Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is it a malware?


  • This topic is locked This topic is locked
3 replies to this topic

#1 Mr.Do

Mr.Do

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 30 June 2012 - 06:47 AM

Hi, my Internet Explorer creates a lot of tmp files in C:\Documents and Settings\Paolo\Impostazioni locali\Temp (I'm italian), all called REG1.tmp, REG2.tmp an so on.
I never see before these strange files, I've tried to look into 'em: they're all text files, most of them like this:
---
ParsingVersion to 10.4.0
ParsingVersion to 1.7.0
ParsingVersion to 10.4.0
ParsingVersion to 10.0.0
ParsingVersion to 10.4.0
ParsingVersion to 1.7.0
ParsingVersion to 10.4.0
ParsingVersion to 10.0.0
ParsingVersion to 10.4.0
ParsingVersion to 1.7.0

Latest deploy version: 10.4.0
---
or this:
---
Latest JRE version: 1.7.0_04
---

Do you think it's a malware or what else?
Sorry for my poor english, as I've already said I'm Italian.
Greetings for Italy!

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,934 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:04 AM

Posted 04 July 2012 - 01:41 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

There might be a problem with Java 1.7.0_04

I would suggest you install the latest.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java 1.7.0_04
And any other previous version found by the SecurityCheck tool.


#3 Mr.Do

Mr.Do
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 07 July 2012 - 04:09 AM

I've waited too much time to reply, I was not at home, Sorry.
Note that before running tests I've removed Java 1.7.0_04 and installed the latest version.
This is the content of DDS.txt:

