Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with malware


  • This topic is locked This topic is locked
1 reply to this topic

#1 Bhaloo

Bhaloo

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:02 PM

Posted 26 May 2014 - 08:41 PM

Do not know what malware is on my pc but i got redirected by "boopme" to create this new post with the following info: (there is no blue screen anymore and cant remember what it said before)

 

RK log:

 

User : Bhaloo [Admin rights]
Mode : Remove -- Date : 05/24/2014 17:36:16
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 3 ¤¤¤
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
[Address] EAT @explorer.exe (LdapGetLastError) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E81D8)
[Address] EAT @explorer.exe (LdapMapErrorToWin32) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8C2BA4)
[Address] EAT @explorer.exe (LdapUTF8ToUnicode) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E7FA0)
[Address] EAT @explorer.exe (LdapUnicodeToUTF8) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8B44A8)
[Address] EAT @explorer.exe (ber_alloc_t) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DE62C)
[Address] EAT @explorer.exe (ber_bvdup) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DE54C)
[Address] EAT @explorer.exe (ber_bvecfree) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DE500)
[Address] EAT @explorer.exe (ber_bvfree) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DE4BC)
[Address] EAT @explorer.exe (ber_first_element) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DE73C)
[Address] EAT @explorer.exe (ber_flatten) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DE7EC)
[Address] EAT @explorer.exe (ber_free) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DE48C)
[Address] EAT @explorer.exe (ber_init) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DE384)
[Address] EAT @explorer.exe (ber_next_element) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DE7B0)
[Address] EAT @explorer.exe (ber_peek_tag) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DE700)
[Address] EAT @explorer.exe (ber_printf) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DE8D4)
[Address] EAT @explorer.exe (ber_scanf) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DEB48)
[Address] EAT @explorer.exe (ber_skip_tag) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DE6C4)
[Address] EAT @explorer.exe (cldap_open) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8BE254)
[Address] EAT @explorer.exe (cldap_openA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8BE254)
[Address] EAT @explorer.exe (cldap_openW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DF19C)
[Address] EAT @explorer.exe (ldap_abandon) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D52C0)
[Address] EAT @explorer.exe (ldap_add) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D5BD8)
[Address] EAT @explorer.exe (ldap_addA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D5BD8)
[Address] EAT @explorer.exe (ldap_addW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D5AF8)
[Address] EAT @explorer.exe (ldap_add_ext) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D5D38)
[Address] EAT @explorer.exe (ldap_add_extA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D5D38)
[Address] EAT @explorer.exe (ldap_add_extW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D5C48)
[Address] EAT @explorer.exe (ldap_add_ext_s) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D600C)
[Address] EAT @explorer.exe (ldap_add_ext_sA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D600C)
[Address] EAT @explorer.exe (ldap_add_ext_sW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D5EA4)
[Address] EAT @explorer.exe (ldap_add_s) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D5C28)
[Address] EAT @explorer.exe (ldap_add_sA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D5C28)
[Address] EAT @explorer.exe (ldap_add_sW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D5C08)
[Address] EAT @explorer.exe (ldap_bind) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D8034)
[Address] EAT @explorer.exe (ldap_bindA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D8034)
[Address] EAT @explorer.exe (ldap_bindW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D7F20)
[Address] EAT @explorer.exe (ldap_bind_s) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D8050)
[Address] EAT @explorer.exe (ldap_bind_sA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D8050)
[Address] EAT @explorer.exe (ldap_bind_sW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8B9B64)
[Address] EAT @explorer.exe (ldap_check_filterA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E6F0C)
[Address] EAT @explorer.exe (ldap_check_filterW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E6D08)
[Address] EAT @explorer.exe (ldap_cleanup) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DC080)
[Address] EAT @explorer.exe (ldap_close_extended_op) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DBB9C)
[Address] EAT @explorer.exe (ldap_compare) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D8C38)
[Address] EAT @explorer.exe (ldap_compareA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D8C38)
[Address] EAT @explorer.exe (ldap_compareW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D8B40)
[Address] EAT @explorer.exe (ldap_compare_ext) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D8DD0)
[Address] EAT @explorer.exe (ldap_compare_extA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D8DD0)
[Address] EAT @explorer.exe (ldap_compare_extW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D8CC0)
[Address] EAT @explorer.exe (ldap_compare_ext_s) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D91B0)
[Address] EAT @explorer.exe (ldap_compare_ext_sA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D91B0)
[Address] EAT @explorer.exe (ldap_compare_ext_sW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D902C)
[Address] EAT @explorer.exe (ldap_compare_s) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D8C98)
[Address] EAT @explorer.exe (ldap_compare_sA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D8C98)
[Address] EAT @explorer.exe (ldap_compare_sW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D8C70)
[Address] EAT @explorer.exe (ldap_conn_from_msg) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E8208)
[Address] EAT @explorer.exe (ldap_connect) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8BBF14)
[Address] EAT @explorer.exe (ldap_control_free) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D9800)
[Address] EAT @explorer.exe (ldap_control_freeA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D9800)
