Link to home
Start Free TrialLog in
Avatar of Jason Johanknecht
Jason JohanknechtFlag for United States of America

asked on

Roguekiller results - EAT @ explorer.exe

Need help determining how to resolve these results:

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jim [Admin rights]
Mode : Scan -- Date : 04/08/2014 09:54:29
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] AdwCleaner.exe -- C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INA1A4ZP\AdwCleaner.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
[Address] EAT @explorer.exe (AppCacheCheckManifest) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF5D538)
[Address] EAT @explorer.exe (AppCacheCloseHandle) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF5A468)
[Address] EAT @explorer.exe (AppCacheDeleteGroup) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0814C0)
[Address] EAT @explorer.exe (AppCacheDeleteIEGroup) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE081518)
[Address] EAT @explorer.exe (AppCacheDuplicateHandle) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF5A54C)
[Address] EAT @explorer.exe (AppCacheFinalize) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE081570)
[Address] EAT @explorer.exe (AppCacheFreeDownloadList) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0815C8)
[Address] EAT @explorer.exe (AppCacheFreeGroupList) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFC4EC8)
[Address] EAT @explorer.exe (AppCacheFreeIESpace) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF88790)
[Address] EAT @explorer.exe (AppCacheFreeSpace) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0816AC)
[Address] EAT @explorer.exe (AppCacheGetDownloadList) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE081704)
[Address] EAT @explorer.exe (AppCacheGetFallbackUrl) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE08175C)
[Address] EAT @explorer.exe (AppCacheGetGroupList) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFC4EA4)
[Address] EAT @explorer.exe (AppCacheGetIEGroupList) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0817B4)
[Address] EAT @explorer.exe (AppCacheGetInfo) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE08180C)
[Address] EAT @explorer.exe (AppCacheGetManifestUrl) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF5BDC0)
[Address] EAT @explorer.exe (AppCacheLookup) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF75908)
[Address] EAT @explorer.exe (CommitUrlCacheEntryA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF661DC)
[Address] EAT @explorer.exe (CommitUrlCacheEntryBinaryBlob) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF1C0A4)
[Address] EAT @explorer.exe (CommitUrlCacheEntryW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF220D0)
[Address] EAT @explorer.exe (CreateMD5SSOHash) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE058AD8)
[Address] EAT @explorer.exe (CreateUrlCacheContainerA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF83A38)
[Address] EAT @explorer.exe (CreateUrlCacheContainerW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF838E8)
[Address] EAT @explorer.exe (CreateUrlCacheEntryA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF65F10)
[Address] EAT @explorer.exe (CreateUrlCacheEntryExW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFC6C40)
[Address] EAT @explorer.exe (CreateUrlCacheEntryW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFC6C1C)
[Address] EAT @explorer.exe (CreateUrlCacheGroup) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE08272C)
[Address] EAT @explorer.exe (DeleteIE3Cache) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE086C74)
[Address] EAT @explorer.exe (DeleteUrlCacheContainerA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF88DD4)
[Address] EAT @explorer.exe (DeleteUrlCacheContainerW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF79730)
[Address] EAT @explorer.exe (DeleteUrlCacheEntry) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF8BF40)
[Address] EAT @explorer.exe (DeleteUrlCacheEntryA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF8BF40)
[Address] EAT @explorer.exe (DeleteUrlCacheEntryW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF8A3A0)
[Address] EAT @explorer.exe (DeleteUrlCacheGroup) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE08282C)
[Address] EAT @explorer.exe (DeleteWpadCacheForNetworks) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE03FB88)
[Address] EAT @explorer.exe (DetectAutoProxyUrl) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE03FFB0)
[Address] EAT @explorer.exe (DispatchAPICall) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF014E0)
[Address] EAT @explorer.exe (DllCanUnloadNow) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF7DEE0)
[Address] EAT @explorer.exe (DllGetClassObject) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF175E0)
[Address] EAT @explorer.exe (DllInstall) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFBC750)
[Address] EAT @explorer.exe (DllRegisterServer) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE022700)
[Address] EAT @explorer.exe (DllUnregisterServer) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE022740)
[Address] EAT @explorer.exe (FindCloseUrlCache) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF0550C)
[Address] EAT @explorer.exe (FindFirstUrlCacheContainerA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF219BC)
[Address] EAT @explorer.exe (FindFirstUrlCacheContainerW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF0E8B8)
[Address] EAT @explorer.exe (FindFirstUrlCacheEntryA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF7C800)
