Jump to content

Adware Removal Help

TitusAndronicus
 Share

Recommended Posts

TitusAndronicus

TitusAndronicus

Posted
Posted

What I've done:

I have a near identical issue to this link:

https://forums.malwarebytes.org/index.php?showtopic=146454

 

Essentially, I get dummy ads in google chrome, IE, & steam browser / store. It seems all of my browsers have been infected. I have removed all extensions that were malicious.

 

I also have Privoxy.exe which I had deleted, but reinstalled itself.

 

Whenever I run a fully Malwarebytes, Avira, Avast, etc. scans my computer fatal errors with Internal_rootkit_kernel_error midway through the scan, sometimes 20 minutes in, sometimes 3 hours in. Quick scans reveal no results.

 

I have uninstalled utorrent etc.

 

I have followed the instructions, here are my logs.

 

RKILL Text:

Rkill 2.6.5 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 05/18/2014 09:15:37 AM in x64 mode.
Windows Version: Windows 8 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe (PID: 2872) [WD-HEUR]
 
1 proccess terminated!
 
Active Proxy Server Detected
 
 * Proxy Disabled.
 * ProxyOverride value deleted.
 * ProxyServer value deleted.
 * AutoConfigURL value deleted.
 * Proxy settings were backed up to Registry file.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Backup Registry file created at:
 C:\Users\Greg\Desktop\rkill\rkill-05-18-2014-09-15-42.reg
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 05/18/2014 09:16:54 AM

 

Execution time: 0 hours(s), 1 minute(s), and 16 seconds(s)
 
Rogue Killer Text:
 
Rkill 2.6.5 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 05/18/2014 09:15:37 AM in x64 mode.
Windows Version: Windows 8 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe (PID: 2872) [WD-HEUR]
 
1 proccess terminated!
 
Active Proxy Server Detected
 
 * Proxy Disabled.
 * ProxyOverride value deleted.
 * ProxyServer value deleted.
 * AutoConfigURL value deleted.
 * Proxy settings were backed up to Registry file.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Backup Registry file created at:
 C:\Users\Greg\Desktop\rkill\rkill-05-18-2014-09-15-42.reg
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 05/18/2014 09:16:54 AM
Execution time: 0 hours(s), 1 minute(s), and 16 seconds(s)

 

Link to post
Share on other sites
TitusAndronicus

TitusAndronicus

Posted
  • Author
Posted

Sorry, I posted the same text file twice. Here is the Rogue Killer Text:

 

