKED.DLL <br/>+ 2009-10-12 13:16 . 2009-10-19 20:56 220248 c:\windows\system32\inetsrv\MetaBase.bin <br/>+ 2009-10-12 13:16 . 2009-09-06 07:09 126976 c:\windows\system32\inetsrv\ftpsvc2.dll <br/>+ 2009-10-12 03:56 . 2009-10-19 08:36 146016 c:\windows\system32\FNTCACHE.DAT <br/>+ 2004-12-15 22:18 . 2004-12-15 22:18 220928 c:\windows\system32\drivers\HSFHWBS2.sys <br/>+ 2004-12-15 22:18 . 2004-12-15 22:18 703232 c:\windows\system32\drivers\HSF_CNXT.sys <br/>+ 2008-05-08 11:24 . 2008-05-08 11:24 155648 c:\windows\system32\dllcache\wscript.exe <br/>+ 2004-08-03 12:56 . 2009-04-03 19:15 485376 c:\windows\system32\dllcache\wmspdmod.dll <br/>- 2004-08-03 12:56 . 2008-04-14 12:42 485376 c:\windows\system32\dllcache\wmspdmod.dll <br/>- 2004-08-03 12:56 . 2008-04-14 12:42 233472 c:\windows\system32\dllcache\wmpdxm.dll <br/>+ 2004-08-03 12:56 . 2009-07-12 19:21 233472 c:\windows\system32\dllcache\wmpdxm.dll <br/>+ 2009-06-26 16:50 . 2009-09-25 05:37 667136 c:\windows\system32\dllcache\wininet.dll <br/>+ 2009-03-11 05:18 . 2009-03-11 05:18 934792 c:\windows\system32\dllcache\WgaTray.exe <br/>+ 2009-03-11 05:18 . 2009-03-11 05:18 239496 c:\windows\system32\dllcache\wgaLogon.dll <br/>+ 2008-05-09 10:53 . 2008-05-09 10:53 430080 c:\windows\system32\dllcache\vbscript.dll <br/>+ 2009-06-26 16:50 . 2009-09-25 05:37 627712 c:\windows\system32\dllcache\urlmon.dll <br/>- 2004-08-03 12:56 . 2008-10-03 10:02 247326 c:\windows\system32\dllcache\strmdll.dll <br/>+ 2004-08-03 12:56 . 2009-08-26 08:00 247326 c:\windows\system32\dllcache\strmdll.dll <br/>+ 2008-05-09 10:53 . 2008-05-09 10:53 172032 c:\windows\system32\dllcache\scrrun.dll <br/>+ 2008-05-09 10:53 . 2008-05-09 10:53 180224 c:\windows\system32\dllcache\scrobj.dll <br/>+ 2008-12-05 06:54 . 2009-06-25 08:25 147456 c:\windows\system32\dllcache\schannel.dll <br/>+ 2009-06-25 08:25 . 2009-09-11 14:18 136192 c:\windows\system32\dllcache\msv1_0.dll <br/>+ 2004-08-03 12:56 . 2008-06-10 10:11 103936 c:\windows\system32\dllcache\logagent.exe <br/>- 2004-08-03 12:56 . 2008-04-14 12:42 103936 c:\windows\system32\dllcache\logagent.exe <br/>+ 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll <br/>+ 2008-05-07 09:07 . 2008-05-07 09:07 135168 c:\windows\system32\dllcache\cscript.exe <br/>+ 2004-08-03 12:56 . 2009-10-19 12:13 194560 c:\windows\system32\dllcache\certcli.dll <br/>+ 2004-08-03 12:56 . 2008-05-07 09:07 135168 c:\windows\system32\cscript.exe <br/>- 2009-10-12 18:07 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\updspapi.dll <br/>- 2009-10-12 18:07 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\update.exe <br/>- 2009-10-12 18:07 . 2008-07-08 13:02 231288 c:\windows\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\spuninst.exe <br/>+ 2009-10-19 03:06 . 2009-10-19 03:06 501248 c:\windows\Installer\15bee12e.msi <br/>+ 2009-10-19 03:06 . 2009-10-19 03:06 506880 c:\windows\Installer\15bee129.msi <br/>+ 2009-10-19 03:06 . 2009-10-19 03:06 516608 c:\windows\Installer\15bee123.msi <br/>+ 2009-10-19 03:06 . 2009-10-19 03:06 513024 c:\windows\Installer\15bee11d.msi <br/>+ 2009-10-19 03:05 . 2009-10-19 03:05 501248 c:\windows\Installer\15bee101.msi <br/>+ 2009-10-13 19:56 . 2009-10-13 19:56 537600 c:\windows\Installer\106f815.msi <br/>+ 2009-10-19 03:36 . 2009-10-19 03:36 632320 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BA}\IconCD95F66110.exe <br/>+ 2009-10-19 03:09 . 2009-10-19 04:14 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe <br/>+ 2009-10-19 03:09 . 2009-10-19 04:14 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe <br/>+ 2009-10-19 03:09 . 2009-10-19 04:14 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe <br/>+ 2009-10-19 03:09 . 2009-10-19 04:14 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe <br/>+ 2009-10-19 04:13 . 2009-10-19 04:13 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe <br/>+ 2009-10-19 03:59 . 2009-10-19 04:16 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe <br/>+ 2009-10-19 03:59 . 2009-10-19 04:16 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe <br/>+ 2009-10-19 03:59 . 2009-10-19 04:16 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe <br/>+ 2009-10-19 03:59 . 2009-10-19 04:16 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe <br/>+ 2009-10-19 03:59 . 2009-10-19 04:16 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe <br/>+ 2009-10-19 03:59 . 2009-10-19 04:16 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe <br/>+ 2009-10-14 11:17 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll <br/>+ 2006-10-26 20:40 . 