Solved

Roguekiller results - EAT @ explorer.exe

Posted on 2014-04-10
8
2,253 Views
Last Modified: 2014-05-05
Need help determining how to resolve these results:

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jim [Admin rights]
Mode : Scan -- Date : 04/08/2014 09:54:29
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] AdwCleaner.exe -- C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INA1A4ZP\AdwCleaner.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
[Address] EAT @explorer.exe (AppCacheCheckManifest) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF5D538)
[Address] EAT @explorer.exe (AppCacheCloseHandle) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF5A468)
[Address] EAT @explorer.exe (AppCacheDeleteGroup) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0814C0)
[Address] EAT @explorer.exe (AppCacheDeleteIEGroup) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE081518)
[Address] EAT @explorer.exe (AppCacheDuplicateHandle) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF5A54C)
[Address] EAT @explorer.exe (AppCacheFinalize) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE081570)
[Address] EAT @explorer.exe (AppCacheFreeDownloadList) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0815C8)
[Address] EAT @explorer.exe (AppCacheFreeGroupList) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFC4EC8)
[Address] EAT @explorer.exe (AppCacheFreeIESpace) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF88790)
[Address] EAT @explorer.exe (AppCacheFreeSpace) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0816AC)
[Address] EAT @explorer.exe (AppCacheGetDownloadList) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE081704)
[Address] EAT @explorer.exe (AppCacheGetFallbackUrl) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE08175C)
[Address] EAT @explorer.exe (AppCacheGetGroupList) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFC4EA4)
[Address] EAT @explorer.exe (AppCacheGetIEGroupList) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0817B4)
[Address] EAT @explorer.exe (AppCacheGetInfo) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE08180C)
[Address] EAT @explorer.exe (AppCacheGetManifestUrl) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF5BDC0)
[Address] EAT @explorer.exe (AppCacheLookup) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF75908)
[Address] EAT @explorer.exe (CommitUrlCacheEntryA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF661DC)
[Address] EAT @explorer.exe (CommitUrlCacheEntryBinaryBlob) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF1C0A4)
[Address] EAT @explorer.exe (CommitUrlCacheEntryW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF220D0)
[Address] EAT @explorer.exe (CreateMD5SSOHash) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE058AD8)
[Address] EAT @explorer.exe (CreateUrlCacheContainerA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF83A38)
[Address] EAT @explorer.exe (CreateUrlCacheContainerW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF838E8)
[Address] EAT @explorer.exe (CreateUrlCacheEntryA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF65F10)
[Address] EAT @explorer.exe (CreateUrlCacheEntryExW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFC6C40)
[Address] EAT @explorer.exe (CreateUrlCacheEntryW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFC6C1C)
[Address] EAT @explorer.exe (CreateUrlCacheGroup) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE08272C)
[Address] EAT @explorer.exe (DeleteIE3Cache) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE086C74)
[Address] EAT @explorer.exe (DeleteUrlCacheContainerA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF88DD4)
[Address] EAT @explorer.exe (DeleteUrlCacheContainerW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF79730)
[Address] EAT @explorer.exe (DeleteUrlCacheEntry) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF8BF40)
[Address] EAT @explorer.exe (DeleteUrlCacheEntryA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF8BF40)
[Address] EAT @explorer.exe (DeleteUrlCacheEntryW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF8A3A0)
[Address] EAT @explorer.exe (DeleteUrlCacheGroup) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE08282C)
[Address] EAT @explorer.exe (DeleteWpadCacheForNetworks) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE03FB88)
[Address] EAT @explorer.exe (DetectAutoProxyUrl) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE03FFB0)
[Address] EAT @explorer.exe (DispatchAPICall) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF014E0)
[Address] EAT @explorer.exe (DllCanUnloadNow) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF7DEE0)
[Address] EAT @explorer.exe (DllGetClassObject) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF175E0)
[Address] EAT @explorer.exe (DllInstall) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFBC750)
[Address] EAT @explorer.exe (DllRegisterServer) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE022700)
[Address] EAT @explorer.exe (DllUnregisterServer) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE022740)
[Address] EAT @explorer.exe (FindCloseUrlCache) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF0550C)
[Address] EAT @explorer.exe (FindFirstUrlCacheContainerA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF219BC)
[Address] EAT @explorer.exe (FindFirstUrlCacheContainerW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF0E8B8)
[Address] EAT @explorer.exe (FindFirstUrlCacheEntryA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF7C800)
[Address] EAT @explorer.exe (FindFirstUrlCacheEntryExA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF06478)
[Address] EAT @explorer.exe (FindFirstUrlCacheEntryExW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF18B60)
[Address] EAT @explorer.exe (FindFirstUrlCacheEntryW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF83010)
[Address] EAT @explorer.exe (FindFirstUrlCacheGroup) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE082924)
[Address] EAT @explorer.exe (FindNextUrlCacheContainerA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF21E20)
[Address] EAT @explorer.exe (FindNextUrlCacheContainerW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF0EB4C)
[Address] EAT @explorer.exe (FindNextUrlCacheEntryA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF7C984)
[Address] EAT @explorer.exe (FindNextUrlCacheEntryExA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE082A6C)
