Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Worm Kido!60BIA.YXNV on XP


  • Please log in to reply
7 replies to this topic

#1 iucaa

iucaa

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 27 November 2013 - 04:29 AM

Hello every one

I got a virus and I installed XP on my PC again, but I have still this worm in my hard disk!, antivirus intercept it's able to delete it,  but I would like to remove it permanetly, could you help me to solve it?.

I remove autorun.inf and I have a batch file that run every 10 minutes and clean RECYLER dir.

Virus start from C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\GZOZYBID\parhuf[1].png
Thank you in advance for your reply



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,701 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 PM

Posted 02 December 2013 - 04:30 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/515548 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 iucaa

iucaa
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 02 December 2013 - 10:14 AM

Hi Thank you in advance for you help
1) I am still having problem with KIDO virus, I formated Hard Disk and reinstallated XP SP3 again from original CD, but I still have KIDO virus, a/v warning me about it, it's says where it is and I press "delete object" but after some time, I have some message from a/v.

 

This is my dds, i putted asterisc in private information and I write (trusted) meaning are safe information from inside company.

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by valerio at 15:36:27 on 2013-12-02
Microsoft Windows XP Professional  5.1.2600.3.1252.39.1040.18.2038.901 [GMT 1:00]
.
AV: Outpost Security Suite Pro *Enabled/Outdated* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
FW: Outpost Security Suite Pro *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IProsetMonitor.exe
C:\Programmi\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\Microsoft Office 2007\Office12\GrooveMonitor.exe
C:\Programmi\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programmi\Windows Media Player\wmplayer.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Microsoft Office 2007\Office12\OUTLOOK.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Microsoft Office 2003\OFFICE11\EXCEL.EXE
C:\Programmi\Microsoft ActiveSync\WCESMgr.exe
C:\temp\CD MAKE\Software\Palmare\Controllo Device\MyMobiler.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://open.***********.it (trusted)
uProxyServer = ******************:8080 (trusted)
uProxyOverride = 10.37.*;paco* (trusted)
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

c:\programmi\file comuni\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} -

c:\programmi\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\programmi\file

comuni\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -

c:\programmi\microsoft office 2007\office12\GrooveShellExtensions.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} -

c:\programmi\file comuni\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\programmi\file

comuni\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\programmi\file

comuni\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\programmi\file

comuni\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - c:\programmi\adobe\/Adobe

Contribute CS4/contributeieplugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\programmi\microsoft activesync\Wcescomm.exe"
uRun: [TClockEx] c:\programmi\tclockex\TCLOCKEX.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SetRefresh] c:\programmi\compaq\setrefresh\\SetRefresh.exe
mRun: [OutpostMonitor] "c:\progra~1\agnitum\outpos~1\op_mon.exe" /tray /noservice
mRun: [GrooveMonitor] "c:\programmi\microsoft office 2007\office12\GrooveMonitor.exe"
mRun: [AdobeCS4ServiceManager] "c:\programmi\file

comuni\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\programmi\adobe\acrobat

9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\programmi\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\fileco~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\valerio\menuav~1\progra~1\esecuz~1\window~1.lnk -

c:\programmi\windows media player\wmplayer.exe
StartupFolder: c:\docume~1\alluse~1\menuav~1\progra~1\esecuz~1\acroba~1.lnk -

c:\programmi\adobe\acrobat 5.0\distillr\AcroTray.exe
StartupFolder: c:\docume~1\alluse~1\menuav~1\progra~1\esecuz~1\micros~1.lnk -

c:\windows\installer\{90120000-0030-0000-0000-0000000ff1ce}\outicon.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Append Link Target to Existing PDF - c:\programmi\file

comuni\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\programmi\file

comuni\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\programmi\file

comuni\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\programmi\file

comuni\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&sporta in Microsoft Excel - c:\progra~1\mi69df~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} -

c:\programmi\microsoft office 2007\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} -

c:\programmi\microsoft activesync\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} -

c:\programmi\microsoft activesync\INetRepl.dll
IE: {44627E97-789B-40d4-B5C2-58BD171129A1} - {A1A7E22D-1587-4230-8F16-081C68D21448}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmi\messenger\msmsgs.exe
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{0A5B8B24-4374-4621-8A76-C2C9478A648A} : NameServer =

156.54.17.165,156.54.92.220
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\programmi\microsoft

office 2007\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} -

c:\programmi\microsoft office 2007\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} -

"c:\programmi\google\chrome\application\31.0.1650.57\installer\chrmstp.exe"

--configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\valerio\dati

applicazioni\mozilla\firefox\profiles\pzmygkl9.default\
FF - prefs.js: network.proxy.ftp - ************* (trusted)
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - ********** (trusted)

FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - ********** (trusted)
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - ********** (trusted)
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\programmi\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\windows\npMSDM.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_152.dll
FF - ExtSQL: 2013-11-18 09:01; foxmarks@kei.com; c:\documents and settings\valerio\dati

applicazioni\mozilla\firefox\profiles\pzmygkl9.default\extensions\foxmarks@kei.com
FF - ExtSQL: 2013-11-18 09:10; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\documents and

settings\valerio\dati

applicazioni\mozilla\firefox\profiles\pzmygkl9.default\extensions\{73a6fe31-595d-460b-a920

-fcc0f8843232}.xpi
.
============= SERVICES / DRIVERS ===============
.
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2013-11-13 802528]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\agnitum\outpos~1\acs.exe [2013-11-13

2494040]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring

Service;c:\windows\system32\IPROSetMonitor.exe [2013-4-5 121600]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2013-11-13 33888]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2013-11-13 289032]
R3 VBEngNT;VBEngNT;c:\windows\system32\drivers\VBEngNT.sys [2013-11-13 266872]
R3 VBFilt;VBFilt;c:\windows\system32\filt\VBFilt.dll [2013-11-13 85264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN

v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18

130384]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\programmi\file comuni\adobe\adobe

version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 BazisPortableCDBus;Portable WinCDEmu

driver;c:\windows\system32\drivers\BazisPortableCDBus.sys [2013-11-15 152576]
S3 gojoyc;gojoyc;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache

4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe

[2010-3-18 753504]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="c:\programmi\adobe\adobe dreamweaver cs4\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="c:\programmi\adobe\adobe dreamweaver

cs4\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-11-28 11:15:55    --------    d-----r-    C:\backup
2013-11-28 11:13:58    --------    d-----w-    c:\documents and settings\all

users\dati applicazioni\Auslogics
2013-11-28 10:22:17    --------    d-----w-    C:\condivisioni
2013-11-26 14:06:37    210944    ----a-w-    c:\windows\system32\Msvcrt10.dll
2013-11-26 14:06:30    65536    ----a-w-    c:\windows\system32\adistres.dll
2013-11-26 14:06:30    20584    ----a-w-    c:\windows\system32\PdfPorts.dll
2013-11-26 14:06:23    103312    ----a-w-    c:\programmi\internet

explorer\plugins\nppdf32.dll
2013-11-26 14:05:50    12288    ----a-w-    c:\windows\system32\PDFShell.ITA
2013-11-26 14:05:50    101200    ----a-w-    c:\windows\system32\pdfshell.dll
2013-11-26 14:05:35    --------    d-----w-    c:\windows\system32\Adobe
2013-11-26 14:04:32    307712    ----a-w-    c:\windows\IsUn0410.exe
2013-11-20 13:42:04    --------    d-----r-    c:\programmi\EasyPHP-5.3.2i
2013-11-20 12:00:00    --------    d-----r-    C:\backup USB
2013-11-20 08:59:16    --------    d-----w-    c:\programmi\TClockEx
2013-11-19 14:52:56    --------    d-----w-    c:\documents and

settings\valerio\dati applicazioni\MPC-HC
2013-11-19 14:44:45    --------    d-----w-    c:\programmi\file comuni\Adobe

Systems Shared
2013-11-19 14:00:00    217176    ----a-w-    c:\windows\system32\unrar.dll
2013-11-19 13:59:48    --------    d-----w-    c:\programmi\K-Lite Codec Pack
2013-11-19 11:23:52    --------    d-----w-    c:\documents and settings\all

users\dati applicazioni\Licenses
2013-11-19 11:23:48    --------    d-----w-    c:\programmi\Classic Menu for

Office
2013-11-19 11:03:04    --------    d-----w-    c:\programmi\Microsoft ActiveSync
2013-11-18 14:28:47    --------    d-----w-    c:\programmi\menuclassic
2013-11-18 14:18:28    --------    d-----w-    c:\documents and settings\all

users\dati applicazioni\ViceVersa PRO 2
2013-11-18 12:50:41    --------    d-----w-    c:\documents and settings\all

users\dati applicazioni\ALM
2013-11-18 12:26:19    45392    ----a-r-    c:\windows\system32\AdobePDF.dll
2013-11-18 12:26:19    22872    ----a-r-    c:\windows\system32\AdobePDFUI.dll
2013-11-18 12:10:09    --------    d-----w-    c:\programmi\file comuni\Adobe AIR
2013-11-18 12:01:03    --------    d-----w-    c:\documents and