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software

 
Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Greg [Admin rights]
Mode : Scan -- Date : 05/18/2014 09:52:33
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : SearchProtection ("C:\Users\Greg\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart [x]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-427262244-2273599457-2386143178-1002\[...]\Run : SearchProtection ("C:\Users\Greg\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart [x]) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 2 ¤¤¤
[V2][sUSP PATH] IdleCrawler Runner : "%LOCALAPPDATA%\IdleCrawler\IdleCrawler.exe" [x] -> FOUND
[V2][sUSP PATH] IdleCrawler Update : "%LOCALAPPDATA%\IdleCrawler\IdleCrawler.exe" - --Update [x] -> FOUND
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
[Address] EAT @explorer.exe (AssocCreate) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0543B20)
[Address] EAT @explorer.exe (AssocGetPerceivedType) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0544940)
[Address] EAT @explorer.exe (AssocIsDangerous) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055CFBC)
[Address] EAT @explorer.exe (AssocQueryKeyA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB054A870)
[Address] EAT @explorer.exe (AssocQueryKeyW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0543A20)
[Address] EAT @explorer.exe (AssocQueryStringA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055E60C)
[Address] EAT @explorer.exe (AssocQueryStringByKeyA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055E440)
[Address] EAT @explorer.exe (AssocQueryStringByKeyW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05441A0)
[Address] EAT @explorer.exe (AssocQueryStringW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0549CC0)
[Address] EAT @explorer.exe (ChrCmpIA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055A03C)
[Address] EAT @explorer.exe (ChrCmpIW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055A02C)
[Address] EAT @explorer.exe (ColorAdjustLuma) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055F7A8)
[Address] EAT @explorer.exe (ColorHLSToRGB) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB054BFF0)
[Address] EAT @explorer.exe (ColorRGBToHLS) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB054BF30)
[Address] EAT @explorer.exe (ConnectToConnectionPoint) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05442B0)
[Address] EAT @explorer.exe (DelayLoadFailureHook) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055F8F0)
[Address] EAT @explorer.exe (DllGetClassObject) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB056D448)
[Address] EAT @explorer.exe (DllGetVersion) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0555AE0)
[Address] EAT @explorer.exe (GUIDFromStringW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB054F786)
[Address] EAT @explorer.exe (GetAcceptLanguagesA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05597D0)
[Address] EAT @explorer.exe (GetAcceptLanguagesW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0545A40)
[Address] EAT @explorer.exe (GetMenuPosFromID) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0545A60)
[Address] EAT @explorer.exe (HashData) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05597C0)
[Address] EAT @explorer.exe (IStream_Copy) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB054A1A0)
[Address] EAT @explorer.exe (IStream_Read) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0542B80)
[Address] EAT @explorer.exe (IStream_ReadPidl) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0549980)
[Address] EAT @explorer.exe (IStream_ReadStr) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0541120)
[Address] EAT @explorer.exe (IStream_Reset) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0546340)
[Address] EAT @explorer.exe (IStream_Size) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB054A180)
[Address] EAT @explorer.exe (IStream_Write) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0546320)
[Address] EAT @explorer.exe (IStream_WritePidl) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB056F194)
[Address] EAT @explorer.exe (IStream_WriteStr) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0546350)
[Address] EAT @explorer.exe (IUnknown_AtomicRelease) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055A09C)
[Address] EAT @explorer.exe (IUnknown_Exec) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0545B80)
[Address] EAT @explorer.exe (IUnknown_GetSite) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05460B0)
[Address] EAT @explorer.exe (IUnknown_GetWindow) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0542D20)
[Address] EAT @explorer.exe (IUnknown_QueryService) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0543300)
[Address] EAT @explorer.exe (IUnknown_QueryStatus) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB056BBA8)
[Address] EAT @explorer.exe (IUnknown_Set) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0541130)
[Address] EAT @explorer.exe (IUnknown_SetSite) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0543310)
[Address] EAT @explorer.exe (IntlStrEqWorkerA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559E3C)
[Address] EAT @explorer.exe (IntlStrEqWorkerW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559E2C)
[Address] EAT @explorer.exe (IsCharSpaceA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559A80)
[Address] EAT @explorer.exe (IsCharSpaceW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0541140)
[Address] EAT @explorer.exe (IsInternetESCEnabled) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05597B0)
[Address] EAT @explorer.exe (IsOS) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0542B60)
[Address] EAT @explorer.exe (MLFreeLibrary) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0569EF4)
[Address] EAT @explorer.exe (MLLoadLibraryA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0569F48)
[Address] EAT @explorer.exe (MLLoadLibraryW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0569FA8)
[Address] EAT @explorer.exe (ParseURLA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05597A0)
[Address] EAT @explorer.exe (ParseURLW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB054C250)
[Address] EAT @explorer.exe (PathAddBackslashA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559B2C)
[Address] EAT @explorer.exe (PathAddBackslashW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0543C00)