[Address] EAT @explorer.exe (FindFirstUrlCacheEntryExA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF06478)
[Address] EAT @explorer.exe (FindFirstUrlCacheEntryExW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF18B60)
[Address] EAT @explorer.exe (FindFirstUrlCacheEntryW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF83010)
[Address] EAT @explorer.exe (FindFirstUrlCacheGroup) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE082924)
[Address] EAT @explorer.exe (FindNextUrlCacheContainerA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF21E20)
[Address] EAT @explorer.exe (FindNextUrlCacheContainerW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF0EB4C)
[Address] EAT @explorer.exe (FindNextUrlCacheEntryA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF7C984)
[Address] EAT @explorer.exe (FindNextUrlCacheEntryExA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE082A6C)
[Address] EAT @explorer.exe (FindNextUrlCacheEntryExW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE082C3C)
[Address] EAT @explorer.exe (FindNextUrlCacheEntryW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF187E0)
[Address] EAT @explorer.exe (FindNextUrlCacheGroup) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE082E0C)
[Address] EAT @explorer.exe (ForceNexusLookup) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE058CE4)
[Address] EAT @explorer.exe (ForceNexusLookupExW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE058D34)
[Address] EAT @explorer.exe (FreeUrlCacheSpaceA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE082F28)
[Address] EAT @explorer.exe (FreeUrlCacheSpaceW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF87AD8)
[Address] EAT @explorer.exe (FtpCommandA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE02D2B4)
[Address] EAT @explorer.exe (FtpCommandW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE030DE0)
[Address] EAT @explorer.exe (FtpCreateDirectoryA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE02D398)
[Address] EAT @explorer.exe (FtpCreateDirectoryW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE030F7C)
[Address] EAT @explorer.exe (FtpDeleteFileA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE02D438)
[Address] EAT @explorer.exe (FtpDeleteFileW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0310E4)
[Address] EAT @explorer.exe (FtpFindFirstFileA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE02D4D8)
[Address] EAT @explorer.exe (FtpFindFirstFileW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE03124C)
[Address] EAT @explorer.exe (FtpGetCurrentDirectoryA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE02D744)
[Address] EAT @explorer.exe (FtpGetCurrentDirectoryW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE031424)
[Address] EAT @explorer.exe (FtpGetFileA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE02D804)
[Address] EAT @explorer.exe (FtpGetFileEx) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0315AC)
[Address] EAT @explorer.exe (FtpGetFileSize) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE02DA28)
[Address] EAT @explorer.exe (FtpGetFileW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE031740)
[Address] EAT @explorer.exe (FtpOpenFileA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE02DCB8)
[Address] EAT @explorer.exe (FtpOpenFileW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE031844)
[Address] EAT @explorer.exe (FtpPutFileA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE02DD98)
[Address] EAT @explorer.exe (FtpPutFileEx) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0318D4)
[Address] EAT @explorer.exe (FtpPutFileW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE031A38)
[Address] EAT @explorer.exe (FtpRemoveDirectoryA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE02E118)
[Address] EAT @explorer.exe (FtpRemoveDirectoryW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE031B0C)
[Address] EAT @explorer.exe (FtpRenameFileA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE02E1B8)
[Address] EAT @explorer.exe (FtpRenameFileW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE031C68)
[Address] EAT @explorer.exe (FtpSetCurrentDirectoryA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE02E26C)
[Address] EAT @explorer.exe (FtpSetCurrentDirectoryW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE031E88)
[Address] EAT @explorer.exe (GetProxyDllInfo) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE018668)
[Address] EAT @explorer.exe (GetUrlCacheConfigInfoA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE083148)
[Address] EAT @explorer.exe (GetUrlCacheConfigInfoW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF87614)
[Address] EAT @explorer.exe (GetUrlCacheEntryBinaryBlob) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF7B780)
[Address] EAT @explorer.exe (GetUrlCacheEntryInfoA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0833E4)
[Address] EAT @explorer.exe (GetUrlCacheEntryInfoExA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE08359C)
[Address] EAT @explorer.exe (GetUrlCacheEntryInfoExW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF6AD80)
[Address] EAT @explorer.exe (GetUrlCacheEntryInfoW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF69EE0)
[Address] EAT @explorer.exe (GetUrlCacheGroupAttributeA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0837E4)
[Address] EAT @explorer.exe (GetUrlCacheGroupAttributeW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE083A4C)