[Address] EAT @explorer.exe (FindNextUrlCacheEntryExW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE082C3C)
[Address] EAT @explorer.exe (FindNextUrlCacheEntryW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF187E0)
[Address] EAT @explorer.exe (FindNextUrlCacheGroup) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE082E0C)
[Address] EAT @explorer.exe (ForceNexusLookup) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE058CE4)
[Address] EAT @explorer.exe (ForceNexusLookupExW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE058D34)
[Address] EAT @explorer.exe (FreeUrlCacheSpaceA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE082F28)
[Address] EAT @explorer.exe (FreeUrlCacheSpaceW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF87AD8)
[Address] EAT @explorer.exe (FtpCommandA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE02D2B4)
[Address] EAT @explorer.exe (FtpCommandW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE030DE0)
[Address] EAT @explorer.exe (FtpCreateDirectoryA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE02D398)
[Address] EAT @explorer.exe (FtpCreateDirectoryW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE030F7C)
[Address] EAT @explorer.exe (FtpDeleteFileA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE02D438)
[Address] EAT @explorer.exe (FtpDeleteFileW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0310E4)
[Address] EAT @explorer.exe (FtpFindFirstFileA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE02D4D8)
[Address] EAT @explorer.exe (FtpFindFirstFileW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE03124C)
[Address] EAT @explorer.exe (FtpGetCurrentDirectoryA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE02D744)
[Address] EAT @explorer.exe (FtpGetCurrentDirectoryW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE031424)
[Address] EAT @explorer.exe (FtpGetFileA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE02D804)
[Address] EAT @explorer.exe (FtpGetFileEx) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0315AC)
[Address] EAT @explorer.exe (FtpGetFileSize) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE02DA28)
[Address] EAT @explorer.exe (FtpGetFileW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE031740)
[Address] EAT @explorer.exe (FtpOpenFileA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE02DCB8)
[Address] EAT @explorer.exe (FtpOpenFileW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE031844)
[Address] EAT @explorer.exe (FtpPutFileA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE02DD98)
[Address] EAT @explorer.exe (FtpPutFileEx) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0318D4)
[Address] EAT @explorer.exe (FtpPutFileW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE031A38)
[Address] EAT @explorer.exe (FtpRemoveDirectoryA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE02E118)
[Address] EAT @explorer.exe (FtpRemoveDirectoryW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE031B0C)
[Address] EAT @explorer.exe (FtpRenameFileA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE02E1B8)
[Address] EAT @explorer.exe (FtpRenameFileW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE031C68)
[Address] EAT @explorer.exe (FtpSetCurrentDirectoryA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE02E26C)
[Address] EAT @explorer.exe (FtpSetCurrentDirectoryW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE031E88)
[Address] EAT @explorer.exe (GetProxyDllInfo) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE018668)
[Address] EAT @explorer.exe (GetUrlCacheConfigInfoA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE083148)
[Address] EAT @explorer.exe (GetUrlCacheConfigInfoW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF87614)
[Address] EAT @explorer.exe (GetUrlCacheEntryBinaryBlob) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF7B780)
[Address] EAT @explorer.exe (GetUrlCacheEntryInfoA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0833E4)
[Address] EAT @explorer.exe (GetUrlCacheEntryInfoExA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE08359C)
[Address] EAT @explorer.exe (GetUrlCacheEntryInfoExW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF6AD80)
[Address] EAT @explorer.exe (GetUrlCacheEntryInfoW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF69EE0)
[Address] EAT @explorer.exe (GetUrlCacheGroupAttributeA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0837E4)
[Address] EAT @explorer.exe (GetUrlCacheGroupAttributeW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE083A4C)
[Address] EAT @explorer.exe (GetUrlCacheHeaderData) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF33800)
[Address] EAT @explorer.exe (GopherCreateLocatorA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE039D50)
[Address] EAT @explorer.exe (GopherCreateLocatorW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE039D50)
[Address] EAT @explorer.exe (GopherFindFirstFileA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE039D50)
[Address] EAT @explorer.exe (GopherFindFirstFileW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE039D50)
[Address] EAT @explorer.exe (GopherGetAttributeA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE039D50)
[Address] EAT @explorer.exe (GopherGetAttributeW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE039D50)
[Address] EAT @explorer.exe (GopherGetLocatorTypeA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE039D50)
[Address] EAT @explorer.exe (GopherGetLocatorTypeW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE039D50)
[Address] EAT @explorer.exe (GopherOpenFileA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE039D50)
[Address] EAT @explorer.exe (GopherOpenFileW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE039D50)
[Address] EAT @explorer.exe (HttpAddRequestHeadersA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF2CA20)
[Address] EAT @explorer.exe (HttpAddRequestHeadersW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF32B80)
[Address] EAT @explorer.exe (HttpCheckDavCompliance) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0449A4)
[Address] EAT @explorer.exe (HttpCloseDependencyHandle) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF6BF60)
[Address] EAT @explorer.exe (HttpDuplicateDependencyHandle) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF6C0C0)
[Address] EAT @explorer.exe (HttpEndRequestA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF65910)
[Address] EAT @explorer.exe (HttpEndRequestW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE045050)
