Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 Computer is playing audio randomly


  • This topic is locked This topic is locked
21 replies to this topic

#1 Ekoroski

Ekoroski

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:45 PM

Posted 29 April 2013 - 10:44 AM

Hello,

 

My pc is playing audio randomly? just now it played a commercial for frosted flakes in spanish, I've tried scanning my computer and googling what could cause this but i've come up with nothing. Any help would be greatly appreciated. 

 

Thank you,



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,722 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:45 AM

Posted 29 April 2013 - 12:14 PM

Hi Ekoroski,

 

Welcome to the forum.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 



#3 Ekoroski

Ekoroski
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:45 PM

Posted 29 April 2013 - 12:21 PM

Hello,

 

Here is the FRST.txt contents also I've attached the Addition.txt file to the post.

 

Thank you for your quick response!

 

________________________________________________________________________________________________

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-04-2013 02
Ran by ekoroski (administrator) on 29-04-2013 13:19:01
Running from C:\Users\ekoroski.ABA\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
 
(HP) C:\Windows\system32\HPSIsvc.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
() C:\Users\Ekoroski\AppData\Local\Temp\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\PROGRA~1\MICROS~2\Office14\OUTLOOK.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Windows\SysWOW64\WinMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\ekoroski.ABA\Downloads\FRST64.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [IntelliType Pro] "c:\Program Files\Microsoft Device Center\itype.exe" [1464928 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe" [2004584 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart [980920 2012-05-22] (The Eraser Project)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3672640 2013-03-14] (Disc Soft Ltd)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
MountPoints2: {7349d373-8101-11e2-850a-7071bcbd35cf} - E:\LaunchU3.exe -a
MountPoints2: {be64bb33-4850-11e2-8a4a-7071bcbd35cf} - E:\ToolLauncher-Bootstrap.exe
MountPoints2: {d5cd4dd8-1373-11e2-864c-7071bcbd35cf} - F:\LaunchU3.exe -a
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [39136 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [825560 2012-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload [1960448 2013-04-05] (Dominik Reichl)
HKU\joe\...\Run: [Google Update] "C:\Users\joe\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-08-03] (Google Inc.)
Startup: C:\Users\Ekoroski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch Utility Application.lnk
ShortcutTarget: Launch Utility Application.lnk -> C:\Users\ekoroski.ABA\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com?type=198484&fr=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU SearchScopes: DefaultScope {31E89090-286C-4FE5-9C15-7BB7B89DB500} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
SearchScopes: HKCU - {31E89090-286C-4FE5-9C15-7BB7B89DB500} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value - 
Handler: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} -  No File
Handler-x32: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} -  No File
Handler-x32: msdaipp - No CLSID Value - 
Handler-x32: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
Handler-x32: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
Winsock: Catalog5-x64 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
Tcpip\Parameters: [DhcpNameServer] 10.91.200.100 10.91.200.185
 
Chrome: 
=======
CHR HomePage: hxxp://search.yahoo.com?type=198484&fr=spigot-yhp-ch
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\ekoroski.ABA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\ekoroski.ABA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\ekoroski.ABA\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0
CHR Extension: (Google Search) - C:\Users\ekoroski.ABA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Search by Image (by Google)) - C:\Users\ekoroski.ABA\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.4.2_0
CHR Extension: (Reddit Enhancement Suite) - C:\Users\ekoroski.ABA\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.2.0.1_0
CHR Extension: (Gmail) - C:\Users\ekoroski.ABA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
 
==================== Services (Whitelisted) =================
 
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 TolbarUpdater; C:\Users\Ekoroski\AppData\Local\Temp\ToolbarUpdater.exe [508416 2012-07-20] ()
S3 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [x]
 