[Address] EAT @explorer.exe (GetUrlCacheHeaderData) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF33800)
[Address] EAT @explorer.exe (GopherCreateLocatorA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE039D50)
[Address] EAT @explorer.exe (GopherCreateLocatorW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE039D50)
[Address] EAT @explorer.exe (GopherFindFirstFileA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE039D50)
[Address] EAT @explorer.exe (GopherFindFirstFileW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE039D50)
[Address] EAT @explorer.exe (GopherGetAttributeA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE039D50)
[Address] EAT @explorer.exe (GopherGetAttributeW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE039D50)
[Address] EAT @explorer.exe (GopherGetLocatorTypeA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE039D50)
[Address] EAT @explorer.exe (GopherGetLocatorTypeW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE039D50)
[Address] EAT @explorer.exe (GopherOpenFileA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE039D50)
[Address] EAT @explorer.exe (GopherOpenFileW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE039D50)
[Address] EAT @explorer.exe (HttpAddRequestHeadersA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF2CA20)
[Address] EAT @explorer.exe (HttpAddRequestHeadersW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF32B80)
[Address] EAT @explorer.exe (HttpCheckDavCompliance) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0449A4)
[Address] EAT @explorer.exe (HttpCloseDependencyHandle) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF6BF60)
[Address] EAT @explorer.exe (HttpDuplicateDependencyHandle) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF6C0C0)
[Address] EAT @explorer.exe (HttpEndRequestA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF65910)
[Address] EAT @explorer.exe (HttpEndRequestW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE045050)
[Address] EAT @explorer.exe (HttpGetServerCredentials) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE05CF34)
[Address] EAT @explorer.exe (HttpGetTunnelSocket) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE027540)
[Address] EAT @explorer.exe (HttpOpenDependencyHandle) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF762DC)
[Address] EAT @explorer.exe (HttpOpenRequestA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0456A8)
[Address] EAT @explorer.exe (HttpOpenRequestW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF2AD40)
[Address] EAT @explorer.exe (HttpPushClose) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE028228)
[Address] EAT @explorer.exe (HttpPushEnable) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0282D8)
[Address] EAT @explorer.exe (HttpPushWait) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE028330)
[Address] EAT @explorer.exe (HttpQueryInfoA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF2FA10)
[Address] EAT @explorer.exe (HttpQueryInfoW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF3F5F0)
[Address] EAT @explorer.exe (HttpSendRequestA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFC2454)
[Address] EAT @explorer.exe (HttpSendRequestExA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE045150)
[Address] EAT @explorer.exe (HttpSendRequestExW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF656EC)
[Address] EAT @explorer.exe (HttpSendRequestW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF329DC)
[Address] EAT @explorer.exe (HttpWebSocketClose) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0557A8)
[Address] EAT @explorer.exe (HttpWebSocketCompleteUpgrade) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE055D40)
[Address] EAT @explorer.exe (HttpWebSocketQueryCloseStatus) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0558F0)
[Address] EAT @explorer.exe (HttpWebSocketReceive) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0561E0)
[Address] EAT @explorer.exe (HttpWebSocketSend) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE056720)
[Address] EAT @explorer.exe (HttpWebSocketShutdown) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0569E0)
[Address] EAT @explorer.exe (IncrementUrlCacheHeaderData) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF50718)
[Address] EAT @explorer.exe (InternetAlgIdToStringA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE061CFC)
[Address] EAT @explorer.exe (InternetAlgIdToStringW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE061EE0)
[Address] EAT @explorer.exe (InternetAttemptConnect) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01C564)
[Address] EAT @explorer.exe (InternetAutodial) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0217DC)
[Address] EAT @explorer.exe (InternetAutodialCallback) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE018E94)
[Address] EAT @explorer.exe (InternetAutodialHangup) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE021874)
[Address] EAT @explorer.exe (InternetCanonicalizeUrlA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01C5CC)
[Address] EAT @explorer.exe (InternetCanonicalizeUrlW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01D9F0)
[Address] EAT @explorer.exe (InternetCheckConnectionA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01C6D8)
[Address] EAT @explorer.exe (InternetCheckConnectionW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01DB00)
[Address] EAT @explorer.exe (InternetClearAllPerSiteCookieDecisions) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE046138)
[Address] EAT @explorer.exe (InternetCloseHandle) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF28570)