-----------------------------------------------
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by Paolo at 11:00:47 on 2012-07-07
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1445 [GMT 2:00]
.
AV: ESET Smart Security 5.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
C:\Programmi\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
C:\Programmi\ESET\ESET Smart Security\ekrn.exe
C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Programmi\ESET\ESET Smart Security\egui.exe
C:\Programmi\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
C:\Programmi\Logitech\SetPointP\SetPoint.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Atomic Alarm Clock\AtomicAlarmClock.exe
c:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe
C:\Programmi\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
C:\Programmi\File comuni\LogiShrd\KHAL3\KHALMNPR.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
E:\Desktop\SecurityCheck.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\programmi\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmi\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\programmi\file comuni\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [SkinClock] c:\programmi\atomic alarm clock\AtomicAlarmClock.exe
mRun: [VirtualCloneDrive] "c:\programmi\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [<NO NAME>]
mRun: [egui] "c:\programmi\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [Malwarebytes' Anti-Malware] "c:\programmi\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Acrobat Assistant 8.0] "c:\programmi\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [EvtMgr6] c:\programmi\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [SunJavaUpdateSched] "c:\programmi\file comuni\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-system: DisableCAD = 1 (0x1)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: Aggiungi a PDF esistente - c:\programmi\file comuni\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Aggiungi destinazione link a PDF esistente - c:\programmi\file comuni\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti destinazione link in Adobe PDF - c:\programmi\file comuni\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti in Adobe PDF - c:\programmi\file comuni\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&sporta in Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/bin/LogitechDeviceDetection32.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2B2E353B-F1B2-4141-BB2F-798F39C61183} : NameServer = 208.67.220.220 208.67.222.222
TCP: Interfaces\{AB7F7E9D-9091-4A6A-92EA-8D14BAF1A7C1} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\programmi\file comuni\microsoft shared\office14\MSOXMLMF.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\programmi\file comuni\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\drivers\fltsrv.sys [2012-6-17 76768]
R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [2012-6-25 56496]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [2012-6-25 12464]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2012-6-17 752128]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2012-3-14 120152]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/06/26 17:16:23];c:\programmi\cyberlink\powerdvd12\common\navfilter\000.fcl [2012-1-11 87536]
R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\programmi\cyberlink\powerdvd12\kernel\dms\CLMSMonitorServicePDVD12.exe [2012-6-26 75048]
R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\programmi\cyberlink\powerdvd12\kernel\dms\CLMSServerPDVD12.exe [2012-6-26 296232]
R2 ekrn;ESET Service;c:\programmi\eset\eset smart security\ekrn.exe [2012-3-7 913144]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2012-7-2 12184]
R2 MBAMService;MBAMService;c:\programmi\malwarebytes' anti-malware\mbamservice.exe [2012-6-26 654408]
R2 ntk_PowerDVD12;ntk_PowerDVD12;c:\programmi\cyberlink\powerdvd12\kernel\dmp\clhnserver\ntk_PowerDVD12.sys [2012-6-26 120432]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programmi\tuneup utilities 2012\TuneUpUtilitiesService32.exe [2012-4-13 1529152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-26 22344]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programmi\tuneup utilities 2012\TuneUpUtilitiesDriver32.sys [2012-3-29 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2012-6-17 167968]
S3 osppsvc;Office Software Protection Platform;c:\programmi\file comuni\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 VRLFDV;VRLFDV;c:\docume~1\paolo\impost~1\temp\vrlfdv.exe --> c:\docume~1\paolo\impost~1\temp\VRLFDV.exe [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 YPYA;YPYA;c:\docume~1\paolo\impost~1\temp\ypya.exe --> c:\docume~1\paolo\impost~1\temp\YPYA.exe [?]