settings\valerio\impostazioni locali\dati applicazioni\Adobe
2013-11-18 12:00:23    --------    d-----w-    c:\programmi\file

comuni\Macrovision Shared
2013-11-18 10:16:02    18944    ----a-w-    c:\windows\system32\hppmopjl.dll
2013-11-18 10:16:02    167480    ----a-w-    c:\windows\system32\hppccompio.dll
2013-11-18 10:16:01    223232    ----a-w-    c:\windows\system32\hpmtp115.dll
2013-11-18 10:16:01    181248    ----a-w-    c:\windows\system32\hpmpw081.dll
2013-11-18 10:16:00    49252    ----a-w-    c:\windows\system32\hpmnque.dll
2013-11-18 10:16:00    49250    ----a-w-    c:\windows\system32\hpmnndps.dll
2013-11-18 10:16:00    328704    ----a-w-    c:\windows\system32\hpmml115.dll
2013-11-18 10:16:00    279040    ----a-w-    c:\windows\system32\hpmja115.dll
2013-11-18 10:16:00    246784    ----a-w-    c:\windows\system32\hpmpm081.dll
2013-11-18 10:15:58    314880    ----a-w-    

c:\windows\system32\spool\prtprocs\w32x86\hpcpp115.dll
2013-11-18 10:15:58    288256    ----a-w-    c:\windows\system32\hpcpn115.dll
2013-11-18 10:15:57    902200    ----a-w-    c:\windows\system32\hpbuio32.dll
2013-11-18 10:15:57    59928    ----a-w-    c:\windows\system32\fxcompchannel.dll
2013-11-18 10:01:59    --------    d-sh--w-    c:\documents and

settings\valerio\IECompatCache
2013-11-18 09:40:48    --------    d-----w-    c:\documents and

settings\valerio\dati applicazioni\Softland
2013-11-18 09:40:39    24384    ----a-w-    c:\windows\system32\dopdfmn7.dll
2013-11-18 09:40:39    21312    ----a-w-    c:\windows\system32\dopdfmi7.dll
2013-11-18 09:40:36    1700352    ----a-w-    c:\windows\system32\GdiPlus.dll
2013-11-18 09:40:33    --------    d-----w-    c:\programmi\Softland
2013-11-15 13:21:48    33104    ----a-w-    

c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2013-11-15 13:21:48    32592    ----a-w-    c:\windows\system32\msonpmon.dll
2013-11-15 13:16:18    --------    d-----w-    c:\programmi\Microsoft Visual

Studio 8
2013-11-15 13:15:32    --------    d-----w-    c:\documents and

settings\valerio\impostazioni locali\dati applicazioni\Microsoft Help
2013-11-15 13:15:25    --------    d-----w-    c:\programmi\Microsoft Office 2007
2013-11-15 13:05:15    152576    ----a-w-    

c:\windows\system32\drivers\BazisPortableCDBus.sys
2013-11-15 11:01:47    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-15 11:01:47    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-11-15 10:54:29    --------    d-----w-    c:\windows\ie8updates
2013-11-15 10:54:25    --------    d--h--w-    c:\windows\$hf_mig$
2013-11-15 10:54:21    743424    -c----w-    c:\windows\system32\dllcache\iedvtool.dll
2013-11-15 10:54:21    247808    -c----w-    c:\windows\system32\dllcache\ieproxy.dll
2013-11-15 10:54:20    2000384    -c----w-    c:\windows\system32\dllcache\iertutil.dll
2013-11-15 10:54:19    602112    -c----w-    c:\windows\system32\dllcache\msfeeds.dll
2013-11-15 10:54:18    55296    -c----w-    c:\windows\system32\dllcache\msfeedsbs.dll
2013-11-15 10:54:16    12800    -c----w-    c:\windows\system32\dllcache\xpshims.dll
2013-11-15 10:54:16    11081728    -c----w-    

c:\windows\system32\dllcache\ieframe.dll
2013-11-15 10:53:37    --------    d-sh--w-    c:\documents and

settings\valerio\PrivacIE
2013-11-15 10:51:30    --------    d-----w-    c:\windows\pss
2013-11-15 10:51:05    --------    d-sh--w-    c:\documents and

settings\valerio\IETldCache
2013-11-15 10:21:36    --------    d-----w-    c:\windows\system32\XPSViewer
2013-11-15 10:10:04    28160    ----a-w-    

c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2013-11-15 10:09:53    14048    ------w-    c:\windows\system32\spmsg2.dll
2013-11-15 09:45:06    --------    d-----w-    c:\documents and

settings\valerio\impostazioni locali\dati applicazioni\Google
2013-11-15 09:43:34    --------    d-----w-    c:\documents and

settings\valerio\impostazioni locali\dati applicazioni\Mozilla
2013-11-15 09:43:22    --------    d-----w-    c:\programmi\Mozilla Maintenance

