Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer playing random audio at different times of the day


  • Please log in to reply
11 replies to this topic

#1 trek8500xtr

trek8500xtr

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 08 April 2014 - 01:48 PM

Windows 7 SP1 box seems to be infected with some kind of virus.

 

Antivirus - Microsoft Security Essentials (Updated)

Antimalware - Malwarebytes (Updated)'

 

In volume mixer there are 2 "Name Not Available" that seem to be the source of the audio.  It is a mixture of advertisements and radio.  There are no browser windows open and I don't see anything in the process list that could be the source.

 

TDSSKiller & Malwarebytes both came back clean.

 

Any help would be greatly appreciated.



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:57 AM

Posted 08 April 2014 - 02:53 PM

Hello trek

Lets try these also

Please download Rkill by Grinler and save it to your desktop.
  • Link 1
  • Link 2
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.
Run Malwarebyts again.

Download RogueKiller from one of the following links and save it to your desktop:
  • Link 1
  • Link 2
    • Close all programs and disconnect any USB or external drives before running the tool.
    • Double-click RogueKiller.exe to run the tool (Vista or 7 users: Right-click and select Run As Administrator).
    • Once the Prescan has finished, click Scan.
    • Once the Status box shows "Scan Finished", just close the program. <--Don't fix anything!
    • Copy and paste the report that opens into your next reply.
      • The log can also be found on your desktop labeled (RKreport[X]_S_xxdatexx_xtimex)
      • The highest number of [X], is the most recent Scan

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 trek8500xtr

trek8500xtr
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 08 April 2014 - 03:32 PM

RogueKiller Log:

 