S4 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\programmi\file comuni\abbyy\finereader\10.00\licensing\pe\NetworkLicenseServer.exe [2009-12-22 814344]
S4 ABBYY.Licensing.PDFTransformer.Classic.3.0;ABBYY PDF Transformer 3.0 - Servizio Gestione licenze;c:\programmi\abbyy pdf transformer 3.0\NetworkLicenseServer.exe [2009-5-14 759048]
S4 afcdpsrv;Servizio Acronis Nonstop Backup;c:\programmi\file comuni\acronis\cdp\afcdpsrv.exe [2012-6-17 3246040]
S4 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\programmi\cyberlink\powerdvd12\kernel\dmp\clhnserver\CLHNServiceForPowerDVD12.exe [2012-6-26 87336]
S4 OS Selector;Acronis OS Selector Activator;c:\programmi\acronis\diskdirector\oss\reinstall_svc.exe [2011-12-1 2163456]
.
=============== File Associations ===============
.
inffile="c:\programmi\jgsoft\editpadlite\EditPadLite.exe" "%1"
txtfile="c:\programmi\jgsoft\editpadlite\EditPadLite.exe" "%1"
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-07-07 08:57:27 -------- d-----w- c:\programmi\Oracle
2012-07-07 08:57:13 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-07 08:41:48 -------- d-----w- c:\windows\system32\appmgmt
2012-07-07 08:39:43 -------- d-----w- c:\documents and settings\paolo\impostazioni locali\dati applicazioni\Sun
2012-07-02 19:27:09 53248 ----a-r- c:\documents and settings\paolo\dati applicazioni\microsoft\installer\{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}\ARPPRODUCTICON.exe
2012-07-02 19:26:24 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-07-02 19:26:18 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2012-07-02 19:25:51 12184 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2012-07-02 19:17:48 -------- d-----w- c:\documents and settings\paolo\dati applicazioni\Logishrd
2012-07-01 18:36:56 -------- d-sh--w- c:\documents and settings\all users\DRM
2012-07-01 14:15:35 -------- d-----w- c:\programmi\Avidemux 2.5
2012-06-30 19:50:50 -------- d-sh--w- c:\documents and settings\paolo\IETldCache
2012-06-30 17:38:28 -------- d-----w- c:\documents and settings\paolo\dati applicazioni\avidemux
2012-06-30 17:34:17 -------- d-----w- c:\programmi\MediaCoder
2012-06-27 22:21:36 -------- d-----w- c:\windows\system32\wbem\snmp
2012-06-27 22:21:35 -------- d-----w- c:\windows\srchasst
2012-06-27 22:21:34 -------- d-----w- c:\windows\system32\xircom
2012-06-27 18:17:42 -------- d-----w- c:\documents and settings\paolo\impostazioni locali\dati applicazioni\Help
2012-06-27 17:42:49 14088 ----a-w- c:\windows\system32\drivers\PROCEXP141.SYS
2012-06-27 08:32:17 -------- d-----w- c:\documents and settings\paolo\impostazioni locali\dati applicazioni\Norman Malware Cleaner
2012-06-26 19:27:18 -------- d-----w- c:\documents and settings\paolo\dati applicazioni\Malwarebytes
2012-06-26 19:26:48 -------- d-----w- c:\documents and settings\all users\dati applicazioni\Malwarebytes
2012-06-26 19:26:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-26 19:26:46 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2012-06-26 15:16:19 -------- d-----w- c:\documents and settings\paolo\impostazioni locali\dati applicazioni\MediaServer
2012-06-26 15:16:16 -------- d-----w- c:\documents and settings\all users\dati applicazioni\PDVD
2012-06-26 15:16:00 -------- d-----w- c:\documents and settings\paolo\impostazioni locali\dati applicazioni\CyberLink
2012-06-26 15:16:00 -------- d-----w- c:\documents and settings\paolo\CyberLink
2012-06-26 15:13:56 -------- d-----w- c:\documents and settings\all users\dati applicazioni\install_clap
2012-06-26 15:07:13 -------- d-----w- c:\documents and settings\paolo\dati applicazioni\LEAPS
2012-06-26 15:04:25 -------- d-----w- c:\documents and settings\paolo\dati applicazioni\Pegasys Inc
2012-06-26 15:02:43 59240 ----a-w- c:\windows\system32\GenSvcInst.exe
2012-06-26 15:02:43 38944 ----a-w- c:\windows\system32\drivers\cdrbsdrv.sys
2012-06-26 15:02:43 139264 ----a-w- c:\windows\system32\bgsvcgen.exe
2012-06-26 15:01:35 -------- d-----w- c:\programmi\Pegasys Inc
2012-06-26 14:51:41 -------- d-----w- c:\programmi\Avinaptic 2
2012-06-26 11:11:21 159744 ----a-w- c:\programmi\internet explorer\plugin\npqtplugin7.dll
2012-06-26 11:11:21 159744 ----a-w- c:\programmi\internet explorer\plugin\npqtplugin6.dll
2012-06-26 11:11:21 159744 ----a-w- c:\programmi\internet explorer\plugin\npqtplugin5.dll
2012-06-26 11:11:21 159744 ----a-w- c:\programmi\internet explorer\plugin\npqtplugin4.dll