2006-10-26 20:40 1079808 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80u.dll <br/>+ 2006-10-26 20:40 . 2006-10-26 20:40 1093632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80.dll <br/>+ 2004-08-03 12:57 . 2009-05-26 23:53 2174976 c:\windows\system32\WMVCore.dll <br/>- 2004-08-03 12:56 . 2008-04-14 12:42 4874240 c:\windows\system32\wmp.dll <br/>+ 2004-08-03 12:56 . 2009-07-12 19:21 4874240 c:\windows\system32\wmp.dll <br/>+ 2004-08-03 12:56 . 2008-06-10 13:11 1053696 c:\windows\system32\WMNetmgr.dll <br/>- 2004-08-03 12:56 . 2009-07-18 16:05 1509888 c:\windows\system32\shdocvw.dll <br/>+ 2004-08-03 12:56 . 2009-09-25 05:37 1509888 c:\windows\system32\shdocvw.dll <br/>+ 2004-08-03 12:56 . 2009-07-17 16:22 1435648 c:\windows\system32\query.dll <br/>- 2004-08-03 12:56 . 2008-04-14 12:42 1435648 c:\windows\system32\query.dll <br/>+ 2009-10-12 18:03 . 2008-09-10 01:14 1307648 c:\windows\system32\msxml6.dll <br/>+ 2009-10-12 11:05 . 2009-06-10 16:19 2066432 c:\windows\system32\mstscax.dll <br/>+ 2004-08-03 12:56 . 2009-09-25 05:37 3070976 c:\windows\system32\mshtml.dll <br/>+ 2009-03-11 05:18 . 2008-03-25 05:05 1488688 c:\windows\system32\LegitCheckControl.dll <br/>+ 2006-10-26 21:10 . 2006-10-26 21:10 1190688 c:\windows\system32\FM20.DLL <br/>+ 2004-12-15 22:18 . 2004-12-15 22:18 1038208 c:\windows\system32\drivers\HSF_DP.sys <br/>+ 2004-08-03 12:57 . 2009-05-26 23:53 2174976 c:\windows\system32\dllcache\WMVCore.dll <br/>+ 2004-08-03 12:56 . 2009-07-12 19:21 4874240 c:\windows\system32\dllcache\wmp.dll <br/>- 2004-08-03 12:56 . 2008-04-14 12:42 4874240 c:\windows\system32\dllcache\wmp.dll <br/>+ 2004-08-03 12:56 . 2008-06-10 13:11 1053696 c:\windows\system32\dllcache\WMNetmgr.dll <br/>- 2009-07-18 16:05 . 2009-07-18 16:05 1509888 c:\windows\system32\dllcache\shdocvw.dll <br/>+ 2009-07-18 16:05 . 2009-09-25 05:37 1509888 c:\windows\system32\dllcache\shdocvw.dll <br/>+ 2009-07-17 16:22 . 2009-07-17 16:22 1435648 c:\windows\system32\dllcache\query.dll <br/>+ 2009-02-08 02:02 . 2009-08-04 14:20 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe <br/>- 2009-02-08 02:02 . 2009-02-08 02:02 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe <br/>+ 2009-10-12 18:03 . 2008-09-10 01:14 1307648 c:\windows\system32\dllcache\msxml6.dll <br/>+ 2009-10-12 11:05 . 2009-06-10 16:19 2066432 c:\windows\system32\dllcache\mstscax.dll <br/>+ 2009-07-18 16:05 . 2009-09-25 05:37 3070976 c:\windows\system32\dllcache\mshtml.dll <br/>+ 2009-10-19 03:59 . 2009-10-19 03:59 6019584 c:\windows\Installer\15e9367a.msi <br/>+ 2009-10-19 03:36 . 2009-10-19 03:36 1541120 c:\windows\Installer\15db19f5.msi <br/>+ 2009-10-19 03:09 . 2009-10-19 03:09 9613312 c:\windows\Installer\15bee13a.msi <br/>+ 2009-10-19 03:06 . 2009-10-19 03:06 1652736 c:\windows\Installer\15bee133.msi <br/>+ 2009-10-19 03:06 . 2009-10-19 03:06 1640960 c:\windows\Installer\15bee110.msi <br/>+ 2009-10-19 03:06 . 2009-10-19 03:06 1640960 c:\windows\Installer\15bee10b.msi <br/>+ 2009-10-19 03:05 . 2009-10-19 03:05 1713152 c:\windows\Installer\15bee106.msi <br/>+ 2009-10-19 03:05 . 2009-10-19 03:05 2397184 c:\windows\Installer\15bee0fc.msi <br/>+ 2009-10-19 01:28 . 2009-10-19 01:28 3940352 c:\windows\Installer\1565ae92.msi <br/>+ 2009-10-19 03:09 . 2009-10-19 04:14 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe <br/>+ 2009-10-12 16:12 . 2009-08-05 03:44 2189184 c:\windows\Driver Cache\i386\ntoskrnl.exe <br/>+ 2009-10-12 16:12 . 2009-08-04 14:20 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe <br/>- 2009-10-12 16:12 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe <br/>+ 2009-02-08 02:02 . 2009-08-04 14:20 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe <br/>- 2009-02-08 02:02 . 2009-02-08 02:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe <br/>- 2009-10-12 16:12 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe <br/>+ 2009-10-12 16:12 . 2009-08-04 15:13 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe <br/>+ 2009-10-12 16:48 . 