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Becky [Admin rights]
Mode : Scan -- Date : 01/23/2014 15:31:27
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] JuniperSetupClient.exe -- C:\Users\Becky\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe [7] -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\System32\svchost.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 5 ¤¤¤
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:6092 [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] EAT @explorer.exe (DllGetClassObject) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6CF9D)
[Address] EAT @explorer.exe (IEnumString_Next_WIC_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6E000)
[Address] EAT @explorer.exe (IEnumString_Reset_WIC_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6E029)
[Address] EAT @explorer.exe (IPropertyBag2_Write_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6E049)
[Address] EAT @explorer.exe (IWICBitmapClipper_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6DD2A)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_DoesSupportAnimation_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6EA9A)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_DoesSupportLossless_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6EABD)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_DoesSupportMultiframe_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6EAE0)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetContainerFormat_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6E9D3)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetDeviceManufacturer_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6E9F6)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetDeviceModels_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6EA1F)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetFileExtensions_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6EA71)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetMimeTypes_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6EA48)
[Address] EAT @explorer.exe (IWICBitmapDecoder_CopyPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D845)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetColorContexts_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6E9AA)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetDecoderInfo_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D822)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetFrameCount_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D9A2)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetFrame_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D868)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetMetadataQueryReader_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D8DA)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetPreview_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6DC74)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetThumbnail_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6E9D3)
[Address] EAT @explorer.exe (IWICBitmapEncoder_Commit_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6DC05)
[Address] EAT @explorer.exe (IWICBitmapEncoder_CreateNewFrame_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6DB87)
[Address] EAT @explorer.exe (IWICBitmapEncoder_GetEncoderInfo_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6DB5E)
[Address] EAT @explorer.exe (IWICBitmapEncoder_GetMetadataQueryWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D9A2)
[Address] EAT @explorer.exe (IWICBitmapEncoder_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6DB32)
[Address] EAT @explorer.exe (IWICBitmapEncoder_SetPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6DBDC)
[Address] EAT @explorer.exe (IWICBitmapEncoder_SetThumbnail_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6DBB3)
[Address] EAT @explorer.exe (IWICBitmapFlipRotator_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6DD2A)
[Address] EAT @explorer.exe (IWICBitmapFrameDecode_GetColorContexts_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D88E)
[Address] EAT @explorer.exe (IWICBitmapFrameDecode_GetMetadataQueryReader_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D8DA)
[Address] EAT @explorer.exe (IWICBitmapFrameDecode_GetThumbnail_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D8B7)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_Commit_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D9C5)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_GetMetadataQueryWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6EB03)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6DFB7)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetColorContexts_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6DB06)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetResolution_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6DA17)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetSize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D9E5)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetThumbnail_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6DADD)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_WriteSource_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6DA71)
[Address] EAT @explorer.exe (IWICBitmapLock_GetDataPointer_STA_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D7FC)
[Address] EAT @explorer.exe (IWICBitmapLock_GetStride_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6DC25)
[Address] EAT @explorer.exe (IWICBitmapScaler_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6DCFE)
[Address] EAT @explorer.exe (IWICBitmapSource_CopyPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D822)
[Address] EAT @explorer.exe (IWICBitmapSource_CopyPixels_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6DC48)
[Address] EAT @explorer.exe (IWICBitmapSource_GetPixelFormat_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6DC25)
[Address] EAT @explorer.exe (IWICBitmapSource_GetResolution_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D7FC)
[Address] EAT @explorer.exe (IWICBitmapSource_GetSize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D91D)
[Address] EAT @explorer.exe (IWICBitmap_Lock_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6E981)
[Address] EAT @explorer.exe (IWICBitmap_SetPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6DC74)
[Address] EAT @explorer.exe (IWICBitmap_SetResolution_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6DC97)
[Address] EAT @explorer.exe (IWICColorContext_InitializeFromMemory_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6EB75)
[Address] EAT @explorer.exe (IWICComponentFactory_CreateMetadataWriterFromReader_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D7AA)
[Address] EAT @explorer.exe (IWICComponentFactory_CreateQueryWriterFromBlockWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D7D3)
[Address] EAT @explorer.exe (IWICComponentInfo_GetAuthor_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6E958)
[Address] EAT @explorer.exe (IWICComponentInfo_GetCLSID_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6DC25)
[Address] EAT @explorer.exe (IWICComponentInfo_GetFriendlyName_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6E9AA)
[Address] EAT @explorer.exe (IWICComponentInfo_GetSpecVersion_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D88E)
[Address] EAT @explorer.exe (IWICComponentInfo_GetVersion_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6E981)
