Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

i think im infected


  • This topic is locked This topic is locked
5 replies to this topic

#1 Bhaloo

Bhaloo

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 16 May 2014 - 07:33 PM

Good day my friends, i need your help i came from work and my son told me that the computer has been shutting down with no reason.

I ran rogue killer because Malwarebytes showme 0 infections

 

The rogue killer log is:

 

 
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Chocolo [Admin rights]
Mode : Scan -- Date : 05/16/2014 18:31:49
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 0 ¤¤¤
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
[Address] EAT @explorer.exe (WlanAllocateMemory) : davclnt.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74F8AC8)
[Address] EAT @explorer.exe (WlanCloseHandle) : davclnt.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74F38A0)
[Address] EAT @explorer.exe (WlanConnect) : davclnt.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74F5558)
[Address] EAT @explorer.exe (WlanDeleteProfile) : davclnt.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74F6D10)
[Address] EAT @explorer.exe (WlanDisconnect) : davclnt.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74F57E8)
[Address] EAT @explorer.exe (WlanEnumInterfaces) : davclnt.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74F3A80)
[Address] EAT @explorer.exe (WlanExtractPsdIEDataList) : davclnt.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74F8394)
[Address] EAT @explorer.exe (WlanFreeMemory) : davclnt.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74FA5A0)
[Address] EAT @explorer.exe (WlanGetAvailableNetworkList) : davclnt.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74F4F88)
[Address] EAT @explorer.exe (WlanGetFilterList) : davclnt.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74F7F9C)
[Address] EAT @explorer.exe (WlanGetInterfaceCapability) : davclnt.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74F4188)
[Address] EAT @explorer.exe (WlanGetNetworkBssList) : davclnt.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74F5268)
[Address] EAT @explorer.exe (WlanGetProfile) : davclnt.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74F6A20)
[Address] EAT @explorer.exe (WlanGetProfileCustomUserData) : davclnt.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74F7B1C)
[Address] EAT @explorer.exe (WlanGetProfileList) : davclnt.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74F7404)
[Address] EAT @explorer.exe (WlanGetSecuritySettings) : davclnt.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74F8D88)
[Address] EAT @explorer.exe (WlanHostedNetworkForceStart) : davclnt.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74F935C)
[Address] EAT @explorer.exe (WlanHostedNetworkForceStop) : davclnt.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74F9418)
[Address] EAT @explorer.exe (WlanHostedNetworkInitSettings) : davclnt.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74F99D8)
[Address] EAT @explorer.exe (WlanHostedNetworkQueryProperty) : davclnt.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74F94D4)
[Address] EAT @explorer.exe (WlanHostedNetworkQuerySecondaryKey) : davclnt.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74FA020)
[Address] EAT @explorer.exe (WlanHostedNetworkQueryStatus) : davclnt.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74F9B50)
[Address] EAT @explorer.exe (WlanHostedNetworkRefreshSecuritySettings) : davclnt.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74F9A94)
[Address] EAT @explorer.exe (WlanHostedNetworkSetProperty) : davclnt.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74F9744)
[Address] EAT @explorer.exe (WlanHostedNetworkSetSecondaryKey) : davclnt.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74F9D78)
[Address] EAT @explorer.exe (WlanHostedNetworkStartUsing) : davclnt.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74F91EC)
[Address] EAT @explorer.exe (WlanHostedNetworkStopUsing) : davclnt.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74F92A4)
[Address] EAT @explorer.exe (WlanIhvControl) : davclnt.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74F4A00)
[Address] EAT @explorer.exe (WlanOpenHandle) : davclnt.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74F1960)
[Address] EAT @explorer.exe (WlanQueryAutoConfigParameter) : davclnt.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74F3EE8)
[Address] EAT @explorer.exe (WlanQueryInterface) : davclnt.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74F4668)
[Address] EAT @explorer.exe (WlanReasonCodeToString) : davclnt.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74F8A54)
[Address] EAT @explorer.exe (WlanRegisterNotification) : davclnt.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74F5A08)
[Address] EAT @explorer.exe (WlanRegisterVirtualStationNotification) : davclnt.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74FA358)
[Address] EAT @explorer.exe (WlanRenameProfile) : davclnt.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74F6F4C)
[Address] EAT @explorer.exe (WlanSaveTemporaryProfile) : davclnt.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74F87D0)
[Address] EAT @explorer.exe (WlanScan) : davclnt.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74F4D40)
[Address] EAT @explorer.exe (WlanSetAutoConfigParameter) : davclnt.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74F3D10)
[Address] EAT @explorer.exe (WlanSetFilterList) : davclnt.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74F7DCC)
[Address] EAT @explorer.exe (WlanSetInterface) : davclnt.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74F4470)
[Address] EAT @explorer.exe (WlanSetProfile) : davclnt.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74F6760)
[Address] EAT @explorer.exe (WlanSetProfileCustomUserData) : davclnt.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74F78A4)
[Address] EAT @explorer.exe (WlanSetProfileEapUserData) : davclnt.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74F5CC4)
[Address] EAT @explorer.exe (WlanSetProfileEapXmlUserData) : davclnt.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74F5F9C)
[Address] EAT @explorer.exe (WlanSetProfileList) : davclnt.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74F71A8)
[Address] EAT @explorer.exe (WlanSetProfilePosition) : davclnt.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74F7644)
[Address] EAT @explorer.exe (WlanSetPsdIEDataList) : davclnt.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74F81B0)
[Address] EAT @explorer.exe (WlanSetSecuritySettings) : davclnt.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF74F8B58)
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1 genuine.microsoft.com
127.0.0.1 mpa.one.microsoft.com
127.0.0.1 sls.microsoft.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
[...]
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST500DM002-1BD142 ATA Device +++++
--- User ---
[MBR] cbe9b9ddff38296a08d0683b7081b1e9
[BSP] 50a018ca8b4f7171f27cc63c80751f2e : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_05162014_183149.txt >>
RKreport[0]_S_03202014_095147.txt;RKreport[0]_S_04272014_082514.txt;RKreport[0]_S_05012014_221939.txt
RKreport[0]_S_05012014_222428.txt;RKreport[0]_S_05162014_174637.txt
 