[Address] EAT @explorer.exe (PathAddExtensionA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559CCC)
[Address] EAT @explorer.exe (PathAddExtensionW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559CBC)
[Address] EAT @explorer.exe (PathAppendA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559CAC)
[Address] EAT @explorer.exe (PathAppendW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0545A10)
[Address] EAT @explorer.exe (PathBuildRootA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055A05C)
[Address] EAT @explorer.exe (PathBuildRootW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055A06C)
[Address] EAT @explorer.exe (PathCanonicalizeA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559C9C)
[Address] EAT @explorer.exe (PathCanonicalizeW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0542CF0)
[Address] EAT @explorer.exe (PathCombineA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559B5C)
[Address] EAT @explorer.exe (PathCombineW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0543C10)
[Address] EAT @explorer.exe (PathCommonPrefixA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559DAC)
[Address] EAT @explorer.exe (PathCommonPrefixW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559D9C)
[Address] EAT @explorer.exe (PathCompactPathA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055AF90)
[Address] EAT @explorer.exe (PathCompactPathExA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055AD80)
[Address] EAT @explorer.exe (PathCompactPathExW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0546530)
[Address] EAT @explorer.exe (PathCompactPathW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055EB08)
[Address] EAT @explorer.exe (PathCreateFromUrlA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559790)
[Address] EAT @explorer.exe (PathCreateFromUrlAlloc) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559780)
[Address] EAT @explorer.exe (PathCreateFromUrlW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05436E0)
[Address] EAT @explorer.exe (PathFileExistsA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559C0C)
[Address] EAT @explorer.exe (PathFileExistsAndAttributesW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0545930)
[Address] EAT @explorer.exe (PathFileExistsW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0543690)
[Address] EAT @explorer.exe (PathFindExtensionA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559C3C)
[Address] EAT @explorer.exe (PathFindExtensionW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05410C0)
[Address] EAT @explorer.exe (PathFindFileNameA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559BFC)
[Address] EAT @explorer.exe (PathFindFileNameW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0541090)
[Address] EAT @explorer.exe (PathFindNextComponentA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559AE0)
[Address] EAT @explorer.exe (PathFindNextComponentW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB054A210)
[Address] EAT @explorer.exe (PathFindOnPathA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055B610)
[Address] EAT @explorer.exe (PathFindOnPathW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0549170)
[Address] EAT @explorer.exe (PathFindSuffixArrayA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055B534)
[Address] EAT @explorer.exe (PathFindSuffixArrayW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05453D0)
[Address] EAT @explorer.exe (PathGetArgsA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055962C)
[Address] EAT @explorer.exe (PathGetArgsW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB054C880)
[Address] EAT @explorer.exe (PathGetCharTypeA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559648)
[Address] EAT @explorer.exe (PathGetCharTypeW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0546480)
[Address] EAT @explorer.exe (PathGetDriveNumberA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559D5C)
[Address] EAT @explorer.exe (PathGetDriveNumberW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0541050)
[Address] EAT @explorer.exe (PathIsContentTypeA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055ABAC)
[Address] EAT @explorer.exe (PathIsContentTypeW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB054A2C0)
[Address] EAT @explorer.exe (PathIsDirectoryA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055B404)
[Address] EAT @explorer.exe (PathIsDirectoryEmptyA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055B334)
[Address] EAT @explorer.exe (PathIsDirectoryEmptyW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055EE78)
[Address] EAT @explorer.exe (PathIsDirectoryW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05454D0)
[Address] EAT @explorer.exe (PathIsFileSpecA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559D6C)
[Address] EAT @explorer.exe (PathIsFileSpecW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0546200)
[Address] EAT @explorer.exe (PathIsLFNFileSpecA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559CFC)
[Address] EAT @explorer.exe (PathIsLFNFileSpecW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559CEC)
[Address] EAT @explorer.exe (PathIsNetworkPathA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055A07C)
[Address] EAT @explorer.exe (PathIsNetworkPathW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05429A0)
[Address] EAT @explorer.exe (PathIsPrefixA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559D8C)
[Address] EAT @explorer.exe (PathIsPrefixW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559D7C)
[Address] EAT @explorer.exe (PathIsRelativeA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559D4C)
[Address] EAT @explorer.exe (PathIsRelativeW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0543680)
[Address] EAT @explorer.exe (PathIsRootA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559C8C)
[Address] EAT @explorer.exe (PathIsRootW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0542CE0)
[Address] EAT @explorer.exe (PathIsSameRootA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559D1C)
[Address] EAT @explorer.exe (PathIsSameRootW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559D0C)
[Address] EAT @explorer.exe (PathIsSystemFolderA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055A834)
[Address] EAT @explorer.exe (PathIsSystemFolderW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055E948)
[Address] EAT @explorer.exe (PathIsUNCA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559B3C)