[Address] EAT @explorer.exe (IWICFastMetadataEncoder_Commit_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D8FD)
[Address] EAT @explorer.exe (IWICFastMetadataEncoder_GetMetadataQueryWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6DC25)
[Address] EAT @explorer.exe (IWICFormatConverter_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6DCC7)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapClipper_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D557)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFlipRotator_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D580)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromHBITMAP_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D6BA)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromHICON_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D6E6)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromMemory_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D656)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromSource_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D62D)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapScaler_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D52E)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmap_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D68B)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateComponentInfo_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D4D9)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateDecoderFromFileHandle_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D4A1)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateDecoderFromFilename_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D466)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateDecoderFromStream_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D42E)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateEncoder_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D5D2)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateFastMetadataEncoderFromDecoder_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D70C)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateFastMetadataEncoderFromFrameDecode_Proxè`ÙZø"IÿÿÿÿZtD>HcÙF) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D732)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateFormatConverter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D505)
[Address] EAT @explorer.exe (IWICImagingFactory_CreatePalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6DADD)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateQueryWriterFromReader_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D781)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateQueryWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D758)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateStream_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D5A9)
[Address] EAT @explorer.exe (IWICMetadataBlockReader_GetCount_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6DC25)
[Address] EAT @explorer.exe (IWICMetadataBlockReader_GetReaderByIndex_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D7FC)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetContainerFormat_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6DFB7)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetEnumerator_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D822)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetLocation_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6E049)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetMetadataByName_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D7FC)
[Address] EAT @explorer.exe (IWICMetadataQueryWriter_RemoveMetadataByName_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D8DA)
[Address] EAT @explorer.exe (IWICMetadataQueryWriter_SetMetadataByName_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6DFDA)
[Address] EAT @explorer.exe (IWICPalette_GetColorCount_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D96C)
[Address] EAT @explorer.exe (IWICPalette_GetColors_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D88E)
[Address] EAT @explorer.exe (IWICPalette_GetType_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D845)
[Address] EAT @explorer.exe (IWICPalette_HasAlpha_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D9A2)
[Address] EAT @explorer.exe (IWICPalette_InitializeCustom_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6EB75)
[Address] EAT @explorer.exe (IWICPalette_InitializeFromBitmap_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D943)
[Address] EAT @explorer.exe (IWICPalette_InitializeFromPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D822)
[Address] EAT @explorer.exe (IWICPalette_InitializePredefined_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D91D)
[Address] EAT @explorer.exe (IWICPixelFormatInfo_GetBitsPerPixel_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6EB03)
[Address] EAT @explorer.exe (IWICPixelFormatInfo_GetChannelCount_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6DD50)
[Address] EAT @explorer.exe (IWICPixelFormatInfo_GetChannelMask_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6EB26)
[Address] EAT @explorer.exe (IWICStream_InitializeFromIStream_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6DD50)
[Address] EAT @explorer.exe (IWICStream_InitializeFromMemory_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6DD73)
[Address] EAT @explorer.exe (WICConvertBitmapSource) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6DDB8)
[Address] EAT @explorer.exe (WICCreateBitmapFromSection) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6DF8D)
[Address] EAT @explorer.exe (WICCreateBitmapFromSectionEx) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6DE8C)
[Address] EAT @explorer.exe (WICCreateColorContext_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6EB52)
[Address] EAT @explorer.exe (WICCreateImagingFactory_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D02B)
[Address] EAT @explorer.exe (WICGetMetadataContentSize) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6E61D)
[Address] EAT @explorer.exe (WICMapGuidToShortName) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D0EC)
[Address] EAT @explorer.exe (WICMapSchemaToName) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D2E0)
[Address] EAT @explorer.exe (WICMapShortNameToGuid) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6D217)
[Address] EAT @explorer.exe (WICMatchMetadataContent) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6E072)
[Address] EAT @explorer.exe (WICSerializeMetadataContent) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6E1B4)
[Address] EAT @explorer.exe (WICSetEncoderFormat_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73C6DD99)
[Address] EAT @explorer.exe (DllCanUnloadNow) : OLEACC.dll -> HOOKED (C:\Windows\system32\SearchFolder.dll @ 0x6DC529B6)
[Address] EAT @explorer.exe (DllGetClassObject) : OLEACC.dll -> HOOKED (C:\Windows\system32\SearchFolder.dll @ 0x6DC53E5E)
[Address] EAT @explorer.exe (DllRegisterServer) : OLEACC.dll -> HOOKED (C:\Windows\system32\SearchFolder.dll @ 0x6DC9A698)
[Address] EAT @explorer.exe (DllUnregisterServer) : OLEACC.dll -> HOOKED (C:\Windows\system32\SearchFolder.dll @ 0x6DC9A698)
[Address] IAT @iexplore.exe (GetProcAddress) : KERNEL32.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x70041E4B)
[Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\system32\shlwapi.DLL @ 0x767F46E9)