==================== Drivers (Whitelisted) ====================
 
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-20] (DT Soft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 cpuz135; \??\C:\Users\ajerez\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
R2 NPF; system32\drivers\npf.sys [x]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-04-29 13:18 - 2013-04-29 13:18 - 01710472 ____A (Farbar) C:\Users\ekoroski.ABA\Downloads\FRST64.exe
2013-04-29 13:18 - 2013-04-29 13:18 - 00000000 ____D C:\FRST
2013-04-29 11:35 - 2013-04-29 11:35 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-04-29 11:34 - 2013-04-29 11:34 - 00000000 ____D C:\Users\ekoroski.ABA\AppData\Roaming\Malwarebytes
2013-04-25 17:32 - 2013-04-25 17:32 - 00000000 ____D C:\Users\ekoroski.ABA\AppData\Roaming\KeePass
2013-04-25 16:44 - 2013-04-25 16:44 - 02475400 ____A (Dominik Reichl                                              ) C:\Users\ekoroski.ABA\Downloads\KeePass-2.22-Setup.exe
2013-04-25 16:44 - 2013-04-25 16:44 - 00001105 ____A C:\Users\ekoroski.ABA\Desktop\KeePass 2.lnk
2013-04-25 16:44 - 2013-04-25 16:44 - 00000000 ____D C:\Program Files (x86)\KeePass Password Safe 2
2013-04-25 10:11 - 2013-04-25 10:11 - 00001771 ____A C:\Users\ekoroski.ABA\Downloads\Unconfirmed 278545.crdownload
2013-04-25 09:43 - 2013-04-25 09:44 - 00001709 ____A C:\Users\ekoroski.ABA\Downloads\agent (1).jnlp
2013-04-25 09:25 - 2013-04-25 09:25 - 02459200 ____A C:\Users\ekoroski.ABA\Downloads\ShowMyPC3152 (1).exe
2013-04-25 09:22 - 2013-04-25 09:41 - 00001709 ____A C:\Users\ekoroski.ABA\Downloads\agent.jnlp
2013-04-24 17:47 - 2013-04-22 10:30 - 02226977 ____A C:\Users\ekoroski.ABA\Desktop\SuperGNES v1.3.9.apk
2013-04-24 17:46 - 2013-04-24 17:46 - 01804974 ____A C:\Users\ekoroski.ABA\Desktop\SuperGNES v1.3.9.zip
2013-04-24 16:20 - 2013-04-24 16:20 - 00363792 ____A C:\Users\ekoroski.ABA\Desktop\Medisoft_Reg-Merge.reg
2013-04-24 15:59 - 2013-04-24 16:00 - 00000000 ____D C:\Users\ekoroski.ABA\Desktop\Medisoft_v16_flashdata
2013-04-24 15:50 - 2013-04-24 15:51 - 00000000 ____D C:\Users\ekoroski.ABA\Desktop\Medisoft_V16
2013-04-23 23:02 - 2013-04-12 10:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-23 12:03 - 2013-04-23 12:03 - 00111424 ____A C:\Users\rzayas\AppData\Local\GDIPFONTCACHEV1.DAT
2013-04-23 12:03 - 2013-04-23 12:03 - 00002255 ____A C:\Users\rzayas\Desktop\Google Chrome.lnk
2013-04-23 12:03 - 2013-04-23 12:03 - 00000020 __ASH C:\Users\rzayas\ntuser.ini
2013-04-23 12:03 - 2013-04-23 12:03 - 00000000 ___RD C:\Users\rzayas\Virtual Machines
2013-04-23 12:03 - 2013-04-23 12:03 - 00000000 ____D C:\Users\rzayas\AppData\Roaming\Apple Computer
2013-04-23 12:03 - 2013-04-23 12:03 - 00000000 ____D C:\Users\rzayas\AppData\Roaming\Adobe
2013-04-23 12:03 - 2013-04-23 12:03 - 00000000 ____D C:\Users\rzayas\AppData\Local\VirtualStore
2013-04-23 12:03 - 2013-04-23 12:03 - 00000000 ____D C:\Users\rzayas\AppData\Local\Eraser 6
2013-04-23 12:03 - 2013-04-23 12:03 - 00000000 ____D C:\Users\rzayas\AppData\Local\Adobe
2013-04-23 12:03 - 2013-04-23 12:03 - 00000000 ____D C:\users\rzayas
2013-04-23 12:03 - 2012-08-07 03:04 - 00000000 ____D C:\Users\rzayas\AppData\Local\Microsoft Help
2013-04-23 11:46 - 2013-04-23 11:46 - 00000000 ____D C:\Users\kgarulli\AppData\Roaming\WinRAR
2013-04-23 11:44 - 2013-04-23 11:44 - 00000000 ____D C:\Users\kgarulli\AppData\Local\Eraser 6
2013-04-23 11:43 - 2013-04-23 11:43 - 00111424 ____A C:\Users\kgarulli\AppData\Local\GDIPFONTCACHEV1.DAT
2013-04-23 11:43 - 2013-04-23 11:43 - 00002255 ____A C:\Users\kgarulli\Desktop\Google Chrome.lnk
2013-04-23 11:43 - 2013-04-23 11:43 - 00000000 ___RD C:\Users\kgarulli\Virtual Machines
2013-04-23 11:43 - 2013-04-23 11:43 - 00000000 ____D C:\Users\kgarulli\AppData\Roaming\Apple Computer
2013-04-23 11:43 - 2013-04-23 11:43 - 00000000 ____D C:\Users\kgarulli\AppData\Roaming\Adobe
2013-04-23 11:43 - 2013-04-23 11:43 - 00000000 ____D C:\Users\kgarulli\AppData\Local\VirtualStore
2013-04-23 11:43 - 2013-04-23 11:43 - 00000000 ____D C:\Users\kgarulli\AppData\Local\Adobe
2013-04-23 11:42 - 2013-04-23 11:43 - 00000000 ____D C:\users\kgarulli
2013-04-23 11:42 - 2013-04-23 11:42 - 00000020 ___SH C:\Users\kgarulli\ntuser.ini
2013-04-23 11:42 - 2012-08-07 03:04 - 00000000 ____D C:\Users\kgarulli\AppData\Local\Microsoft Help
2013-04-23 11:41 - 2013-04-23 11:41 - 00000000 ____D C:\Users\instructor\AppData\Roaming\Apple Computer
2013-04-23 11:41 - 2013-04-23 11:41 - 00000000 ____D C:\Users\instructor\AppData\Roaming\Adobe
2013-04-23 11:41 - 2013-04-23 11:41 - 00000000 ____D C:\Users\instructor\AppData\Local\Eraser 6
2013-04-23 11:41 - 2013-04-23 11:41 - 00000000 ____D C:\Users\instructor\AppData\Local\Adobe
2013-04-23 11:40 - 2013-04-23 11:40 - 00111424 ____A C:\Users\instructor\AppData\Local\GDIPFONTCACHEV1.DAT
2013-04-23 11:40 - 2013-04-23 11:40 - 00002255 ____A C:\Users\instructor\Desktop\Google Chrome.lnk
2013-04-23 11:40 - 2013-04-23 11:40 - 00000020 ___SH C:\Users\instructor\ntuser.ini
2013-04-23 11:40 - 2013-04-23 11:40 - 00000000 ___RD C:\Users\instructor\Virtual Machines
2013-04-23 11:40 - 2013-04-23 11:40 - 00000000 ____D C:\Users\instructor\AppData\Local\VirtualStore
2013-04-23 11:40 - 2013-04-23 11:40 - 00000000 ____D C:\users\instructor
2013-04-23 11:40 - 2012-08-07 03:04 - 00000000 ____D C:\Users\instructor\AppData\Local\Microsoft Help
2013-04-23 09:56 - 2013-04-23 09:56 - 00000000 ____D C:\Medidata
2013-04-22 12:56 - 2013-04-22 13:43 - 00010562 ____A C:\Users\ekoroski.ABA\Documents\Hackensack Non Working Phones.xlsx
2013-04-19 14:03 - 2013-04-19 14:04 - 00000000 ____D C:\Users\ekoroski.ABA\Downloads\Dropkick Murphys
2013-04-19 14:03 - 2013-04-19 14:03 - 00000000 ____D C:\Users\ekoroski.ABA\Downloads\Dropkick Murphys - Signed and Sealed in Blood (2013)
2013-04-18 14:07 - 2013-04-18 14:07 - 00003554 ____A C:\Users\ekoroski.ABA\AppData\Roaming\evpro32.prf
2013-04-18 12:08 - 2013-04-18 12:08 - 00000000 ____D C:\ExamView
2013-04-18 12:08 - 1999-12-17 10:13 - 00086016 ____A (MindVision Software) C:\Windows\unvise32.exe
2013-04-18 11:10 - 2013-04-18 11:10 - 00108197 ____A C:\Users\ekoroski.ABA\Downloads\search
2013-04-17 18:44 - 2013-04-17 18:51 - 00000000 ____D C:\Users\ekoroski.ABA\AppData\Roaming\avidemux
2013-04-17 18:43 - 2013-04-17 18:43 - 12977165 ____A C:\Users\ekoroski.ABA\Downloads\avidemux_2.6.3_32bits.exe
2013-04-17 18:43 - 2013-04-17 18:43 - 00000000 ____D C:\Program Files (x86)\Avidemux 2.6
2013-04-17 18:39 - 2013-04-17 18:39 - 00000000 ____D C:\Program Files (x86)\Sonic Foundry
2013-04-17 18:39 - 2013-04-17 18:39 - 00000000 ____D C:\Program Files (x86)\DebugMode
2013-04-17 18:38 - 2013-04-17 18:39 - 02715366 ____A C:\Users\ekoroski.ABA\Downloads\wax20e.zip
2013-04-17 18:37 - 2013-04-17 18:37 - 00000000 ____D C:\Users\ekoroski.ABA\Desktop\virtualdub
2013-04-17 18:36 - 2013-04-17 18:36 - 01707366 ____A C:\Users\ekoroski.ABA\Downloads\VirtualDub-1.9.11.zip
2013-04-17 18:33 - 2013-04-17 18:33 - 00003584 ____A C:\Users\ekoroski.ABA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-04-17 18:30 - 2013-04-17 18:30 - 10644304 ____A (Web Solution Mart                                           ) C:\Users\ekoroski.ABA\Downloads\vfctksetup.exe
2013-04-17 13:21 - 2013-04-17 13:21 - 00128478 ____A C:\Users\ekoroski.ABA\Downloads\Verizon Rom compatability pack.zip
2013-04-17 13:16 - 2013-04-17 17:24 - 4233867562 ____A C:\Users\ekoroski.ABA\Desktop\Cam8.20130404_170903_1.avi
2013-04-17 13:13 - 2013-04-17 13:13 - 00001271 ____A C:\Users\Public\Desktop\Pazera Free MP4 to AVI Converter.lnk
2013-04-17 13:13 - 2013-04-17 13:13 - 00000000 ____D C:\Program Files (x86)\pazera-software
