Solved

Roguekiller results - EAT @ explorer.exe

Posted on 2014-04-10
8
2,326 Views
Last Modified: 2014-05-05
Need help determining how to resolve these results:

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jim [Admin rights]
Mode : Scan -- Date : 04/08/2014 09:54:29
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] AdwCleaner.exe -- C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INA1A4ZP\AdwCleaner.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
[Address] EAT @explorer.exe (AppCacheCheckManifest) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF5D538)
[Address] EAT @explorer.exe (AppCacheCloseHandle) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF5A468)
[Address] EAT @explorer.exe (AppCacheDeleteGroup) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0814C0)
[Address] EAT @explorer.exe (AppCacheDeleteIEGroup) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE081518)
[Address] EAT @explorer.exe (AppCacheDuplicateHandle) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF5A54C)
[Address] EAT @explorer.exe (AppCacheFinalize) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE081570)
[Address] EAT @explorer.exe (AppCacheFreeDownloadList) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0815C8)
[Address] EAT @explorer.exe (AppCacheFreeGroupList) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFC4EC8)
[Address] EAT @explorer.exe (AppCacheFreeIESpace) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF88790)
[Address] EAT @explorer.exe (AppCacheFreeSpace) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0816AC)
[Address] EAT @explorer.exe (AppCacheGetDownloadList) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE081704)
[Address] EAT @explorer.exe (AppCacheGetFallbackUrl) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE08175C)
[Address] EAT @explorer.exe (AppCacheGetGroupList) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFC4EA4)
[Address] EAT @explorer.exe (AppCacheGetIEGroupList) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0817B4)
[Address] EAT @explorer.exe (AppCacheGetInfo) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE08180C)
[Address] EAT @explorer.exe (AppCacheGetManifestUrl) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF5BDC0)
[Address] EAT @explorer.exe (AppCacheLookup) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF75908)
[Address] EAT @explorer.exe (CommitUrlCacheEntryA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF661DC)
[Address] EAT @explorer.exe (CommitUrlCacheEntryBinaryBlob) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF1C0A4)
[Address] EAT @explorer.exe (CommitUrlCacheEntryW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF220D0)
[Address] EAT @explorer.exe (CreateMD5SSOHash) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE058AD8)
[Address] EAT @explorer.exe (CreateUrlCacheContainerA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF83A38)
[Address] EAT @explorer.exe (CreateUrlCacheContainerW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF838E8)
[Address] EAT @explorer.exe (CreateUrlCacheEntryA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF65F10)
[Address] EAT @explorer.exe (CreateUrlCacheEntryExW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFC6C40)
[Address] EAT @explorer.exe (CreateUrlCacheEntryW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFC6C1C)
[Address] EAT @explorer.exe (CreateUrlCacheGroup) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE08272C)
[Address] EAT @explorer.exe (DeleteIE3Cache) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE086C74)
[Address] EAT @explorer.exe (DeleteUrlCacheContainerA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF88DD4)
[Address] EAT @explorer.exe (DeleteUrlCacheContainerW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF79730)
[Address] EAT @explorer.exe (DeleteUrlCacheEntry) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF8BF40)
[Address] EAT @explorer.exe (DeleteUrlCacheEntryA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF8BF40)
[Address] EAT @explorer.exe (DeleteUrlCacheEntryW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF8A3A0)
[Address] EAT @explorer.exe (DeleteUrlCacheGroup) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE08282C)
[Address] EAT @explorer.exe (DeleteWpadCacheForNetworks) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE03FB88)
[Address] EAT @explorer.exe (DetectAutoProxyUrl) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE03FFB0)
[Address] EAT @explorer.exe (DispatchAPICall) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF014E0)
[Address] EAT @explorer.exe (DllCanUnloadNow) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF7DEE0)
[Address] EAT @explorer.exe (DllGetClassObject) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF175E0)
[Address] EAT @explorer.exe (DllInstall) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFBC750)
[Address] EAT @explorer.exe (DllRegisterServer) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE022700)
[Address] EAT @explorer.exe (DllUnregisterServer) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE022740)
[Address] EAT @explorer.exe (FindCloseUrlCache) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF0550C)
[Address] EAT @explorer.exe (FindFirstUrlCacheContainerA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF219BC)
[Address] EAT @explorer.exe (FindFirstUrlCacheContainerW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF0E8B8)
[Address] EAT @explorer.exe (FindFirstUrlCacheEntryA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF7C800)
[Address] EAT @explorer.exe (FindFirstUrlCacheEntryExA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF06478)
[Address] EAT @explorer.exe (FindFirstUrlCacheEntryExW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF18B60)
[Address] EAT @explorer.exe (FindFirstUrlCacheEntryW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF83010)
[Address] EAT @explorer.exe (FindFirstUrlCacheGroup) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE082924)
[Address] EAT @explorer.exe (FindNextUrlCacheContainerA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF21E20)
[Address] EAT @explorer.exe (FindNextUrlCacheContainerW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF0EB4C)
[Address] EAT @explorer.exe (FindNextUrlCacheEntryA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF7C984)
[Address] EAT @explorer.exe (FindNextUrlCacheEntryExA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE082A6C)