[Address] EAT @iexplore.exe (BeginBufferedAnimation) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740E09AE)
[Address] EAT @iexplore.exe (BeginBufferedPaint) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740D49A1)
[Address] EAT @iexplore.exe (BeginPanningFeedback) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x74100731)
[Address] EAT @iexplore.exe (BufferedPaintClear) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740D6395)
[Address] EAT @iexplore.exe (BufferedPaintInit) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740D940E)
[Address] EAT @iexplore.exe (BufferedPaintRenderAnimation) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740E08ED)
[Address] EAT @iexplore.exe (BufferedPaintSetAlpha) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740EE6B3)
[Address] EAT @iexplore.exe (BufferedPaintStopAllAnimations) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740ED395)
[Address] EAT @iexplore.exe (BufferedPaintUnInit) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740D94AB)
[Address] EAT @iexplore.exe (CloseThemeData) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740D6A18)
[Address] EAT @iexplore.exe (DrawThemeBackground) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740D3982)
[Address] EAT @iexplore.exe (DrawThemeBackgroundEx) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740ED9DA)
[Address] EAT @iexplore.exe (DrawThemeEdge) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740F3B52)
[Address] EAT @iexplore.exe (DrawThemeIcon) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x741035E7)
[Address] EAT @iexplore.exe (DrawThemeParentBackground) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740D53E5)
[Address] EAT @iexplore.exe (DrawThemeParentBackgroundEx) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740D51BF)
[Address] EAT @iexplore.exe (DrawThemeText) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740D4EA1)
[Address] EAT @iexplore.exe (DrawThemeTextEx) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740D63E6)
[Address] EAT @iexplore.exe (EnableThemeDialogTexture) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740DFCAF)
[Address] EAT @iexplore.exe (EnableTheming) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x74102FEB)
[Address] EAT @iexplore.exe (EndBufferedAnimation) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740D3F9A)
[Address] EAT @iexplore.exe (EndBufferedPaint) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740D3F9A)
[Address] EAT @iexplore.exe (EndPanningFeedback) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x741006CC)
[Address] EAT @iexplore.exe (GetBufferedPaintBits) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740D4BAF)
[Address] EAT @iexplore.exe (GetBufferedPaintDC) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740E04BC)
[Address] EAT @iexplore.exe (GetBufferedPaintTargetDC) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740E0473)
[Address] EAT @iexplore.exe (GetBufferedPaintTargetRect) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x74102E7F)
[Address] EAT @iexplore.exe (GetCurrentThemeName) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740E05DD)
[Address] EAT @iexplore.exe (GetThemeAppProperties) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740E0FB1)
[Address] EAT @iexplore.exe (GetThemeBackgroundContentRect) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740DCD2E)
[Address] EAT @iexplore.exe (GetThemeBackgroundExtent) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740DF8BF)
[Address] EAT @iexplore.exe (GetThemeBackgroundRegion) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740E165D)
[Address] EAT @iexplore.exe (GetThemeBitmap) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740DBF93)
[Address] EAT @iexplore.exe (GetThemeBool) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740D7C1F)
[Address] EAT @iexplore.exe (GetThemeColor) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740D616C)
[Address] EAT @iexplore.exe (GetThemeDocumentationProperty) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x74102932)
[Address] EAT @iexplore.exe (GetThemeEnumValue) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740D616C)
[Address] EAT @iexplore.exe (GetThemeFilename) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x74102412)
[Address] EAT @iexplore.exe (GetThemeFont) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740DFF21)
[Address] EAT @iexplore.exe (GetThemeInt) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740D616C)
[Address] EAT @iexplore.exe (GetThemeIntList) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x741023B1)
[Address] EAT @iexplore.exe (GetThemeMargins) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740D86E9)
[Address] EAT @iexplore.exe (GetThemeMetric) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740E06E2)
[Address] EAT @iexplore.exe (GetThemePartSize) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740DCDB1)
[Address] EAT @iexplore.exe (GetThemePosition) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x74102350)
[Address] EAT @iexplore.exe (GetThemePropertyOrigin) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740F3FBB)
[Address] EAT @iexplore.exe (GetThemeRect) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740E3611)
[Address] EAT @iexplore.exe (GetThemeStream) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740E39D9)
[Address] EAT @iexplore.exe (GetThemeString) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x741022E4)
[Address] EAT @iexplore.exe (GetThemeSysBool) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x74103172)
[Address] EAT @iexplore.exe (GetThemeSysColor) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740F3274)
[Address] EAT @iexplore.exe (GetThemeSysColorBrush) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7410301E)
[Address] EAT @iexplore.exe (GetThemeSysFont) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x741029C4)
[Address] EAT @iexplore.exe (GetThemeSysInt) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x74102BD3)
[Address] EAT @iexplore.exe (GetThemeSysSize) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7410320B)
[Address] EAT @iexplore.exe (GetThemeSysString) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x74102B3F)
[Address] EAT @iexplore.exe (GetThemeTextExtent) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740D2D57)
[Address] EAT @iexplore.exe (GetThemeTextMetrics) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740DF992)
[Address] EAT @iexplore.exe (GetThemeTransitionDuration) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740E1081)
[Address] EAT @iexplore.exe (GetWindowTheme) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740DDF46)
[Address] EAT @iexplore.exe (HitTestThemeBackground) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740E3CE3)
[Address] EAT @iexplore.exe (IsAppThemed) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740DF869)
[Address] EAT @iexplore.exe (IsCompositionActive) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740D2E9A)
[Address] EAT @iexplore.exe (IsThemeActive) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740DF785)
[Address] EAT @iexplore.exe (IsThemeBackgroundPartiallyTransparent) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740D60AB)
[Address] EAT @iexplore.exe (IsThemeDialogTextureEnabled) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7410312B)
[Address] EAT @iexplore.exe (IsThemePartDefined) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740D85B4)
[Address] EAT @iexplore.exe (OpenThemeData) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740D73D2)