 
Really thank you!!!

Edited by Orange Blossom, 16 May 2014 - 07:39 PM.
Moved from Windows 7. ~ OB


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:56 AM

Posted 16 May 2014 - 08:42 PM

Hello.. Please disable SpyBot and run it again.

Download RogueKiller from one of the following links and save it to your desktop:
  • Link 1
  • Link 2
    • Close all programs and disconnect any USB or external drives before running the tool.
    • Double-click RogueKiller.exe to run the tool (Vista or 7 users: Right-click and select Run As Administrator).
    • Once the Prescan has finished, click Scan.
    • Once the Status box shows "Scan Finished", click the Delete button.
    • Copy and paste the report that opens into your next reply.
      • The log can also be found on your desktop labeled (RKreport[X]_D_xxdatexx_xtimex)
      • The highest number of [X], is the most recent Delete
Follow with......
Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.
  • Extract the ZIP archive and double-click "mbar.exe" to start the tool.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"

Edited by boopme, 16 May 2014 - 08:43 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Bhaloo

Bhaloo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 24 May 2014 - 06:38 PM

Ok, i did this and this is the report 

 

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Bhaloo [Admin rights]
Mode : Remove -- Date : 05/24/2014 17:36:16
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 3 ¤¤¤
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
[Address] EAT @explorer.exe (LdapGetLastError) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E81D8)
[Address] EAT @explorer.exe (LdapMapErrorToWin32) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8C2BA4)
[Address] EAT @explorer.exe (LdapUTF8ToUnicode) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E7FA0)
[Address] EAT @explorer.exe (LdapUnicodeToUTF8) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8B44A8)
[Address] EAT @explorer.exe (ber_alloc_t) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DE62C)
[Address] EAT @explorer.exe (ber_bvdup) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DE54C)
[Address] EAT @explorer.exe (ber_bvecfree) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DE500)
[Address] EAT @explorer.exe (ber_bvfree) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DE4BC)
[Address] EAT @explorer.exe (ber_first_element) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DE73C)
[Address] EAT @explorer.exe (ber_flatten) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DE7EC)
[Address] EAT @explorer.exe (ber_free) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DE48C)
[Address] EAT @explorer.exe (ber_init) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DE384)
[Address] EAT @explorer.exe (ber_next_element) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DE7B0)
[Address] EAT @explorer.exe (ber_peek_tag) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DE700)
[Address] EAT @explorer.exe (ber_printf) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DE8D4)
[Address] EAT @explorer.exe (ber_scanf) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DEB48)
[Address] EAT @explorer.exe (ber_skip_tag) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DE6C4)
[Address] EAT @explorer.exe (cldap_open) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8BE254)
[Address] EAT @explorer.exe (cldap_openA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8BE254)
[Address] EAT @explorer.exe (cldap_openW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DF19C)
[Address] EAT @explorer.exe (ldap_abandon) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D52C0)
[Address] EAT @explorer.exe (ldap_add) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D5BD8)
[Address] EAT @explorer.exe (ldap_addA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D5BD8)
[Address] EAT @explorer.exe (ldap_addW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D5AF8)
[Address] EAT @explorer.exe (ldap_add_ext) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D5D38)
[Address] EAT @explorer.exe (ldap_add_extA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D5D38)
[Address] EAT @explorer.exe (ldap_add_extW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D5C48)
[Address] EAT @explorer.exe (ldap_add_ext_s) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D600C)
[Address] EAT @explorer.exe (ldap_add_ext_sA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D600C)
[Address] EAT @explorer.exe (ldap_add_ext_sW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D5EA4)
[Address] EAT @explorer.exe (ldap_add_s) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D5C28)
[Address] EAT @explorer.exe (ldap_add_sA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D5C28)
[Address] EAT @explorer.exe (ldap_add_sW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D5C08)
[Address] EAT @explorer.exe (ldap_bind) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D8034)
[Address] EAT @explorer.exe (ldap_bindA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D8034)
[Address] EAT @explorer.exe (ldap_bindW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D7F20)
[Address] EAT @explorer.exe (ldap_bind_s) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D8050)
[Address] EAT @explorer.exe (ldap_bind_sA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D8050)
[Address] EAT @explorer.exe (ldap_bind_sW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8B9B64)