Service
2013-11-15 08:10:12    18944    ----a-w-    

c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
2013-11-15 08:10:12    17920    ----a-w-    c:\windows\system32\mdimon.dll
2013-11-15 08:08:24    --------    d-----w-    c:\windows\SHELLNEW
2013-11-15 08:08:21    --------    d-----w-    c:\programmi\Microsoft Office 2003
2013-11-15 08:03:15    --------    d-----r-    C:\Archivi
2013-11-15 07:57:39    98496    ----a-r-    c:\windows\system32\POSTWPP.DLL
2013-11-15 07:57:39    92432    ----a-r-    c:\windows\system32\FPWPP.DLL
2013-11-15 07:57:39    121472    ----a-r-    c:\windows\system32\CRSWPP.DLL
2013-11-15 07:57:38    98960    ----a-r-    c:\windows\system32\FTPWPP.DLL
2013-11-15 07:57:38    50816    ----a-r-    c:\windows\system32\PIPARSE.DLL
2013-11-15 07:57:38    145360    ----a-r-    c:\windows\system32\WEBPOST.DLL
2013-11-15 07:57:38    110016    ----a-r-    c:\windows\system32\WPWIZDLL.DLL
2013-11-15 07:57:38    --------    d-----w-    c:\programmi\Pubblicazione guidata
2013-11-14 09:18:10    28672    -c--a-w-    c:\windows\system32\dllcache\wceusbsh.sys
2013-11-14 09:18:10    28672    ----a-w-    c:\windows\system32\drivers\wceusbsh.sys
2013-11-14 08:16:35    --------    d--h--w-    c:\windows\system32\GroupPolicy
2013-11-14 07:55:31    256000    ----a-w-    c:\windows\PEV.exe
2013-11-14 07:55:31    208896    ----a-w-    c:\windows\MBR.exe
2013-11-14 07:55:30    98816    ----a-w-    c:\windows\sed.exe
2013-11-14 07:47:37    --------    dc-h--w-    c:\windows\ie8
2013-11-14 07:44:49    --------    d-----w-    c:\programmi\Microsoft Download

Manager
2013-11-13 13:41:38    --------    d-s---w-    c:\documents and

settings\valerio\UserData
2013-11-13 08:29:51    802528    ----a-w-    c:\windows\system32\drivers\SandBox.sys
2013-11-13 08:29:51    266872    ----a-w-    c:\windows\system32\drivers\VBEngNT.sys
2013-11-13 08:29:44    33888    ----a-w-    c:\windows\system32\drivers\afw.sys
2013-11-13 08:29:44    289032    ----a-w-    c:\windows\system32\drivers\afwcore.sys
2013-11-13 08:29:32    --------    d-----w-    c:\windows\system32\Filt
2013-11-13 08:29:32    --------    d-----w-    c:\programmi\Agnitum
2013-11-13 08:29:09    --------    d-----w-    c:\documents and settings\all

users\dati applicazioni\Agnitum
2013-11-12 15:12:06    309048    ----a-w-    c:\windows\system32\PROUnstl.exe
2013-11-12 14:19:37    165496    -c--a-w-    c:\windows\system32\dllcache\e100b325.sys
2013-11-12 14:19:37    165496    ----a-w-    c:\windows\system32\drivers\e100b325.sys
2013-11-12 14:04:02    50520    ----a-w-    c:\windows\system32\SP32395.SYS
2013-11-12 14:02:59    4992    -c--a-w-    c:\windows\system32\dllcache\mspqm.sys
2013-11-12 14:01:59    757760    ----a-w-    c:\programmi\file

comuni\installshield\professional\runtime\11\50\intel32\iKernel.dll
2013-11-12 14:01:59    69715    ----a-w-    c:\programmi\file

comuni\installshield\professional\runtime\11\50\intel32\ctor.dll
2013-11-12 14:01:59    5632    ----a-w-    c:\programmi\file

comuni\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe
2013-11-12 14:01:59    32768    ----a-w-    c:\programmi\file

comuni\installshield\professional\runtime\Objectps.dll
2013-11-12 14:01:59    274432    ----a-w-    c:\programmi\file

comuni\installshield\professional\runtime\11\50\intel32\iscript.dll
2013-11-12 14:01:59    204800    ----a-w-    c:\programmi\file

comuni\installshield\professional\runtime\11\50\intel32\iuser.dll
2013-11-12 14:01:58    331908    ----a-w-    c:\programmi\file