[Address] EAT @iexplore.exe (OpenThemeDataEx) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740F3D43)
[Address] EAT @iexplore.exe (SetThemeAppProperties) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x74103296)
[Address] EAT @iexplore.exe (SetWindowTheme) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740E0134)
[Address] EAT @iexplore.exe (SetWindowThemeAttribute) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740ECFE6)
[Address] EAT @iexplore.exe (ThemeInitApiHook) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x740DB176)
[Address] EAT @iexplore.exe (UpdatePanningFeedback) : mpclient.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7410068D)
[Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\system32\shlwapi.DLL @ 0x767F46E9)
[Address] EAT @iexplore.exe (DllGetClassObject) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6CF9D)
[Address] EAT @iexplore.exe (IEnumString_Next_WIC_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6E000)
[Address] EAT @iexplore.exe (IEnumString_Reset_WIC_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6E029)
[Address] EAT @iexplore.exe (IPropertyBag2_Write_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6E049)
[Address] EAT @iexplore.exe (IWICBitmapClipper_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6DD2A)
[Address] EAT @iexplore.exe (IWICBitmapCodecInfo_DoesSupportAnimation_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6EA9A)
[Address] EAT @iexplore.exe (IWICBitmapCodecInfo_DoesSupportLossless_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6EABD)
[Address] EAT @iexplore.exe (IWICBitmapCodecInfo_DoesSupportMultiframe_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6EAE0)
[Address] EAT @iexplore.exe (IWICBitmapCodecInfo_GetContainerFormat_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6E9D3)
[Address] EAT @iexplore.exe (IWICBitmapCodecInfo_GetDeviceManufacturer_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6E9F6)
[Address] EAT @iexplore.exe (IWICBitmapCodecInfo_GetDeviceModels_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6EA1F)
[Address] EAT @iexplore.exe (IWICBitmapCodecInfo_GetFileExtensions_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6EA71)
[Address] EAT @iexplore.exe (IWICBitmapCodecInfo_GetMimeTypes_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6EA48)
[Address] EAT @iexplore.exe (IWICBitmapDecoder_CopyPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D845)
[Address] EAT @iexplore.exe (IWICBitmapDecoder_GetColorContexts_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6E9AA)
[Address] EAT @iexplore.exe (IWICBitmapDecoder_GetDecoderInfo_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D822)
[Address] EAT @iexplore.exe (IWICBitmapDecoder_GetFrameCount_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D9A2)
[Address] EAT @iexplore.exe (IWICBitmapDecoder_GetFrame_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D868)
[Address] EAT @iexplore.exe (IWICBitmapDecoder_GetMetadataQueryReader_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D8DA)
[Address] EAT @iexplore.exe (IWICBitmapDecoder_GetPreview_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6DC74)
[Address] EAT @iexplore.exe (IWICBitmapDecoder_GetThumbnail_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6E9D3)
[Address] EAT @iexplore.exe (IWICBitmapEncoder_Commit_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6DC05)
[Address] EAT @iexplore.exe (IWICBitmapEncoder_CreateNewFrame_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6DB87)
[Address] EAT @iexplore.exe (IWICBitmapEncoder_GetEncoderInfo_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6DB5E)
[Address] EAT @iexplore.exe (IWICBitmapEncoder_GetMetadataQueryWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D9A2)
[Address] EAT @iexplore.exe (IWICBitmapEncoder_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6DB32)
[Address] EAT @iexplore.exe (IWICBitmapEncoder_SetPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6DBDC)
[Address] EAT @iexplore.exe (IWICBitmapEncoder_SetThumbnail_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6DBB3)
[Address] EAT @iexplore.exe (IWICBitmapFlipRotator_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6DD2A)
[Address] EAT @iexplore.exe (IWICBitmapFrameDecode_GetColorContexts_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D88E)
[Address] EAT @iexplore.exe (IWICBitmapFrameDecode_GetMetadataQueryReader_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D8DA)
[Address] EAT @iexplore.exe (IWICBitmapFrameDecode_GetThumbnail_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D8B7)
[Address] EAT @iexplore.exe (IWICBitmapFrameEncode_Commit_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D9C5)
[Address] EAT @iexplore.exe (IWICBitmapFrameEncode_GetMetadataQueryWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6EB03)
[Address] EAT @iexplore.exe (IWICBitmapFrameEncode_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6DFB7)
[Address] EAT @iexplore.exe (IWICBitmapFrameEncode_SetColorContexts_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6DB06)
[Address] EAT @iexplore.exe (IWICBitmapFrameEncode_SetResolution_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6DA17)
[Address] EAT @iexplore.exe (IWICBitmapFrameEncode_SetSize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D9E5)
[Address] EAT @iexplore.exe (IWICBitmapFrameEncode_SetThumbnail_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6DADD)
[Address] EAT @iexplore.exe (IWICBitmapFrameEncode_WriteSource_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6DA71)
[Address] EAT @iexplore.exe (IWICBitmapLock_GetDataPointer_STA_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D7FC)
[Address] EAT @iexplore.exe (IWICBitmapLock_GetStride_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6DC25)
[Address] EAT @iexplore.exe (IWICBitmapScaler_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6DCFE)
[Address] EAT @iexplore.exe (IWICBitmapSource_CopyPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D822)
[Address] EAT @iexplore.exe (IWICBitmapSource_CopyPixels_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6DC48)
[Address] EAT @iexplore.exe (IWICBitmapSource_GetPixelFormat_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6DC25)
[Address] EAT @iexplore.exe (IWICBitmapSource_GetResolution_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D7FC)
[Address] EAT @iexplore.exe (IWICBitmapSource_GetSize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D91D)
[Address] EAT @iexplore.exe (IWICBitmap_Lock_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6E981)
[Address] EAT @iexplore.exe (IWICBitmap_SetPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6DC74)
[Address] EAT @iexplore.exe (IWICBitmap_SetResolution_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6DC97)
[Address] EAT @iexplore.exe (IWICColorContext_InitializeFromMemory_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6EB75)
[Address] EAT @iexplore.exe (IWICComponentFactory_CreateMetadataWriterFromReader_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D7AA)
[Address] EAT @iexplore.exe (IWICComponentFactory_CreateQueryWriterFromBlockWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D7D3)
[Address] EAT @iexplore.exe (IWICComponentInfo_GetAuthor_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6E958)
[Address] EAT @iexplore.exe (IWICComponentInfo_GetCLSID_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6DC25)
[Address] EAT @iexplore.exe (IWICComponentInfo_GetFriendlyName_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6E9AA)