2013-04-17 13:11 - 2013-04-17 13:11 - 00691848 ____A (CNET Download.com) C:\Users\ekoroski.ABA\Downloads\cbsidlm-cbsi5_4_0_101-Pazera_Free_MP4_to_AVI_Converter-SEO-10784027.exe
2013-04-17 12:58 - 2013-04-10 18:44 - 4270059434 ____A C:\Users\ekoroski.ABA\Desktop\Cam8.20130404_170903_1.mp4
2013-04-17 12:57 - 2013-04-17 12:57 - 00000000 ____D C:\Windows\en
2013-04-17 12:57 - 2013-04-17 12:57 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-04-17 12:56 - 2013-04-17 12:57 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-04-17 12:53 - 2013-04-17 13:00 - 00000000 ____D C:\Users\ekoroski.ABA\AppData\Local\Windows Live
2013-04-17 12:52 - 2013-04-17 12:52 - 01239552 ____A (Microsoft Corporation) C:\Users\ekoroski.ABA\Downloads\wlsetup-web.exe
2013-04-17 12:09 - 2013-04-17 12:09 - 00010255 ____A C:\Users\ekoroski.ABA\Documents\Hackensack Shared Calendar Users.xlsx
2013-04-15 12:35 - 2013-04-15 13:19 - 1653981201 ____A C:\Users\ekoroski.ABA\Downloads\Hyperdrive RLS11 Universal s3.zip
2013-04-12 16:30 - 2013-04-12 16:30 - 00000000 ____D C:\Users\joe.ABA\AppData\Local\Eraser 6
2013-04-12 15:58 - 2013-04-12 15:58 - 00000000 ____D C:\Users\joe.ABA\AppData\Roaming\Macromedia
2013-04-12 15:57 - 2013-04-12 15:58 - 00000000 ____D C:\Users\joe.ABA\AppData\Roaming\Mozilla
2013-04-12 15:57 - 2013-04-12 15:57 - 00000000 ____D C:\Users\joe.ABA\AppData\Local\Mozilla
2013-04-12 15:57 - 2013-04-12 15:57 - 00000000 ____D C:\Users\joe.ABA\AppData\Local\Google
2013-04-12 15:56 - 2013-04-12 15:58 - 00000000 ____D C:\Users\joe.ABA\AppData\Roaming\Adobe
2013-04-12 15:56 - 2013-04-12 15:57 - 00002255 ____A C:\Users\joe.ABA\Desktop\Google Chrome.lnk
2013-04-12 15:56 - 2013-04-12 15:56 - 00111032 ____A C:\Users\joe.ABA\AppData\Local\GDIPFONTCACHEV1.DAT
2013-04-12 15:56 - 2013-04-12 15:56 - 00000020 __ASH C:\Users\joe.ABA\ntuser.ini
2013-04-12 15:56 - 2013-04-12 15:56 - 00000000 ___RD C:\Users\joe.ABA\Virtual Machines
2013-04-12 15:56 - 2013-04-12 15:56 - 00000000 ____D C:\Users\joe.ABA\AppData\Roaming\Apple Computer
2013-04-12 15:56 - 2013-04-12 15:56 - 00000000 ____D C:\Users\joe.ABA\AppData\Local\VirtualStore
2013-04-12 15:56 - 2013-04-12 15:56 - 00000000 ____D C:\Users\joe.ABA\AppData\Local\Adobe
2013-04-12 15:56 - 2012-08-07 03:04 - 00000000 ____D C:\Users\joe.ABA\AppData\Local\Microsoft Help
2013-04-12 15:55 - 2013-04-12 15:56 - 00000000 ____D C:\users\joe.ABA
2013-04-10 14:46 - 2013-04-10 15:11 - 941906050 ____A C:\Users\ekoroski.ABA\Downloads\Goodness_Reborn_10.0_Verizon.zip
2013-04-10 03:01 - 2013-02-22 02:57 - 17817088 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-04-10 03:01 - 2013-02-22 02:29 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-10 03:01 - 2013-02-22 02:27 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-04-10 03:01 - 2013-02-22 02:21 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-10 03:01 - 2013-02-22 02:20 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-10 03:01 - 2013-02-22 02:19 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-04-10 03:01 - 2013-02-22 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-04-10 03:01 - 2013-02-22 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-10 03:01 - 2013-02-22 02:15 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-04-10 03:01 - 2013-02-22 02:15 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-04-10 03:01 - 2013-02-22 02:15 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-04-10 03:01 - 2013-02-22 02:14 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-10 03:01 - 2013-02-22 02:13 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-10 03:01 - 2013-02-22 02:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-04-10 03:01 - 2013-02-22 02:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-04-10 03:01 - 2013-02-22 02:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-04-10 03:01 - 2013-02-22 00:05 - 12324352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-04-10 03:01 - 2013-02-21 23:47 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-04-10 03:01 - 2013-02-21 23:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-04-10 03:01 - 2013-02-21 23:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-04-10 03:01 - 2013-02-21 23:38 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-04-10 03:01 - 2013-02-21 23:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-04-10 03:01 - 2013-02-21 23:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-04-10 03:01 - 2013-02-21 23:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-04-10 03:01 - 2013-02-21 23:34 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-04-10 03:01 - 2013-02-21 23:34 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-04-10 03:01 - 2013-02-21 23:34 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-04-10 03:01 - 2013-02-21 23:33 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-04-10 03:01 - 2013-02-21 23:32 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-04-10 03:01 - 2013-02-21 23:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-04-10 03:01 - 2013-02-21 23:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-04-10 03:01 - 2013-02-21 23:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-04-09 21:00 - 2013-02-28 23:36 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-04-09 20:59 - 2013-03-19 02:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-04-09 20:59 - 2013-03-19 01:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-04-09 20:59 - 2013-03-19 01:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-04-09 20:59 - 2013-03-19 01:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-04-09 20:59 - 2013-03-19 00:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-04-09 20:59 - 2013-03-18 23:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-04-09 20:59 - 2013-01-24 02:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-04-09 13:19 - 2013-04-09 13:19 - 00000000 ____D C:\Program Files (x86)\MST Software
2013-04-09 12:24 - 2013-04-09 12:30 - 00000000 ____D C:\Users\ekoroski.ABA\Downloads\Jim Dale - Harry Potter Audiobook
2013-04-08 19:03 - 2013-04-08 19:03 - 00001311 ____A C:\Users\ekoroski.ABA\Downloads\papashotdoggeria_backup_1.papa
2013-04-05 12:20 - 2013-04-05 12:20 - 00000000 ____D C:\Users\ekoroski.ABA\Documents\ConfigPackages
2013-04-05 12:20 - 2013-04-05 12:20 - 00000000 ____D C:\Users\ekoroski.ABA\Documents\Boson NetSim Labs
2013-04-05 11:23 - 2013-04-05 11:23 - 00529765 ____A C:\Users\ekoroski.ABA\Downloads\VRBMB1.rpm.zip
2013-04-05 11:21 - 2013-04-05 11:22 - 09259746 ____A C:\Users\ekoroski.ABA\Downloads\PhotosphereFlasable.zip
2013-04-05 11:19 - 2013-04-05 12:02 - 914357351 ____A C:\Users\ekoroski.ABA\Downloads\d2vzw_JellyBeans_B14.zip
2013-04-05 11:12 - 2013-04-05 11:12 - 20462767 ____A C:\Users\ekoroski.ABA\Downloads\VRBMB1.modem.zip
2013-04-05 09:48 - 2013-04-05 09:48 - 07887129 ____A C:\Users\ekoroski.ABA\Downloads\01 Cruise (Remix) [feat. Nelly].m4a
2013-04-04 10:32 - 2013-04-04 10:32 - 00010149 ____A C:\Users\ekoroski.ABA\Documents\Hackensack Smartboard Storage Inventory.xlsx
2013-04-02 10:21 - 2013-04-02 10:22 - 02715898 ____A C:\Users\ekoroski.ABA\Documents\Campaign 2
2013-04-02 10:07 - 2013-04-02 10:07 - 00690929 ____A C:\Users\ekoroski.ABA\Documents\Campaign 1
2013-04-02 09:55 - 2013-04-02 09:59 - 00000129 ____A C:\Users\ekoroski.ABA\Documents\Remove From List.csv
2013-04-02 09:43 - 2013-04-02 09:45 - 53543296 ____A (Perspective Software                                         ) C:\Users\ekoroski.ABA\Downloads\BlueIris.exe
2013-04-02 09:36 - 2013-04-02 09:37 - 00000023 ____A C:\Users\ekoroski.ABA\Desktop\New Text Document (2).txt
2013-04-01 11:38 - 2013-04-01 11:38 - 00000000 ____D C:\Program Files (x86)\MSECache
 