[Address] EAT @explorer.exe (ldap_check_filterA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E6F0C)
[Address] EAT @explorer.exe (ldap_check_filterW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E6D08)
[Address] EAT @explorer.exe (ldap_cleanup) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DC080)
[Address] EAT @explorer.exe (ldap_close_extended_op) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DBB9C)
[Address] EAT @explorer.exe (ldap_compare) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D8C38)
[Address] EAT @explorer.exe (ldap_compareA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D8C38)
[Address] EAT @explorer.exe (ldap_compareW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D8B40)
[Address] EAT @explorer.exe (ldap_compare_ext) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D8DD0)
[Address] EAT @explorer.exe (ldap_compare_extA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D8DD0)
[Address] EAT @explorer.exe (ldap_compare_extW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D8CC0)
[Address] EAT @explorer.exe (ldap_compare_ext_s) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D91B0)
[Address] EAT @explorer.exe (ldap_compare_ext_sA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D91B0)
[Address] EAT @explorer.exe (ldap_compare_ext_sW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D902C)
[Address] EAT @explorer.exe (ldap_compare_s) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D8C98)
[Address] EAT @explorer.exe (ldap_compare_sA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D8C98)
[Address] EAT @explorer.exe (ldap_compare_sW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D8C70)
[Address] EAT @explorer.exe (ldap_conn_from_msg) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E8208)
[Address] EAT @explorer.exe (ldap_connect) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8BBF14)
[Address] EAT @explorer.exe (ldap_control_free) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D9800)
[Address] EAT @explorer.exe (ldap_control_freeA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D9800)
[Address] EAT @explorer.exe (ldap_control_freeW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D9810)
[Address] EAT @explorer.exe (ldap_controls_free) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D97F4)
[Address] EAT @explorer.exe (ldap_controls_freeA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D97F4)
[Address] EAT @explorer.exe (ldap_controls_freeW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8BFD18)
[Address] EAT @explorer.exe (ldap_count_entries) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8BD2DC)
[Address] EAT @explorer.exe (ldap_count_references) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E7BE8)
[Address] EAT @explorer.exe (ldap_count_values) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E42A0)
[Address] EAT @explorer.exe (ldap_count_valuesA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E42A0)
[Address] EAT @explorer.exe (ldap_count_valuesW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8BD270)
[Address] EAT @explorer.exe (ldap_count_values_len) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8BD270)
[Address] EAT @explorer.exe (ldap_create_page_control) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E08D4)
[Address] EAT @explorer.exe (ldap_create_page_controlA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E08D4)
[Address] EAT @explorer.exe (ldap_create_page_controlW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E0800)
[Address] EAT @explorer.exe (ldap_create_sort_control) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E65A4)
[Address] EAT @explorer.exe (ldap_create_sort_controlA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E65A4)
[Address] EAT @explorer.exe (ldap_create_sort_controlW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E65C0)
[Address] EAT @explorer.exe (ldap_create_vlv_controlA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E14A4)
[Address] EAT @explorer.exe (ldap_create_vlv_controlW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E1480)
[Address] EAT @explorer.exe (ldap_delete) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DAA90)
[Address] EAT @explorer.exe (ldap_deleteA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DAA90)
[Address] EAT @explorer.exe (ldap_deleteW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DAA60)
[Address] EAT @explorer.exe (ldap_delete_ext) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DAAF4)
[Address] EAT @explorer.exe (ldap_delete_extA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DAAF4)
[Address] EAT @explorer.exe (ldap_delete_extW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DA978)
[Address] EAT @explorer.exe (ldap_delete_ext_s) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DADA0)
[Address] EAT @explorer.exe (ldap_delete_ext_sA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DADA0)
[Address] EAT @explorer.exe (ldap_delete_ext_sW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DAC50)
[Address] EAT @explorer.exe (ldap_delete_s) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DAAE0)
[Address] EAT @explorer.exe (ldap_delete_sA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DAAE0)
[Address] EAT @explorer.exe (ldap_delete_sW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DAAC0)
[Address] EAT @explorer.exe (ldap_dn2ufn) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DDCE4)
[Address] EAT @explorer.exe (ldap_dn2ufnA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DDCE4)