[Address] EAT @explorer.exe (InternetCombineUrlA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01CBA0)
[Address] EAT @explorer.exe (InternetCombineUrlW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF24F18)
[Address] EAT @explorer.exe (InternetConfirmZoneCrossing) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE062CAC)
[Address] EAT @explorer.exe (InternetConfirmZoneCrossingA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE062CAC)
[Address] EAT @explorer.exe (InternetConfirmZoneCrossingW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFBF440)
[Address] EAT @explorer.exe (InternetConnectA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01CCB8)
[Address] EAT @explorer.exe (InternetConnectW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF315C0)
[Address] EAT @explorer.exe (InternetCrackUrlA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF4C530)
[Address] EAT @explorer.exe (InternetCrackUrlW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF82020)
[Address] EAT @explorer.exe (InternetCreateUrlA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01CDE4)
[Address] EAT @explorer.exe (InternetCreateUrlW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF249F0)
[Address] EAT @explorer.exe (InternetDial) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE021904)
[Address] EAT @explorer.exe (InternetDialA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE021904)
[Address] EAT @explorer.exe (InternetDialW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0219B0)
[Address] EAT @explorer.exe (InternetEnumPerSiteCookieDecisionA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE046150)
[Address] EAT @explorer.exe (InternetEnumPerSiteCookieDecisionW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0461B8)
[Address] EAT @explorer.exe (InternetErrorDlg) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE062D64)
[Address] EAT @explorer.exe (InternetFindNextFileA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE03073C)
[Address] EAT @explorer.exe (InternetFindNextFileW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE032AAC)
[Address] EAT @explorer.exe (InternetFortezzaCommand) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE028388)
[Address] EAT @explorer.exe (InternetFreeCookies) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF614C4)
[Address] EAT @explorer.exe (InternetFreeProxyInfoList) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF9323C)
[Address] EAT @explorer.exe (InternetGetCertByURL) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF02198)
[Address] EAT @explorer.exe (InternetGetCertByURLA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF02198)
[Address] EAT @explorer.exe (InternetGetConnectedState) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF2416C)
[Address] EAT @explorer.exe (InternetGetConnectedStateEx) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFC5BF4)
[Address] EAT @explorer.exe (InternetGetConnectedStateExA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFC5BF4)
[Address] EAT @explorer.exe (InternetGetConnectedStateExW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF41510)
[Address] EAT @explorer.exe (InternetGetCookieA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE047490)
[Address] EAT @explorer.exe (InternetGetCookieEx2) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF61494)
[Address] EAT @explorer.exe (InternetGetCookieExA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0474B4)
[Address] EAT @explorer.exe (InternetGetCookieExW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF614DC)
[Address] EAT @explorer.exe (InternetGetCookieW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0477B8)
[Address] EAT @explorer.exe (InternetGetLastResponseInfoA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01CE80)
[Address] EAT @explorer.exe (InternetGetLastResponseInfoW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01DBF4)
[Address] EAT @explorer.exe (InternetGetPerSiteCookieDecisionA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE04629C)
[Address] EAT @explorer.exe (InternetGetPerSiteCookieDecisionW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0462EC)
[Address] EAT @explorer.exe (InternetGetProxyForUrl) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF92F8C)
[Address] EAT @explorer.exe (InternetGetSecurityInfoByURL) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01D020)
[Address] EAT @explorer.exe (InternetGetSecurityInfoByURLA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01D020)
[Address] EAT @explorer.exe (InternetGetSecurityInfoByURLW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01DDB0)
[Address] EAT @explorer.exe (InternetGoOnline) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE021A5C)
[Address] EAT @explorer.exe (InternetGoOnlineA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE021A5C)
[Address] EAT @explorer.exe (InternetGoOnlineW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE021AF4)
[Address] EAT @explorer.exe (InternetHangUp) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE021B8C)
[Address] EAT @explorer.exe (InternetInitializeAutoProxyDll) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF1A270)
[Address] EAT @explorer.exe (InternetLockRequestFile) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF6BB30)
[Address] EAT @explorer.exe (InternetOpenA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF44940)
[Address] EAT @explorer.exe (InternetOpenUrlA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01D138)