[Address] EAT @explorer.exe (ldap_control_freeW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D9810)
[Address] EAT @explorer.exe (ldap_controls_free) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D97F4)
[Address] EAT @explorer.exe (ldap_controls_freeA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D97F4)
[Address] EAT @explorer.exe (ldap_controls_freeW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8BFD18)
[Address] EAT @explorer.exe (ldap_count_entries) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8BD2DC)
[Address] EAT @explorer.exe (ldap_count_references) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E7BE8)
[Address] EAT @explorer.exe (ldap_count_values) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E42A0)
[Address] EAT @explorer.exe (ldap_count_valuesA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E42A0)
[Address] EAT @explorer.exe (ldap_count_valuesW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8BD270)
[Address] EAT @explorer.exe (ldap_count_values_len) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8BD270)
[Address] EAT @explorer.exe (ldap_create_page_control) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E08D4)
[Address] EAT @explorer.exe (ldap_create_page_controlA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E08D4)
[Address] EAT @explorer.exe (ldap_create_page_controlW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E0800)
[Address] EAT @explorer.exe (ldap_create_sort_control) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E65A4)
[Address] EAT @explorer.exe (ldap_create_sort_controlA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E65A4)
[Address] EAT @explorer.exe (ldap_create_sort_controlW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E65C0)
[Address] EAT @explorer.exe (ldap_create_vlv_controlA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E14A4)
[Address] EAT @explorer.exe (ldap_create_vlv_controlW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E1480)
[Address] EAT @explorer.exe (ldap_delete) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DAA90)
[Address] EAT @explorer.exe (ldap_deleteA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DAA90)
[Address] EAT @explorer.exe (ldap_deleteW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DAA60)
[Address] EAT @explorer.exe (ldap_delete_ext) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DAAF4)
[Address] EAT @explorer.exe (ldap_delete_extA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DAAF4)
[Address] EAT @explorer.exe (ldap_delete_extW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DA978)
[Address] EAT @explorer.exe (ldap_delete_ext_s) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DADA0)
[Address] EAT @explorer.exe (ldap_delete_ext_sA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DADA0)
[Address] EAT @explorer.exe (ldap_delete_ext_sW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DAC50)
[Address] EAT @explorer.exe (ldap_delete_s) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DAAE0)
[Address] EAT @explorer.exe (ldap_delete_sA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DAAE0)
[Address] EAT @explorer.exe (ldap_delete_sW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DAAC0)
[Address] EAT @explorer.exe (ldap_dn2ufn) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DDCE4)
[Address] EAT @explorer.exe (ldap_dn2ufnA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DDCE4)
[Address] EAT @explorer.exe (ldap_dn2ufnW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DDA38)
[Address] EAT @explorer.exe (ldap_encode_sort_controlA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E6C3C)
[Address] EAT @explorer.exe (ldap_encode_sort_controlW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E6B74)
[Address] EAT @explorer.exe (ldap_err2string) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8B2200)
[Address] EAT @explorer.exe (ldap_err2stringA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8B2200)
[Address] EAT @explorer.exe (ldap_err2stringW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E8040)
[Address] EAT @explorer.exe (ldap_escape_filter_element) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8B1588)
[Address] EAT @explorer.exe (ldap_escape_filter_elementA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8B1588)
[Address] EAT @explorer.exe (ldap_escape_filter_elementW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E6F88)
[Address] EAT @explorer.exe (ldap_explode_dn) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DD968)
[Address] EAT @explorer.exe (ldap_explode_dnA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DD968)
[Address] EAT @explorer.exe (ldap_explode_dnW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DD6DC)
[Address] EAT @explorer.exe (ldap_extended_operation) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DB6D4)
[Address] EAT @explorer.exe (ldap_extended_operationA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DB6D4)
[Address] EAT @explorer.exe (ldap_extended_operationW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DB5E4)
[Address] EAT @explorer.exe (ldap_extended_operation_sA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DB840)
[Address] EAT @explorer.exe (ldap_extended_operation_sW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DBA1C)
[Address] EAT @explorer.exe (ldap_first_attribute) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D6DF4)
[Address] EAT @explorer.exe (ldap_first_attributeA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D6DF4)
[Address] EAT @explorer.exe (ldap_first_attributeW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8BD360)
[Address] EAT @explorer.exe (ldap_first_entry) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8B7A68)
[Address] EAT @explorer.exe (ldap_first_reference) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E7A78)
[Address] EAT @explorer.exe (ldap_free_controls) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D97F4)
[Address] EAT @explorer.exe (ldap_free_controlsA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D97F4)
[Address] EAT @explorer.exe (ldap_free_controlsW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D97F4)
[Address] EAT @explorer.exe (ldap_get_dn) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E42C0)
[Address] EAT @explorer.exe (ldap_get_dnA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E42C0)
[Address] EAT @explorer.exe (ldap_get_dnW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8BFDD0)
[Address] EAT @explorer.exe (ldap_get_next_page) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DFE30)
[Address] EAT @explorer.exe (ldap_get_next_page_s) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DFFDC)