[Address] EAT @explorer.exe (PathIsUNCServerA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559C1C)
[Address] EAT @explorer.exe (PathIsUNCServerShareA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559C2C)
[Address] EAT @explorer.exe (PathIsUNCServerShareW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0545E60)
[Address] EAT @explorer.exe (PathIsUNCServerW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0545E70)
[Address] EAT @explorer.exe (PathIsUNCW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0541040)
[Address] EAT @explorer.exe (PathIsURLA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559770)
[Address] EAT @explorer.exe (PathIsURLW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05436C0)
[Address] EAT @explorer.exe (PathMakePrettyA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055BCB0)
[Address] EAT @explorer.exe (PathMakePrettyW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0549FC0)
[Address] EAT @explorer.exe (PathMakeSystemFolderA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055A8C0)
[Address] EAT @explorer.exe (PathMakeSystemFolderW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0541270)
[Address] EAT @explorer.exe (PathMatchSpecA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559BAC)
[Address] EAT @explorer.exe (PathMatchSpecExA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559B8C)
[Address] EAT @explorer.exe (PathMatchSpecExW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559B7C)
[Address] EAT @explorer.exe (PathMatchSpecW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559B9C)
[Address] EAT @explorer.exe (PathParseIconLocationA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559BEC)
[Address] EAT @explorer.exe (PathParseIconLocationW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0545E20)
[Address] EAT @explorer.exe (PathQuoteSpacesA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559BCC)
[Address] EAT @explorer.exe (PathQuoteSpacesW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0542D00)
[Address] EAT @explorer.exe (PathRelativePathToA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559B14)
[Address] EAT @explorer.exe (PathRelativePathToW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559AF4)
[Address] EAT @explorer.exe (PathRemoveArgsA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055BC74)
[Address] EAT @explorer.exe (PathRemoveArgsW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0546450)
[Address] EAT @explorer.exe (PathRemoveBackslashA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559CDC)
[Address] EAT @explorer.exe (PathRemoveBackslashW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0543730)
[Address] EAT @explorer.exe (PathRemoveBlanksA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559BBC)
[Address] EAT @explorer.exe (PathRemoveBlanksW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0543BD0)
[Address] EAT @explorer.exe (PathRemoveExtensionA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559C7C)
[Address] EAT @explorer.exe (PathRemoveExtensionW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0545E30)
[Address] EAT @explorer.exe (PathRemoveFileSpecA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559B4C)
[Address] EAT @explorer.exe (PathRemoveFileSpecW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0544040)
[Address] EAT @explorer.exe (PathRenameExtensionA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559C6C)
[Address] EAT @explorer.exe (PathRenameExtensionW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559C5C)
[Address] EAT @explorer.exe (PathSearchAndQualifyA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055961C)
[Address] EAT @explorer.exe (PathSearchAndQualifyW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0542E00)
[Address] EAT @explorer.exe (PathSetDlgItemPathA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055AC50)
[Address] EAT @explorer.exe (PathSetDlgItemPathW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055E9D0)
[Address] EAT @explorer.exe (PathSkipRootA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559D2C)
[Address] EAT @explorer.exe (PathSkipRootW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0545A20)
[Address] EAT @explorer.exe (PathStripPathA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559D3C)
[Address] EAT @explorer.exe (PathStripPathW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0546220)
[Address] EAT @explorer.exe (PathStripToRootA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559C4C)
[Address] EAT @explorer.exe (PathStripToRootW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0545E50)
[Address] EAT @explorer.exe (PathUnExpandEnvStringsA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559B6C)
[Address] EAT @explorer.exe (PathUnExpandEnvStringsW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0542DF0)
[Address] EAT @explorer.exe (PathUndecorateA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055A75C)
[Address] EAT @explorer.exe (PathUndecorateW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05464D0)
[Address] EAT @explorer.exe (PathUnmakeSystemFolderA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055A86C)
[Address] EAT @explorer.exe (PathUnmakeSystemFolderW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055E984)
[Address] EAT @explorer.exe (PathUnquoteSpacesA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559BDC)
[Address] EAT @explorer.exe (PathUnquoteSpacesW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0543BE0)
[Address] EAT @explorer.exe (QISearch) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0541010)
[Address] EAT @explorer.exe (SHAllocShared) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05429D0)
[Address] EAT @explorer.exe (SHAnsiToAnsi) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055A310)
[Address] EAT @explorer.exe (SHAnsiToUnicode) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055A320)
[Address] EAT @explorer.exe (SHAutoComplete) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB054BE10)
[Address] EAT @explorer.exe (SHCopyKeyA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055A2F0)
[Address] EAT @explorer.exe (SHCopyKeyW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB054A070)
[Address] EAT @explorer.exe (SHCreateMemStream) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05432B0)
[Address] EAT @explorer.exe (SHCreateShellPalette) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0542890)
[Address] EAT @explorer.exe (SHCreateStreamOnFileA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055A0DC)