[Address] EAT @explorer.exe (FindNextUrlCacheEntryExW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE082C3C)
[Address] EAT @explorer.exe (FindNextUrlCacheEntryW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF187E0)
[Address] EAT @explorer.exe (FindNextUrlCacheGroup) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE082E0C)
[Address] EAT @explorer.exe (ForceNexusLookup) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE058CE4)
[Address] EAT @explorer.exe (ForceNexusLookupExW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE058D34)
[Address] EAT @explorer.exe (FreeUrlCacheSpaceA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE082F28)
[Address] EAT @explorer.exe (FreeUrlCacheSpaceW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF87AD8)
[Address] EAT @explorer.exe (FtpCommandA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE02D2B4)
[Address] EAT @explorer.exe (FtpCommandW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE030DE0)
[Address] EAT @explorer.exe (FtpCreateDirectoryA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE02D398)
[Address] EAT @explorer.exe (FtpCreateDirectoryW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE030F7C)
[Address] EAT @explorer.exe (FtpDeleteFileA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE02D438)
[Address] EAT @explorer.exe (FtpDeleteFileW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0310E4)
[Address] EAT @explorer.exe (FtpFindFirstFileA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE02D4D8)
[Address] EAT @explorer.exe (FtpFindFirstFileW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE03124C)
[Address] EAT @explorer.exe (FtpGetCurrentDirectoryA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE02D744)
[Address] EAT @explorer.exe (FtpGetCurrentDirectoryW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE031424)
[Address] EAT @explorer.exe (FtpGetFileA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE02D804)
[Address] EAT @explorer.exe (FtpGetFileEx) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0315AC)
[Address] EAT @explorer.exe (FtpGetFileSize) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE02DA28)
[Address] EAT @explorer.exe (FtpGetFileW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE031740)
[Address] EAT @explorer.exe (FtpOpenFileA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE02DCB8)
[Address] EAT @explorer.exe (FtpOpenFileW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE031844)
[Address] EAT @explorer.exe (FtpPutFileA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE02DD98)
[Address] EAT @explorer.exe (FtpPutFileEx) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0318D4)
[Address] EAT @explorer.exe (FtpPutFileW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE031A38)
[Address] EAT @explorer.exe (FtpRemoveDirectoryA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE02E118)
[Address] EAT @explorer.exe (FtpRemoveDirectoryW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE031B0C)
[Address] EAT @explorer.exe (FtpRenameFileA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE02E1B8)
[Address] EAT @explorer.exe (FtpRenameFileW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE031C68)
[Address] EAT @explorer.exe (FtpSetCurrentDirectoryA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE02E26C)
[Address] EAT @explorer.exe (FtpSetCurrentDirectoryW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE031E88)
[Address] EAT @explorer.exe (GetProxyDllInfo) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE018668)
[Address] EAT @explorer.exe (GetUrlCacheConfigInfoA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE083148)
[Address] EAT @explorer.exe (GetUrlCacheConfigInfoW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF87614)
[Address] EAT @explorer.exe (GetUrlCacheEntryBinaryBlob) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF7B780)
[Address] EAT @explorer.exe (GetUrlCacheEntryInfoA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0833E4)
[Address] EAT @explorer.exe (GetUrlCacheEntryInfoExA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE08359C)
[Address] EAT @explorer.exe (GetUrlCacheEntryInfoExW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF6AD80)
[Address] EAT @explorer.exe (GetUrlCacheEntryInfoW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF69EE0)
[Address] EAT @explorer.exe (GetUrlCacheGroupAttributeA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0837E4)
[Address] EAT @explorer.exe (GetUrlCacheGroupAttributeW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE083A4C)
[Address] EAT @explorer.exe (GetUrlCacheHeaderData) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF33800)
[Address] EAT @explorer.exe (GopherCreateLocatorA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE039D50)
[Address] EAT @explorer.exe (GopherCreateLocatorW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE039D50)
[Address] EAT @explorer.exe (GopherFindFirstFileA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE039D50)
[Address] EAT @explorer.exe (GopherFindFirstFileW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE039D50)
[Address] EAT @explorer.exe (GopherGetAttributeA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE039D50)
[Address] EAT @explorer.exe (GopherGetAttributeW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE039D50)
[Address] EAT @explorer.exe (GopherGetLocatorTypeA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE039D50)
[Address] EAT @explorer.exe (GopherGetLocatorTypeW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE039D50)
[Address] EAT @explorer.exe (GopherOpenFileA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE039D50)
[Address] EAT @explorer.exe (GopherOpenFileW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE039D50)
[Address] EAT @explorer.exe (HttpAddRequestHeadersA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF2CA20)
[Address] EAT @explorer.exe (HttpAddRequestHeadersW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF32B80)
[Address] EAT @explorer.exe (HttpCheckDavCompliance) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0449A4)
[Address] EAT @explorer.exe (HttpCloseDependencyHandle) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF6BF60)
[Address] EAT @explorer.exe (HttpDuplicateDependencyHandle) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF6C0C0)
[Address] EAT @explorer.exe (HttpEndRequestA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF65910)
[Address] EAT @explorer.exe (HttpEndRequestW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE045050)