[Address] EAT @explorer.exe (ldap_get_option) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DBC58)
[Address] EAT @explorer.exe (ldap_get_optionA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DBC58)
[Address] EAT @explorer.exe (ldap_get_optionW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8BCE54)
[Address] EAT @explorer.exe (ldap_get_paged_count) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E0248)
[Address] EAT @explorer.exe (ldap_get_values) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E412C)
[Address] EAT @explorer.exe (ldap_get_valuesA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E428C)
[Address] EAT @explorer.exe (ldap_get_valuesW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8B85A4)
[Address] EAT @explorer.exe (ldap_get_values_len) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8BDC94)
[Address] EAT @explorer.exe (ldap_get_values_lenA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8BDC94)
[Address] EAT @explorer.exe (ldap_get_values_lenW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8B868C)
[Address] EAT @explorer.exe (ldap_init) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DF230)
[Address] EAT @explorer.exe (ldap_initA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DF230)
[Address] EAT @explorer.exe (ldap_initW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8BBF94)
[Address] EAT @explorer.exe (ldap_memfree) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8B965C)
[Address] EAT @explorer.exe (ldap_memfreeA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8B965C)
[Address] EAT @explorer.exe (ldap_memfreeW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8BFEC0)
[Address] EAT @explorer.exe (ldap_modify) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DC964)
[Address] EAT @explorer.exe (ldap_modifyA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DC964)
[Address] EAT @explorer.exe (ldap_modifyW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DC884)
[Address] EAT @explorer.exe (ldap_modify_ext) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DCAC4)
[Address] EAT @explorer.exe (ldap_modify_extA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DCAC4)
[Address] EAT @explorer.exe (ldap_modify_extW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DC9D4)
[Address] EAT @explorer.exe (ldap_modify_ext_s) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DCD98)
[Address] EAT @explorer.exe (ldap_modify_ext_sA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DCD98)
[Address] EAT @explorer.exe (ldap_modify_ext_sW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DCC30)
[Address] EAT @explorer.exe (ldap_modify_s) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DC9B4)
[Address] EAT @explorer.exe (ldap_modify_sA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DC9B4)
[Address] EAT @explorer.exe (ldap_modify_sW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DC994)
[Address] EAT @explorer.exe (ldap_modrdn) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E3468)
[Address] EAT @explorer.exe (ldap_modrdn2) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E303C)
[Address] EAT @explorer.exe (ldap_modrdn2A) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E303C)
[Address] EAT @explorer.exe (ldap_modrdn2W) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E2E70)
[Address] EAT @explorer.exe (ldap_modrdn2_s) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E330C)
[Address] EAT @explorer.exe (ldap_modrdn2_sA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E330C)
[Address] EAT @explorer.exe (ldap_modrdn2_sW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E31C4)
[Address] EAT @explorer.exe (ldap_modrdnA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E3468)
[Address] EAT @explorer.exe (ldap_modrdnW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E3454)
[Address] EAT @explorer.exe (ldap_modrdn_s) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E3490)
[Address] EAT @explorer.exe (ldap_modrdn_sA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E3490)
[Address] EAT @explorer.exe (ldap_modrdn_sW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E347C)
[Address] EAT @explorer.exe (ldap_msgfree) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8B2980)
[Address] EAT @explorer.exe (ldap_next_attribute) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D6EA8)
[Address] EAT @explorer.exe (ldap_next_attributeA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D6EA8)
[Address] EAT @explorer.exe (ldap_next_attributeW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8BD3E4)
[Address] EAT @explorer.exe (ldap_next_entry) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8BFBD0)
[Address] EAT @explorer.exe (ldap_next_reference) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E7B28)
[Address] EAT @explorer.exe (ldap_open) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DF124)
[Address] EAT @explorer.exe (ldap_openA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DF124)
[Address] EAT @explorer.exe (ldap_openW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DF114)
[Address] EAT @explorer.exe (ldap_parse_extended_resultA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E2154)
[Address] EAT @explorer.exe (ldap_parse_extended_resultW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E2080)
[Address] EAT @explorer.exe (ldap_parse_page_control) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E0C98)
[Address] EAT @explorer.exe (ldap_parse_page_controlA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E0C98)
[Address] EAT @explorer.exe (ldap_parse_page_controlW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E0BD0)
[Address] EAT @explorer.exe (ldap_parse_reference) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E7D60)
[Address] EAT @explorer.exe (ldap_parse_referenceA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E7D60)
[Address] EAT @explorer.exe (ldap_parse_referenceW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E7CAC)
[Address] EAT @explorer.exe (ldap_parse_result) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E1F80)
[Address] EAT @explorer.exe (ldap_parse_resultA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E1F80)
[Address] EAT @explorer.exe (ldap_parse_resultW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E1E80)
[Address] EAT @explorer.exe (ldap_parse_sort_control) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E66F4)
[Address] EAT @explorer.exe (ldap_parse_sort_controlA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E66F4)
[Address] EAT @explorer.exe (ldap_parse_sort_controlW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E67C0)