[Address] EAT @explorer.exe (InternetOpenUrlW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01DEAC)
[Address] EAT @explorer.exe (InternetOpenW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF447B0)
[Address] EAT @explorer.exe (InternetQueryDataAvailable) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF207E0)
[Address] EAT @explorer.exe (InternetQueryFortezzaStatus) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0283E8)
[Address] EAT @explorer.exe (InternetQueryOptionA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF270B0)
[Address] EAT @explorer.exe (InternetQueryOptionW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF27660)
[Address] EAT @explorer.exe (InternetReadFile) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF40440)
[Address] EAT @explorer.exe (InternetReadFileExA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF76FE0)
[Address] EAT @explorer.exe (InternetReadFileExW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF76F48)
[Address] EAT @explorer.exe (InternetSecurityProtocolToStringA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0620B8)
[Address] EAT @explorer.exe (InternetSecurityProtocolToStringW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE062228)
[Address] EAT @explorer.exe (InternetSetCookieA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0477D8)
[Address] EAT @explorer.exe (InternetSetCookieEx2) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE047800)
[Address] EAT @explorer.exe (InternetSetCookieExA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE047860)
[Address] EAT @explorer.exe (InternetSetCookieExW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF4BFD0)
[Address] EAT @explorer.exe (InternetSetCookieW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE047904)
[Address] EAT @explorer.exe (InternetSetDialState) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE021C0C)
[Address] EAT @explorer.exe (InternetSetDialStateA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE021C0C)
[Address] EAT @explorer.exe (InternetSetDialStateW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE021C64)
[Address] EAT @explorer.exe (InternetSetFilePointer) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFC707C)
[Address] EAT @explorer.exe (InternetSetOptionA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF26020)
[Address] EAT @explorer.exe (InternetSetOptionExA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01E4C0)
[Address] EAT @explorer.exe (InternetSetOptionExW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01E5B4)
[Address] EAT @explorer.exe (InternetSetOptionW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF264E0)
[Address] EAT @explorer.exe (InternetSetPerSiteCookieDecisionA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE046384)
[Address] EAT @explorer.exe (InternetSetPerSiteCookieDecisionW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE04641C)
[Address] EAT @explorer.exe (InternetSetStatusCallback) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF46708)
[Address] EAT @explorer.exe (InternetSetStatusCallbackA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF46708)
[Address] EAT @explorer.exe (InternetSetStatusCallbackW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF8BBBC)
[Address] EAT @explorer.exe (InternetShowSecurityInfoByURL) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01D1CC)
[Address] EAT @explorer.exe (InternetShowSecurityInfoByURLA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01D1CC)
[Address] EAT @explorer.exe (InternetShowSecurityInfoByURLW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01E058)
[Address] EAT @explorer.exe (InternetTimeFromSystemTime) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF77AB0)
[Address] EAT @explorer.exe (InternetTimeFromSystemTimeA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF77AB0)
[Address] EAT @explorer.exe (InternetTimeFromSystemTimeW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFDD138)
[Address] EAT @explorer.exe (InternetTimeToSystemTime) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFC2FD0)
[Address] EAT @explorer.exe (InternetTimeToSystemTimeA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFC2FD0)
[Address] EAT @explorer.exe (InternetTimeToSystemTimeW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFC2F00)
[Address] EAT @explorer.exe (InternetUnlockRequestFile) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF6B8A4)
[Address] EAT @explorer.exe (InternetWriteFile) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF659B0)
[Address] EAT @explorer.exe (InternetWriteFileExA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE039D50)
[Address] EAT @explorer.exe (InternetWriteFileExW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE039D50)
[Address] EAT @explorer.exe (IsHostInProxyBypassList) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF4A0C4)
[Address] EAT @explorer.exe (IsUrlCacheEntryExpiredA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE083C80)
[Address] EAT @explorer.exe (IsUrlCacheEntryExpiredW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFC6E24)
[Address] EAT @explorer.exe (LoadUrlCacheContent) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE039D50)
[Address] EAT @explorer.exe (ParseX509EncodedCertificateForListBoxEntry) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE062398)
[Address] EAT @explorer.exe (PrivacyGetZonePreferenceW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF4D63C)
[Address] EAT @explorer.exe (PrivacySetZonePreferenceW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFBC9D4)