2012-06-26 11:11:21 159744 ----a-w- c:\programmi\internet explorer\plugin\npqtplugin3.dll
2012-06-26 11:11:21 159744 ----a-w- c:\programmi\internet explorer\plugin\npqtplugin2.dll
2012-06-26 11:11:21 159744 ----a-w- c:\programmi\internet explorer\plugin\npqtplugin.dll
2012-06-26 11:10:30 -------- d-----w- c:\programmi\file comuni\Apple
2012-06-26 11:10:16 -------- d-----w- c:\documents and settings\paolo\impostazioni locali\dati applicazioni\Apple
2012-06-26 11:10:05 -------- d-----w- c:\documents and settings\paolo\impostazioni locali\dati applicazioni\Apple Computer
2012-06-26 07:49:01 -------- d-----w- c:\documents and settings\paolo\dati applicazioni\Broad Intelligence
2012-06-25 13:29:34 -------- d-----w- c:\programmi\Seagate
2012-06-25 13:26:58 -------- d-----w- c:\programmi\file comuni\Wise Installation Wizard
2012-06-25 13:16:00 -------- d-----w- c:\programmi\TagRename
2012-06-25 13:14:00 446464 ----a-w- c:\windows\system32\MACDll.dll
2012-06-25 13:14:00 -------- d-----w- c:\programmi\Monkey's Audio
2012-06-25 13:12:16 45056 ----a-w- c:\windows\system32\IAEngine.exe
2012-06-25 13:12:16 159744 ------w- c:\windows\system32\businessClasses.dll
2012-06-25 13:12:15 864256 ----a-w- c:\windows\system32\GameEngine.dll
2012-06-25 13:12:14 -------- d-----w- c:\programmi\EG
2012-06-25 12:43:10 -------- d-----w- c:\documents and settings\all users\dati applicazioni\Nero
2012-06-25 12:39:55 12464 ----a-w- c:\windows\system32\drivers\NBVolUp.sys
2012-06-25 12:39:45 56496 ----a-w- c:\windows\system32\drivers\NBVol.sys
2012-06-25 12:39:44 -------- d-----w- c:\programmi\Nero
2012-06-25 12:39:25 -------- d-----w- c:\windows\Logs
2012-06-23 18:05:20 -------- d-----w- c:\programmi\Exact Audio Copy
2012-06-23 17:57:54 -------- d-----w- c:\programmi\FLAC
2012-06-23 17:56:16 129024 ----a-w- c:\windows\UNWISE.EXE
2012-06-23 17:56:15 -------- d-----w- c:\programmi\Radium
2012-06-23 16:25:54 -------- d-----w- c:\documents and settings\all users\dati applicazioni\dvdfab
2012-06-23 16:23:43 -------- d-----w- c:\programmi\DVDFab 8 Qt
2012-06-23 16:21:02 -------- d-----w- c:\programmi\DVD Decrypter
2012-06-23 16:17:56 -------- d-----w- c:\programmi\DVD Shrink
2012-06-23 16:17:31 -------- d-----w- c:\documents and settings\paolo\impostazioni locali\dati applicazioni\WMTools Downloaded Files
2012-06-23 16:14:10 49664 ----a-w- c:\windows\system32\CamCodec.dll
2012-06-23 16:14:10 -------- d-----w- c:\programmi\CamStudio 2.6b
2012-06-23 16:09:22 -------- d-----w- c:\windows\system32\System32
2012-06-23 16:01:56 -------- d-----w- c:\documents and settings\paolo\impostazioni locali\dati applicazioni\Samsung
2012-06-23 13:12:28 -------- d-----w- c:\programmi\Western Digital
2012-06-22 03:41:25 -------- d-----w- c:\programmi\Western Digital Corporation
2012-06-22 00:01:03 -------- d-----w- c:\windows\system32\SoftwareDistribution
2012-06-21 19:17:15 -------- d-----w- c:\programmi\AviSynth 2.5
2012-06-21 19:16:10 -------- d-----w- c:\programmi\VirtualDub
2012-06-21 19:09:25 -------- d-----w- c:\programmi\AutoGK
2012-06-21 19:08:11 -------- d-----w- c:\programmi\SlySoft
2012-06-21 19:03:08 507904 ----a-w- c:\windows\system32\lame_enc.dll
2012-06-21 19:02:48 -------- d-----w- c:\programmi\Audiograbber
2012-06-20 04:40:39 -------- d-----w- c:\documents and settings\paolo\impostazioni locali\dati applicazioni\Western Digital
2012-06-18 03:52:11 645632 ----a-w- c:\windows\system32\xvidcore.dll
2012-06-18 03:52:11 240640 ----a-w- c:\windows\system32\xvidvfw.dll
2012-06-18 03:52:11 153088 ----a-w- c:\windows\system32\xvid.ax
2012-06-18 03:51:57 -------- d-----w- c:\programmi\Xvid
2012-06-18 03:50:29 -------- d-----w- c:\programmi\AVIcodec
2012-06-18 03:50:21 497664 ----a-w- c:\windows\system32\ac3filter.acm
2012-06-18 03:50:20 -------- d-----w- c:\programmi\AC3Filter
2012-06-17 19:46:35 -------- d-----w- c:\documents and settings\paolo\dati applicazioni\Autodesk
2012-06-17 19:45:59 -------- d-----w- c:\documents and settings\paolo\impostazioni locali\dati applicazioni\Corel
2012-06-17 19:45:39 -------- d-----w- c:\programmi\AutoCAD Architecture 2008
2012-06-17 19:45:16 88 --sh--r- c:\documents and settings\all users\dati applicazioni\270D200396.sys
2012-06-17 19:45:16 2880 --sha-w- c:\documents and settings\all users\dati applicazioni\KGyGaAvL.sys
2012-06-17 19:44:05 409600 ----a-w- c:\programmi\file comuni\installshield\driver\10\intel 32\ISRT.dll
2012-06-17 19:44:05 32768 ----a-w- c:\programmi\file comuni\installshield\driver\10\intel 32\objpscnv.dll
2012-06-17 19:44:05 262144 ----a-w- c:\programmi\file comuni\installshield\driver\10\intel 32\IScrCnv.dll