[Address] EAT @explorer.exe (ldap_parse_vlv_controlA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E1A14)
[Address] EAT @explorer.exe (ldap_parse_vlv_controlW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E1934)
[Address] EAT @explorer.exe (ldap_perror) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E8090)
[Address] EAT @explorer.exe (ldap_rename_ext) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E35B4)
[Address] EAT @explorer.exe (ldap_rename_extA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E35B4)
[Address] EAT @explorer.exe (ldap_rename_extW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E34A4)
[Address] EAT @explorer.exe (ldap_rename_ext_s) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E39BC)
[Address] EAT @explorer.exe (ldap_rename_ext_sA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E39BC)
[Address] EAT @explorer.exe (ldap_rename_ext_sW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E3844)
[Address] EAT @explorer.exe (ldap_result) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8BD988)
[Address] EAT @explorer.exe (ldap_result2error) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8B8BF0)
[Address] EAT @explorer.exe (ldap_sasl_bindA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E5CB0)
[Address] EAT @explorer.exe (ldap_sasl_bindW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E5EC4)
[Address] EAT @explorer.exe (ldap_sasl_bind_sA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E6004)
[Address] EAT @explorer.exe (ldap_sasl_bind_sW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E6208)
[Address] EAT @explorer.exe (ldap_search) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8BDE04)
[Address] EAT @explorer.exe (ldap_searchA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8BDE04)
[Address] EAT @explorer.exe (ldap_searchW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E4320)
[Address] EAT @explorer.exe (ldap_search_abandon_page) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E0538)
[Address] EAT @explorer.exe (ldap_search_ext) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E46D4)
[Address] EAT @explorer.exe (ldap_search_extA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E46D4)
[Address] EAT @explorer.exe (ldap_search_extW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E45B0)
[Address] EAT @explorer.exe (ldap_search_ext_s) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E48E0)
[Address] EAT @explorer.exe (ldap_search_ext_sA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E48E0)
[Address] EAT @explorer.exe (ldap_search_ext_sW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8B8A10)
[Address] EAT @explorer.exe (ldap_search_init_page) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DF910)
[Address] EAT @explorer.exe (ldap_search_init_pageA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DF910)
[Address] EAT @explorer.exe (ldap_search_init_pageW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DF7F0)
[Address] EAT @explorer.exe (ldap_search_s) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E443C)
[Address] EAT @explorer.exe (ldap_search_sA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E443C)
[Address] EAT @explorer.exe (ldap_search_sW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8BD130)
[Address] EAT @explorer.exe (ldap_search_st) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E4478)
[Address] EAT @explorer.exe (ldap_search_stA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E4478)
[Address] EAT @explorer.exe (ldap_search_stW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8BD16C)
[Address] EAT @explorer.exe (ldap_set_dbg_flags) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E809C)
[Address] EAT @explorer.exe (ldap_set_dbg_routine) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E8090)
[Address] EAT @explorer.exe (ldap_set_option) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DBD1C)
[Address] EAT @explorer.exe (ldap_set_optionA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DBD1C)
[Address] EAT @explorer.exe (ldap_set_optionW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8BBE90)
[Address] EAT @explorer.exe (ldap_simple_bind) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D7FF4)
[Address] EAT @explorer.exe (ldap_simple_bindA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D7FF4)
[Address] EAT @explorer.exe (ldap_simple_bindW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D7D88)
[Address] EAT @explorer.exe (ldap_simple_bind_s) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D8014)
[Address] EAT @explorer.exe (ldap_simple_bind_sA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D8014)
[Address] EAT @explorer.exe (ldap_simple_bind_sW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8D7E54)
[Address] EAT @explorer.exe (ldap_sslinit) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DF1AC)
[Address] EAT @explorer.exe (ldap_sslinitA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DF1AC)
[Address] EAT @explorer.exe (ldap_sslinitW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8BBFA0)
[Address] EAT @explorer.exe (ldap_start_tls_sA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E7A50)
[Address] EAT @explorer.exe (ldap_start_tls_sW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E7A2C)
[Address] EAT @explorer.exe (ldap_startup) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DC034)
[Address] EAT @explorer.exe (ldap_stop_tls_s) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8E7690)
[Address] EAT @explorer.exe (ldap_ufn2dn) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DE240)
[Address] EAT @explorer.exe (ldap_ufn2dnA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DE240)
[Address] EAT @explorer.exe (ldap_ufn2dnW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8DDD90)
[Address] EAT @explorer.exe (ldap_unbind) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8B8294)
[Address] EAT @explorer.exe (ldap_unbind_s) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8BD96C)
[Address] EAT @explorer.exe (ldap_value_free) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8B6620)
[Address] EAT @explorer.exe (ldap_value_freeA) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8B6620)
[Address] EAT @explorer.exe (ldap_value_freeW) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8B6684)
[Address] EAT @explorer.exe (ldap_value_free_len) : NSI.dll -> HOOKED (C:\Windows\system32\WLDAP32.dll @ 0xFC8B6684)
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST500DM002-1BD142 ATA Device +++++
--- User ---
[MBR] cbe9b9ddff38296a08d0683b7081b1e9
[BSP] 50a018ca8b4f7171f27cc63c80751f2e : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_D_05242014_173616.txt >>
RKreport[0]_S_05242014_173151.txt
 