[Address] EAT @explorer.exe (HttpGetServerCredentials) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE05CF34)
[Address] EAT @explorer.exe (HttpGetTunnelSocket) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE027540)
[Address] EAT @explorer.exe (HttpOpenDependencyHandle) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF762DC)
[Address] EAT @explorer.exe (HttpOpenRequestA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0456A8)
[Address] EAT @explorer.exe (HttpOpenRequestW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF2AD40)
[Address] EAT @explorer.exe (HttpPushClose) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE028228)
[Address] EAT @explorer.exe (HttpPushEnable) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0282D8)
[Address] EAT @explorer.exe (HttpPushWait) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE028330)
[Address] EAT @explorer.exe (HttpQueryInfoA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF2FA10)
[Address] EAT @explorer.exe (HttpQueryInfoW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF3F5F0)
[Address] EAT @explorer.exe (HttpSendRequestA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFC2454)
[Address] EAT @explorer.exe (HttpSendRequestExA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE045150)
[Address] EAT @explorer.exe (HttpSendRequestExW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF656EC)
[Address] EAT @explorer.exe (HttpSendRequestW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF329DC)
[Address] EAT @explorer.exe (HttpWebSocketClose) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0557A8)
[Address] EAT @explorer.exe (HttpWebSocketCompleteUpgrade) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE055D40)
[Address] EAT @explorer.exe (HttpWebSocketQueryCloseStatus) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0558F0)
[Address] EAT @explorer.exe (HttpWebSocketReceive) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0561E0)
[Address] EAT @explorer.exe (HttpWebSocketSend) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE056720)
[Address] EAT @explorer.exe (HttpWebSocketShutdown) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0569E0)
[Address] EAT @explorer.exe (IncrementUrlCacheHeaderData) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF50718)
[Address] EAT @explorer.exe (InternetAlgIdToStringA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE061CFC)
[Address] EAT @explorer.exe (InternetAlgIdToStringW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE061EE0)
[Address] EAT @explorer.exe (InternetAttemptConnect) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01C564)
[Address] EAT @explorer.exe (InternetAutodial) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0217DC)
[Address] EAT @explorer.exe (InternetAutodialCallback) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE018E94)
[Address] EAT @explorer.exe (InternetAutodialHangup) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE021874)
[Address] EAT @explorer.exe (InternetCanonicalizeUrlA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01C5CC)
[Address] EAT @explorer.exe (InternetCanonicalizeUrlW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01D9F0)
[Address] EAT @explorer.exe (InternetCheckConnectionA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01C6D8)
[Address] EAT @explorer.exe (InternetCheckConnectionW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01DB00)
[Address] EAT @explorer.exe (InternetClearAllPerSiteCookieDecisions) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE046138)
[Address] EAT @explorer.exe (InternetCloseHandle) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF28570)
[Address] EAT @explorer.exe (InternetCombineUrlA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01CBA0)
[Address] EAT @explorer.exe (InternetCombineUrlW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF24F18)
[Address] EAT @explorer.exe (InternetConfirmZoneCrossing) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE062CAC)
[Address] EAT @explorer.exe (InternetConfirmZoneCrossingA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE062CAC)
[Address] EAT @explorer.exe (InternetConfirmZoneCrossingW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFBF440)
[Address] EAT @explorer.exe (InternetConnectA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01CCB8)
[Address] EAT @explorer.exe (InternetConnectW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF315C0)
[Address] EAT @explorer.exe (InternetCrackUrlA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF4C530)
[Address] EAT @explorer.exe (InternetCrackUrlW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF82020)
[Address] EAT @explorer.exe (InternetCreateUrlA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01CDE4)
[Address] EAT @explorer.exe (InternetCreateUrlW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF249F0)
[Address] EAT @explorer.exe (InternetDial) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE021904)
[Address] EAT @explorer.exe (InternetDialA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE021904)
[Address] EAT @explorer.exe (InternetDialW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0219B0)
[Address] EAT @explorer.exe (InternetEnumPerSiteCookieDecisionA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE046150)
[Address] EAT @explorer.exe (InternetEnumPerSiteCookieDecisionW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0461B8)
[Address] EAT @explorer.exe (InternetErrorDlg) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE062D64)
[Address] EAT @explorer.exe (InternetFindNextFileA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE03073C)
[Address] EAT @explorer.exe (InternetFindNextFileW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE032AAC)
[Address] EAT @explorer.exe (InternetFortezzaCommand) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE028388)
[Address] EAT @explorer.exe (InternetFreeCookies) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF614C4)
[Address] EAT @explorer.exe (InternetFreeProxyInfoList) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF9323C)
[Address] EAT @explorer.exe (InternetGetCertByURL) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF02198)
[Address] EAT @explorer.exe (InternetGetCertByURLA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF02198)
[Address] EAT @explorer.exe (InternetGetConnectedState) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF2416C)