[Address] EAT @explorer.exe (HttpGetServerCredentials) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE05CF34)
[Address] EAT @explorer.exe (HttpGetTunnelSocket) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE027540)
[Address] EAT @explorer.exe (HttpOpenDependencyHandle) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF762DC)
[Address] EAT @explorer.exe (HttpOpenRequestA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0456A8)
[Address] EAT @explorer.exe (HttpOpenRequestW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF2AD40)
[Address] EAT @explorer.exe (HttpPushClose) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE028228)
[Address] EAT @explorer.exe (HttpPushEnable) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0282D8)
[Address] EAT @explorer.exe (HttpPushWait) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE028330)
[Address] EAT @explorer.exe (HttpQueryInfoA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF2FA10)
[Address] EAT @explorer.exe (HttpQueryInfoW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF3F5F0)
[Address] EAT @explorer.exe (HttpSendRequestA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFC2454)
[Address] EAT @explorer.exe (HttpSendRequestExA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE045150)
[Address] EAT @explorer.exe (HttpSendRequestExW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF656EC)
[Address] EAT @explorer.exe (HttpSendRequestW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF329DC)
[Address] EAT @explorer.exe (HttpWebSocketClose) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0557A8)
[Address] EAT @explorer.exe (HttpWebSocketCompleteUpgrade) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE055D40)
[Address] EAT @explorer.exe (HttpWebSocketQueryCloseStatus) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0558F0)
[Address] EAT @explorer.exe (HttpWebSocketReceive) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0561E0)
[Address] EAT @explorer.exe (HttpWebSocketSend) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE056720)
[Address] EAT @explorer.exe (HttpWebSocketShutdown) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0569E0)
[Address] EAT @explorer.exe (IncrementUrlCacheHeaderData) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF50718)
[Address] EAT @explorer.exe (InternetAlgIdToStringA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE061CFC)
[Address] EAT @explorer.exe (InternetAlgIdToStringW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE061EE0)
[Address] EAT @explorer.exe (InternetAttemptConnect) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01C564)
[Address] EAT @explorer.exe (InternetAutodial) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0217DC)
[Address] EAT @explorer.exe (InternetAutodialCallback) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE018E94)
[Address] EAT @explorer.exe (InternetAutodialHangup) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE021874)
[Address] EAT @explorer.exe (InternetCanonicalizeUrlA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01C5CC)
[Address] EAT @explorer.exe (InternetCanonicalizeUrlW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01D9F0)
[Address] EAT @explorer.exe (InternetCheckConnectionA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01C6D8)
[Address] EAT @explorer.exe (InternetCheckConnectionW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01DB00)
[Address] EAT @explorer.exe (InternetClearAllPerSiteCookieDecisions) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE046138)
[Address] EAT @explorer.exe (InternetCloseHandle) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF28570)
[Address] EAT @explorer.exe (InternetCombineUrlA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01CBA0)
[Address] EAT @explorer.exe (InternetCombineUrlW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF24F18)
[Address] EAT @explorer.exe (InternetConfirmZoneCrossing) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE062CAC)
[Address] EAT @explorer.exe (InternetConfirmZoneCrossingA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE062CAC)
[Address] EAT @explorer.exe (InternetConfirmZoneCrossingW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFBF440)
[Address] EAT @explorer.exe (InternetConnectA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01CCB8)
[Address] EAT @explorer.exe (InternetConnectW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF315C0)
[Address] EAT @explorer.exe (InternetCrackUrlA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF4C530)
[Address] EAT @explorer.exe (InternetCrackUrlW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF82020)
[Address] EAT @explorer.exe (InternetCreateUrlA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01CDE4)
[Address] EAT @explorer.exe (InternetCreateUrlW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF249F0)
[Address] EAT @explorer.exe (InternetDial) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE021904)
[Address] EAT @explorer.exe (InternetDialA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE021904)
[Address] EAT @explorer.exe (InternetDialW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0219B0)
[Address] EAT @explorer.exe (InternetEnumPerSiteCookieDecisionA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE046150)
[Address] EAT @explorer.exe (InternetEnumPerSiteCookieDecisionW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0461B8)
[Address] EAT @explorer.exe (InternetErrorDlg) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE062D64)
[Address] EAT @explorer.exe (InternetFindNextFileA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE03073C)
[Address] EAT @explorer.exe (InternetFindNextFileW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE032AAC)
[Address] EAT @explorer.exe (InternetFortezzaCommand) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE028388)
[Address] EAT @explorer.exe (InternetFreeCookies) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF614C4)
[Address] EAT @explorer.exe (InternetFreeProxyInfoList) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF9323C)
[Address] EAT @explorer.exe (InternetGetCertByURL) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF02198)
[Address] EAT @explorer.exe (InternetGetCertByURLA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF02198)
[Address] EAT @explorer.exe (InternetGetConnectedState) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF2416C)