==================== One Month Modified Files and Folders =======
 
2013-04-29 13:18 - 2013-04-29 13:18 - 01710472 ____A (Farbar) C:\Users\ekoroski.ABA\Downloads\FRST64.exe
2013-04-29 13:18 - 2013-04-29 13:18 - 00000000 ____D C:\FRST
2013-04-29 13:17 - 2012-08-03 11:47 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-04-29 13:06 - 2012-10-16 09:51 - 00000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-04-29 12:57 - 2012-08-06 17:56 - 00000000 ____D C:\Users\ekoroski.ABA\Documents\Outlook Files
2013-04-29 12:57 - 2012-08-03 11:45 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2606905543-640068030-637926263-1204UA.job
2013-04-29 12:50 - 2012-08-03 08:29 - 00000112 ____A C:\Windows\System32\config\netlogon.ftl
2013-04-29 11:57 - 2012-08-03 11:45 - 00000848 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2606905543-640068030-637926263-1204Core.job
2013-04-29 11:35 - 2013-04-29 11:35 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-04-29 11:35 - 2012-11-30 11:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-29 11:34 - 2013-04-29 11:34 - 00000000 ____D C:\Users\ekoroski.ABA\AppData\Roaming\Malwarebytes
2013-04-29 11:23 - 2012-08-02 18:07 - 01460633 ____A C:\Windows\WindowsUpdate.log
2013-04-29 09:06 - 2012-10-16 09:51 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-04-28 22:11 - 2012-10-17 12:06 - 00000018 ____A C:\Windows\SysWOW64\time.dat
2013-04-26 20:06 - 2009-07-14 00:51 - 00073949 ____A C:\Windows\setupact.log
2013-04-26 16:33 - 2009-07-14 00:45 - 00022240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-04-26 16:33 - 2009-07-14 00:45 - 00022240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-04-25 17:32 - 2013-04-25 17:32 - 00000000 ____D C:\Users\ekoroski.ABA\AppData\Roaming\KeePass
2013-04-25 16:44 - 2013-04-25 16:44 - 02475400 ____A (Dominik Reichl                                              ) C:\Users\ekoroski.ABA\Downloads\KeePass-2.22-Setup.exe
2013-04-25 16:44 - 2013-04-25 16:44 - 00001105 ____A C:\Users\ekoroski.ABA\Desktop\KeePass 2.lnk
2013-04-25 16:44 - 2013-04-25 16:44 - 00000000 ____D C:\Program Files (x86)\KeePass Password Safe 2
2013-04-25 11:38 - 2009-07-14 01:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2013-04-25 10:11 - 2013-04-25 10:11 - 00001771 ____A C:\Users\ekoroski.ABA\Downloads\Unconfirmed 278545.crdownload
2013-04-25 09:44 - 2013-04-25 09:43 - 00001709 ____A C:\Users\ekoroski.ABA\Downloads\agent (1).jnlp
2013-04-25 09:41 - 2013-04-25 09:22 - 00001709 ____A C:\Users\ekoroski.ABA\Downloads\agent.jnlp
2013-04-25 09:25 - 2013-04-25 09:25 - 02459200 ____A C:\Users\ekoroski.ABA\Downloads\ShowMyPC3152 (1).exe
2013-04-24 17:46 - 2013-04-24 17:46 - 01804974 ____A C:\Users\ekoroski.ABA\Desktop\SuperGNES v1.3.9.zip
2013-04-24 16:20 - 2013-04-24 16:20 - 00363792 ____A C:\Users\ekoroski.ABA\Desktop\Medisoft_Reg-Merge.reg
2013-04-24 16:20 - 2013-03-01 14:00 - 00000000 ____D C:\Users\ekoroski.ABA\AppData\Roaming\FileZilla
2013-04-24 16:00 - 2013-04-24 15:59 - 00000000 ____D C:\Users\ekoroski.ABA\Desktop\Medisoft_v16_flashdata
2013-04-24 15:51 - 2013-04-24 15:50 - 00000000 ____D C:\Users\ekoroski.ABA\Desktop\Medisoft_V16
2013-04-24 03:17 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-24 03:17 - 2009-07-14 00:45 - 00423328 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-24 03:16 - 2010-11-20 23:47 - 00024934 ____A C:\Windows\PFRO.log
2013-04-23 12:03 - 2013-04-23 12:03 - 00111424 ____A C:\Users\rzayas\AppData\Local\GDIPFONTCACHEV1.DAT
2013-04-23 12:03 - 2013-04-23 12:03 - 00002255 ____A C:\Users\rzayas\Desktop\Google Chrome.lnk
2013-04-23 12:03 - 2013-04-23 12:03 - 00000020 __ASH C:\Users\rzayas\ntuser.ini
2013-04-23 12:03 - 2013-04-23 12:03 - 00000000 ___RD C:\Users\rzayas\Virtual Machines
2013-04-23 12:03 - 2013-04-23 12:03 - 00000000 ____D C:\Users\rzayas\AppData\Roaming\Apple Computer
2013-04-23 12:03 - 2013-04-23 12:03 - 00000000 ____D C:\Users\rzayas\AppData\Roaming\Adobe
2013-04-23 12:03 - 2013-04-23 12:03 - 00000000 ____D C:\Users\rzayas\AppData\Local\VirtualStore
2013-04-23 12:03 - 2013-04-23 12:03 - 00000000 ____D C:\Users\rzayas\AppData\Local\Eraser 6
2013-04-23 12:03 - 2013-04-23 12:03 - 00000000 ____D C:\Users\rzayas\AppData\Local\Adobe
2013-04-23 12:03 - 2013-04-23 12:03 - 00000000 ____D C:\users\rzayas
2013-04-23 11:46 - 2013-04-23 11:46 - 00000000 ____D C:\Users\kgarulli\AppData\Roaming\WinRAR
2013-04-23 11:44 - 2013-04-23 11:44 - 00000000 ____D C:\Users\kgarulli\AppData\Local\Eraser 6
2013-04-23 11:43 - 2013-04-23 11:43 - 00111424 ____A C:\Users\kgarulli\AppData\Local\GDIPFONTCACHEV1.DAT
2013-04-23 11:43 - 2013-04-23 11:43 - 00002255 ____A C:\Users\kgarulli\Desktop\Google Chrome.lnk
2013-04-23 11:43 - 2013-04-23 11:43 - 00000000 ___RD C:\Users\kgarulli\Virtual Machines
2013-04-23 11:43 - 2013-04-23 11:43 - 00000000 ____D C:\Users\kgarulli\AppData\Roaming\Apple Computer
2013-04-23 11:43 - 2013-04-23 11:43 - 00000000 ____D C:\Users\kgarulli\AppData\Roaming\Adobe
2013-04-23 11:43 - 2013-04-23 11:43 - 00000000 ____D C:\Users\kgarulli\AppData\Local\VirtualStore
2013-04-23 11:43 - 2013-04-23 11:43 - 00000000 ____D C:\Users\kgarulli\AppData\Local\Adobe
2013-04-23 11:43 - 2013-04-23 11:42 - 00000000 ____D C:\users\kgarulli
2013-04-23 11:42 - 2013-04-23 11:42 - 00000020 ___SH C:\Users\kgarulli\ntuser.ini
2013-04-23 11:41 - 2013-04-23 11:41 - 00000000 ____D C:\Users\instructor\AppData\Roaming\Apple Computer
2013-04-23 11:41 - 2013-04-23 11:41 - 00000000 ____D C:\Users\instructor\AppData\Roaming\Adobe
2013-04-23 11:41 - 2013-04-23 11:41 - 00000000 ____D C:\Users\instructor\AppData\Local\Eraser 6
2013-04-23 11:41 - 2013-04-23 11:41 - 00000000 ____D C:\Users\instructor\AppData\Local\Adobe
2013-04-23 11:40 - 2013-04-23 11:40 - 00111424 ____A C:\Users\instructor\AppData\Local\GDIPFONTCACHEV1.DAT
2013-04-23 11:40 - 2013-04-23 11:40 - 00002255 ____A C:\Users\instructor\Desktop\Google Chrome.lnk
2013-04-23 11:40 - 2013-04-23 11:40 - 00000020 ___SH C:\Users\instructor\ntuser.ini
2013-04-23 11:40 - 2013-04-23 11:40 - 00000000 ___RD C:\Users\instructor\Virtual Machines
2013-04-23 11:40 - 2013-04-23 11:40 - 00000000 ____D C:\Users\instructor\AppData\Local\VirtualStore
2013-04-23 11:40 - 2013-04-23 11:40 - 00000000 ____D C:\users\instructor
2013-04-23 09:56 - 2013-04-23 09:56 - 00000000 ____D C:\Medidata
2013-04-22 13:43 - 2013-04-22 12:56 - 00010562 ____A C:\Users\ekoroski.ABA\Documents\Hackensack Non Working Phones.xlsx
2013-04-22 10:30 - 2013-04-24 17:47 - 02226977 ____A C:\Users\ekoroski.ABA\Desktop\SuperGNES v1.3.9.apk
2013-04-19 14:15 - 2013-03-21 17:18 - 00000000 ____D C:\Users\ekoroski.ABA\AppData\Roaming\uTorrent
2013-04-19 14:04 - 2013-04-19 14:03 - 00000000 ____D C:\Users\ekoroski.ABA\Downloads\Dropkick Murphys
2013-04-19 14:03 - 2013-04-19 14:03 - 00000000 ____D C:\Users\ekoroski.ABA\Downloads\Dropkick Murphys - Signed and Sealed in Blood (2013)
2013-04-18 14:31 - 2013-01-07 09:37 - 00111424 ____A C:\Users\ekoroski.ABA\AppData\Local\GDIPFONTCACHEV1.DAT