[Address] EAT @explorer.exe (ReadUrlCacheEntryStream) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF64950)
[Address] EAT @explorer.exe (ReadUrlCacheEntryStreamEx) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE083DD0)
[Address] EAT @explorer.exe (RegisterUrlCacheNotification) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF02A00)
[Address] EAT @explorer.exe (ResumeSuspendedDownload) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE020CEC)
[Address] EAT @explorer.exe (RetrieveUrlCacheEntryFileA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE083EE0)
[Address] EAT @explorer.exe (RetrieveUrlCacheEntryFileW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0840BC)
[Address] EAT @explorer.exe (RetrieveUrlCacheEntryStreamA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE084294)
[Address] EAT @explorer.exe (RetrieveUrlCacheEntryStreamW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFC5A10)
[Address] EAT @explorer.exe (RunOnceUrlCache) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF02198)
[Address] EAT @explorer.exe (SetUrlCacheConfigInfoA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE084498)
[Address] EAT @explorer.exe (SetUrlCacheConfigInfoW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0845CC)
[Address] EAT @explorer.exe (SetUrlCacheEntryGroup) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0846CC)
[Address] EAT @explorer.exe (SetUrlCacheEntryGroupA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0846CC)
[Address] EAT @explorer.exe (SetUrlCacheEntryGroupW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF48BE0)
[Address] EAT @explorer.exe (SetUrlCacheEntryInfoA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF59188)
[Address] EAT @explorer.exe (SetUrlCacheEntryInfoW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE084898)
[Address] EAT @explorer.exe (SetUrlCacheGroupAttributeA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE084A54)
[Address] EAT @explorer.exe (SetUrlCacheGroupAttributeW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE084C44)
[Address] EAT @explorer.exe (SetUrlCacheHeaderData) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE084E04)
[Address] EAT @explorer.exe (ShowCertificate) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE062398)
[Address] EAT @explorer.exe (ShowClientAuthCerts) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE062398)
[Address] EAT @explorer.exe (ShowSecurityInfo) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0623B8)
[Address] EAT @explorer.exe (ShowX509EncodedCertificate) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE062550)
[Address] EAT @explorer.exe (UnlockUrlCacheEntryFile) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE084F24)
[Address] EAT @explorer.exe (UnlockUrlCacheEntryFileA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE084F24)
[Address] EAT @explorer.exe (UnlockUrlCacheEntryFileW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE08505C)
[Address] EAT @explorer.exe (UnlockUrlCacheEntryStream) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF8FBF0)
[Address] EAT @explorer.exe (UpdateUrlCacheContentPath) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE08519C)
[Address] EAT @explorer.exe (UrlCacheCheckEntriesExist) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0852BC)
[Address] EAT @explorer.exe (UrlCacheCloseEntryHandle) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE085314)
[Address] EAT @explorer.exe (UrlCacheContainerSetEntryMaximumAge) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE085360)
[Address] EAT @explorer.exe (UrlCacheCreateContainer) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF0EC4C)
[Address] EAT @explorer.exe (UrlCacheFindFirstEntry) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF88B38)
[Address] EAT @explorer.exe (UrlCacheFindNextEntry) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFC84B0)
[Address] EAT @explorer.exe (UrlCacheFreeEntryInfo) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF90C38)
[Address] EAT @explorer.exe (UrlCacheGetContentPaths) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0853B8)
[Address] EAT @explorer.exe (UrlCacheGetEntryInfo) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF7C5D8)
[Address] EAT @explorer.exe (UrlCacheGetGlobalLimit) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE085410)
[Address] EAT @explorer.exe (UrlCacheReadEntryStream) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE085468)
[Address] EAT @explorer.exe (UrlCacheReloadSettings) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0854C8)
[Address] EAT @explorer.exe (UrlCacheRetrieveEntryFile) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE085520)
[Address] EAT @explorer.exe (UrlCacheRetrieveEntryStream) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE085578)
[Address] EAT @explorer.exe (UrlCacheSetGlobalLimit) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0855D8)
[Address] EAT @explorer.exe (UrlCacheUpdateEntryExtraData) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF730B8)
[Address] EAT @explorer.exe (UrlZonesDetach) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE05D240)
[Address] EAT @explorer.exe (WlanAllocateMemory) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4858AC8)
[Address] EAT @explorer.exe (WlanCloseHandle) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF48538A0)
[Address] EAT @explorer.exe (WlanConnect) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4855558)
[Address] EAT @explorer.exe (WlanDeleteProfile) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4856D10)
[Address] EAT @explorer.exe (WlanDisconnect) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF48557E8)