[Address] EAT @explorer.exe (InternetGetConnectedStateEx) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFC5BF4)
[Address] EAT @explorer.exe (InternetGetConnectedStateExA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFC5BF4)
[Address] EAT @explorer.exe (InternetGetConnectedStateExW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF41510)
[Address] EAT @explorer.exe (InternetGetCookieA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE047490)
[Address] EAT @explorer.exe (InternetGetCookieEx2) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF61494)
[Address] EAT @explorer.exe (InternetGetCookieExA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0474B4)
[Address] EAT @explorer.exe (InternetGetCookieExW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF614DC)
[Address] EAT @explorer.exe (InternetGetCookieW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0477B8)
[Address] EAT @explorer.exe (InternetGetLastResponseInfoA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01CE80)
[Address] EAT @explorer.exe (InternetGetLastResponseInfoW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01DBF4)
[Address] EAT @explorer.exe (InternetGetPerSiteCookieDecisionA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE04629C)
[Address] EAT @explorer.exe (InternetGetPerSiteCookieDecisionW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0462EC)
[Address] EAT @explorer.exe (InternetGetProxyForUrl) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF92F8C)
[Address] EAT @explorer.exe (InternetGetSecurityInfoByURL) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01D020)
[Address] EAT @explorer.exe (InternetGetSecurityInfoByURLA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01D020)
[Address] EAT @explorer.exe (InternetGetSecurityInfoByURLW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01DDB0)
[Address] EAT @explorer.exe (InternetGoOnline) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE021A5C)
[Address] EAT @explorer.exe (InternetGoOnlineA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE021A5C)
[Address] EAT @explorer.exe (InternetGoOnlineW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE021AF4)
[Address] EAT @explorer.exe (InternetHangUp) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE021B8C)
[Address] EAT @explorer.exe (InternetInitializeAutoProxyDll) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF1A270)
[Address] EAT @explorer.exe (InternetLockRequestFile) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF6BB30)
[Address] EAT @explorer.exe (InternetOpenA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF44940)
[Address] EAT @explorer.exe (InternetOpenUrlA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01D138)
[Address] EAT @explorer.exe (InternetOpenUrlW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01DEAC)
[Address] EAT @explorer.exe (InternetOpenW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF447B0)
[Address] EAT @explorer.exe (InternetQueryDataAvailable) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF207E0)
[Address] EAT @explorer.exe (InternetQueryFortezzaStatus) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0283E8)
[Address] EAT @explorer.exe (InternetQueryOptionA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF270B0)
[Address] EAT @explorer.exe (InternetQueryOptionW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF27660)
[Address] EAT @explorer.exe (InternetReadFile) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF40440)
[Address] EAT @explorer.exe (InternetReadFileExA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF76FE0)
[Address] EAT @explorer.exe (InternetReadFileExW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF76F48)
[Address] EAT @explorer.exe (InternetSecurityProtocolToStringA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0620B8)
[Address] EAT @explorer.exe (InternetSecurityProtocolToStringW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE062228)
[Address] EAT @explorer.exe (InternetSetCookieA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0477D8)
[Address] EAT @explorer.exe (InternetSetCookieEx2) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE047800)
[Address] EAT @explorer.exe (InternetSetCookieExA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE047860)
[Address] EAT @explorer.exe (InternetSetCookieExW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF4BFD0)
[Address] EAT @explorer.exe (InternetSetCookieW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE047904)
[Address] EAT @explorer.exe (InternetSetDialState) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE021C0C)
[Address] EAT @explorer.exe (InternetSetDialStateA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE021C0C)
[Address] EAT @explorer.exe (InternetSetDialStateW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE021C64)
[Address] EAT @explorer.exe (InternetSetFilePointer) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFC707C)
[Address] EAT @explorer.exe (InternetSetOptionA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF26020)
[Address] EAT @explorer.exe (InternetSetOptionExA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01E4C0)
[Address] EAT @explorer.exe (InternetSetOptionExW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01E5B4)
[Address] EAT @explorer.exe (InternetSetOptionW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF264E0)
[Address] EAT @explorer.exe (InternetSetPerSiteCookieDecisionA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE046384)
[Address] EAT @explorer.exe (InternetSetPerSiteCookieDecisionW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE04641C)
[Address] EAT @explorer.exe (InternetSetStatusCallback) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF46708)
[Address] EAT @explorer.exe (InternetSetStatusCallbackA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF46708)
[Address] EAT @explorer.exe (InternetSetStatusCallbackW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF8BBBC)
[Address] EAT @explorer.exe (InternetShowSecurityInfoByURL) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01D1CC)
[Address] EAT @explorer.exe (InternetShowSecurityInfoByURLA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01D1CC)
[Address] EAT @explorer.exe (InternetShowSecurityInfoByURLW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE01E058)
[Address] EAT @explorer.exe (InternetTimeFromSystemTime) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF77AB0)
[Address] EAT @explorer.exe (InternetTimeFromSystemTimeA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF77AB0)