[Address] EAT @explorer.exe (SHCreateStreamOnFileEx) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0546070)
[Address] EAT @explorer.exe (SHCreateStreamOnFileW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05464A0)
[Address] EAT @explorer.exe (SHCreateStreamWrapper) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB054F792)
[Address] EAT @explorer.exe (SHCreateThread) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0545E80)
[Address] EAT @explorer.exe (SHCreateThreadRef) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0545B30)
[Address] EAT @explorer.exe (SHCreateThreadWithHandle) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0546400)
[Address] EAT @explorer.exe (SHDeleteEmptyKeyA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055A0FC)
[Address] EAT @explorer.exe (SHDeleteEmptyKeyW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055A0EC)
[Address] EAT @explorer.exe (SHDeleteKeyA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055A2E0)
[Address] EAT @explorer.exe (SHDeleteKeyW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0542C60)
[Address] EAT @explorer.exe (SHDeleteOrphanKeyA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB056EFB8)
[Address] EAT @explorer.exe (SHDeleteOrphanKeyW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB056EF48)
[Address] EAT @explorer.exe (SHDeleteValueA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055A10C)
[Address] EAT @explorer.exe (SHDeleteValueW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0542CA0)
[Address] EAT @explorer.exe (SHEnumKeyExA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055A290)
[Address] EAT @explorer.exe (SHEnumKeyExW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055A280)
[Address] EAT @explorer.exe (SHEnumValueA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055A250)
[Address] EAT @explorer.exe (SHEnumValueW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB054A1D0)
[Address] EAT @explorer.exe (SHFormatDateTimeA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055F004)
[Address] EAT @explorer.exe (SHFormatDateTimeW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055F070)
[Address] EAT @explorer.exe (SHFreeShared) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05429E0)
[Address] EAT @explorer.exe (SHGetInverseCMAP) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0560830)
[Address] EAT @explorer.exe (SHGetThreadRef) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0549140)
[Address] EAT @explorer.exe (SHGetValueA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05443C0)
[Address] EAT @explorer.exe (SHGetValueW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0542B20)
[Address] EAT @explorer.exe (SHGetViewStatePropertyBag) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0546FA0)
[Address] EAT @explorer.exe (SHIsChildOrSelf) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0543510)
[Address] EAT @explorer.exe (SHIsLowMemoryMachine) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB056BC3C)
[Address] EAT @explorer.exe (SHLoadIndirectString) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0543340)
[Address] EAT @explorer.exe (SHLockShared) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB056F838)
[Address] EAT @explorer.exe (SHMessageBoxCheckA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB056ADD4)
[Address] EAT @explorer.exe (SHMessageBoxCheckW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB056AF00)
[Address] EAT @explorer.exe (SHOpenRegStream2A) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055A0AC)
[Address] EAT @explorer.exe (SHOpenRegStream2W) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05443F0)
[Address] EAT @explorer.exe (SHOpenRegStreamA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055A0CC)
[Address] EAT @explorer.exe (SHOpenRegStreamW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055A0BC)
[Address] EAT @explorer.exe (SHPackDispParamsV) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0547DB0)
[Address] EAT @explorer.exe (SHPropertyBag_ReadStrAlloc) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0571598)
[Address] EAT @explorer.exe (SHPropertyBag_WriteBSTR) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0571498)
[Address] EAT @explorer.exe (SHQueryInfoKeyA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055A230)
[Address] EAT @explorer.exe (SHQueryInfoKeyW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055A210)
[Address] EAT @explorer.exe (SHQueryValueExA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055A120)
[Address] EAT @explorer.exe (SHQueryValueExW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05463A0)
[Address] EAT @explorer.exe (SHRegCloseUSKey) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559A70)
[Address] EAT @explorer.exe (SHRegCreateUSKeyA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559A58)
[Address] EAT @explorer.exe (SHRegCreateUSKeyW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0542640)
[Address] EAT @explorer.exe (SHRegDeleteEmptyUSKeyA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559A44)
[Address] EAT @explorer.exe (SHRegDeleteEmptyUSKeyW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559A34)
[Address] EAT @explorer.exe (SHRegDeleteUSValueA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559A24)
[Address] EAT @explorer.exe (SHRegDeleteUSValueW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559A14)
[Address] EAT @explorer.exe (SHRegDuplicateHKey) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055A1F0)
[Address] EAT @explorer.exe (SHRegEnumUSKeyA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05599FC)
[Address] EAT @explorer.exe (SHRegEnumUSKeyW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05599DC)
[Address] EAT @explorer.exe (SHRegEnumUSValueA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559998)
[Address] EAT @explorer.exe (SHRegEnumUSValueW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0542590)
[Address] EAT @explorer.exe (SHRegGetBoolUSValueA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559984)
[Address] EAT @explorer.exe (SHRegGetBoolUSValueW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB054C220)
[Address] EAT @explorer.exe (SHRegGetBoolValueFromHKCUHKLM) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0546330)
[Address] EAT @explorer.exe (SHRegGetIntW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055A1E0)
[Address] EAT @explorer.exe (SHRegGetPathA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055A1C0)
[Address] EAT @explorer.exe (SHRegGetPathW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB054A240)