[Address] EAT @explorer.exe (ldap_dn2ufnW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DDA38)
[Address] EAT @explorer.exe (ldap_encode_sort_controlA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E6C3C)
[Address] EAT @explorer.exe (ldap_encode_sort_controlW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E6B74)
[Address] EAT @explorer.exe (ldap_err2string) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8B2200)
[Address] EAT @explorer.exe (ldap_err2stringA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8B2200)
[Address] EAT @explorer.exe (ldap_err2stringW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E8040)
[Address] EAT @explorer.exe (ldap_escape_filter_element) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8B1588)
[Address] EAT @explorer.exe (ldap_escape_filter_elementA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8B1588)
[Address] EAT @explorer.exe (ldap_escape_filter_elementW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E6F88)
[Address] EAT @explorer.exe (ldap_explode_dn) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DD968)
[Address] EAT @explorer.exe (ldap_explode_dnA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DD968)
[Address] EAT @explorer.exe (ldap_explode_dnW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DD6DC)
[Address] EAT @explorer.exe (ldap_extended_operation) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DB6D4)
[Address] EAT @explorer.exe (ldap_extended_operationA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DB6D4)
[Address] EAT @explorer.exe (ldap_extended_operationW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DB5E4)
[Address] EAT @explorer.exe (ldap_extended_operation_sA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DB840)
[Address] EAT @explorer.exe (ldap_extended_operation_sW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DBA1C)
[Address] EAT @explorer.exe (ldap_first_attribute) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D6DF4)
[Address] EAT @explorer.exe (ldap_first_attributeA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D6DF4)
[Address] EAT @explorer.exe (ldap_first_attributeW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8BD360)
[Address] EAT @explorer.exe (ldap_first_entry) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8B7A68)
[Address] EAT @explorer.exe (ldap_first_reference) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E7A78)
[Address] EAT @explorer.exe (ldap_free_controls) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D97F4)
[Address] EAT @explorer.exe (ldap_free_controlsA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D97F4)
[Address] EAT @explorer.exe (ldap_free_controlsW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D97F4)
[Address] EAT @explorer.exe (ldap_get_dn) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E42C0)
[Address] EAT @explorer.exe (ldap_get_dnA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E42C0)
[Address] EAT @explorer.exe (ldap_get_dnW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8BFDD0)
[Address] EAT @explorer.exe (ldap_get_next_page) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DFE30)
[Address] EAT @explorer.exe (ldap_get_next_page_s) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DFFDC)
[Address] EAT @explorer.exe (ldap_get_option) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DBC58)
[Address] EAT @explorer.exe (ldap_get_optionA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DBC58)
[Address] EAT @explorer.exe (ldap_get_optionW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8BCE54)
[Address] EAT @explorer.exe (ldap_get_paged_count) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E0248)
[Address] EAT @explorer.exe (ldap_get_values) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E412C)
[Address] EAT @explorer.exe (ldap_get_valuesA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E428C)
[Address] EAT @explorer.exe (ldap_get_valuesW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8B85A4)
[Address] EAT @explorer.exe (ldap_get_values_len) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8BDC94)
[Address] EAT @explorer.exe (ldap_get_values_lenA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8BDC94)
[Address] EAT @explorer.exe (ldap_get_values_lenW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8B868C)
[Address] EAT @explorer.exe (ldap_init) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DF230)
[Address] EAT @explorer.exe (ldap_initA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DF230)
[Address] EAT @explorer.exe (ldap_initW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8BBF94)
[Address] EAT @explorer.exe (ldap_memfree) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8B965C)
[Address] EAT @explorer.exe (ldap_memfreeA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8B965C)
[Address] EAT @explorer.exe (ldap_memfreeW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8BFEC0)
[Address] EAT @explorer.exe (ldap_modify) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DC964)
[Address] EAT @explorer.exe (ldap_modifyA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DC964)
[Address] EAT @explorer.exe (ldap_modifyW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DC884)
[Address] EAT @explorer.exe (ldap_modify_ext) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DCAC4)
[Address] EAT @explorer.exe (ldap_modify_extA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DCAC4)
[Address] EAT @explorer.exe (ldap_modify_extW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DC9D4)
