You are on page 1of 2

Mon May 14 19:59:36 2012 Click "Start" Mon May 14 19:59:40 2012 SOFTWARE\EnigmaSoftwareGroup\ConfickerRemover[EULA]=1 Mon May 14 19:59:42 2012

1 of 4: Disable Computer Browser, Server and Scheduler Services Mon May 14 19:59:55 2012 CSCM::StopService(Browser) Mon May 14 19:59:55 2012 CSCM::StopDependencies(LanManServer) Mon May 14 19:59:56 2012 CSCM::StopService(LanManServer) Mon May 14 19:59:56 2012 SYSTEM\CurrentControlSet\Services\Browser[Start]=4 Mon May 14 19:59:56 2012 SYSTEM\CurrentControlSet\Services\LanManServer[Start]=4 Mon May 14 19:59:56 2012 SYSTEM\CurrentControlSet\Services\Schedule[Start]=4 Mon May 14 19:59:56 2012 SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce[Confi ckerRemover]="C:\Documents and Settings\User\My Documents\Downloads\cfremover.ex e" removeSvc Mon May 14 19:59:59 2012 Reboot - 1 of 4: Disable Computer Browser, Server and S cheduler Services Mon May 14 19:59:59 2012 CConfickerDialog::OnOK() Mon May 14 20:01:31 2012 2 of 4: Remove Conficker Services Mon May 14 20:01:40 2012 SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost[ne tsvcs]=6to4,appmgmt,audiosrv,browser,cryptsvc,dmserver,dhcp,ersvc,eventsystem,fa stuserswitchingcompatibility,hidserv,ias,iprip,irmon,lanmanserver,lanmanworkstat ion,messenger,netman,nla,ntmssvc,nwcworkstation,nwsapagent,rasauto,rasman,remote access,schedule,seclogon,sens,sharedaccess,srservice,tapisrv,themes,trkwks,w32ti me,wzcsvc,wmi,wmdmpmsp,winmgmt,wscsvc,xmlprov,bits,wuauserv,shellhwdetection,hel psvc,wmdmpmsn,napagent,hkmsvc Mon May 14 20:01:40 2012 CSecurityInfo::GetACL(MACHINE\SYSTEM\CurrentControlSet\ Services\pgdctc) Mon May 14 20:01:40 2012 CSecurityInfo::Propagate(MACHINE\SYSTEM\CurrentControlS et\Services\pgdctc) Mon May 14 20:01:40 2012 Parameters[ServiceDll]=C:\WINDOWS\system32\hmcencx.dll. old Mon May 14 20:01:40 2012 SOFTWARE\EnigmaSoftwareGroup\ConfickerRemover[RogueSvc] =C:\WINDOWS\system32\hmcencx.dll Mon May 14 20:01:40 2012 SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce[Confi ckerRemover]="C:\Documents and Settings\User\My Documents\Downloads\cfremover.ex e" preInf Mon May 14 20:01:42 2012 Reboot - 2 of 4: Remove Conficker Services Mon May 14 20:01:42 2012 CConfickerDialog::OnOK() Mon May 14 20:03:09 2012 3 of 4: Remove Conficker AutoRun.inf Files Mon May 14 20:03:15 2012 No AutoRun.inf's Deleted Mon May 14 20:03:15 2012 4 of 4: Remove Conficker Service Files Mon May 14 20:03:15 2012 SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Adva nced\Folder\Hidden\SHOWALL[CheckedValue]=1 Mon May 14 20:03:15 2012 CSecurityInfo::GetACL(c:\windows\system32\hmcencx.dll) Mon May 14 20:03:15 2012 CSecurityInfo::SetSecurity(c:\windows\system32\hmcencx. dll) Mon May 14 20:03:15 2012 Removed c:\windows\system32\hmcencx.dll Mon May 14 20:03:15 2012 CmdLine: AT /delete /yes Mon May 14 20:03:16 2012 SYSTEM\CurrentControlSet\Services\WuauServ[Start]=2 Mon May 14 20:03:16 2012 SYSTEM\CurrentControlSet\Services\BITS[Start]=2 Mon May 14 20:03:16 2012 SYSTEM\CurrentControlSet\Services\ErSvc[Start]=2 Mon May 14 20:03:16 2012 CRegistryKey::DeleteValue(SOFTWARE\EnigmaSoftwareGroup\ ConfickerRemover[RogueSvc]) Mon May 14 20:03:16 2012 SYSTEM\CurrentControlSet\Services\Browser[Start]=2 Mon May 14 20:03:16 2012 SYSTEM\CurrentControlSet\Services\LanManServer[Start]=2 Mon May 14 20:03:16 2012 SYSTEM\CurrentControlSet\Services\Schedule[Start]=2 Mon May 14 20:03:16 2012 SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce[Confi ckerRemover]="C:\Documents and Settings\User\My Documents\Downloads\cfremover.ex e" success Mon May 14 20:03:17 2012 Reboot - 4 of 4: Remove Conficker Service Files Mon May 14 20:03:17 2012 CConfickerDialog::OnOK()

Mon May 14 20:04:43 2012 CRegistryKey::DeleteValue(SOFTWARE\Microsoft\Windows\Cu rrentVersion\RunOnce[ConfickerRemover]) Mon May 14 20:04:43 2012 Conficker Removal Successful Mon May 14 20:04:50 2012 CConfickerDialog::OnCancel() Mon May 14 20:04:50 2012 http://www.enigmasoftware.com/conficker_tool/feedback.p hp?version=1.0.0.16&found=1&removed=1