[Address] EAT @explorer.exe (SHRegGetUSValueA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559948)
[Address] EAT @explorer.exe (SHRegGetUSValueW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB054A280)
[Address] EAT @explorer.exe (SHRegGetValueA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055A2A4)
[Address] EAT @explorer.exe (SHRegGetValueFromHKCUHKLM) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0546EBC)
[Address] EAT @explorer.exe (SHRegGetValueW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05421B0)
[Address] EAT @explorer.exe (SHRegOpenUSKeyA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559928)
[Address] EAT @explorer.exe (SHRegOpenUSKeyW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559908)
[Address] EAT @explorer.exe (SHRegQueryInfoUSKeyA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05598E0)
[Address] EAT @explorer.exe (SHRegQueryInfoUSKeyW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0542610)
[Address] EAT @explorer.exe (SHRegQueryUSValueA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05598A0)
[Address] EAT @explorer.exe (SHRegQueryUSValueW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559860)
[Address] EAT @explorer.exe (SHRegSetPathA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055A1A0)
[Address] EAT @explorer.exe (SHRegSetPathW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055A180)
[Address] EAT @explorer.exe (SHRegSetUSValueA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559838)
[Address] EAT @explorer.exe (SHRegSetUSValueW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559810)
[Address] EAT @explorer.exe (SHRegWriteUSValueA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05597E4)
[Address] EAT @explorer.exe (SHRegWriteUSValueW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05425E0)
[Address] EAT @explorer.exe (SHRegisterValidateTemplate) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05758E0)
[Address] EAT @explorer.exe (SHReleaseThreadRef) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055A08C)
[Address] EAT @explorer.exe (SHRunIndirectRegClientCommand) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055C95C)
[Address] EAT @explorer.exe (SHSendMessageBroadcastA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB056A27C)
[Address] EAT @explorer.exe (SHSendMessageBroadcastW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0542CC0)
[Address] EAT @explorer.exe (SHSetThreadRef) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0545B10)
[Address] EAT @explorer.exe (SHSetValueA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055A14C)
[Address] EAT @explorer.exe (SHSetValueW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05463D0)
[Address] EAT @explorer.exe (SHSkipJunction) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0542E20)
[Address] EAT @explorer.exe (SHStrDupA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB054A260)
[Address] EAT @explorer.exe (SHStrDupW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0541070)
[Address] EAT @explorer.exe (SHStripMneumonicA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB056A900)
[Address] EAT @explorer.exe (SHStripMneumonicW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0542DB0)
[Address] EAT @explorer.exe (SHUnicodeToAnsi) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05432E0)
[Address] EAT @explorer.exe (SHUnicodeToAnsiCP) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB054F7B9)
[Address] EAT @explorer.exe (SHUnicodeToUnicode) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055A300)
[Address] EAT @explorer.exe (SHUnlockShared) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB056F818)
[Address] EAT @explorer.exe (ShellMessageBoxA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055C604)
[Address] EAT @explorer.exe (ShellMessageBoxW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055F54C)
[Address] EAT @explorer.exe (StrCSpnA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559EEC)
[Address] EAT @explorer.exe (StrCSpnIA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559EDC)
[Address] EAT @explorer.exe (StrCSpnIW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559ECC)
[Address] EAT @explorer.exe (StrCSpnW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0545A30)
[Address] EAT @explorer.exe (StrCatBuffA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559FDC)
[Address] EAT @explorer.exe (StrCatBuffW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559FEC)
[Address] EAT @explorer.exe (StrCatChainW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559DCC)
[Address] EAT @explorer.exe (StrCatW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055FCF8)
[Address] EAT @explorer.exe (StrChrA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559FCC)
[Address] EAT @explorer.exe (StrChrIA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559F9C)
[Address] EAT @explorer.exe (StrChrIW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05410E0)
[Address] EAT @explorer.exe (StrChrNIW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559F8C)
[Address] EAT @explorer.exe (StrChrNW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559FBC)
[Address] EAT @explorer.exe (StrChrW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0541080)
[Address] EAT @explorer.exe (StrCmpCA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559DEC)
[Address] EAT @explorer.exe (StrCmpCW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0542C90)
[Address] EAT @explorer.exe (StrCmpICA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0541100)
[Address] EAT @explorer.exe (StrCmpICW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05410F0)
[Address] EAT @explorer.exe (StrCmpIW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0543650)
[Address] EAT @explorer.exe (StrCmpLogicalW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559DDC)
[Address] EAT @explorer.exe (StrCmpNA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559EBC)
[Address] EAT @explorer.exe (StrCmpNCA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559E0C)
[Address] EAT @explorer.exe (StrCmpNCW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559DFC)
[Address] EAT @explorer.exe (StrCmpNIA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559EAC)
[Address] EAT @explorer.exe (StrCmpNICA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05460A0)
[Address] EAT @explorer.exe (StrCmpNICW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0542B70)