2012-06-17 19:44:05 180224 ----a-w- c:\programmi\file comuni\installshield\driver\10\intel 32\iGdiCnv.dll
2012-06-17 19:44:05 172032 ----a-w- c:\programmi\file comuni\installshield\driver\10\intel 32\IUserCnv.dll
2012-06-17 19:44:03 761856 ----a-w- c:\programmi\file comuni\installshield\driver\10\intel 32\IDriver.exe
2012-06-17 19:44:03 540772 ----a-w- c:\programmi\file comuni\installshield\driver\10\intel 32\_ISRES1033.dll
2012-06-17 19:43:31 -------- d-----w- c:\programmi\file comuni\Autodesk Shared
2012-06-17 19:43:31 -------- d-----w- c:\programmi\Autodesk
2012-06-17 19:43:31 -------- d-----w- c:\documents and settings\paolo\impostazioni locali\dati applicazioni\Autodesk
2012-06-17 19:43:25 -------- d-----w- c:\documents and settings\all users\dati applicazioni\InterVideo
2012-06-17 19:38:38 -------- d-----w- c:\programmi\file comuni\Protexis
2012-06-17 19:34:27 -------- d-----w- c:\programmi\Windows Media Components
2012-06-17 19:34:08 -------- d-----w- c:\programmi\file comuni\Ulead Systems
2012-06-17 19:15:31 -------- d-----w- c:\documents and settings\all users\dati applicazioni\Corel
2012-06-17 19:03:44 -------- d-----w- c:\programmi\file comuni\Corel
2012-06-17 19:03:44 -------- d-----w- c:\programmi\Corel
2012-06-17 18:55:32 -------- d-----w- c:\documents and settings\paolo\dati applicazioni\TeamViewer
2012-06-17 18:55:18 -------- d-----w- c:\programmi\TeamViewer
2012-06-17 18:48:54 -------- d-----w- c:\programmi\Popcap Game Collection
2012-06-17 18:23:31 -------- d-----w- c:\documents and settings\paolo\impostazioni locali\dati applicazioni\Temp
2012-06-17 18:05:29 -------- d-----w- c:\programmi\Microsoft Synchronization Services
2012-06-17 18:05:06 -------- d-----w- c:\programmi\Microsoft SQL Server Compact Edition
2012-06-17 18:05:06 -------- d-----w- c:\documents and settings\all users\Microsoft
2012-06-17 18:02:27 -------- d-----w- c:\windows\SHELLNEW
2012-06-17 18:02:21 -------- d-----w- c:\programmi\Microsoft Analysis Services
2012-06-17 16:59:54 -------- d-----w- c:\programmi\file comuni\EZB Systems
2012-06-17 16:59:37 -------- d-----w- c:\programmi\UltraISO
2012-06-17 16:02:59 -------- d-----w- c:\programmi\JD Design
2012-06-17 16:00:45 -------- d-----w- c:\programmi\Yuri Software HEdit
2012-06-17 15:48:54 -------- d--h--w- c:\windows\PIF
2012-06-17 15:35:21 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2012-06-17 15:35:02 -------- d-----w- c:\documents and settings\paolo\dati applicazioni\TuneUp Software
2012-06-17 15:34:49 -------- d-----w- c:\programmi\TuneUp Utilities 2012
2012-06-17 15:34:27 -------- d-----w- c:\documents and settings\all users\dati applicazioni\TuneUp Software
2012-06-17 15:33:48 -------- d-----w- c:\programmi\file comuni\Mobipocket Shared
2012-06-17 15:33:23 -------- d-----w- c:\programmi\Mobipocket.com
2012-06-17 15:16:56 -------- d-----w- c:\documents and settings\paolo\dati applicazioni\Samsung
2012-06-17 15:13:16 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-06-17 15:12:57 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2012-06-17 15:12:57 -------- d-----w- c:\programmi\MarkAny
2012-06-17 15:12:56 821824 ----a-w- c:\windows\system32\dgderapi.dll
2012-06-17 15:12:10 -------- d-----w- c:\programmi\Samsung
2012-06-17 15:12:10 -------- d-----w- c:\documents and settings\all users\dati applicazioni\Samsung
2012-06-17 14:45:15 57436 ----a-w- c:\windows\DASShp.dll
2012-06-17 14:45:15 217174 ----a-w- c:\programmi\file comuni\microsoft shared\cleartype\ctras.dll
2012-06-17 14:45:15 -------- d-----w- c:\programmi\Microsoft Reader
2012-06-17 14:44:09 203576 ----a-w- c:\windows\system32\Richtx32.ocx
2012-06-17 14:44:09 140488 ----a-w- c:\windows\system32\Comdlg32.ocx
2012-06-17 14:44:09 -------- d-----w- c:\programmi\Reader Studio
2012-06-17 14:42:48 -------- d-----w- c:\programmi\Rname-It
2012-06-17 14:42:07 -------- d-----w- c:\programmi\ConvertLIT 1.8
2012-06-17 14:33:54 -------- d-----w- c:\documents and settings\all users\dati applicazioni\regid.1986-12.com.adobe
2012-06-17 14:33:10 -------- d-----w- c:\documents and settings\paolo\impostazioni locali\dati applicazioni\Adobe
2012-06-17 14:10:16 -------- d-sh--w- c:\documents and settings\all users\dati applicazioni\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-06-17 14:10:03 -------- d--h--w- c:\documents and settings\all users\dati applicazioni\Common Files
2012-06-17 14:06:53 -------- d-----w- c:\documents and settings\paolo\impostazioni locali\dati applicazioni\Microsoft Help
2012-06-17 14:04:02 -------- d-----w- c:\documents and settings\paolo\dati applicazioni\JGsoft