 
DDS LOG
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16545
Run by Bhaloo at 19:27:19 on 2014-05-26
Microsoft Windows 7 Professional   6.1.7600.0.1252.503.3082.18.9198.6659 [GMT -6:00]
.
AV: AVG Internet Security 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\ASGT.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\ASUS\Turbo Key\TurboKey.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Project64 2.1\Project64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [AdobeBridge] <no file>
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Turbo Key] "C:\Program Files\ASUS\Turbo Key\TurboKey.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRunOnce: [pj64emu] <no file>
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AMLDEV~1.LNK - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Enviar a OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xportar a Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
TCP: NameServer = 201.247.155.235 201.247.155.225
TCP: Interfaces\{3E27C402-95BD-41D6-BA10-1EE69865FF65} : DHCPNameServer = 201.247.155.235 201.247.155.225
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [CmPCIaudio] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CMICNFG3.dll,CMICtrlWnd
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 validation.sls.microsoft.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-5-13 191768]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-5-13 323352]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-5-13 130328]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-5-13 31512]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-5-13 152344]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2013-9-26 57144]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-5-13 236312]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-5-13 235800]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-5-13 273176]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-2-14 235520]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-2-14 361984]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-1-3 55936]
R2 ASGT;ASGT;C:\Windows\SysWOW64\ASGT.exe [2012-1-17 55296]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2014-5-19 90112]
R2 avgfws;Firewall de AVG;C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [2014-5-13 1473792]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-5-13 3644432]
R2 avgwd;WatchDog de AVG;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-5-13 292424]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-4-11 1390720]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-4-11 1764992]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-5-19 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-5-19 857912]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2014-5-19 32544]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2014-5-19 46136]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-2-24 126952]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-2-24 389608]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2014-5-19 95248]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-5-19 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-5-19 119512]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-5-19 63192]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-5-18 428136]
R4 IOMap;IOMap;C:\Windows\System32\drivers\IOMap64.sys [2014-5-19 23680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2014-5-19 48416]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2014-5-19 29472]
S3 StorSvc;Servicio de almacenamiento;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2014-5-19 48416]
S3 WatAdminSvc;Servicio de tecnologías de activación de Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-5-25 1255736]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-05-27 01:23:50 -------- d-----w- C:\Users\Bhaloo\AppData\Local\Installer
2014-05-27 01:23:36 -------- d-----w- C:\Program Files (x86)\Project64 2.1
2014-05-25 17:22:40 -------- d-----w- C:\ProgramData\Bohemia Interactive Studio
2014-05-25 13:27:51 -------- d-----w- C:\Windows\SysWow64\wbem\en-US
2014-05-25 13:27:49 -------- d-----w- C:\Windows\System32\wbem\en-US
2014-05-25 13:27:40 -------- d-----w- C:\Windows\SysWow64\Wat
2014-05-25 13:27:40 -------- d-----w- C:\Windows\System32\Wat
2014-05-25 06:35:14 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2014-05-25 06:35:14 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-05-25 06:19:59 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-05-25 06:08:18 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2014-05-25 06:08:18 46080 ----a-w- C:\Windows\System32\atmlib.dll
2014-05-25 06:08:18 367616 ----a-w- C:\Windows\System32\atmfd.dll
2014-05-25 06:08:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2014-05-25 06:08:18 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2014-05-25 06:08:18 100864 ----a-w- C:\Windows\System32\fontsub.dll
2014-05-25 06:01:59 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2014-05-25 06:01:59 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2014-05-25 06:01:59 5120 ----a-w- C:\Windows\System32\wmi.dll
2014-05-25 06:01:59 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2014-05-25 06:01:59 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2014-05-25 05:46:46 142336 ----a-w- C:\Windows\System32\poqexec.exe
2014-05-25 05:46:45 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2014-05-25 05:46:23 3138048 ----a-w- C:\Windows\System32\mstscax.dll
2014-05-25 05:46:23 2691072 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-05-25 05:46:23 158208 ----a-w- C:\Windows\System32\aaclient.dll