[Address] EAT @explorer.exe (StrCmpNIW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0543670)
[Address] EAT @explorer.exe (StrCmpNW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0543770)
[Address] EAT @explorer.exe (StrCmpW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05410B0)
[Address] EAT @explorer.exe (StrCpyNW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559FFC)
[Address] EAT @explorer.exe (StrCpyW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055FD38)
[Address] EAT @explorer.exe (StrDupA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559E4C)
[Address] EAT @explorer.exe (StrDupW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0542B50)
[Address] EAT @explorer.exe (StrFormatByteSize64A) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055FC00)
[Address] EAT @explorer.exe (StrFormatByteSizeA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055FBF4)
[Address] EAT @explorer.exe (StrFormatByteSizeEx) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05432D0)
[Address] EAT @explorer.exe (StrFormatByteSizeW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055FC60)
[Address] EAT @explorer.exe (StrFormatKBSizeA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055FB74)
[Address] EAT @explorer.exe (StrFormatKBSizeW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055FBE0)
[Address] EAT @explorer.exe (StrFromTimeIntervalA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0568AC8)
[Address] EAT @explorer.exe (StrFromTimeIntervalW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0568A44)
[Address] EAT @explorer.exe (StrIsIntlEqualA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559E3C)
[Address] EAT @explorer.exe (StrIsIntlEqualW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559E2C)
[Address] EAT @explorer.exe (StrNCatA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055FCB8)
[Address] EAT @explorer.exe (StrNCatW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055FC74)
[Address] EAT @explorer.exe (StrPBrkA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559F5C)
[Address] EAT @explorer.exe (StrPBrkW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05461E0)
[Address] EAT @explorer.exe (StrRChrA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559FAC)
[Address] EAT @explorer.exe (StrRChrIA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559F7C)
[Address] EAT @explorer.exe (StrRChrIW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559F6C)
[Address] EAT @explorer.exe (StrRChrW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0546210)
[Address] EAT @explorer.exe (StrRStrIA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559E9C)
[Address] EAT @explorer.exe (StrRStrIW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559E8C)
[Address] EAT @explorer.exe (StrRetToBSTR) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05460D0)
[Address] EAT @explorer.exe (StrRetToBufA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055F9E8)
[Address] EAT @explorer.exe (StrRetToBufW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0541110)
[Address] EAT @explorer.exe (StrRetToStrA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055FA98)
[Address] EAT @explorer.exe (StrRetToStrW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0543330)
[Address] EAT @explorer.exe (StrSpnA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559F0C)
[Address] EAT @explorer.exe (StrSpnW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559EFC)
[Address] EAT @explorer.exe (StrStrA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559E7C)
[Address] EAT @explorer.exe (StrStrIA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0546490)
[Address] EAT @explorer.exe (StrStrIW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05410D0)
[Address] EAT @explorer.exe (StrStrNIW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559E5C)
[Address] EAT @explorer.exe (StrStrNW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559E6C)
[Address] EAT @explorer.exe (StrStrW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0543660)
[Address] EAT @explorer.exe (StrToInt64ExA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559F2C)
[Address] EAT @explorer.exe (StrToInt64ExW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559F3C)
[Address] EAT @explorer.exe (StrToIntA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559F4C)
[Address] EAT @explorer.exe (StrToIntExA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559F1C)
[Address] EAT @explorer.exe (StrToIntExW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05461F0)
[Address] EAT @explorer.exe (StrToIntW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05410A0)
[Address] EAT @explorer.exe (StrTrimA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559E1C)
[Address] EAT @explorer.exe (StrTrimW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0543320)
[Address] EAT @explorer.exe (UrlApplySchemeA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559760)
[Address] EAT @explorer.exe (UrlApplySchemeW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559750)
[Address] EAT @explorer.exe (UrlCanonicalizeA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559740)
[Address] EAT @explorer.exe (UrlCanonicalizeW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05436B0)
[Address] EAT @explorer.exe (UrlCombineA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559728)
[Address] EAT @explorer.exe (UrlCombineW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0543750)
[Address] EAT @explorer.exe (UrlCompareA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559714)
[Address] EAT @explorer.exe (UrlCompareW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559704)
[Address] EAT @explorer.exe (UrlCreateFromPathA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05596F4)
[Address] EAT @explorer.exe (UrlCreateFromPathW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0543BF0)
[Address] EAT @explorer.exe (UrlEscapeA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05596E4)
[Address] EAT @explorer.exe (UrlEscapeW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0543720)
[Address] EAT @explorer.exe (UrlFixupW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05596D4)
[Address] EAT @explorer.exe (UrlGetLocationA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05596C4)
[Address] EAT @explorer.exe (UrlGetLocationW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05596B4)
[Address] EAT @explorer.exe (UrlGetPartA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055969C)
[Address] EAT @explorer.exe (UrlGetPartW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0543700)