[Address] EAT @explorer.exe (InternetGetConnectedStateEx) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFC5BF4)
[Address] EAT @explorer.exe (InternetGetConnectedStateExA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFC5BF4)
[Address] EAT @explorer.exe (InternetGetConnectedStateExW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF41510)
[Address] EAT @explorer.exe (InternetGetCookieA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE047490)
[Address] EAT @explorer.exe (InternetGetCookieEx2) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF61494)
[Address] EAT @explorer.exe (InternetGetCookieExA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0474B4)
[Address] EAT @explorer.exe (InternetGetCookieExW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF614DC)
[Address] EAT @explorer.exe (InternetGetCookieW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0477B8)
[Address] EAT @explorer.exe (InternetGetLastResponseInfoA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01CE80)
[Address] EAT @explorer.exe (InternetGetLastResponseInfoW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01DBF4)
[Address] EAT @explorer.exe (InternetGetPerSiteCookieDecisionA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE04629C)
[Address] EAT @explorer.exe (InternetGetPerSiteCookieDecisionW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0462EC)
[Address] EAT @explorer.exe (InternetGetProxyForUrl) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF92F8C)
[Address] EAT @explorer.exe (InternetGetSecurityInfoByURL) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01D020)
[Address] EAT @explorer.exe (InternetGetSecurityInfoByURLA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01D020)
[Address] EAT @explorer.exe (InternetGetSecurityInfoByURLW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01DDB0)
[Address] EAT @explorer.exe (InternetGoOnline) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE021A5C)
[Address] EAT @explorer.exe (InternetGoOnlineA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE021A5C)
[Address] EAT @explorer.exe (InternetGoOnlineW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE021AF4)
[Address] EAT @explorer.exe (InternetHangUp) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE021B8C)
[Address] EAT @explorer.exe (InternetInitializeAutoProxyDll) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF1A270)
[Address] EAT @explorer.exe (InternetLockRequestFile) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF6BB30)
[Address] EAT @explorer.exe (InternetOpenA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF44940)
[Address] EAT @explorer.exe (InternetOpenUrlA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01D138)
[Address] EAT @explorer.exe (InternetOpenUrlW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01DEAC)
[Address] EAT @explorer.exe (InternetOpenW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF447B0)
[Address] EAT @explorer.exe (InternetQueryDataAvailable) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF207E0)
[Address] EAT @explorer.exe (InternetQueryFortezzaStatus) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0283E8)
[Address] EAT @explorer.exe (InternetQueryOptionA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF270B0)
[Address] EAT @explorer.exe (InternetQueryOptionW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF27660)
[Address] EAT @explorer.exe (InternetReadFile) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF40440)
[Address] EAT @explorer.exe (InternetReadFileExA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF76FE0)
[Address] EAT @explorer.exe (InternetReadFileExW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF76F48)
[Address] EAT @explorer.exe (InternetSecurityProtocolToStringA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0620B8)
[Address] EAT @explorer.exe (InternetSecurityProtocolToStringW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE062228)
[Address] EAT @explorer.exe (InternetSetCookieA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0477D8)
[Address] EAT @explorer.exe (InternetSetCookieEx2) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE047800)
[Address] EAT @explorer.exe (InternetSetCookieExA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE047860)
[Address] EAT @explorer.exe (InternetSetCookieExW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF4BFD0)
[Address] EAT @explorer.exe (InternetSetCookieW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE047904)
[Address] EAT @explorer.exe (InternetSetDialState) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE021C0C)
[Address] EAT @explorer.exe (InternetSetDialStateA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE021C0C)
[Address] EAT @explorer.exe (InternetSetDialStateW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE021C64)
[Address] EAT @explorer.exe (InternetSetFilePointer) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFC707C)
[Address] EAT @explorer.exe (InternetSetOptionA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF26020)
[Address] EAT @explorer.exe (InternetSetOptionExA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01E4C0)
[Address] EAT @explorer.exe (InternetSetOptionExW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01E5B4)
[Address] EAT @explorer.exe (InternetSetOptionW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF264E0)
[Address] EAT @explorer.exe (InternetSetPerSiteCookieDecisionA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE046384)
[Address] EAT @explorer.exe (InternetSetPerSiteCookieDecisionW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE04641C)
[Address] EAT @explorer.exe (InternetSetStatusCallback) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF46708)
[Address] EAT @explorer.exe (InternetSetStatusCallbackA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF46708)
[Address] EAT @explorer.exe (InternetSetStatusCallbackW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF8BBBC)
[Address] EAT @explorer.exe (InternetShowSecurityInfoByURL) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01D1CC)
[Address] EAT @explorer.exe (InternetShowSecurityInfoByURLA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01D1CC)
[Address] EAT @explorer.exe (InternetShowSecurityInfoByURLW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01E058)
[Address] EAT @explorer.exe (InternetTimeFromSystemTime) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF77AB0)
[Address] EAT @explorer.exe (InternetTimeFromSystemTimeA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF77AB0)