2013-04-18 14:07 - 2013-04-18 14:07 - 00003554 ____A C:\Users\ekoroski.ABA\AppData\Roaming\evpro32.prf
2013-04-18 12:08 - 2013-04-18 12:08 - 00000000 ____D C:\ExamView
2013-04-18 11:10 - 2013-04-18 11:10 - 00108197 ____A C:\Users\ekoroski.ABA\Downloads\search
2013-04-17 18:51 - 2013-04-17 18:44 - 00000000 ____D C:\Users\ekoroski.ABA\AppData\Roaming\avidemux
2013-04-17 18:43 - 2013-04-17 18:43 - 12977165 ____A C:\Users\ekoroski.ABA\Downloads\avidemux_2.6.3_32bits.exe
2013-04-17 18:43 - 2013-04-17 18:43 - 00000000 ____D C:\Program Files (x86)\Avidemux 2.6
2013-04-17 18:39 - 2013-04-17 18:39 - 00000000 ____D C:\Program Files (x86)\Sonic Foundry
2013-04-17 18:39 - 2013-04-17 18:39 - 00000000 ____D C:\Program Files (x86)\DebugMode
2013-04-17 18:39 - 2013-04-17 18:38 - 02715366 ____A C:\Users\ekoroski.ABA\Downloads\wax20e.zip
2013-04-17 18:39 - 2013-03-25 14:52 - 00000000 ____D C:\users\dflowers
2013-04-17 18:37 - 2013-04-17 18:37 - 00000000 ____D C:\Users\ekoroski.ABA\Desktop\virtualdub
2013-04-17 18:36 - 2013-04-17 18:36 - 01707366 ____A C:\Users\ekoroski.ABA\Downloads\VirtualDub-1.9.11.zip
2013-04-17 18:33 - 2013-04-17 18:33 - 00003584 ____A C:\Users\ekoroski.ABA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-04-17 18:30 - 2013-04-17 18:30 - 10644304 ____A (Web Solution Mart                                           ) C:\Users\ekoroski.ABA\Downloads\vfctksetup.exe
2013-04-17 17:24 - 2013-04-17 13:16 - 4233867562 ____A C:\Users\ekoroski.ABA\Desktop\Cam8.20130404_170903_1.avi
2013-04-17 13:21 - 2013-04-17 13:21 - 00128478 ____A C:\Users\ekoroski.ABA\Downloads\Verizon Rom compatability pack.zip
2013-04-17 13:13 - 2013-04-17 13:13 - 00001271 ____A C:\Users\Public\Desktop\Pazera Free MP4 to AVI Converter.lnk
2013-04-17 13:13 - 2013-04-17 13:13 - 00000000 ____D C:\Program Files (x86)\pazera-software
2013-04-17 13:11 - 2013-04-17 13:11 - 00691848 ____A (CNET Download.com) C:\Users\ekoroski.ABA\Downloads\cbsidlm-cbsi5_4_0_101-Pazera_Free_MP4_to_AVI_Converter-SEO-10784027.exe
2013-04-17 13:00 - 2013-04-17 12:53 - 00000000 ____D C:\Users\ekoroski.ABA\AppData\Local\Windows Live
2013-04-17 12:57 - 2013-04-17 12:57 - 00000000 ____D C:\Windows\en
2013-04-17 12:57 - 2013-04-17 12:57 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-04-17 12:57 - 2013-04-17 12:56 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-04-17 12:56 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-04-17 12:54 - 2013-03-20 17:34 - 00010642 ____A C:\Windows\DirectX.log
2013-04-17 12:52 - 2013-04-17 12:52 - 01239552 ____A (Microsoft Corporation) C:\Users\ekoroski.ABA\Downloads\wlsetup-web.exe
2013-04-17 12:09 - 2013-04-17 12:09 - 00010255 ____A C:\Users\ekoroski.ABA\Documents\Hackensack Shared Calendar Users.xlsx
2013-04-15 13:19 - 2013-04-15 12:35 - 1653981201 ____A C:\Users\ekoroski.ABA\Downloads\Hyperdrive RLS11 Universal s3.zip
2013-04-12 16:30 - 2013-04-12 16:30 - 00000000 ____D C:\Users\joe.ABA\AppData\Local\Eraser 6
2013-04-12 15:58 - 2013-04-12 15:58 - 00000000 ____D C:\Users\joe.ABA\AppData\Roaming\Macromedia
2013-04-12 15:58 - 2013-04-12 15:57 - 00000000 ____D C:\Users\joe.ABA\AppData\Roaming\Mozilla
2013-04-12 15:58 - 2013-04-12 15:56 - 00000000 ____D C:\Users\joe.ABA\AppData\Roaming\Adobe
2013-04-12 15:57 - 2013-04-12 15:57 - 00000000 ____D C:\Users\joe.ABA\AppData\Local\Mozilla
2013-04-12 15:57 - 2013-04-12 15:57 - 00000000 ____D C:\Users\joe.ABA\AppData\Local\Google
2013-04-12 15:57 - 2013-04-12 15:56 - 00002255 ____A C:\Users\joe.ABA\Desktop\Google Chrome.lnk
2013-04-12 15:56 - 2013-04-12 15:56 - 00111032 ____A C:\Users\joe.ABA\AppData\Local\GDIPFONTCACHEV1.DAT
2013-04-12 15:56 - 2013-04-12 15:56 - 00000020 __ASH C:\Users\joe.ABA\ntuser.ini
2013-04-12 15:56 - 2013-04-12 15:56 - 00000000 ___RD C:\Users\joe.ABA\Virtual Machines
2013-04-12 15:56 - 2013-04-12 15:56 - 00000000 ____D C:\Users\joe.ABA\AppData\Roaming\Apple Computer
2013-04-12 15:56 - 2013-04-12 15:56 - 00000000 ____D C:\Users\joe.ABA\AppData\Local\VirtualStore
2013-04-12 15:56 - 2013-04-12 15:56 - 00000000 ____D C:\Users\joe.ABA\AppData\Local\Adobe
2013-04-12 15:56 - 2013-04-12 15:55 - 00000000 ____D C:\users\joe.ABA
2013-04-12 10:45 - 2013-04-23 23:02 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-10 18:44 - 2013-04-17 12:58 - 4270059434 ____A C:\Users\ekoroski.ABA\Desktop\Cam8.20130404_170903_1.mp4
2013-04-10 15:11 - 2013-04-10 14:46 - 941906050 ____A C:\Users\ekoroski.ABA\Downloads\Goodness_Reborn_10.0_Verizon.zip
2013-04-10 03:02 - 2012-08-02 18:24 - 72702784 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-04-09 13:28 - 2012-10-24 09:13 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-04-09 13:19 - 2013-04-09 13:19 - 00000000 ____D C:\Program Files (x86)\MST Software
2013-04-09 12:40 - 2012-10-24 11:54 - 00000725 ____A C:\Windows\System32\ricdb.ini
2013-04-09 12:30 - 2013-04-09 12:24 - 00000000 ____D C:\Users\ekoroski.ABA\Downloads\Jim Dale - Harry Potter Audiobook
2013-04-08 19:03 - 2013-04-08 19:03 - 00001311 ____A C:\Users\ekoroski.ABA\Downloads\papashotdoggeria_backup_1.papa
2013-04-05 12:20 - 2013-04-05 12:20 - 00000000 ____D C:\Users\ekoroski.ABA\Documents\ConfigPackages
2013-04-05 12:20 - 2013-04-05 12:20 - 00000000 ____D C:\Users\ekoroski.ABA\Documents\Boson NetSim Labs
2013-04-05 12:02 - 2013-04-05 11:19 - 914357351 ____A C:\Users\ekoroski.ABA\Downloads\d2vzw_JellyBeans_B14.zip
2013-04-05 11:23 - 2013-04-05 11:23 - 00529765 ____A C:\Users\ekoroski.ABA\Downloads\VRBMB1.rpm.zip
2013-04-05 11:22 - 2013-04-05 11:21 - 09259746 ____A C:\Users\ekoroski.ABA\Downloads\PhotosphereFlasable.zip
2013-04-05 11:12 - 2013-04-05 11:12 - 20462767 ____A C:\Users\ekoroski.ABA\Downloads\VRBMB1.modem.zip
2013-04-05 09:48 - 2013-04-05 09:48 - 07887129 ____A C:\Users\ekoroski.ABA\Downloads\01 Cruise (Remix) [feat. Nelly].m4a
2013-04-04 14:50 - 2012-11-30 11:03 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-04-04 10:32 - 2013-04-04 10:32 - 00010149 ____A C:\Users\ekoroski.ABA\Documents\Hackensack Smartboard Storage Inventory.xlsx
2013-04-02 10:22 - 2013-04-02 10:21 - 02715898 ____A C:\Users\ekoroski.ABA\Documents\Campaign 2
2013-04-02 10:07 - 2013-04-02 10:07 - 00690929 ____A C:\Users\ekoroski.ABA\Documents\Campaign 1
2013-04-02 09:59 - 2013-04-02 09:55 - 00000129 ____A C:\Users\ekoroski.ABA\Documents\Remove From List.csv
2013-04-02 09:48 - 2012-11-26 14:37 - 00000000 ____D C:\Program Files (x86)\Blue Iris 3
2013-04-02 09:45 - 2013-04-02 09:43 - 53543296 ____A (Perspective Software                                         ) C:\Users\ekoroski.ABA\Downloads\BlueIris.exe
2013-04-02 09:37 - 2013-04-02 09:36 - 00000023 ____A C:\Users\ekoroski.ABA\Desktop\New Text Document (2).txt
2013-04-02 06:34 - 2010-11-20 23:27 - 00282744 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-04-01 11:38 - 2013-04-01 11:38 - 00000000 ____D C:\Program Files (x86)\MSECache
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
Last Boot: 2013-04-24 00:51
 