2014-05-25 05:46:23 131072 ----a-w- C:\Windows\SysWow64\aaclient.dll
2014-05-25 05:46:22 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2014-05-25 05:46:21 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2014-05-25 05:45:16 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-05-25 05:45:16 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-05-25 05:44:43 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2014-05-25 05:44:42 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2014-05-25 05:44:42 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
2014-05-25 05:44:42 1118720 ----a-w- C:\Windows\System32\sbe.dll
2014-05-25 05:44:41 850432 ----a-w- C:\Windows\SysWow64\sbe.dll
2014-05-25 05:44:41 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2014-05-25 05:44:39 148992 ----a-w- C:\Windows\System32\t2embed.dll
2014-05-25 05:44:39 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2014-05-25 05:42:38 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll
2014-05-25 05:42:38 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll
2014-05-25 05:42:31 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2014-05-25 05:42:31 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2014-05-25 05:42:31 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2014-05-25 05:42:15 395776 ----a-w- C:\Windows\System32\webio.dll
2014-05-25 05:42:15 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2014-05-25 05:41:56 1975296 ----a-w- C:\Windows\System32\CertEnroll.dll
2014-05-25 05:41:55 1320960 ----a-w- C:\Windows\SysWow64\CertEnroll.dll
2014-05-25 05:40:24 2080256 ----a-w- C:\Program Files\Windows Mail\msoe.dll
2014-05-25 05:40:24 1619968 ----a-w- C:\Program Files (x86)\Windows Mail\msoe.dll
2014-05-25 05:40:22 1653096 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2014-05-25 05:38:59 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2014-05-25 05:38:47 2001408 ----a-w- C:\Windows\System32\msxml6.dll
2014-05-25 05:38:46 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2014-05-25 05:38:46 1388544 ----a-w- C:\Windows\SysWow64\msxml6.dll
2014-05-25 05:38:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-05-25 05:38:40 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
2014-05-25 05:38:32 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2014-05-25 05:38:32 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2014-05-25 05:38:32 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll
2014-05-25 05:37:53 -------- d-----w- C:\Users\Bhaloo\AppData\Local\ArmA 2
2014-05-25 05:34:44 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2014-05-25 05:33:18 295792 ----a-w- C:\Windows\System32\drivers\volsnap.sys
2014-05-25 05:32:39 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2014-05-25 05:31:42 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe
2014-05-25 05:31:42 516096 ----a-w- C:\Program Files (x86)\Windows Mail\wab.exe
2014-05-25 05:31:41 35328 ----a-w- C:\Program Files\Windows Mail\wabfind.dll
2014-05-25 05:31:21 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2014-05-25 05:30:31 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2014-05-25 05:29:51 714752 ----a-w- C:\Windows\System32\kerberos.dll
2014-05-25 05:29:50 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-05-25 05:26:06 95744 ----a-w- C:\Windows\System32\synceng.dll
2014-05-25 05:26:05 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2014-05-25 05:25:47 603976 ----a-w- C:\Windows\System32\winload.exe
2014-05-25 05:25:46 640896 ----a-w- C:\Windows\System32\winload.efi
2014-05-25 05:25:46 518160 ----a-w- C:\Windows\System32\winresume.exe
2014-05-25 05:25:45 19328 ----a-w- C:\Windows\System32\kd1394.dll
2014-05-25 05:25:44 556928 ----a-w- C:\Windows\System32\winresume.efi
2014-05-25 05:25:44 20352 ----a-w- C:\Windows\System32\kdusb.dll
2014-05-25 05:25:44 17792 ----a-w- C:\Windows\System32\kdcom.dll
2014-05-25 05:25:20 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2014-05-25 05:25:20 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2014-05-25 05:23:30 46592 ----a-w- C:\Windows\System32\msasn1.dll
2014-05-25 05:23:29 34816 ----a-w- C:\Windows\SysWow64\msasn1.dll
2014-05-25 05:21:59 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2014-05-25 05:20:18 1462784 ----a-w- C:\Windows\System32\crypt32.dll
2014-05-25 05:20:18 1157632 ----a-w- C:\Windows\SysWow64\crypt32.dll
2014-05-25 05:20:17 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
2014-05-25 05:20:17 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2014-05-25 05:20:17 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2014-05-25 05:20:17 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2014-05-25 05:18:49 77312 ----a-w- C:\Windows\System32\packager.dll
2014-05-25 05:18:49 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-05-25 04:51:38 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2014-05-25 04:51:38 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2014-05-25 04:51:38 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2014-05-25 04:51:17 139264 ----a-w- C:\Windows\System32\cabview.dll
2014-05-25 04:51:17 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2014-05-25 04:34:32 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2014-05-25 04:34:26 99840 ----a-w- C:\Windows\System32\wudriver.dll
2014-05-25 04:34:17 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-05-25 04:34:17 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2014-05-25 00:25:07 -------- d-----w- C:\Users\Bhaloo\AppData\Roaming\TS3Client
2014-05-25 00:24:05 -------- d-----w- C:\Program Files\TeamSpeak 3 Client
2014-05-24 23:41:20 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-05-24 22:55:51 -------- d-----w- C:\Users\Bhaloo\AppData\Local\DayZCommander