[Address] EAT @explorer.exe (InternetTimeFromSystemTimeW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFDD138)
[Address] EAT @explorer.exe (InternetTimeToSystemTime) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFC2FD0)
[Address] EAT @explorer.exe (InternetTimeToSystemTimeA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFC2FD0)
[Address] EAT @explorer.exe (InternetTimeToSystemTimeW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFC2F00)
[Address] EAT @explorer.exe (InternetUnlockRequestFile) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF6B8A4)
[Address] EAT @explorer.exe (InternetWriteFile) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF659B0)
[Address] EAT @explorer.exe (InternetWriteFileExA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE039D50)
[Address] EAT @explorer.exe (InternetWriteFileExW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE039D50)
[Address] EAT @explorer.exe (IsHostInProxyBypassList) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF4A0C4)
[Address] EAT @explorer.exe (IsUrlCacheEntryExpiredA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE083C80)
[Address] EAT @explorer.exe (IsUrlCacheEntryExpiredW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFC6E24)
[Address] EAT @explorer.exe (LoadUrlCacheContent) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE039D50)
[Address] EAT @explorer.exe (ParseX509EncodedCertificateForListBoxEntry) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE062398)
[Address] EAT @explorer.exe (PrivacyGetZonePreferenceW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF4D63C)
[Address] EAT @explorer.exe (PrivacySetZonePreferenceW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFBC9D4)
[Address] EAT @explorer.exe (ReadUrlCacheEntryStream) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF64950)
[Address] EAT @explorer.exe (ReadUrlCacheEntryStreamEx) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE083DD0)
[Address] EAT @explorer.exe (RegisterUrlCacheNotification) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF02A00)
[Address] EAT @explorer.exe (ResumeSuspendedDownload) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE020CEC)
[Address] EAT @explorer.exe (RetrieveUrlCacheEntryFileA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE083EE0)
[Address] EAT @explorer.exe (RetrieveUrlCacheEntryFileW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0840BC)
[Address] EAT @explorer.exe (RetrieveUrlCacheEntryStreamA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE084294)
[Address] EAT @explorer.exe (RetrieveUrlCacheEntryStreamW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFC5A10)
[Address] EAT @explorer.exe (RunOnceUrlCache) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF02198)
[Address] EAT @explorer.exe (SetUrlCacheConfigInfoA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE084498)
[Address] EAT @explorer.exe (SetUrlCacheConfigInfoW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0845CC)
[Address] EAT @explorer.exe (SetUrlCacheEntryGroup) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0846CC)
[Address] EAT @explorer.exe (SetUrlCacheEntryGroupA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0846CC)
[Address] EAT @explorer.exe (SetUrlCacheEntryGroupW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF48BE0)
[Address] EAT @explorer.exe (SetUrlCacheEntryInfoA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF59188)
[Address] EAT @explorer.exe (SetUrlCacheEntryInfoW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE084898)
[Address] EAT @explorer.exe (SetUrlCacheGroupAttributeA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE084A54)
[Address] EAT @explorer.exe (SetUrlCacheGroupAttributeW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE084C44)
[Address] EAT @explorer.exe (SetUrlCacheHeaderData) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE084E04)
[Address] EAT @explorer.exe (ShowCertificate) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE062398)
[Address] EAT @explorer.exe (ShowClientAuthCerts) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE062398)
[Address] EAT @explorer.exe (ShowSecurityInfo) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0623B8)
[Address] EAT @explorer.exe (ShowX509EncodedCertificate) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE062550)
[Address] EAT @explorer.exe (UnlockUrlCacheEntryFile) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE084F24)
[Address] EAT @explorer.exe (UnlockUrlCacheEntryFileA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE084F24)
[Address] EAT @explorer.exe (UnlockUrlCacheEntryFileW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE08505C)
[Address] EAT @explorer.exe (UnlockUrlCacheEntryStream) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF8FBF0)
[Address] EAT @explorer.exe (UpdateUrlCacheContentPath) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE08519C)
[Address] EAT @explorer.exe (UrlCacheCheckEntriesExist) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0852BC)
[Address] EAT @explorer.exe (UrlCacheCloseEntryHandle) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE085314)
[Address] EAT @explorer.exe (UrlCacheContainerSetEntryMaximumAge) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE085360)
[Address] EAT @explorer.exe (UrlCacheCreateContainer) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF0EC4C)
[Address] EAT @explorer.exe (UrlCacheFindFirstEntry) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF88B38)
[Address] EAT @explorer.exe (UrlCacheFindNextEntry) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFC84B0)
[Address] EAT @explorer.exe (UrlCacheFreeEntryInfo) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF90C38)
[Address] EAT @explorer.exe (UrlCacheGetContentPaths) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0853B8)
[Address] EAT @explorer.exe (UrlCacheGetEntryInfo) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF7C5D8)
[Address] EAT @explorer.exe (UrlCacheGetGlobalLimit) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE085410)
[Address] EAT @explorer.exe (UrlCacheReadEntryStream) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE085468)
[Address] EAT @explorer.exe (UrlCacheReloadSettings) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0854C8)
[Address] EAT @explorer.exe (UrlCacheRetrieveEntryFile) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE085520)
[Address] EAT @explorer.exe (UrlCacheRetrieveEntryStream) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE085578)