==================== End Of Log ============================

 

 



#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,722 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:45 AM

Posted 29 April 2013 - 12:40 PM

Seems Addition.txt is not attached. After browsing and selecting the file press Attach This File. Thank you.



#5 Ekoroski

Ekoroski
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:45 PM

Posted 29 April 2013 - 12:46 PM

Sorry about that! file should be attached now

Attached Files



#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,722 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:45 AM

Posted 29 April 2013 - 12:54 PM

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.



#7 Ekoroski

Ekoroski
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:45 PM

Posted 29 April 2013 - 12:58 PM

Um I dont think the file attached.



#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,722 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:45 AM

Posted 29 April 2013 - 01:03 PM

Sorry. :)

Attached Files



#9 Ekoroski

Ekoroski
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:45 PM

Posted 29 April 2013 - 01:05 PM

No worries  B)

Heres the results of that fix

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-04-2013 02
Ran by ekoroski at 2013-04-29 14:04:44 Run:1
Running from C:\Users\ekoroski.ABA\Desktop
Boot Mode: Normal
==============================================
 
[2008] C:\Users\Ekoroski\AppData\Local\Temp\ToolbarUpdater.exe => Process closed successfully.
[4696] C:\Windows\SysWOW64\WinMonitor.exe => Process closed successfully.
TolbarUpdater service deleted successfully.
C:\Users\Ekoroski\AppData\Local\Temp\ToolbarUpdater.exe moved successfully.
C:\Windows\SysWOW64\WinMonitor.exe moved successfully.
 
 
The system needs a manual reboot. 
 
==== End of Fixlog ====


#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,722 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:45 AM

Posted 29 April 2013 - 01:10 PM

Please reboot the computer and tell me if those audio's are still playing.



#11 Ekoroski

Ekoroski
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:45 PM

Posted 29 April 2013 - 01:15 PM

Ok I rebooted. the audio was an intermittent issue but i will see, if it doesn't happen in the next 5 minutes or so which is about how often it was happening I will let  you know.

 

Thanks!



#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,722 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:45 AM

Posted 29 April 2013 - 01:19 PM

Meanwhile do the following:

 

This small application you may want to keep and use to keep the computer clean.
Download CCleaner from here http://www.ccleaner.com/
 

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar or any other program uncheck the box next to it.
  • Run CCleaner. Under Application tab all the boxes should be checked except any option to remove saved passwords.
  • Click Run Cleaner.
  • Close CCleaner.