2014-05-24 22:55:38 -------- d-----w- C:\Program Files (x86)\Dotjosh Studios
2014-05-24 22:45:14 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2014-05-24 22:45:14 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2014-05-24 22:45:14 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2014-05-24 22:45:14 444752 ----a-w- C:\Windows\System32\mscoree.dll
2014-05-24 22:45:14 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2014-05-24 22:45:14 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2014-05-24 22:45:14 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2014-05-24 22:45:14 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2014-05-24 22:45:14 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2014-05-24 22:45:14 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2014-05-24 22:22:58 -------- d-----w- C:\Users\Bhaloo\AppData\Local\ArmA 2 OA
2014-05-23 02:26:12 -------- d-----w- C:\Users\Bhaloo\AppData\Local\Skype
2014-05-23 02:26:02 -------- d-----r- C:\Program Files (x86)\Skype
2014-05-23 01:37:56 -------- d-----w- C:\Users\Bhaloo\AppData\Local\Blizzard
2014-05-23 01:06:14 -------- d-----w- C:\Program Files (x86)\Hearthstone
2014-05-23 01:05:17 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-23 01:05:17 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-23 00:58:35 -------- d-----w- C:\Users\Bhaloo\AppData\Local\Blizzard Entertainment
2014-05-23 00:58:28 -------- d-----w- C:\Users\Bhaloo\AppData\Roaming\Battle.net
2014-05-23 00:58:28 -------- d-----w- C:\Users\Bhaloo\AppData\Local\Battle.net
2014-05-23 00:58:22 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2014-05-23 00:58:22 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2014-05-23 00:58:22 -------- d-----w- C:\Program Files (x86)\Battle.net
2014-05-23 00:53:49 -------- d-----w- C:\ProgramData\Battle.net
2014-05-22 12:47:28 -------- d-----w- C:\Users\Bhaloo\AppData\Roaming\LolClient
2014-05-22 02:35:28 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2014-05-22 02:35:27 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2014-05-22 02:35:24 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2014-05-22 02:35:05 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2014-05-22 02:35:03 -------- d-----w- C:\Riot Games
2014-05-22 02:33:13 -------- d-----w- C:\Users\Bhaloo\AppData\Local\PMB Files
2014-05-22 02:33:11 -------- d-----w- C:\ProgramData\PMB Files
2014-05-22 02:33:07 -------- d-----w- C:\Program Files (x86)\Pando Networks
2014-05-22 02:32:40 -------- d-----w- C:\Users\Bhaloo\AppData\Roaming\Riot Games
2014-05-22 02:31:59 -------- d-----w- C:\ProgramData\PopCap Games
2014-05-22 02:31:53 -------- d-----w- C:\ProgramData\EA Core
2014-05-22 02:31:47 -------- d-----w- C:\ProgramData\EA Logs
2014-05-20 13:44:36 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins
2014-05-20 13:44:04 281872 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-05-20 13:44:04 281872 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-05-20 13:44:03 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2014-05-20 13:43:16 -------- d-----w- C:\ProgramData\Package Cache
2014-05-20 13:25:13 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
2014-05-20 13:12:56 -------- d-----w- C:\Program Files (x86)\Origin Games
2014-05-20 13:12:37 -------- d-----w- C:\Users\Bhaloo\AppData\Roaming\Origin
2014-05-20 13:12:35 -------- d-----w- C:\Users\Bhaloo\AppData\Local\Origin
2014-05-20 13:08:52 -------- d-----w- C:\ProgramData\Origin
2014-05-20 13:08:51 -------- d-----w- C:\ProgramData\Electronic Arts
2014-05-20 13:08:50 -------- d-----w- C:\Program Files (x86)\Origin
2014-05-20 10:25:18 24920 ----a-w- C:\Windows\System32\X3DAudio1_7.dll
2014-05-20 10:24:59 4910088 ----a-w- C:\Windows\System32\D3DX9_37.dll
2014-05-20 10:22:55 -------- d-----w- C:\Users\Bhaloo\AppData\Local\Ubisoft Game Launcher
2014-05-20 04:04:49 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-05-20 04:04:34 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-20 04:04:34 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-05-20 04:04:34 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-05-20 04:04:34 -------- d-----w- C:\ProgramData\Malwarebytes
2014-05-20 04:04:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-20 04:04:21 -------- d-----w- C:\Users\Bhaloo\AppData\Local\Programs
2014-05-20 04:02:24 -------- d-----w- C:\Users\Bhaloo\AppData\Roaming\AVG2014
2014-05-20 04:01:34 -------- d-----w- C:\Users\Bhaloo\AppData\Roaming\TuneUp Software
2014-05-20 04:01:17 -------- d--h--w- C:\$AVG
2014-05-20 04:01:17 -------- d-----w- C:\ProgramData\AVG2014
2014-05-20 04:00:48 -------- d-----w- C:\Program Files (x86)\AVG
2014-05-20 03:55:15 10651704 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8D28ED29-12DB-4285-8555-474060D7BAF0}\mpengine.dll
2014-05-20 03:55:14 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-05-20 03:51:42 -------- d--h--w- C:\ProgramData\Common Files
2014-05-20 03:51:42 -------- d-----w- C:\Users\Bhaloo\AppData\Local\MFAData
2014-05-20 03:51:42 -------- d-----w- C:\Users\Bhaloo\AppData\Local\Avg2014
2014-05-20 03:51:42 -------- d-----w- C:\ProgramData\MFAData
2014-05-20 03:48:57 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2014-05-20 03:48:56 -------- d-----w- C:\Program Files (x86)\Steam
2014-05-20 03:42:30 -------- d-----w- C:\Users\Bhaloo\AppData\Local\Google
2014-05-20 03:41:57 -------- d-----w- C:\Users\Bhaloo\AppData\Local\Deployment
2014-05-20 03:41:57 -------- d-----w- C:\Users\Bhaloo\AppData\Local\Apps
2014-05-20 03:40:16 -------- d-----w- C:\Users\Bhaloo\AppData\Local\Diagnostics
2014-05-20 03:38:09 -------- d-----w- C:\Users\Bhaloo\AppData\Local\AMD