[Address] EAT @explorer.exe (UrlCacheSetGlobalLimit) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0855D8)
[Address] EAT @explorer.exe (UrlCacheUpdateEntryExtraData) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF730B8)
[Address] EAT @explorer.exe (UrlZonesDetach) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE05D240)
[Address] EAT @explorer.exe (WlanAllocateMemory) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4858AC8)
[Address] EAT @explorer.exe (WlanCloseHandle) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF48538A0)
[Address] EAT @explorer.exe (WlanConnect) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4855558)
[Address] EAT @explorer.exe (WlanDeleteProfile) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4856D10)
[Address] EAT @explorer.exe (WlanDisconnect) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF48557E8)
[Address] EAT @explorer.exe (WlanEnumInterfaces) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4853A80)
[Address] EAT @explorer.exe (WlanExtractPsdIEDataList) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4858394)
[Address] EAT @explorer.exe (WlanFreeMemory) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF485A5A0)
[Address] EAT @explorer.exe (WlanGetAvailableNetworkList) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4854F88)
[Address] EAT @explorer.exe (WlanGetFilterList) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4857F9C)
[Address] EAT @explorer.exe (WlanGetInterfaceCapability) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4854188)
[Address] EAT @explorer.exe (WlanGetNetworkBssList) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4855268)
[Address] EAT @explorer.exe (WlanGetProfile) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4856A20)
[Address] EAT @explorer.exe (WlanGetProfileCustomUserData) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4857B1C)
[Address] EAT @explorer.exe (WlanGetProfileList) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4857404)
[Address] EAT @explorer.exe (WlanGetSecuritySettings) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4858D88)
[Address] EAT @explorer.exe (WlanHostedNetworkForceStart) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF485935C)
[Address] EAT @explorer.exe (WlanHostedNetworkForceStop) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4859418)
[Address] EAT @explorer.exe (WlanHostedNetworkInitSettings) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF48599D8)
[Address] EAT @explorer.exe (WlanHostedNetworkQueryProperty) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF48594D4)
[Address] EAT @explorer.exe (WlanHostedNetworkQuerySecondaryKey) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF485A020)
[Address] EAT @explorer.exe (WlanHostedNetworkQueryStatus) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4859B50)
[Address] EAT @explorer.exe (WlanHostedNetworkRefreshSecuritySettings) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4859A94)
[Address] EAT @explorer.exe (WlanHostedNetworkSetProperty) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4859744)
[Address] EAT @explorer.exe (WlanHostedNetworkSetSecondaryKey) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4859D78)
[Address] EAT @explorer.exe (WlanHostedNetworkStartUsing) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF48591EC)
[Address] EAT @explorer.exe (WlanHostedNetworkStopUsing) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF48592A4)
[Address] EAT @explorer.exe (WlanIhvControl) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4854A00)
[Address] EAT @explorer.exe (WlanOpenHandle) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4851960)
[Address] EAT @explorer.exe (WlanQueryAutoConfigParameter) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4853EE8)
[Address] EAT @explorer.exe (WlanQueryInterface) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4854668)
[Address] EAT @explorer.exe (WlanReasonCodeToString) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4858A54)
[Address] EAT @explorer.exe (WlanRegisterNotification) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4855A08)
[Address] EAT @explorer.exe (WlanRegisterVirtualStationNotification) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF485A358)
[Address] EAT @explorer.exe (WlanRenameProfile) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4856F4C)
[Address] EAT @explorer.exe (WlanSaveTemporaryProfile) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF48587D0)
[Address] EAT @explorer.exe (WlanScan) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4854D40)
[Address] EAT @explorer.exe (WlanSetAutoConfigParameter) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4853D10)
[Address] EAT @explorer.exe (WlanSetFilterList) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4857DCC)
[Address] EAT @explorer.exe (WlanSetInterface) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4854470)
[Address] EAT @explorer.exe (WlanSetProfile) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4856760)
[Address] EAT @explorer.exe (WlanSetProfileCustomUserData) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF48578A4)
[Address] EAT @explorer.exe (WlanSetProfileEapUserData) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4855CC4)
[Address] EAT @explorer.exe (WlanSetProfileEapXmlUserData) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4855F9C)
[Address] EAT @explorer.exe (WlanSetProfileList) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF48571A8)
[Address] EAT @explorer.exe (WlanSetProfilePosition) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4857644)
[Address] EAT @explorer.exe (WlanSetPsdIEDataList) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF48581B0)
[Address] EAT @explorer.exe (WlanSetSecuritySettings) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4858B58)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3200AAJS-08L7A0 ATA Device +++++
--- User ---
[MBR] 7ad4cc2c73fda4f7141eb9d4db143690
[BSP] 895f4cf863d147b7cedfc82bb5ef008b : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 294043 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 604659712 | Size: 10000 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_04082014_095429.txt >>
RKreport[0]_D_04082014_095213.txt;RKreport[0]_S_04082014_094906.txt
0
Comment
Question by:DataPro
  • 4
  • 3
8 Comments
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 39992444
It looks like that system is really infected.