[Address] EAT @explorer.exe (ldap_modify_ext_s) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DCD98)
[Address] EAT @explorer.exe (ldap_modify_ext_sA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DCD98)
[Address] EAT @explorer.exe (ldap_modify_ext_sW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DCC30)
[Address] EAT @explorer.exe (ldap_modify_s) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DC9B4)
[Address] EAT @explorer.exe (ldap_modify_sA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DC9B4)
[Address] EAT @explorer.exe (ldap_modify_sW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DC994)
[Address] EAT @explorer.exe (ldap_modrdn) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E3468)
[Address] EAT @explorer.exe (ldap_modrdn2) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E303C)
[Address] EAT @explorer.exe (ldap_modrdn2A) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E303C)
[Address] EAT @explorer.exe (ldap_modrdn2W) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E2E70)
[Address] EAT @explorer.exe (ldap_modrdn2_s) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E330C)
[Address] EAT @explorer.exe (ldap_modrdn2_sA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E330C)
[Address] EAT @explorer.exe (ldap_modrdn2_sW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E31C4)
[Address] EAT @explorer.exe (ldap_modrdnA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E3468)
[Address] EAT @explorer.exe (ldap_modrdnW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E3454)
[Address] EAT @explorer.exe (ldap_modrdn_s) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E3490)
[Address] EAT @explorer.exe (ldap_modrdn_sA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E3490)
[Address] EAT @explorer.exe (ldap_modrdn_sW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E347C)
[Address] EAT @explorer.exe (ldap_msgfree) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8B2980)
[Address] EAT @explorer.exe (ldap_next_attribute) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D6EA8)
[Address] EAT @explorer.exe (ldap_next_attributeA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D6EA8)
[Address] EAT @explorer.exe (ldap_next_attributeW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8BD3E4)
[Address] EAT @explorer.exe (ldap_next_entry) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8BFBD0)
[Address] EAT @explorer.exe (ldap_next_reference) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E7B28)
[Address] EAT @explorer.exe (ldap_open) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DF124)
[Address] EAT @explorer.exe (ldap_openA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DF124)
[Address] EAT @explorer.exe (ldap_openW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DF114)
[Address] EAT @explorer.exe (ldap_parse_extended_resultA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E2154)
[Address] EAT @explorer.exe (ldap_parse_extended_resultW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E2080)
[Address] EAT @explorer.exe (ldap_parse_page_control) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E0C98)
[Address] EAT @explorer.exe (ldap_parse_page_controlA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E0C98)
[Address] EAT @explorer.exe (ldap_parse_page_controlW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E0BD0)
[Address] EAT @explorer.exe (ldap_parse_reference) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E7D60)
[Address] EAT @explorer.exe (ldap_parse_referenceA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E7D60)
[Address] EAT @explorer.exe (ldap_parse_referenceW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E7CAC)
[Address] EAT @explorer.exe (ldap_parse_result) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E1F80)
[Address] EAT @explorer.exe (ldap_parse_resultA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E1F80)
[Address] EAT @explorer.exe (ldap_parse_resultW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E1E80)
[Address] EAT @explorer.exe (ldap_parse_sort_control) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E66F4)
[Address] EAT @explorer.exe (ldap_parse_sort_controlA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E66F4)
[Address] EAT @explorer.exe (ldap_parse_sort_controlW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E67C0)
[Address] EAT @explorer.exe (ldap_parse_vlv_controlA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E1A14)
[Address] EAT @explorer.exe (ldap_parse_vlv_controlW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E1934)
[Address] EAT @explorer.exe (ldap_perror) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E8090)
[Address] EAT @explorer.exe (ldap_rename_ext) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E35B4)
[Address] EAT @explorer.exe (ldap_rename_extA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E35B4)
[Address] EAT @explorer.exe (ldap_rename_extW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E34A4)
[Address] EAT @explorer.exe (ldap_rename_ext_s) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E39BC)
[Address] EAT @explorer.exe (ldap_rename_ext_sA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E39BC)
[Address] EAT @explorer.exe (ldap_rename_ext_sW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E3844)
[Address] EAT @explorer.exe (ldap_result) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8BD988)
[Address] EAT @explorer.exe (ldap_result2error) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8B8BF0)