[Address] EAT @iexplore.exe (IWICComponentInfo_GetSpecVersion_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D88E)
[Address] EAT @iexplore.exe (IWICComponentInfo_GetVersion_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6E981)
[Address] EAT @iexplore.exe (IWICFastMetadataEncoder_Commit_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D8FD)
[Address] EAT @iexplore.exe (IWICFastMetadataEncoder_GetMetadataQueryWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6DC25)
[Address] EAT @iexplore.exe (IWICFormatConverter_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6DCC7)
[Address] EAT @iexplore.exe (IWICImagingFactory_CreateBitmapClipper_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D557)
[Address] EAT @iexplore.exe (IWICImagingFactory_CreateBitmapFlipRotator_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D580)
[Address] EAT @iexplore.exe (IWICImagingFactory_CreateBitmapFromHBITMAP_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D6BA)
[Address] EAT @iexplore.exe (IWICImagingFactory_CreateBitmapFromHICON_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D6E6)
[Address] EAT @iexplore.exe (IWICImagingFactory_CreateBitmapFromMemory_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D656)
[Address] EAT @iexplore.exe (IWICImagingFactory_CreateBitmapFromSource_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D62D)
[Address] EAT @iexplore.exe (IWICImagingFactory_CreateBitmapScaler_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D52E)
[Address] EAT @iexplore.exe (IWICImagingFactory_CreateBitmap_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D68B)
[Address] EAT @iexplore.exe (IWICImagingFactory_CreateComponentInfo_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D4D9)
[Address] EAT @iexplore.exe (IWICImagingFactory_CreateDecoderFromFileHandle_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D4A1)
[Address] EAT @iexplore.exe (IWICImagingFactory_CreateDecoderFromFilename_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D466)
[Address] EAT @iexplore.exe (IWICImagingFactory_CreateDecoderFromStream_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D42E)
[Address] EAT @iexplore.exe (IWICImagingFactory_CreateEncoder_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D5D2)
[Address] EAT @iexplore.exe (IWICImagingFactory_CreateFastMetadataEncoderFromDecoder_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D70C)
[Address] EAT @iexplore.exe (IWICImagingFactory_CreateFastMetadataEncoderFromFrameDecode_Proxè`ÙZø"IÿÿÿÿZtD>HcÙB) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D732)
[Address] EAT @iexplore.exe (IWICImagingFactory_CreateFormatConverter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D505)
[Address] EAT @iexplore.exe (IWICImagingFactory_CreatePalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6DADD)
[Address] EAT @iexplore.exe (IWICImagingFactory_CreateQueryWriterFromReader_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D781)
[Address] EAT @iexplore.exe (IWICImagingFactory_CreateQueryWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D758)
[Address] EAT @iexplore.exe (IWICImagingFactory_CreateStream_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D5A9)
[Address] EAT @iexplore.exe (IWICMetadataBlockReader_GetCount_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6DC25)
[Address] EAT @iexplore.exe (IWICMetadataBlockReader_GetReaderByIndex_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D7FC)
[Address] EAT @iexplore.exe (IWICMetadataQueryReader_GetContainerFormat_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6DFB7)
[Address] EAT @iexplore.exe (IWICMetadataQueryReader_GetEnumerator_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D822)
[Address] EAT @iexplore.exe (IWICMetadataQueryReader_GetLocation_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6E049)
[Address] EAT @iexplore.exe (IWICMetadataQueryReader_GetMetadataByName_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D7FC)
[Address] EAT @iexplore.exe (IWICMetadataQueryWriter_RemoveMetadataByName_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D8DA)
[Address] EAT @iexplore.exe (IWICMetadataQueryWriter_SetMetadataByName_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6DFDA)
[Address] EAT @iexplore.exe (IWICPalette_GetColorCount_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D96C)
[Address] EAT @iexplore.exe (IWICPalette_GetColors_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D88E)
[Address] EAT @iexplore.exe (IWICPalette_GetType_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D845)
[Address] EAT @iexplore.exe (IWICPalette_HasAlpha_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D9A2)
[Address] EAT @iexplore.exe (IWICPalette_InitializeCustom_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6EB75)
[Address] EAT @iexplore.exe (IWICPalette_InitializeFromBitmap_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D943)
[Address] EAT @iexplore.exe (IWICPalette_InitializeFromPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D822)
[Address] EAT @iexplore.exe (IWICPalette_InitializePredefined_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D91D)
[Address] EAT @iexplore.exe (IWICPixelFormatInfo_GetBitsPerPixel_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6EB03)
[Address] EAT @iexplore.exe (IWICPixelFormatInfo_GetChannelCount_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6DD50)
[Address] EAT @iexplore.exe (IWICPixelFormatInfo_GetChannelMask_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6EB26)
[Address] EAT @iexplore.exe (IWICStream_InitializeFromIStream_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6DD50)
[Address] EAT @iexplore.exe (IWICStream_InitializeFromMemory_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6DD73)
[Address] EAT @iexplore.exe (WICConvertBitmapSource) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6DDB8)
[Address] EAT @iexplore.exe (WICCreateBitmapFromSection) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6DF8D)
[Address] EAT @iexplore.exe (WICCreateBitmapFromSectionEx) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6DE8C)
[Address] EAT @iexplore.exe (WICCreateColorContext_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6EB52)
[Address] EAT @iexplore.exe (WICCreateImagingFactory_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D02B)
[Address] EAT @iexplore.exe (WICGetMetadataContentSize) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6E61D)
[Address] EAT @iexplore.exe (WICMapGuidToShortName) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D0EC)
[Address] EAT @iexplore.exe (WICMapSchemaToName) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D2E0)
[Address] EAT @iexplore.exe (WICMapShortNameToGuid) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6D217)
[Address] EAT @iexplore.exe (WICMatchMetadataContent) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6E072)
[Address] EAT @iexplore.exe (WICSerializeMetadataContent) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6E1B4)
[Address] EAT @iexplore.exe (WICSetEncoderFormat_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\windowscodecs.dll @ 0x73C6DD99)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3250318AS ATA Device +++++
--- User ---
[MBR] 89aa4412da5b87adfa9e2f527a2cb504
[BSP] 17c57ccbe38ef4de53cd3b2e51016424 : Lenovo MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 227273 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 467914752 | Size: 10000 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_01232014_153127.txt >>