[Address] EAT @explorer.exe (InternetTimeFromSystemTimeW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFDD138)
[Address] EAT @explorer.exe (InternetTimeToSystemTime) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFC2FD0)
[Address] EAT @explorer.exe (InternetTimeToSystemTimeA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFC2FD0)
[Address] EAT @explorer.exe (InternetTimeToSystemTimeW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFC2F00)
[Address] EAT @explorer.exe (InternetUnlockRequestFile) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF6B8A4)
[Address] EAT @explorer.exe (InternetWriteFile) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF659B0)
[Address] EAT @explorer.exe (InternetWriteFileExA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE039D50)
[Address] EAT @explorer.exe (InternetWriteFileExW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE039D50)
[Address] EAT @explorer.exe (IsHostInProxyBypassList) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF4A0C4)
[Address] EAT @explorer.exe (IsUrlCacheEntryExpiredA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE083C80)
[Address] EAT @explorer.exe (IsUrlCacheEntryExpiredW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFC6E24)
[Address] EAT @explorer.exe (LoadUrlCacheContent) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE039D50)
[Address] EAT @explorer.exe (ParseX509EncodedCertificateForListBoxEntry) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE062398)
[Address] EAT @explorer.exe (PrivacyGetZonePreferenceW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF4D63C)
[Address] EAT @explorer.exe (PrivacySetZonePreferenceW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFBC9D4)
[Address] EAT @explorer.exe (ReadUrlCacheEntryStream) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF64950)
[Address] EAT @explorer.exe (ReadUrlCacheEntryStreamEx) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE083DD0)
[Address] EAT @explorer.exe (RegisterUrlCacheNotification) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF02A00)
[Address] EAT @explorer.exe (ResumeSuspendedDownload) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE020CEC)
[Address] EAT @explorer.exe (RetrieveUrlCacheEntryFileA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE083EE0)
[Address] EAT @explorer.exe (RetrieveUrlCacheEntryFileW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0840BC)
[Address] EAT @explorer.exe (RetrieveUrlCacheEntryStreamA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE084294)
[Address] EAT @explorer.exe (RetrieveUrlCacheEntryStreamW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFC5A10)
[Address] EAT @explorer.exe (RunOnceUrlCache) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF02198)
[Address] EAT @explorer.exe (SetUrlCacheConfigInfoA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE084498)
[Address] EAT @explorer.exe (SetUrlCacheConfigInfoW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0845CC)
[Address] EAT @explorer.exe (SetUrlCacheEntryGroup) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0846CC)
[Address] EAT @explorer.exe (SetUrlCacheEntryGroupA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0846CC)
[Address] EAT @explorer.exe (SetUrlCacheEntryGroupW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF48BE0)
[Address] EAT @explorer.exe (SetUrlCacheEntryInfoA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF59188)
[Address] EAT @explorer.exe (SetUrlCacheEntryInfoW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE084898)
[Address] EAT @explorer.exe (SetUrlCacheGroupAttributeA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE084A54)
[Address] EAT @explorer.exe (SetUrlCacheGroupAttributeW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE084C44)
[Address] EAT @explorer.exe (SetUrlCacheHeaderData) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE084E04)
[Address] EAT @explorer.exe (ShowCertificate) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE062398)
[Address] EAT @explorer.exe (ShowClientAuthCerts) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE062398)
[Address] EAT @explorer.exe (ShowSecurityInfo) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0623B8)
[Address] EAT @explorer.exe (ShowX509EncodedCertificate) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE062550)
[Address] EAT @explorer.exe (UnlockUrlCacheEntryFile) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE084F24)
[Address] EAT @explorer.exe (UnlockUrlCacheEntryFileA) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE084F24)
[Address] EAT @explorer.exe (UnlockUrlCacheEntryFileW) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE08505C)
[Address] EAT @explorer.exe (UnlockUrlCacheEntryStream) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF8FBF0)
[Address] EAT @explorer.exe (UpdateUrlCacheContentPath) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE08519C)
[Address] EAT @explorer.exe (UrlCacheCheckEntriesExist) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0852BC)
[Address] EAT @explorer.exe (UrlCacheCloseEntryHandle) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE085314)
[Address] EAT @explorer.exe (UrlCacheContainerSetEntryMaximumAge) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE085360)
[Address] EAT @explorer.exe (UrlCacheCreateContainer) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF0EC4C)
[Address] EAT @explorer.exe (UrlCacheFindFirstEntry) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF88B38)
[Address] EAT @explorer.exe (UrlCacheFindNextEntry) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDFC84B0)
[Address] EAT @explorer.exe (UrlCacheFreeEntryInfo) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF90C38)
[Address] EAT @explorer.exe (UrlCacheGetContentPaths) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0853B8)
[Address] EAT @explorer.exe (UrlCacheGetEntryInfo) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF7C5D8)
[Address] EAT @explorer.exe (UrlCacheGetGlobalLimit) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE085410)
[Address] EAT @explorer.exe (UrlCacheReadEntryStream) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE085468)
[Address] EAT @explorer.exe (UrlCacheReloadSettings) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0854C8)
[Address] EAT @explorer.exe (UrlCacheRetrieveEntryFile) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE085520)
[Address] EAT @explorer.exe (UrlCacheRetrieveEntryStream) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE085578)