2012-06-17 14:03:32 65776 ----a-w- c:\windows\UnDeploy.exe
2012-06-17 14:03:30 -------- d-----w- c:\programmi\JGsoft
2012-06-17 13:55:41 3584 ----a-r- c:\documents and settings\paolo\dati applicazioni\microsoft\installer\{121634b0-2f4b-11d3-ada3-00c04f52dd52}\Icon386ED4E3.exe
2012-06-17 13:55:36 -------- d-----w- c:\programmi\Windows Installer Clean Up
2012-06-17 13:48:50 48640 ----a-w- c:\windows\system32\pxc40pma.dll
2012-06-17 13:48:33 -------- d-----w- c:\programmi\MSECACHE
2012-06-17 13:46:24 -------- d-----w- c:\programmi\CCleaner
2012-06-17 13:41:08 -------- d-----w- c:\programmi\Atomic Alarm Clock
2012-06-17 13:06:52 -------- d-----w- c:\programmi\ABBYY PDF Transformer 3.0
2012-06-17 12:57:40 -------- d-----w- c:\programmi\Elaborate Bytes
2012-06-17 12:53:38 -------- d-----w- c:\programmi\FinalWire
2012-06-17 12:50:00 -------- d-----w- c:\programmi\PDF Password Remover v3.1
2012-06-17 11:34:18 -------- d-----w- c:\programmi\file comuni\ABBYY
2012-06-17 10:13:23 -------- d-----w- c:\programmi\ABBYY FineReader 10
2012-06-17 10:13:23 -------- d-----w- c:\documents and settings\paolo\impostazioni locali\dati applicazioni\ABBYY
2012-06-17 10:13:21 -------- d-----w- c:\documents and settings\all users\dati applicazioni\ABBYY
2012-06-17 09:52:24 -------- d-----w- c:\programmi\Passware
2012-06-17 09:22:03 -------- d-----w- c:\programmi\Unlocker
2012-06-17 09:09:17 76768 ----a-w- c:\windows\system32\drivers\fltsrv.sys
2012-06-17 08:29:57 212992 ----a-w- c:\windows\system32\robocopy.exe
2012-06-17 07:47:05 167968 ----a-w- c:\windows\system32\drivers\afcdp.sys
2012-06-17 07:46:54 752128 ----a-w- c:\windows\system32\drivers\tdrpm273.sys
2012-06-17 07:46:45 600928 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-06-17 07:46:34 170752 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-06-17 07:39:08 -------- d-----w- c:\programmi\file comuni\Acronis
2012-06-17 07:20:08 -------- d-----w- c:\documents and settings\paolo\impostazioni locali\dati applicazioni\ESET
2012-06-17 07:20:08 -------- d-----w- c:\documents and settings\paolo\dati applicazioni\ESET
2012-06-17 07:10:02 -------- d-----w- c:\programmi\ESET
2012-06-16 16:28:08 -------- d-----w- c:\programmi\HDDGURU LLF Tool
2012-06-16 16:23:16 -------- d-----w- c:\programmi\UFS Explorer
2012-06-16 16:22:47 -------- d-----w- c:\programmi\Kroll Ontrack
2012-06-16 15:29:38 -------- d-----w- c:\programmi\eMule
2012-06-16 15:28:39 -------- d-----w- c:\programmi\uTorrent
2012-06-16 15:27:43 -------- d-----w- c:\documents and settings\paolo\dati applicazioni\uTorrent
2012-06-16 07:26:33 -------- d-----w- c:\documents and settings\paolo\impostazioni locali\dati applicazioni\ApplicationHistory
2012-06-16 07:10:53 -------- d-----w- c:\windows\system32\URTTEMP
2012-06-15 23:47:33 -------- d-----w- c:\windows\ie8updates
2012-06-15 23:44:48 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
2012-06-15 23:44:38 1863168 ------w- c:\windows\system32\dllcache\win32k.sys
2012-06-15 23:40:02 2151936 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2012-06-15 23:40:02 2030080 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2012-06-15 23:40:01 2196352 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2012-06-15 23:39:10 603136 ------w- c:\windows\system32\dllcache\crypt32.dll
2012-06-15 23:33:55 -------- d-----w- c:\programmi\Everest Poker
2012-06-15 23:29:11 -------- d-sh--w- c:\documents and settings\paolo\PrivacIE
2012-06-15 23:27:34 -------- d-----w- c:\windows\Motive
2012-06-15 23:27:28 -------- d-----w- c:\programmi\file comuni\Motive
2012-06-15 23:27:25 -------- d-----w- c:\programmi\Common Files
2012-06-15 23:27:00 7315 ----a-w- c:\windows\system32\javasup.vxd
2012-06-15 23:27:00 46352 ----a-w- c:\windows\setdebug.exe
2012-06-15 23:27:00 171280 ----a-w- c:\windows\system32\jit.dll
2012-06-15 23:27:00 139536 ----a-w- c:\windows\system32\javaee.dll
2012-06-15 23:13:39 212992 ----a-w- c:\programmi\file comuni\installshield\engine\6\intel 32\ILog.dll
2012-06-15 23:12:59 207488 ----a-r- c:\windows\system32\drivers\vinyl97.sys
2012-06-15 23:12:38 69632 ----a-w- c:\windows\system32\vuins32.dll
2012-06-15 23:12:38 47104 ----a-w- c:\windows\system32\drivers\fetnd5bv.sys
2012-06-15 23:10:58 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2012-06-15 23:10:58 -------- d-----w- c:\programmi\VIA
2012-06-15 23:09:58 -------- d-----w- c:\windows\system32\ReinstallBackups
2012-06-15 23:09:42 225280 ----a-w- c:\programmi\file comuni\installshield\iscript\iscript.dll
2012-06-15 23:09:41 77824 ----a-w- c:\programmi\file comuni\installshield\engine\6\intel 32\ctor.dll