 

 


Also, MBAM blocked some outgoing web requests by svchost.exe.



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:57 AM

Posted 08 April 2014 - 06:15 PM

Re-Run aswMBR
  • Click Scan
  • On completion of the scan, click the FIXMBR button
  • There is a slight pause after clicking the 'FIXMBR' button.
  • Wait for the tool to report 'Infection fixed successfully', now reboot the machine.
  • Rebooting the machine prematurely, before seeing this line will result in an incomplete fix.

Note:After the 'Infection fixed successfully' message appears, the machine may became unresponsive. You may have to do a hard boot of your machine. That may be a side effect from the fix. All will be well after the reboot.



  • .
    .
    ADW Cleaner

    Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • .
    .
    .
    How is it?
  • Save the log as before and post in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 trek8500xtr

trek8500xtr
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 15 April 2014 - 07:59 PM

Sorry for the delay...didn't have access to the machine for a week...

 

After following your instructions it is still playing the random audio

 

JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Professional x86
Ran by Becky on Tue 04/15/2014 at 19:52:29.27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B3D25CDF-5597-41BD-A953-9C55AAD12BD6}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BCC809CD-404B-49C0-AD2B-14144A4F458A}

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 04/15/2014 at 19:58:16.92
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#6 trek8500xtr

trek8500xtr
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 15 April 2014 - 08:01 PM

# AdwCleaner v3.023 - Report created 15/04/2014 at 19:42:21
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Becky - BECKYPC
# Running from : C:\Users\Becky\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\f57myann.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File Deleted : C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\f57myann.default\searchplugins\Askcom.xml

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16866

-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\f57myann.default\prefs.js ]

Line Deleted : user_pref("browser.search.order.1", "Ask.com");

-\\ Google Chrome v34.0.1847.116

[ File : C:\Users\Becky\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1992 octets] - [15/04/2014 19:39:44]
AdwCleaner[S0].txt - [1939 octets] - [15/04/2014 19:42:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1999 octets] ##########


Edited by trek8500xtr, 15 April 2014 - 08:01 PM.


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:57 AM

Posted 15 April 2014 - 09:07 PM

Let's also do this

Download RogueKiller from one of the following links and save it to your desktop:
  • Link 1
  • Link 2
    • Close all programs and disconnect any USB or external drives before running the tool.
    • Double-click RogueKiller.exe to run the tool (Vista or 7 users: Right-click and select Run As Administrator).
    • Once the Prescan has finished, click Scan.
    • Once the Status box shows "Scan Finished", just close the program. <--Don't fix anything!
    • Copy and paste the report that opens into your next reply.
      • The log can also be found on your desktop labeled (RKreport[X]_S_xxdatexx_xtimex)
      • The highest number of [X], is the most recent Scan

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 trek8500xtr

trek8500xtr
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 17 April 2014 - 08:30 AM

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Becky [Admin rights]
Mode : Scan -- Date : 04/17/2014 08:29:38
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:6092 [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 1 ¤¤¤
[FF][PUP] f57myann.default : Yahoo! Toolbar