2009-10-02 18:01 25198016 c:\windows\system32\MRT.exe <br/>. <br/>-- Snapshot reset to current date -- <br/>. <br/>((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>*Note* empty entries & legit default entries are not shown <br/>REGEDIT4 <br/> <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"Registry Repair Wizard Scheduler"="c:\program files\SmartPCTools\Registry Repair Wizard\RCHelper.exe" [2009-07-25 1540352] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792] <br/>"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440] <br/>"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976] <br/>"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032] <br/>"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-13 149280] <br/>"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] <br/>"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] <br/>"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000] <br/>"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-09-21 86016] <br/>"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2005-09-21 2807808] <br/> <br/>c:\documents and settings\rnchi316\Start Menu\Programs\Startup\ <br/>OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] <br/> <br/>[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] <br/>Authentication Packages REG_MULTI_SZ msv1_0 nwprovau <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\security center] <br/>"AntiVirusOverride"=dword:00000001 <br/> <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] <br/>"%windir%\\system32\\sessmgr.exe"= <br/>"c:\\Program Files\\Bonjour\\mDNSResponder.exe"= <br/>"c:\\Program Files\\iTunes\\iTunes.exe"= <br/>"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= <br/>"%windir%\\Network Diagnostic\\xpnetdiag.exe"= <br/>"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= <br/>"c:\\WINDOWS\\system32\\mmc.exe"= <br/> <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] <br/>"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 <br/>"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping <br/>"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP) <br/> <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] <br/>"AllowInboundEchoRequest"= 1 (0x1) <br/> <br/>R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10/19/2009 10:14 AM 114768] <br/>R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/19/2009 10:14 AM 20560] <br/> <br/>--- Other Services/Drivers In Memory --- <br/> <br/>*NewlyCreated* - ASWUPDSV <br/>*NewlyCreated* - AVAST!_MAIL_SCANNER <br/>*NewlyCreated* - AVAST!_WEB_SCANNER <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] <br/>p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc <br/>. <br/>Contents of the 'Scheduled Tasks' folder <br/> <br/>2009-10-15 c:\windows\Tasks\AppleSoftwareUpdate.job <br/>- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] <br/>. <br/>. <br/>------- Supplementary Scan ------- <br/>. <br/>uStart Page = hxxp://www.google.com/ <br/>uInternet Settings,ProxyOverride = *.local <br/>IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 <br/>FF - ProfilePath - c:\documents and settings\rnchi316\Application Data\Mozilla\Firefox\Profiles\fwwun1qw.default\ <br/>FF - prefs.js: browser.startup.homepage - hxxp://www.google.com <br/>FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll <br/> <br/>---- FIREFOX POLICIES ---- <br/>FF - user.js: yahoo.homepage.dontask - true. <br/> <br/>************************************************************************** <br/> <br/>catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net <br/>Rootkit scan 2009-10-20 04:00 <br/>Windows 5.1.2600 Service Pack 3 NTFS <br/> <br/>scanning hidden processes ... <br/> <br/>scanning hidden autostart entries ... <br/> <br/>scanning hidden files ... <br/> <br/>scan completed successfully <br/>hidden files: 0 <br/> <br/>************************************************************************** <br/>. <br/>Completion time: 2009-10-20 4:02 <br/>ComboFix-quarantined-files.txt 2009-10-20 11:02 <br/> <br/>Pre-Run: 16,447,819,776 bytes free <br/>Post-Run: 16,426,381,312 bytes free <br/> <br/>- - End Of File - - 5956AA3D0AED1F70947C0A4857D764CF
Posted 10/21/2009 9:03 AM
#78606
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hello heathermmowat26<BR sab="376"> <br/> <br/> <br/> <br/> <br/> <br/>[code] <br/>I think I have the Conficker Worm <br/>[/code] <br/>Why do you think you have conficker infection ? As there are no sign of infections in the combolog.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Thursday, December 8, 2016, 4:58 AM (GMT +1)
There are a total of 61,161 posts in 13,450 threads.
In the last 3 days there were 1 new threads and 1 reply posts.

Who's online

This forum has 37,968 registered members. Please welcome our newest member, Crawlerz.
There are currently no users on-line.