2012-06-15 23:09:41 614532 ------w- c:\programmi\file comuni\installshield\engine\6\intel 32\IKernel.exe
2012-06-15 23:09:41 32768 ----a-w- c:\programmi\file comuni\installshield\engine\6\intel 32\objectps.dll
2012-06-15 23:09:41 176128 ----a-w- c:\programmi\file comuni\installshield\engine\6\intel 32\iuser.dll
2012-06-15 23:09:41 -------- d-----w- c:\programmi\file comuni\InstallShield
2012-06-15 04:05:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-06-15 04:01:54 -------- d-----w- c:\windows\system32\XPSViewer
2012-06-15 04:01:33 14048 ------w- c:\windows\system32\spmsg2.dll
2012-06-15 04:01:19 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2012-06-15 03:58:07 1676288 ------w- c:\windows\system32\xpssvcs.dll
2012-06-15 03:58:07 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2012-06-15 03:58:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2012-06-15 03:58:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-06-15 03:57:27 115200 ------w- c:\windows\system32\prntvpt.dll
2012-06-15 03:57:05 91648 ------w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-06-15 03:57:05 91648 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-06-15 03:57:01 589312 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-06-15 03:57:01 589312 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
.
==================== Find3M ====================
.
2012-06-14 19:34:12 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-14 19:34:12 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-14 19:33:28 687560 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-02 18:30:06 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-06-02 18:30:05 140800 ----a-w- c:\windows\system32\sfc_os.dll
2012-06-02 18:29:42 1393480 ----a-w- c:\windows\system32\msxml4.dll
2012-06-02 18:29:42 102728 ----a-w- c:\windows\system32\msxml4r.dll
2012-06-02 18:29:25 332800 ----a-w- c:\windows\system32\msihnd.dll
2012-06-02 18:29:25 2560 ----a-w- c:\windows\system32\msimsg.dll
2012-06-02 18:29:25 18944 ----a-w- c:\windows\system32\msisip.dll
2012-06-02 18:29:24 95744 ----a-w- c:\windows\system32\msiexec.exe
2012-06-02 18:29:24 4445184 ----a-w- c:\windows\system32\msi.dll
2012-06-02 18:29:10 24576 ----a-w- c:\windows\system32\nlsdl.dll
2012-06-02 18:29:10 23552 ----a-w- c:\windows\system32\normaliz.dll
2012-06-02 18:29:09 265720 ----a-w- c:\windows\system32\msdbg2.dll
2012-06-02 18:29:08 3072 ----a-w- c:\windows\system32\ieudinit.exe.mui
2012-06-02 18:28:36 26112 ----a-w- c:\windows\system32\idndl.dll
2012-06-02 18:28:35 12288 ----a-w- c:\windows\system32\advpack.dll.mui
2012-06-02 18:28:31 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-06-02 18:28:28 66560 ----a-w- c:\windows\system32\tdc.ocx
2012-06-02 18:28:25 48128 ----a-w- c:\windows\system32\mshtmler.dll
2012-06-02 18:28:25 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 18:28:25 156160 ----a-w- c:\windows\system32\msls31.dll
2012-06-02 18:28:08 45568 ----a-w- c:\windows\system32\mshta.exe
2012-06-02 18:26:49 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2012-06-02 18:25:52 36864 ----a-w- c:\windows\system32\qfecheck.exe
2012-06-02 18:24:59 82432 ----a-w- c:\windows\system32\tlntsess.exe
2012-06-02 18:23:59 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2012-06-02 18:22:59 265728 ----a-w- c:\windows\system32\drivers\http.sys
2012-06-02 13:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19:30 15896 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19:24 24088 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19:24 18968 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19:24 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 13:18:58 18672 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:21:57 603136 ----a-w- c:\windows\system32\crypt32.dll
2012-05-29 07:38:50 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-05-16 15:06:12 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:56:03 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:40:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:40:29 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:14 385024 ----a-w- c:\windows\system32\html.iec
2012-05-05 06:45:00 2072832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-05 03:14:57 2196352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 17:29:22 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-02 13:46:59 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-18 18:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 18:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 11.01.09,62 ===============