 



#13 Ekoroski

Ekoroski
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:45 PM

Posted 29 April 2013 - 01:25 PM

Ok just ran CCleaner haven't heard any strange audio coming from the PC so everythings looking good.



#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,722 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:45 AM

Posted 29 April 2013 - 01:35 PM

So it is 10 minutes gone without the audio adware.

 

Let's send those file we moved to be scanned:

 

Click on this link--> virustotal

Click the browse button. Copy and paste the lines in bold in the open box, then click Send File after pasting one line. You will only be able to have one file scanned at a time.

C:\FRST\Quarantine\WinMonitor.exe

C:\FRST\Quarantine\ToolbarUpdater.exe

If the file is analyzed before, click Reanalyse File Now button.
Please copy and paste the results of the scan in your next post.



#15 Ekoroski

Ekoroski
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:45 PM

Posted 29 April 2013 - 02:34 PM

Sorry for the delay, is this the results you are looking for? 

 

 

ssdeep 3072:O/BtI7g/bZAtUQmB6a0Z6UQ/W25vLEIPl4y3r7KR395R38R3gR3CR33R38R35R3m:2w70Ag5viCsx TrID Generic CIL Executable (.NET, Mono, etc.) (70.8%)
Windows Screen Saver (12.6%)
Win32 Dynamic Link Library (generic) (6.3%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (1.9%) ExifTool SubsystemVersion.........: 4.0
InitializedDataSize......: 1536
ImageVersion.............: 0.0
FileVersionNumber........: 5.0.5.0
UninitializedDataSize....: 0
LanguageCode.............: Neutral
FileFlagsMask............: 0x003f
CharacterSet.............: Unicode
LinkerVersion............: 8.0
OriginalFilename.........: WinMonitor.exe
MIMEType.................: application/octet-stream
Subsystem................: Windows GUI
FileVersion..............: 5.0.5.0
TimeStamp................: 2013:03:01 21:37:42+00:00
FileType.................: Win32 EXE
PEType...................: PE32
InternalName.............: WinMonitor.exe
FileAccessDate...........: 2013:04:29 20:30:34+01:00
ProductVersion...........: 5.0.5.0
FileDescription..........:
OSVersion................: 4.0
FileCreateDate...........: 2013:04:29 20:30:34+01:00
FileOS...................: Win32
LegalCopyright...........:
MachineType..............: Intel 386 or later, and compatibles
CodeSize.................: 126464
FileSubtype..............: 0
ProductVersionNumber.....: 5.0.5.0
EntryPoint...............: 0x20cce
ObjectFileType...........: Executable application
AssemblyVersion..........: 1.1.0.5 Sigcheck internal name............: WinMonitor.exe
file version.............: 5.0.5.0
original name............: WinMonitor.exe Portable Executable structural information Compilation timedatestamp.....: 2013-03-01 21:37:42
Target machine................: Intel 386 or later processors and compatible processors
Entry point address...........: 0x00020CCE

PE Sections...................:

Name Virtual Address Virtual Size Raw Size Entropy MD5
.text 8192 126164 126464 5.51 e7dcb5e8a15aac3842876ef9e988527c
.rsrc 139264 688 1024 2.25 5d4327d7dc307e15562e624f94de96ef
.reloc 147456 12 512 0.08 cb55a351bbae3cb31aa25518b67a182b

PE Imports....................:

[[mscoree.dll]]
_CorExeMain

PE Resources..................:

Resource type Number of resources
RT_VERSION 1

Resource language Number of resources
NEUTRAL 1 Symantec Reputation Suspicious.Insight First seen by VirusTotal 2013-03-04 18:56:31 UTC ( 1 month, 3 weeks ago ) Last seen by VirusTotal 2013-04-29 19:30:55 UTC ( 0 minutes ago ) File names (max. 25)

  1. winmonitor.tmp.exe
  2. WinMonitor.exe

_______________________________________________________________________________________________________________________

 

ssdeep 6144:3x5nHie1VSJkDXNXKMJ9zFE2OMFaasaSx17BEBYgf+b5A8wF9FiRKK5RKKKKKKKp:h5nHie1VSkDXVAMQd176BY4+a5GN6d TrID Win32 EXE PECompact compressed (generic) (46.9%)
Win32 Executable Delphi generic (16.5%)
Windows Screen Saver (14.7%)
Win32 Dynamic Link Library (generic) (7.4%)
Win32 Executable (generic) (7.3%) ExifTool MIMEType.................: application/octet-stream
Subsystem................: Windows GUI
MachineType..............: Intel 386 or later, and compatibles
TimeStamp................: 1992:06:19 23:22:17+01:00
FileType.................: Win32 EXE
PEType...................: PE32
CodeSize.................: 434688
LinkerVersion............: 2.25
FileAccessDate...........: 2013:04:29 20:33:22+01:00
EntryPoint...............: 0x6b080
InitializedDataSize......: 72704
SubsystemVersion.........: 4.0
ImageVersion.............: 0.0
OSVersion................: 4.0
FileCreateDate...........: 2013:04:29 20:33:22+01:00
UninitializedDataSize....: 0 Portable Executable structural information Compilation timedatestamp.....: 1992-06-19 22:22:17
Target machine................: Intel 386 or later processors and compatible processors
Entry point address...........: 0x0006B080

PE Sections...................:

Name Virtual Address Virtual Size Raw Size Entropy MD5
CODE 4096 434376 434688 6.52 057d35afbc385a5f19c881ef7ea4602d
DATA 442368 7192 7680 4.31 c8ce4572b7f6f4f885c3e247706ac83f
BSS 450560 3777 0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 454656 8898 9216 4.96 0cf5f46b2ea0aeb70cd166c1dc517223
.tls 466944 16 0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 471040 24 512 0.21 c9da74e84d146d178e42d10931d2d948
.reloc 475136 33588 33792 6.64 de4a45facafc70c3e053be96d5bad4d9
.rsrc 512000 21352 21504 3.83 10d4b00dbbb6fbc2d064ab1063d0052f

PE Imports....................:

[[version.dll]]
GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

[[gdi32.dll]]
GetDIBColorTable, GetWindowOrgEx, PatBlt, GetClipBox, GetCurrentPositionEx, SaveDC, CreateFontIndirectA, GetTextMetricsA, MaskBlt, SetStretchBltMode, GetPixel, GetObjectA, ExcludeClipRect, LineTo, DeleteDC, RestoreDC, SetBkMode, GetSystemPaletteEntries, SetPixel, CreateSolidBrush, IntersectClipRect, CreateHalftonePalette, CreateDIBSection, RealizePalette, SetTextColor, GetDeviceCaps, MoveToEx, BitBlt, CreateBitmap, RectVisible, CreatePalette, GetStockObject, CreateDIBitmap, SetViewportOrgEx, SelectPalette, UnrealizeObject, GetDIBits, SetBrushOrgEx, GetDCOrgEx, GetBrushOrgEx, StretchBlt, GetBitmapBits, CreateCompatibleDC, SetROP2, SelectObject, GetTextExtentPoint32A, GetPaletteEntries, SetDIBColorTable, CreateBrushIndirect, SetWindowOrgEx, SetBkColor, DeleteObject, CreateCompatibleBitmap, CreatePenIndirect