[Address] EAT @explorer.exe (UrlCacheSetGlobalLimit) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE0855D8)
[Address] EAT @explorer.exe (UrlCacheUpdateEntryExtraData) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFDF730B8)
[Address] EAT @explorer.exe (UrlZonesDetach) : iertutil.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFE05D240)
[Address] EAT @explorer.exe (WlanAllocateMemory) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4858AC8)
[Address] EAT @explorer.exe (WlanCloseHandle) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF48538A0)
[Address] EAT @explorer.exe (WlanConnect) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4855558)
[Address] EAT @explorer.exe (WlanDeleteProfile) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4856D10)
[Address] EAT @explorer.exe (WlanDisconnect) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF48557E8)
[Address] EAT @explorer.exe (WlanEnumInterfaces) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4853A80)
[Address] EAT @explorer.exe (WlanExtractPsdIEDataList) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4858394)
[Address] EAT @explorer.exe (WlanFreeMemory) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF485A5A0)
[Address] EAT @explorer.exe (WlanGetAvailableNetworkList) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4854F88)
[Address] EAT @explorer.exe (WlanGetFilterList) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4857F9C)
[Address] EAT @explorer.exe (WlanGetInterfaceCapability) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4854188)
[Address] EAT @explorer.exe (WlanGetNetworkBssList) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4855268)
[Address] EAT @explorer.exe (WlanGetProfile) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4856A20)
[Address] EAT @explorer.exe (WlanGetProfileCustomUserData) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4857B1C)
[Address] EAT @explorer.exe (WlanGetProfileList) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4857404)
[Address] EAT @explorer.exe (WlanGetSecuritySettings) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4858D88)
[Address] EAT @explorer.exe (WlanHostedNetworkForceStart) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF485935C)
[Address] EAT @explorer.exe (WlanHostedNetworkForceStop) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4859418)
[Address] EAT @explorer.exe (WlanHostedNetworkInitSettings) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF48599D8)
[Address] EAT @explorer.exe (WlanHostedNetworkQueryProperty) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF48594D4)
[Address] EAT @explorer.exe (WlanHostedNetworkQuerySecondaryKey) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF485A020)
[Address] EAT @explorer.exe (WlanHostedNetworkQueryStatus) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4859B50)
[Address] EAT @explorer.exe (WlanHostedNetworkRefreshSecuritySettings) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4859A94)
[Address] EAT @explorer.exe (WlanHostedNetworkSetProperty) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4859744)
[Address] EAT @explorer.exe (WlanHostedNetworkSetSecondaryKey) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4859D78)
[Address] EAT @explorer.exe (WlanHostedNetworkStartUsing) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF48591EC)
[Address] EAT @explorer.exe (WlanHostedNetworkStopUsing) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF48592A4)
[Address] EAT @explorer.exe (WlanIhvControl) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4854A00)
[Address] EAT @explorer.exe (WlanOpenHandle) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4851960)
[Address] EAT @explorer.exe (WlanQueryAutoConfigParameter) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4853EE8)
[Address] EAT @explorer.exe (WlanQueryInterface) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4854668)
[Address] EAT @explorer.exe (WlanReasonCodeToString) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4858A54)
[Address] EAT @explorer.exe (WlanRegisterNotification) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4855A08)
[Address] EAT @explorer.exe (WlanRegisterVirtualStationNotification) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF485A358)
[Address] EAT @explorer.exe (WlanRenameProfile) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4856F4C)
[Address] EAT @explorer.exe (WlanSaveTemporaryProfile) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF48587D0)
[Address] EAT @explorer.exe (WlanScan) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4854D40)
[Address] EAT @explorer.exe (WlanSetAutoConfigParameter) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4853D10)
[Address] EAT @explorer.exe (WlanSetFilterList) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4857DCC)
[Address] EAT @explorer.exe (WlanSetInterface) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4854470)
[Address] EAT @explorer.exe (WlanSetProfile) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4856760)
[Address] EAT @explorer.exe (WlanSetProfileCustomUserData) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF48578A4)
[Address] EAT @explorer.exe (WlanSetProfileEapUserData) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4855CC4)
[Address] EAT @explorer.exe (WlanSetProfileEapXmlUserData) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4855F9C)
[Address] EAT @explorer.exe (WlanSetProfileList) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF48571A8)
[Address] EAT @explorer.exe (WlanSetProfilePosition) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4857644)
[Address] EAT @explorer.exe (WlanSetPsdIEDataList) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF48581B0)
[Address] EAT @explorer.exe (WlanSetSecuritySettings) : api-ms-win-downlevel-shlwapi-l2-1-0.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF4858B58)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3200AAJS-08L7A0 ATA Device +++++
--- User ---
[MBR] 7ad4cc2c73fda4f7141eb9d4db143690
[BSP] 895f4cf863d147b7cedfc82bb5ef008b : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 294043 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 604659712 | Size: 10000 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_04082014_095429.txt >>
RKreport[0]_D_04082014_095213.txt;RKreport[0]_S_04082014_094906.txt
0
Comment
Question by:Jason Johanknecht
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 39992444
It looks like that system is really infected.