2014-05-20 03:37:58 -------- d-----w- C:\Users\Bhaloo\AppData\Local\ATI
2014-05-20 03:36:35 -------- d-----w- C:\ProgramData\ASUS OC Profiles
2014-05-20 03:35:53 23680 ----a-w- C:\Windows\System32\drivers\IOMap64.sys
2014-05-20 03:35:26 0 ----a-w- C:\Windows\ativpsrm.bin
2014-05-20 03:34:05 389120 ----a-r- C:\Windows\System32\CMICNFG3.cpl
2014-05-20 03:34:05 200704 ----a-r- C:\Windows\SysWow64\CMPaOxy.dll
2014-05-20 03:34:05 143360 ----a-r- C:\Windows\SysWow64\VmixP6.dll
2014-05-20 03:33:59 8151040 ----a-r- C:\Windows\SysWow64\CMICNFG3.dll
2014-05-20 03:33:56 787456 ----a-r- C:\Windows\System32\Cmeaupci.exe
2014-05-20 03:33:42 1155072 ----a-w- C:\Windows\System32\drivers\cmudax3.sys
2014-05-20 03:33:41 36864 ----a-w- C:\Windows\System32\cmudax3.dll
2014-05-20 03:33:40 359424 ----a-r- C:\Windows\System32\CmiInstallResAll64.dll
2014-05-20 03:33:37 524768 ----a-r- C:\Windows\difxapi.dll
2014-05-20 03:32:42 -------- d-----w- C:\Windows\Downloaded Installations
2014-05-20 03:32:04 -------- d-----w- C:\Program Files (x86)\My Company Name
2014-05-20 03:31:55 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2014-05-20 03:31:55 -------- d-----w- C:\Program Files (x86)\AMD AVT
2014-05-20 03:31:51 -------- d-----w- C:\Program Files (x86)\AMD APP
2014-05-20 03:31:34 -------- d-----w- C:\ProgramData\AMD
2014-05-20 03:31:33 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys
2014-05-20 03:31:29 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2014-05-20 03:31:22 95248 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
2014-05-20 03:31:02 58880 ----a-w- C:\Windows\System32\coinst.dll
2014-05-20 03:31:02 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2014-05-20 03:30:42 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2014-05-20 03:30:04 -------- d-----w- C:\Program Files\ATI Technologies
2014-05-20 03:28:07 -------- d-----w- C:\Program Files\ASUS
2014-05-20 03:26:35 48416 ----a-r- C:\Windows\System32\drivers\RtTeam60.sys
2014-05-20 03:26:32 29472 ----a-r- C:\Windows\System32\drivers\RtVlan60.sys
2014-05-20 03:26:26 32544 ----a-r- C:\Windows\System32\drivers\RtNdPt60.sys
2014-05-20 03:25:43 11832 ----a-w- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
2014-05-20 03:25:43 10216 ----a-w- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
2014-05-20 03:25:34 24576 ----a-r- C:\Windows\SysWow64\AsIO.dll
2014-05-20 03:25:34 13440 ----a-r- C:\Windows\SysWow64\drivers\AsIO.sys
2014-05-20 03:25:27 -------- d-----w- C:\Program Files (x86)\ASUS
2014-05-20 03:25:12 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2014-05-20 03:25:12 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2014-05-20 03:25:12 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2014-05-20 03:25:12 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2014-05-19 03:17:34 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2014-05-19 03:06:43 -------- d-----w- C:\ProgramData\ALM
2014-05-19 03:02:36 -------- d-----w- C:\Users\Bhaloo\Adobe Flash Builder 4.6
2014-05-19 02:43:53 -------- d-----w- C:\Users\Bhaloo\AppData\Local\Adobe
2014-05-19 02:13:04 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2014-05-19 02:12:50 -------- d-----w- C:\Windows\PCHEALTH
2014-05-19 02:12:50 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2014-05-19 02:11:59 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2014-05-19 02:11:33 -------- d-----w- C:\Program Files\Microsoft Analysis Services
2014-05-19 02:11:33 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2014-05-19 02:11:03 -------- d-----w- C:\Users\Bhaloo\AppData\Local\Microsoft Help
2014-05-19 01:55:44 -------- d-----w- C:\Program Files (x86)\VideoLAN
2014-05-19 01:25:47 -------- d-----w- C:\Program Files (x86)\ASM104xUSB3
2014-05-19 01:23:59 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2014-05-19 01:23:59 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2014-05-19 01:23:53 16440 ----a-w- C:\Windows\System32\drivers\AtiPcie.sys
2014-05-19 01:23:51 -------- d-----w- C:\Program Files\ATI
2014-05-19 01:23:36 -------- d-sh--w- C:\Windows\Installer
2014-05-19 00:35:40 -------- d-sh--we C:\Archivos de programa
2014-05-19 00:35:40 -------- d-sh--w- C:\Recovery
2014-05-18 18:04:59 -------- d-----w- C:\Windows\Panther
2014-05-18 17:49:42 -------- d-----w- C:\Windows.old
2014-05-13 20:20:26 235800 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2014-05-13 20:20:06 273176 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2014-05-13 20:06:06 323352 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2014-05-13 20:05:40 191768 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2014-05-13 20:05:08 152344 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
2014-05-13 20:05:06 130328 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2014-05-13 20:04:56 236312 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2014-05-13 20:04:30 31512 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
.
==================== Find3M  ====================
.
2014-05-25 21:20:55 14848 ----a-w- C:\Windows\System32\slwga.dll
2014-05-25 21:20:55 13824 ----a-w- C:\Windows\SysWow64\slwga.dll
2014-05-25 21:20:54 833024 ----a-w- C:\Windows\SysWow64\user32.dll
2014-05-25 21:20:54 419840 ----a-w- C:\Windows\System32\systemcpl.dll
2014-05-25 21:20:54 1008640 ----a-w- C:\Windows\System32\user32.dll
2014-05-25 06:19:59 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
.
============= FINISH: 19:27:54.17 ===============
 

 



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:02 PM

Posted 28 May 2014 - 03:44 AM

Due to the evidence of running a pirated windows version, this topic is locked.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users