[Address] EAT @explorer.exe (UrlHashA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559688)
[Address] EAT @explorer.exe (UrlHashW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559678)
[Address] EAT @explorer.exe (UrlIsA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559668)
[Address] EAT @explorer.exe (UrlIsNoHistoryA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05595EC)
[Address] EAT @explorer.exe (UrlIsNoHistoryW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0541150)
[Address] EAT @explorer.exe (UrlIsOpaqueA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB055960C)
[Address] EAT @explorer.exe (UrlIsOpaqueW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05595FC)
[Address] EAT @explorer.exe (UrlIsW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05436A0)
[Address] EAT @explorer.exe (UrlUnescapeA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0559658)
[Address] EAT @explorer.exe (UrlUnescapeW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05436D0)
[Address] EAT @explorer.exe (WhichPlatform) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB056A6D0)
[Address] EAT @explorer.exe (wnsprintfA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05693AC)
[Address] EAT @explorer.exe (wnsprintfW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0569318)
[Address] EAT @explorer.exe (wvnsprintfA) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB05693F8)
[Address] EAT @explorer.exe (wvnsprintfW) : sechost.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xB0569368)
[Address] EAT @explorer.exe (BatMeterIconAnimationReset) : Windows.Networking.Connectivity.dll -> HOOKED (C:\Windows\system32\BatMeter.dll @ 0xA0ED4554)
[Address] EAT @explorer.exe (BatMeterIconThemeReset) : Windows.Networking.Connectivity.dll -> HOOKED (C:\Windows\system32\BatMeter.dll @ 0xA0ED46EC)
[Address] EAT @explorer.exe (BatMeterOnDeviceChange) : Windows.Networking.Connectivity.dll -> HOOKED (C:\Windows\system32\BatMeter.dll @ 0xA0ED4134)
[Address] EAT @explorer.exe (CleanupBatteryData) : Windows.Networking.Connectivity.dll -> HOOKED (C:\Windows\system32\BatMeter.dll @ 0xA0ED1884)
[Address] EAT @explorer.exe (CreateBatteryData) : Windows.Networking.Connectivity.dll -> HOOKED (C:\Windows\system32\BatMeter.dll @ 0xA0ED2B98)
[Address] EAT @explorer.exe (GetBatMeterIconAnimationState) : Windows.Networking.Connectivity.dll -> HOOKED (C:\Windows\system32\BatMeter.dll @ 0xA0ED41F0)
[Address] EAT @explorer.exe (GetBatMeterIconAnimationTimeDelay) : Windows.Networking.Connectivity.dll -> HOOKED (C:\Windows\system32\BatMeter.dll @ 0xA0ED4370)
[Address] EAT @explorer.exe (GetBatMeterIconAnimationUpdate) : Windows.Networking.Connectivity.dll -> HOOKED (C:\Windows\system32\BatMeter.dll @ 0xA0ED4494)
[Address] EAT @explorer.exe (GetBatteryCapacityInfo) : Windows.Networking.Connectivity.dll -> HOOKED (C:\Windows\system32\BatMeter.dll @ 0xA0ED3F18)
[Address] EAT @explorer.exe (GetBatteryDetails) : Windows.Networking.Connectivity.dll -> HOOKED (C:\Windows\system32\BatMeter.dll @ 0xA0ED5AD0)
[Address] EAT @explorer.exe (GetBatteryImmersiveIcon) : Windows.Networking.Connectivity.dll -> HOOKED (C:\Windows\system32\BatMeter.dll @ 0xA0ED2060)
[Address] EAT @explorer.exe (GetBatteryInfo) : Windows.Networking.Connectivity.dll -> HOOKED (C:\Windows\system32\BatMeter.dll @ 0xA0ED5100)
[Address] EAT @explorer.exe (GetBatteryStatusText) : Windows.Networking.Connectivity.dll -> HOOKED (C:\Windows\system32\BatMeter.dll @ 0xA0ED5190)
[Address] EAT @explorer.exe (GetBatteryWorkingState) : Windows.Networking.Connectivity.dll -> HOOKED (C:\Windows\system32\BatMeter.dll @ 0xA0ED19C0)
[Address] EAT @explorer.exe (IsBatteryBad) : Windows.Networking.Connectivity.dll -> HOOKED (C:\Windows\system32\BatMeter.dll @ 0xA0ED3F0C)
[Address] EAT @explorer.exe (IsBatteryHealthWarningEnabled) : Windows.Networking.Connectivity.dll -> HOOKED (C:\Windows\system32\BatMeter.dll @ 0xA0ED3F00)
[Address] EAT @explorer.exe (IsBatteryLevelCritical) : Windows.Networking.Connectivity.dll -> HOOKED (C:\Windows\system32\BatMeter.dll @ 0xA0ED3EC4)
[Address] EAT @explorer.exe (IsBatteryLevelLow) : Windows.Networking.Connectivity.dll -> HOOKED (C:\Windows\system32\BatMeter.dll @ 0xA0ED3ED8)
[Address] EAT @explorer.exe (IsBatteryLevelReserve) : Windows.Networking.Connectivity.dll -> HOOKED (C:\Windows\system32\BatMeter.dll @ 0xA0ED3EEC)
[Address] EAT @explorer.exe (PowerCapabilities) : Windows.Networking.Connectivity.dll -> HOOKED (C:\Windows\system32\BatMeter.dll @ 0xA0ED1560)
[Address] EAT @explorer.exe (QueryBatteryData) : Windows.Networking.Connectivity.dll -> HOOKED (C:\Windows\system32\BatMeter.dll @ 0xA0ED2C44)
[Address] EAT @explorer.exe (SetBatteryHealthWarningState) : Windows.Networking.Connectivity.dll -> HOOKED (C:\Windows\system32\BatMeter.dll @ 0xA0ED3F00)
[Address] EAT @explorer.exe (SetBatteryLevel) : Windows.Networking.Connectivity.dll -> HOOKED (C:\Windows\system32\BatMeter.dll @ 0xA0ED27A0)
[Address] EAT @explorer.exe (SetBatteryWorkingState) : Windows.Networking.Connectivity.dll -> HOOKED (C:\Windows\system32\BatMeter.dll @ 0xA0ED1048)
[Address] EAT @explorer.exe (SubscribeBatteryUpdateNotification) : Windows.Networking.Connectivity.dll -> HOOKED (C:\Windows\system32\BatMeter.dll @ 0xA0ED1FB8)
[Address] EAT @explorer.exe (UnsubscribeBatteryUpdateNotification) : Windows.Networking.Connectivity.dll -> HOOKED (C:\Windows\system32\BatMeter.dll @ 0xA0ED1980)
[Address] EAT @explorer.exe (UpdateBatteryData) : Windows.Networking.Connectivity.dll -> HOOKED (C:\Windows\system32\BatMeter.dll @ 0xA0ED50C4)
[Address] EAT @explorer.exe (UpdateBatteryDataAsync) : Windows.Networking.Connectivity.dll -> HOOKED (C:\Windows\system32\BatMeter.dll @ 0xA0ED1B60)
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MQ01ABD050 +++++
--- User ---
[MBR] 733c40ceae311ba76b5bb14dcffc4646
[bSP] 57374f78e50993d9f60cc097afa2857b : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_05182014_095233.txt >>
Link to post
Share on other sites
  • 5 weeks later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Very sorry for the delay. We've simply been overrun with requests for help and have not been able to get to everyone requesting help in a timely manner.

Now that we're finally getting our head a bit above water again I've been going back to review old missed requests. If you do still need help please let me know.

Thank you

Link to post
Share on other sites
  • 1 month later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.