[Address] EAT @explorer.exe (ldap_sasl_bindA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E5CB0)
[Address] EAT @explorer.exe (ldap_sasl_bindW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E5EC4)
[Address] EAT @explorer.exe (ldap_sasl_bind_sA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E6004)
[Address] EAT @explorer.exe (ldap_sasl_bind_sW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E6208)
[Address] EAT @explorer.exe (ldap_search) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8BDE04)
[Address] EAT @explorer.exe (ldap_searchA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8BDE04)
[Address] EAT @explorer.exe (ldap_searchW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E4320)
[Address] EAT @explorer.exe (ldap_search_abandon_page) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E0538)
[Address] EAT @explorer.exe (ldap_search_ext) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E46D4)
[Address] EAT @explorer.exe (ldap_search_extA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E46D4)
[Address] EAT @explorer.exe (ldap_search_extW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E45B0)
[Address] EAT @explorer.exe (ldap_search_ext_s) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E48E0)
[Address] EAT @explorer.exe (ldap_search_ext_sA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E48E0)
[Address] EAT @explorer.exe (ldap_search_ext_sW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8B8A10)
[Address] EAT @explorer.exe (ldap_search_init_page) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DF910)
[Address] EAT @explorer.exe (ldap_search_init_pageA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DF910)
[Address] EAT @explorer.exe (ldap_search_init_pageW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DF7F0)
[Address] EAT @explorer.exe (ldap_search_s) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E443C)
[Address] EAT @explorer.exe (ldap_search_sA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E443C)
[Address] EAT @explorer.exe (ldap_search_sW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8BD130)
[Address] EAT @explorer.exe (ldap_search_st) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E4478)
[Address] EAT @explorer.exe (ldap_search_stA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E4478)
[Address] EAT @explorer.exe (ldap_search_stW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8BD16C)
[Address] EAT @explorer.exe (ldap_set_dbg_flags) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E809C)
[Address] EAT @explorer.exe (ldap_set_dbg_routine) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E8090)
[Address] EAT @explorer.exe (ldap_set_option) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DBD1C)
[Address] EAT @explorer.exe (ldap_set_optionA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DBD1C)
[Address] EAT @explorer.exe (ldap_set_optionW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8BBE90)
[Address] EAT @explorer.exe (ldap_simple_bind) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D7FF4)
[Address] EAT @explorer.exe (ldap_simple_bindA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D7FF4)
[Address] EAT @explorer.exe (ldap_simple_bindW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D7D88)
[Address] EAT @explorer.exe (ldap_simple_bind_s) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D8014)
[Address] EAT @explorer.exe (ldap_simple_bind_sA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D8014)
[Address] EAT @explorer.exe (ldap_simple_bind_sW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D7E54)
[Address] EAT @explorer.exe (ldap_sslinit) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DF1AC)
[Address] EAT @explorer.exe (ldap_sslinitA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DF1AC)
[Address] EAT @explorer.exe (ldap_sslinitW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8BBFA0)
[Address] EAT @explorer.exe (ldap_start_tls_sA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E7A50)
[Address] EAT @explorer.exe (ldap_start_tls_sW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E7A2C)
[Address] EAT @explorer.exe (ldap_startup) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DC034)
[Address] EAT @explorer.exe (ldap_stop_tls_s) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E7690)
[Address] EAT @explorer.exe (ldap_ufn2dn) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DE240)
[Address] EAT @explorer.exe (ldap_ufn2dnA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DE240)
[Address] EAT @explorer.exe (ldap_ufn2dnW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DDD90)
[Address] EAT @explorer.exe (ldap_unbind) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8B8294)
[Address] EAT @explorer.exe (ldap_unbind_s) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8BD96C)
[Address] EAT @explorer.exe (ldap_value_free) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8B6620)
[Address] EAT @explorer.exe (ldap_value_freeA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8B6620)
[Address] EAT @explorer.exe (ldap_value_freeW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8B6684)
[Address] EAT @explorer.exe (ldap_value_free_len) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8B6684)
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST500DM002-1BD142 ATA Device +++++
--- User ---
[MBR] cbe9b9ddff38296a08d0683b7081b1e9
[BSP] 50a018ca8b4f7171f27cc63c80751f2e : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_D_05242014_173616.txt >>
RKreport[0]_S_05242014_173151.txt