Here is a comprehensive list of items to check:

1. Go to All programs, Administrative Tools, Event Viewer. Check the System and Application sections for errors that may be causing your problems.

2. Open an elevated command prompt and run this to check for corrupted system files.
sfc /scannow

3. Install Process Explorer to find out what runs at startup
http://technet.microsoft.com/en-us/sysinternals/bb896653

4. If you haven't also ready checked for Viruses, update your virus definitions and run a Full Scan, deleting all virus and spyware detected

5. If you don’t have any Anti Virus installed, here are a few free ones to try:
http://www.avg.com
http://www.avast.com/en-us/index
http://windows.microsoft.com/en-us/windows/security-essentials-download
http://www.bitdefender.com/solutions/free.html

6. If spyware is found, download and run these free anti spyware apps
AdwCleaner
http://www.bleepingcomputer.com/download/adwcleaner/

Kaspersky TDSSKiller
http://www.bleepingcomputer.com/download/tdsskiller/

ESET online scanner
http://www.eset.com/us/online-scanner/

Malwarebytes Anti-Rootkit
http://www.bleepingcomputer.com/download/malwarebytes-anti-rootkit/

www.malwarebytes.org
www.superantispyware.com
www.hitmanpro.com

7. Run a Disk Cleanup: Start, All Programs, Accessories, System Tools, Disk Cleanup.
Include Temporary Internet Files and Temp files

8. Run Error Checking: Start, Computer, right click  on C:\, Tools, Error Checking.
Select "Automatically fix file system errors" and click start

9. Check for all programs that start at Boot: Start, Run, type MSCONFIG, on the startup tab, review the programs listed. Uncheck anything that should not run on startup

10. Defrag all hard drives: Click My Computer, right click the C drive, click Tools, Disk Defragmenter, Click Analyze to check the amount of fragmentation or Defrag to run the process. You repeat this per drive.