[[advapi32.dll]]
CloseServiceHandle, RegCloseKey, StartServiceCtrlDispatcherA, OpenServiceA, SetServiceStatus, DeregisterEventSource, RegQueryValueExA, CreateServiceA, RegisterEventSourceA, DeleteService, RegOpenKeyExA, OpenSCManagerA, ReportEventA, RegisterServiceCtrlHandlerA

[[kernel32.dll]]
SetThreadLocale, GetStdHandle, FileTimeToDosDateTime, WaitForSingleObject, GetLocalTime, DeleteCriticalSection, GetLocaleInfoA, LocalAlloc, SetErrorMode, GetTempPathA, GetCPInfo, InterlockedExchange, WriteFile, GetDiskFreeSpaceA, GetFullPathNameA, SetEvent, LocalFree, ResumeThread, InitializeCriticalSection, LoadResource, GlobalHandle, FindClose, TlsGetValue, FormatMessageA, GetStringTypeExA, GlobalFindAtomA, ExitProcess, GetModuleFileNameA, EnumCalendarInfoA, LoadLibraryExA, UnhandledExceptionFilter, InterlockedDecrement, MultiByteToWideChar, GetModuleHandleA, CreateThread, GetExitCodeThread, GlobalAddAtomA, MulDiv, ExitThread, GlobalAlloc, SetEndOfFile, GetCurrentThreadId, InterlockedIncrement, EnterCriticalSection, FreeLibrary, QueryPerformanceCounter, GetTickCount, GetVersionExA, LoadLibraryA, RtlUnwind, GetStartupInfoA, GetDateFormatA, GetFileSize, DeleteFileA, GetProcAddress, GlobalReAlloc, FindFirstFileA, lstrcpyA, ResetEvent, GlobalLock, GetTimeZoneInformation, CreateEventA, TlsSetValue, CreateFileA, LeaveCriticalSection, GetLastError, GlobalDeleteAtom, GetSystemInfo, lstrlenA, GlobalFree, GetThreadLocale, GlobalUnlock, VirtualQuery, FileTimeToLocalFileTime, SizeofResource, GetCurrentProcessId, LockResource, WideCharToMultiByte, GetCommandLineA, SuspendThread, GetSystemDefaultLangID, RaiseException, SetFilePointer, ReadFile, CloseHandle, lstrcpynA, GetACP, GetVersion, FreeResource, VirtualFree, Sleep, FindResourceA, VirtualAlloc, CompareStringA

[[oleaut32.dll]]
VariantChangeType, SafeArrayGetLBound, SafeArrayPtrOfIndex, SysAllocStringLen, VariantClear, SafeArrayCreate, SysReAllocStringLen, SafeArrayGetUBound, VariantCopy, SysFreeString, VariantInit

[[shell32.dll]]
ShellExecuteA

[[user32.dll]]
RedrawWindow, GetForegroundWindow, EnableScrollBar, DestroyMenu, PostQuitMessage, LoadBitmapA, SetWindowPos, IsWindow, DispatchMessageA, EndPaint, SetMenuItemInfoA, CharUpperBuffA, WindowFromPoint, DrawIcon, SetActiveWindow, GetMenuItemID, GetCursorPos, ReleaseDC, GetClassInfoA, GetMenu, UnregisterClassA, SendMessageA, GetClientRect, SetScrollPos, CallNextHookEx, GetKeyboardState, ClientToScreen, GetTopWindow, ShowCursor, MsgWaitForMultipleObjects, ScrollWindow, GetWindowTextA, GetKeyState, PtInRect, GetMessageA, GetParent, UpdateWindow, SetPropA, EqualRect, EnumWindows, DefMDIChildProcA, ShowWindow, SetClassLongA, GetPropA, GetDesktopWindow, TranslateMDISysAccel, EnableWindow, SetWindowPlacement, PeekMessageA, TranslateMessage, IsWindowEnabled, GetWindow, ActivateKeyboardLayout, InsertMenuItemA, GetIconInfo, LoadStringA, SetParent, CharLowerA, IsZoomed, GetWindowPlacement, GetKeyboardLayoutList, DrawMenuBar, IsIconic, RegisterClassA, GetMenuItemCount, GetWindowLongA, SetTimer, OemToCharA, GetActiveWindow, ShowOwnedPopups, FillRect, EnumThreadWindows, CharNextA, GetSysColorBrush, CreateMenu, DestroyWindow, IsChild, IsDialogMessageA, SetFocus, MapVirtualKeyA, DrawEdge, SetCapture, BeginPaint, OffsetRect, GetScrollPos, KillTimer, RegisterWindowMessageA, DefWindowProcA, MapWindowPoints, GetSystemMetrics, EnableMenuItem, SetScrollRange, GetWindowRect, InflateRect, PostMessageA, ReleaseCapture, GetScrollRange, SetWindowLongA, RemovePropA, CreatePopupMenu, CheckMenuItem, GetSubMenu, GetLastActivePopup, DrawIconEx, CreateWindowExA, ScreenToClient, InsertMenuA, LoadCursorA, LoadIconA, TrackPopupMenu, SetWindowsHookExA, GetMenuStringA, GetMenuState, GetKeyboardLayout, GetSystemMenu, GetDC, SetForegroundWindow, PostThreadMessageA, CharToOemA, DrawTextA, IntersectRect, GetScrollInfo, GetCapture, WaitMessage, FindWindowA, RemoveMenu, GetWindowThreadProcessId, ShowScrollBar, DrawFrameControl, UnhookWindowsHookEx, RegisterClipboardFormatA, CallWindowProcA, MessageBoxA, GetClassNameA, GetWindowDC, DestroyCursor, AdjustWindowRectEx, LoadKeyboardLayoutA, GetSysColor, SetScrollInfo, GetMenuItemInfoA, SystemParametersInfoA, DestroyIcon, GetKeyNameTextA, IsWindowVisible, GetDCEx, WinHelpA, FrameRect, SetRect, DeleteMenu, InvalidateRect, DefFrameProcA, CreateIcon, IsRectEmpty, GetCursor, GetFocus, GetKeyboardType, SetMenu, SetCursor

[[comctl32.dll]]
ImageList_BeginDrag, ImageList_SetBkColor, ImageList_SetDragCursorImage, ImageList_Read, ImageList_GetDragImage, ImageList_Create, ImageList_DragMove, ImageList_DrawEx, ImageList_SetIconSize, ImageList_Write, ImageList_GetImageCount, ImageList_Destroy, ImageList_Draw, ImageList_GetIconSize, ImageList_DragLeave, ImageList_GetBkColor, ImageList_ReplaceIcon, ImageList_DragEnter, ImageList_Add, ImageList_SetImageCount, ImageList_DragShowNolock, ImageList_Remove, ImageList_EndDrag

PE Resources..................:

Resource type Number of resources
RT_STRING 22
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_RCDATA 3

Resource language Number of resources
NEUTRAL 39 Symantec Reputation Suspicious.Insight First seen by VirusTotal 2012-07-25 14:46:27 UTC ( 9 months, 1 week ago ) Last seen by VirusTotal 2013-04-29 19:32:51 UTC ( 1 minute ago ) File names (max. 25)

  1. ToolbarUpdater.exe
  2. 98a80733c6e66b043dbc638ca25fab0f.exe
  3. 96EF4EBD0091C910C2CA076B28CCDC00657F4669.exe
  4. 98a80733c6e66b043dbc638ca25fab0faafc60415355181ad32fe57d286861e3bb80cf73167ffadaf725c0e4e7b1e8c300c2070000000000
  5. virussign.com_98a80733c6e66b043dbc638ca25fab0f.exe
  6. file-4419540_exe

Edited by Ekoroski, 29 April 2013 - 02:34 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users