and this is the content of checkup.txt:

____________________________________________________
Results of screen317's Security Check version 0.99.42
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
ESET Smart Security 5.2
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware versione 1.61.0.1400
TuneUp Utilities 2012
TuneUp Utilities Language Pack (it-IT)
CCleaner
JavaFX 2.1.1
Java™ 7 Update 5
Adobe Flash Player 9 Flash Player out of Date!
Adobe Flash Player 11.2.202.235
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 14% Defragment your hard drive soon!
````````````````````End of Log``````````````````````

Drive C: is heavily fragmented because I still haven't installed Diskeeper, I was waiting to resolve this issue before adding any other software to my pc.
Upgrading to the new version of Java doesn't seem to have solved my problem, still there are lots of REGxx.tmp in TEMP folder.
Surely they are java related and I've noticed that any time 2 files are create, as for example REGBA.tmp and REGBB.tmp, and their content is now this:
-----
ParsingVersion to 10.5.0
ParsingVersion to 1.7.0
ParsingVersion to 10.5.0
ParsingVersion to 10.0.0
ParsingVersion to 10.5.0
ParsingVersion to 1.7.0
ParsingVersion to 10.5.0
ParsingVersion to 10.0.0
ParsingVersion to 10.5.0
ParsingVersion to 1.7.0
ParsingVersion to 10.5.1
ParsingVersion to 1.7.0
ParsingVersion to 10.5.1
ParsingVersion to 10.0.0
ParsingVersion to 10.5.1
ParsingVersion to 1.7.0
ParsingVersion to 10.5.1
ParsingVersion to 10.0.0
ParsingVersion to 10.5.1
ParsingVersion to 1.7.0

Latest deploy version: 10.5.1
------
Latest JRE version: 1.7.0_05
------

Thank you so much for your help!

Edited by Mr.Do, 07 July 2012 - 04:14 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,934 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:04 AM

Posted 07 July 2012 - 12:59 PM

Remove this old version of Adobe Flash Player 9 using the Add/Remove programs list.

===

Drive C: is heavily fragmented because I still haven't installed Diskeeper, I was waiting to resolve this issue before adding any other software to my pc.


No need to install any new software. You should have the necessary tool on your hard disk.
Description of the New Command Line Defrag.exe Included with Windows XP
http://support.microsoft.com/kb/283080
===

I searched Google for this string Parsing Version to to find out that there is no solution to that problem as of yet.

You may want to get an older version of Java
http://www.oldapps.com/java.php

If you do make sure you remove the Latest JRE version: 1.7.0_05
.


Keep me posted.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users