General Maintenance to keep your pc up to date
1. Run Windows Update and select all Microsoft updates and security patches

2. Update your Pc's System Bios

3. Update your drivers: Motherboard Chipset, Network Adaptor, Video, Audio & Printers

4. Start Adobe reader, click Help and then click Check for updates to get the latest security and application updates.

5. Go to Control Panel, Java, advanced tab, click Check for Updates to get the latest security and application updates.

6. If you get a BSOD and want to verify if it’s related to bad Ram chips, download Memtest and make a bootable CD from the ISO. Boot it and run at least one  complete set of tests to check your memory for fault
http://www.memtest.org/#downiso
0
 
LVL 4

Author Comment

by:Jason Johanknecht
ID: 39992455
Has Norton 360 (v21) - scan results (Full Scan) = nothing found but tracking cookies.
Malwarebytes (v2.0.1) Full scan (Rootkits also checked) = nothing but items like Conduit and toolbars.
adwCleaner run.
TDSSKiller run = nothing found.
0
 
LVL 18

Expert Comment

by:web_tracker
ID: 39993235
I would run a scan with malwarebytes if you have not already done so https://www.malwarebytes.org/?utm_source=cj&utm_medium=aff&utm_content=11125352 &utm_campaign=1807252&tracking=cj . One other effective malware removal tool I use is Emsisoft Emergency kit. There is a lot of updates, and it takes a long time to scan but it is very effective in catching infections. https://www.emsisoft.com/en/software/eek/
0
Create Professional Looking Email Signatures

Create "Professional HTML Email Signatures" with ease.
7 Day Money Back Guarantee if not 100% Satisfied.
Affordable - Try it out for 7 Days Totally Risk Free.
Installers provided for over 45 Email clients.
Both Windows & MAC Supported.
Highly Recommended!

 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 39994526
Have you resolved this issue?
0
 
LVL 4

Author Comment

by:Jason Johanknecht
ID: 40009956
I have run anti-rootkit scanners from several companies, as many utilities as I can think of including combofix.  The other night I left Microsoft Safety scanner running on the computer along with malwarebytes anti-rootkit.  When I came back nothing was running.  The trouble computer has been brought back to my office for further testing, and now my computer is showing similar EAT @ explorer roguekiller results (Driver).  I am going to start testing all of the computers here to see if this thing spreads.

I have also tested some of the dll files on virustotal.com and no infections found.
I have not tried bitdefender yet, but is next on my list.  Hitman pro is running this moment.  Probably try Emsisoft and Eset after that.
0
 
LVL 25

Accepted Solution

by:
Tony Giangreco earned 500 total points
ID: 40010250
Hi DataPro, I suggest taking the following steps immediately:

1. Disconnect the infected Pc's from your network to stop any further spread of the infection. I suspect it is a rootkit.

2. Download this rescue disk on a pc you truly believe is clean, create the bootable CD and boot both infected Pc's with it and scan them to find the virus.
http://www.comodo.com/business-security/network-protection/rescue-disk.php

3. If that does not work, I suggest backing up the data, booting from a Windows Install DVDF, Deleting all partitions and performing a Clean Install.

I know this is a painful process, but in my experience, it's always the best process in eliminating spyware and virus's.

Before restoring your data, I suggest booting with that bootable CD and scan the data to make sure it's clean.
http://www.comodo.com/business-security/network-protection/rescue-disk.php
0
 
LVL 4

Author Comment

by:Jason Johanknecht
ID: 40010368
One computer found Toniper (MS Safety Scanner), another found Harakit (Norton), the last one all scanners closed overnight.
0
 
LVL 4

Author Closing Comment

by:Jason Johanknecht
ID: 40043535
This was a good lesson about adding a potential virus to a working network.  Should have continued working on it while disconnected from any and all networks.  Symantec released a definition update that all computers now detect and successfully remove harakit.  Ran adwcleaner again after removal and now everything looks good.
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to remove Odin ransomware ? 11 224
Gpora virus - GPO  lockdown on RDS/TS server 6 43
Behavior-based and anomalies detection for McAfee 2 43
ransomware backup 8 136
PREFACE The purpose of this guide is to explain what the SEPC Status Utility is and how it works. I have written the utility using AutoIt and have included the source code for your review. You are welcome to modify the code to your liking, but I wi…
PREFACE The purpose of this guide is to provide information to successfully install the MS SQL client tools for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008. AUDIENCE Information Technology…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question