#4 Bhaloo

Bhaloo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 24 May 2014 - 07:17 PM

and this is for mbar

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7600 Windows 7 x64
 
Account is Administrative
 
Internet Explorer version: 8.0.7600.16385
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.114000 GHz
Memory total: 5349957632, free: 2887745536
 
=======================================
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7600 Windows 7 x64
 
Account is Administrative
 
Internet Explorer version: 8.0.7600.16385
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.114000 GHz
Memory total: 5349957632, free: 2945777664
 
Downloaded database version: v2014.05.24.08
Downloaded database version: v2014.05.21.01
=======================================
Initializing...
Done!
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 911A4112
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 976564224
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 
 
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org
 
Database version: v2014.05.24.08
 
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Bhaloo :: BHALOO-PC [administrator]
 
24/05/2014 05:41:25 p.m.
mbar-log-2014-05-24 (17-41-25).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 257100
Time elapsed: 13 minute(s), 34 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:56 AM

Posted 24 May 2014 - 09:08 PM

Ok, there is still malware not being removed. We need to have a specialist get this out. Make a new topic. include that last Roguekiller log and a DDS log from this guide..... Please follow this Preparation Guide, do steps 6,7 and 8 and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Platypus

Platypus

  • Global Moderator
  • 15,168 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:04:56 PM

Posted 26 May 2014 - 08:55 PM

Continued here:

 

http://www.bleepingcomputer.com/forums/t/535634/infected-with-malware/


Top 5 things that never get done:

1.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users