[Address] EAT @explorer.exe (WlanEnumInterfaces) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4853A80)
[Address] EAT @explorer.exe (WlanExtractPsdIEDataList) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4858394)
[Address] EAT @explorer.exe (WlanFreeMemory) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF485A5A0)
[Address] EAT @explorer.exe (WlanGetAvailableNetworkList) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4854F88)
[Address] EAT @explorer.exe (WlanGetFilterList) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4857F9C)
[Address] EAT @explorer.exe (WlanGetInterfaceCapability) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4854188)
[Address] EAT @explorer.exe (WlanGetNetworkBssList) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4855268)
[Address] EAT @explorer.exe (WlanGetProfile) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4856A20)
[Address] EAT @explorer.exe (WlanGetProfileCustomUserData) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4857B1C)
[Address] EAT @explorer.exe (WlanGetProfileList) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4857404)
[Address] EAT @explorer.exe (WlanGetSecuritySettings) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4858D88)
[Address] EAT @explorer.exe (WlanHostedNetworkForceStart) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF485935C)
[Address] EAT @explorer.exe (WlanHostedNetworkForceStop) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4859418)
[Address] EAT @explorer.exe (WlanHostedNetworkInitSettings) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF48599D8)
[Address] EAT @explorer.exe (WlanHostedNetworkQueryProperty) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF48594D4)
[Address] EAT @explorer.exe (WlanHostedNetworkQuerySecondaryKey) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF485A020)
[Address] EAT @explorer.exe (WlanHostedNetworkQueryStatus) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4859B50)
[Address] EAT @explorer.exe (WlanHostedNetworkRefreshSecuritySettings) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4859A94)
[Address] EAT @explorer.exe (WlanHostedNetworkSetProperty) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4859744)
[Address] EAT @explorer.exe (WlanHostedNetworkSetSecondaryKey) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4859D78)
[Address] EAT @explorer.exe (WlanHostedNetworkStartUsing) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF48591EC)
[Address] EAT @explorer.exe (WlanHostedNetworkStopUsing) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF48592A4)
[Address] EAT @explorer.exe (WlanIhvControl) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4854A00)
[Address] EAT @explorer.exe (WlanOpenHandle) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4851960)
[Address] EAT @explorer.exe (WlanQueryAutoConfigParameter) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4853EE8)
[Address] EAT @explorer.exe (WlanQueryInterface) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4854668)
[Address] EAT @explorer.exe (WlanReasonCodeToString) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4858A54)
[Address] EAT @explorer.exe (WlanRegisterNotification) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4855A08)
[Address] EAT @explorer.exe (WlanRegisterVirtualStationNotification) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF485A358)
[Address] EAT @explorer.exe (WlanRenameProfile) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4856F4C)
[Address] EAT @explorer.exe (WlanSaveTemporaryProfile) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF48587D0)
[Address] EAT @explorer.exe (WlanScan) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4854D40)
[Address] EAT @explorer.exe (WlanSetAutoConfigParameter) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4853D10)
[Address] EAT @explorer.exe (WlanSetFilterList) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4857DCC)
[Address] EAT @explorer.exe (WlanSetInterface) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4854470)
[Address] EAT @explorer.exe (WlanSetProfile) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4856760)
[Address] EAT @explorer.exe (WlanSetProfileCustomUserData) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF48578A4)
[Address] EAT @explorer.exe (WlanSetProfileEapUserData) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4855CC4)
[Address] EAT @explorer.exe (WlanSetProfileEapXmlUserData) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4855F9C)
[Address] EAT @explorer.exe (WlanSetProfileList) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF48571A8)
[Address] EAT @explorer.exe (WlanSetProfilePosition) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4857644)
[Address] EAT @explorer.exe (WlanSetPsdIEDataList) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF48581B0)
[Address] EAT @explorer.exe (WlanSetSecuritySettings) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4858B58)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3200AAJS-08L7A0 ATA Device +++++
--- User ---
[MBR] 7ad4cc2c73fda4f7141eb9d4db143690
[BSP] 895f4cf863d147b7cedfc82bb5ef008b : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 294043 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 604659712 | Size: 10000 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_04082014_095429.txt >>
RKreport[0]_D_04082014_095213.txt;RKreport[0]_S_04082014_094906.txt
Avatar of Tony Giangreco
Tony Giangreco
Flag of United States of America image
It looks like that system is really infected.