Here is a comprehensive list of items to check:

1. Go to All programs, Administrative Tools, Event Viewer. Check the System and Application sections for errors that may be causing your problems.

2. Open an elevated command prompt and run this to check for corrupted system files.
sfc /scannow

3. Install Process Explorer to find out what runs at startup
http://technet.microsoft.com/en-us/sysinternals/bb896653

4. If you haven't also ready checked for Viruses, update your virus definitions and run a Full Scan, deleting all virus and spyware detected

5. If you don’t have any Anti Virus installed, here are a few free ones to try:
http://www.avg.com
http://www.avast.com/en-us/index
http://windows.microsoft.com/en-us/windows/security-essentials-download
http://www.bitdefender.com/solutions/free.html

6. If spyware is found, download and run these free anti spyware apps
AdwCleaner
http://www.bleepingcomputer.com/download/adwcleaner/

Kaspersky TDSSKiller
http://www.bleepingcomputer.com/download/tdsskiller/

ESET online scanner
http://www.eset.com/us/online-scanner/

Malwarebytes Anti-Rootkit
http://www.bleepingcomputer.com/download/malwarebytes-anti-rootkit/

www.malwarebytes.org
www.superantispyware.com
www.hitmanpro.com

7. Run a Disk Cleanup: Start, All Programs, Accessories, System Tools, Disk Cleanup.
Include Temporary Internet Files and Temp files

8. Run Error Checking: Start, Computer, right click  on C:\, Tools, Error Checking.
Select "Automatically fix file system errors" and click start

9. Check for all programs that start at Boot: Start, Run, type MSCONFIG, on the startup tab, review the programs listed. Uncheck anything that should not run on startup

10. Defrag all hard drives: Click My Computer, right click the C drive, click Tools, Disk Defragmenter, Click Analyze to check the amount of fragmentation or Defrag to run the process. You repeat this per drive.