comuni\installshield\professional\runtime\11\50\intel32\setup.dll
2013-11-12 14:01:58    200836    ----a-w-    c:\programmi\file

comuni\installshield\professional\runtime\11\50\intel32\iGdi.dll
2013-11-12 14:01:58    --------    d-----w-    c:\programmi\file

comuni\InstallShield
2013-11-12 14:00:01    88576    ----a-w-    c:\windows\system32\baspxp32.dll.bak
2013-11-12 14:00:01    88576    ----a-w-    c:\windows\system32\baspxp32.dll
2013-11-12 13:59:59    --------    d-----w-    c:\programmi\Broadcom
2013-11-12 13:59:54    --------    d-----w-    c:\windows\Downloaded

Installations
2013-11-12 13:56:47    40960    ----a-r-    c:\documents and settings\valerio\dati

applicazioni\microsoft\installer\{f5242227-2051-4158-ac42-0f2baa3cd3d6}\New_Shortcut_S1425

_ADB54615A0E240F89C5EFD8513472ED3.exe
2013-11-12 13:56:46    --------    d-----w-    c:\programmi\COMPAQ
2013-11-12 13:56:09    249856    ----a-w-    c:\windows\system32\igfxrsky.lrc
2013-11-12 13:56:09    245760    ----a-w-    c:\windows\system32\igfxrslv.lrc
2013-11-12 13:56:09    147456    ----a-w-    c:\windows\system32\igfxCoIn_v4964.dll
2013-11-12 13:56:09    1445112    ----a-w-    c:\windows\system32\igkrng400.bin
2013-11-12 13:54:47    --------    d-----w-    C:\temp
2013-11-12 13:53:44    53248    ----a-w-    c:\windows\system32\CSVer.dll
2013-11-12 13:53:37    --------    d-----w-    C:\Intel
2013-11-12 13:51:39    26368    -c--a-w-    c:\windows\system32\dllcache\usbstor.sys
2013-11-12 11:00:26    --------    d-----w-    c:\windows\ServicePackFiles
2013-11-12 11:00:16    294912    ------w-    c:\programmi\windows media

player\dlimport.exe
2013-11-12 11:00:14    294912    -c----w-    c:\windows\system32\dllcache\dlimport.exe
2013-11-12 10:58:25    19569    ----a-w-    c:\windows\002676_.tmp
2013-11-12 10:58:19    --------    d-----w-    

c:\windows\system32\ReinstallBackups
2013-11-12 10:58:14    26144    ----a-w-    c:\windows\system32\spupdsvc.exe
.
==================== Find3M  ====================
.
.
============= FINISH: 15.47.04,81 ===============
 



#4 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:08:38 PM

Posted 07 December 2013 - 02:30 AM

:welcome: to BC forums, iucaa!

 

Can you tell me, is this computer a home computer, or a company computer?

 

Thanks.


Old duck...


#5 iucaa

iucaa
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 09 December 2013 - 08:13 AM

Hi Aaflac

Thank you for your reply, anwering to your question: It's a computer of big company: we have thousands of pc, many firewalls and proxy server.

Please tell if you need more information have nice day/night :rolleyes:



#6 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:08:38 PM

Posted 09 December 2013 - 09:03 AM

lucaa,

Unfortunately, since this is a company computer, our assistance is not intended for such, nor to replace a company IT manager or outsource staff.

It is not possible to anticipate any alterations or configurations made to a company computer, or how it will interact with the tools commonly used in the removal of malware. The tools we use may create a possible loss of company information!!

In addition, many of the tools we use have specific instructions from their authors that they not be used in a company environment.

Your circumstances are regrettable, but, please refer your request for assistance to your company staff, IT manager, or to the service the company uses to address computer problems.

You also make the best of your day.

Old duck...


#7 iucaa

iucaa
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 11 December 2013 - 09:59 AM

Aaflac thank you for your attention, don't worry about PC, I know what I can do or not,
and it's my personal computer: IT department can't help me.
I must solve this issue, thank you anyway for your attention anyway

 

#8 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:08:38 PM

Posted 11 December 2013 - 07:01 PM

If you have in-depth knowledge of some of the tools we use to remove malware, and know how they interact with your computer so that you "...know what I can do or not...", then, you know more than I do.

Also, the computer is: "...a computer of big company: we have thousands of pc, many firewalls and proxy server.", and, the computer is: "... my personal computer."
These statements, in my opinion, contradict each other. Also, Kido has far reaching consequences that may affect the company's network.

In any event, I reserve the right to withdraw my assistance.

Good day, lucaa.


Edited by Aaflac, 11 December 2013 - 07:01 PM.

Old duck...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users