Here is a comprehensive list of items to check:

1. Go to All programs, Administrative Tools, Event Viewer. Check the System and Application sections for errors that may be causing your problems.

2. Open an elevated command prompt and run this to check for corrupted system files.
sfc /scannow

3. Install Process Explorer to find out what runs at startup
http://technet.microsoft.com/en-us/sysinternals/bb896653

4. If you haven't also ready checked for Viruses, update your virus definitions and run a Full Scan, deleting all virus and spyware detected

5. If you don’t have any Anti Virus installed, here are a few free ones to try:
http://www.avg.com
http://www.avast.com/en-us/index
http://windows.microsoft.com/en-us/windows/security-essentials-download
http://www.bitdefender.com/solutions/free.html

6. If spyware is found, download and run these free anti spyware apps
AdwCleaner
http://www.bleepingcomputer.com/download/adwcleaner/

Kaspersky TDSSKiller
http://www.bleepingcomputer.com/download/tdsskiller/

ESET online scanner
http://www.eset.com/us/online-scanner/

Malwarebytes Anti-Rootkit
http://www.bleepingcomputer.com/download/malwarebytes-anti-rootkit/

www.malwarebytes.org
www.superantispyware.com
www.hitmanpro.com

7. Run a Disk Cleanup: Start, All Programs, Accessories, System Tools, Disk Cleanup.
Include Temporary Internet Files and Temp files

8. Run Error Checking: Start, Computer, right click  on C:\, Tools, Error Checking.
Select "Automatically fix file system errors" and click start

9. Check for all programs that start at Boot: Start, Run, type MSCONFIG, on the startup tab, review the programs listed. Uncheck anything that should not run on startup

10. Defrag all hard drives: Click My Computer, right click the C drive, click Tools, Disk Defragmenter, Click Analyze to check the amount of fragmentation or Defrag to run the process. You repeat this per drive.

General Maintenance to keep your pc up to date
1. Run Windows Update and select all Microsoft updates and security patches

2. Update your Pc's System Bios

3. Update your drivers: Motherboard Chipset, Network Adaptor, Video, Audio & Printers

4. Start Adobe reader, click Help and then click Check for updates to get the latest security and application updates.

5. Go to Control Panel, Java, advanced tab, click Check for Updates to get the latest security and application updates.

6. If you get a BSOD and want to verify if it’s related to bad Ram chips, download Memtest and make a bootable CD from the ISO. Boot it and run at least one  complete set of tests to check your memory for fault
http://www.memtest.org/#downiso
Avatar of Jason Johanknecht
Jason Johanknecht
Flag of United States of America image

ASKER

Has Norton 360 (v21) - scan results (Full Scan) = nothing found but tracking cookies.
Malwarebytes (v2.0.1) Full scan (Rootkits also checked) = nothing but items like Conduit and toolbars.
adwCleaner run.
TDSSKiller run = nothing found.
Avatar of Robert Retzer
Robert Retzer
Flag of Canada image
I would run a scan with malwarebytes if you have not already done so https://www.malwarebytes.org/?utm_source=cj&utm_medium=aff&utm_content=11125352 &utm_campaign=1807252&tracking=cj . One other effective malware removal tool I use is Emsisoft Emergency kit. There is a lot of updates, and it takes a long time to scan but it is very effective in catching infections. https://www.emsisoft.com/en/software/eek/
Avatar of Tony Giangreco
Tony Giangreco
Flag of United States of America image
Have you resolved this issue?
Avatar of Jason Johanknecht
Jason Johanknecht
Flag of United States of America image

ASKER

I have run anti-rootkit scanners from several companies, as many utilities as I can think of including combofix.  The other night I left Microsoft Safety scanner running on the computer along with malwarebytes anti-rootkit.  When I came back nothing was running.  The trouble computer has been brought back to my office for further testing, and now my computer is showing similar EAT @ explorer roguekiller results (Driver).  I am going to start testing all of the computers here to see if this thing spreads.

I have also tested some of the dll files on virustotal.com and no infections found.
I have not tried bitdefender yet, but is next on my list.  Hitman pro is running this moment.  Probably try Emsisoft and Eset after that.
ASKER CERTIFIED SOLUTION
Avatar of Tony Giangreco
Tony Giangreco
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Jason Johanknecht
Jason Johanknecht
Flag of United States of America image

ASKER

One computer found Toniper (MS Safety Scanner), another found Harakit (Norton), the last one all scanners closed overnight.
Avatar of Jason Johanknecht
Jason Johanknecht
Flag of United States of America image

ASKER

This was a good lesson about adding a potential virus to a working network.  Should have continued working on it while disconnected from any and all networks.  Symantec released a definition update that all computers now detect and successfully remove harakit.  Ran adwcleaner again after removal and now everything looks good.