General Maintenance to keep your pc up to date
1. Run Windows Update and select all Microsoft updates and security patches

2. Update your Pc's System Bios

3. Update your drivers: Motherboard Chipset, Network Adaptor, Video, Audio & Printers

4. Start Adobe reader, click Help and then click Check for updates to get the latest security and application updates.

5. Go to Control Panel, Java, advanced tab, click Check for Updates to get the latest security and application updates.

6. If you get a BSOD and want to verify if it’s related to bad Ram chips, download Memtest and make a bootable CD from the ISO. Boot it and run at least one  complete set of tests to check your memory for fault
http://www.memtest.org/#downiso
0
 
LVL 4

Author Comment

by:DataPro
ID: 39992455
Has Norton 360 (v21) - scan results (Full Scan) = nothing found but tracking cookies.
Malwarebytes (v2.0.1) Full scan (Rootkits also checked) = nothing but items like Conduit and toolbars.
adwCleaner run.
TDSSKiller run = nothing found.
0
 
LVL 18

Expert Comment

by:web_tracker
ID: 39993235
I would run a scan with malwarebytes if you have not already done so https://www.malwarebytes.org/?utm_source=cj&utm_medium=aff&utm_content=11125352 &utm_campaign=1807252&tracking=cj . One other effective malware removal tool I use is Emsisoft Emergency kit. There is a lot of updates, and it takes a long time to scan but it is very effective in catching infections. https://www.emsisoft.com/en/software/eek/
0
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 39994526
Have you resolved this issue?
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 4

Author Comment

by:DataPro
ID: 40009956
I have run anti-rootkit scanners from several companies, as many utilities as I can think of including combofix.  The other night I left Microsoft Safety scanner running on the computer along with malwarebytes anti-rootkit.  When I came back nothing was running.  The trouble computer has been brought back to my office for further testing, and now my computer is showing similar EAT @ explorer roguekiller results (Driver).  I am going to start testing all of the computers here to see if this thing spreads.

I have also tested some of the dll files on virustotal.com and no infections found.
I have not tried bitdefender yet, but is next on my list.  Hitman pro is running this moment.  Probably try Emsisoft and Eset after that.
0
 
LVL 25

Accepted Solution

by:
Tony Giangreco earned 500 total points
ID: 40010250
Hi DataPro, I suggest taking the following steps immediately:

1. Disconnect the infected Pc's from your network to stop any further spread of the infection. I suspect it is a rootkit.

2. Download this rescue disk on a pc you truly believe is clean, create the bootable CD and boot both infected Pc's with it and scan them to find the virus.
http://www.comodo.com/business-security/network-protection/rescue-disk.php

3. If that does not work, I suggest backing up the data, booting from a Windows Install DVDF, Deleting all partitions and performing a Clean Install.

I know this is a painful process, but in my experience, it's always the best process in eliminating spyware and virus's.

Before restoring your data, I suggest booting with that bootable CD and scan the data to make sure it's clean.
http://www.comodo.com/business-security/network-protection/rescue-disk.php
0
 
LVL 4

Author Comment

by:DataPro
ID: 40010368
One computer found Toniper (MS Safety Scanner), another found Harakit (Norton), the last one all scanners closed overnight.
0
 
LVL 4

Author Closing Comment

by:DataPro
ID: 40043535
This was a good lesson about adding a potential virus to a working network.  Should have continued working on it while disconnected from any and all networks.  Symantec released a definition update that all computers now detect and successfully remove harakit.  Ran adwcleaner again after removal and now everything looks good.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Change your password...do it now!. Probably the easiest point of access to your account is through guessing your password. If your password is guessable, do change it now. If not for your sake but for everyone else in your friends list. Remember …
I recently had to create a utility which aim is to update McAfee's Virusscan and that had to be launched from a command line. I thought I’d share my experience with you. Why is it useful to be able to update an Antivirus from the command line?…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now