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] EAT @explorer.exe (DllGetClassObject) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFCF9D)
[Address] EAT @explorer.exe (IEnumString_Next_WIC_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFE000)
[Address] EAT @explorer.exe (IEnumString_Reset_WIC_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFE029)
[Address] EAT @explorer.exe (IPropertyBag2_Write_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFE049)
[Address] EAT @explorer.exe (IWICBitmapClipper_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDD2A)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_DoesSupportAnimation_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFEA9A)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_DoesSupportLossless_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFEABD)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_DoesSupportMultiframe_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFEAE0)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetContainerFormat_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFE9D3)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetDeviceManufacturer_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFE9F6)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetDeviceModels_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFEA1F)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetFileExtensions_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFEA71)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetMimeTypes_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFEA48)
[Address] EAT @explorer.exe (IWICBitmapDecoder_CopyPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD845)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetColorContexts_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFE9AA)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetDecoderInfo_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD822)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetFrameCount_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD9A2)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetFrame_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD868)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetMetadataQueryReader_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD8DA)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetPreview_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDC74)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetThumbnail_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFE9D3)
[Address] EAT @explorer.exe (IWICBitmapEncoder_Commit_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDC05)
[Address] EAT @explorer.exe (IWICBitmapEncoder_CreateNewFrame_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDB87)
[Address] EAT @explorer.exe (IWICBitmapEncoder_GetEncoderInfo_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDB5E)
[Address] EAT @explorer.exe (IWICBitmapEncoder_GetMetadataQueryWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD9A2)
[Address] EAT @explorer.exe (IWICBitmapEncoder_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDB32)
[Address] EAT @explorer.exe (IWICBitmapEncoder_SetPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDBDC)
[Address] EAT @explorer.exe (IWICBitmapEncoder_SetThumbnail_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDBB3)
[Address] EAT @explorer.exe (IWICBitmapFlipRotator_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDD2A)
[Address] EAT @explorer.exe (IWICBitmapFrameDecode_GetColorContexts_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD88E)
[Address] EAT @explorer.exe (IWICBitmapFrameDecode_GetMetadataQueryReader_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD8DA)
[Address] EAT @explorer.exe (IWICBitmapFrameDecode_GetThumbnail_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD8B7)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_Commit_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD9C5)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_GetMetadataQueryWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFEB03)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDFB7)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetColorContexts_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDB06)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetResolution_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDA17)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetSize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD9E5)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetThumbnail_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDADD)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_WriteSource_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDA71)
[Address] EAT @explorer.exe (IWICBitmapLock_GetDataPointer_STA_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD7FC)
[Address] EAT @explorer.exe (IWICBitmapLock_GetStride_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDC25)
[Address] EAT @explorer.exe (IWICBitmapScaler_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDCFE)
[Address] EAT @explorer.exe (IWICBitmapSource_CopyPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD822)
[Address] EAT @explorer.exe (IWICBitmapSource_CopyPixels_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDC48)
[Address] EAT @explorer.exe (IWICBitmapSource_GetPixelFormat_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDC25)
[Address] EAT @explorer.exe (IWICBitmapSource_GetResolution_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD7FC)
[Address] EAT @explorer.exe (IWICBitmapSource_GetSize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD91D)
[Address] EAT @explorer.exe (IWICBitmap_Lock_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFE981)
[Address] EAT @explorer.exe (IWICBitmap_SetPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDC74)
[Address] EAT @explorer.exe (IWICBitmap_SetResolution_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDC97)
[Address] EAT @explorer.exe (IWICColorContext_InitializeFromMemory_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFEB75)
[Address] EAT @explorer.exe (IWICComponentFactory_CreateMetadataWriterFromReader_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD7AA)
[Address] EAT @explorer.exe (IWICComponentFactory_CreateQueryWriterFromBlockWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD7D3)
[Address] EAT @explorer.exe (IWICComponentInfo_GetAuthor_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFE958)
[Address] EAT @explorer.exe (IWICComponentInfo_GetCLSID_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDC25)
[Address] EAT @explorer.exe (IWICComponentInfo_GetFriendlyName_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFE9AA)
[Address] EAT @explorer.exe (IWICComponentInfo_GetSpecVersion_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD88E)
[Address] EAT @explorer.exe (IWICComponentInfo_GetVersion_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFE981)
[Address] EAT @explorer.exe (IWICFastMetadataEncoder_Commit_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD8FD)
[Address] EAT @explorer.exe (IWICFastMetadataEncoder_GetMetadataQueryWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDC25)
[Address] EAT @explorer.exe (IWICFormatConverter_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDCC7)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapClipper_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD557)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFlipRotator_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD580)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromHBITMAP_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD6BA)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromHICON_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD6E6)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromMemory_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD656)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromSource_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD62D)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapScaler_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD52E)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmap_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD68B)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateComponentInfo_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD4D9)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateDecoderFromFileHandle_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD4A1)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateDecoderFromFilename_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD466)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateDecoderFromStream_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD42E)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateEncoder_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD5D2)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateFastMetadataEncoderFromDecoder_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD70C)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateFastMetadataEncoderFromFrameDecode_Prox¹w]¨@ø"U) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD732)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateFormatConverter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD505)
[Address] EAT @explorer.exe (IWICImagingFactory_CreatePalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDADD)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateQueryWriterFromReader_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD781)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateQueryWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD758)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateStream_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD5A9)
[Address] EAT @explorer.exe (IWICMetadataBlockReader_GetCount_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDC25)
[Address] EAT @explorer.exe (IWICMetadataBlockReader_GetReaderByIndex_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD7FC)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetContainerFormat_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDFB7)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetEnumerator_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD822)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetLocation_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFE049)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetMetadataByName_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD7FC)
[Address] EAT @explorer.exe (IWICMetadataQueryWriter_RemoveMetadataByName_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD8DA)
[Address] EAT @explorer.exe (IWICMetadataQueryWriter_SetMetadataByName_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDFDA)
[Address] EAT @explorer.exe (IWICPalette_GetColorCount_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD96C)
[Address] EAT @explorer.exe (IWICPalette_GetColors_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD88E)
[Address] EAT @explorer.exe (IWICPalette_GetType_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD845)
[Address] EAT @explorer.exe (IWICPalette_HasAlpha_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD9A2)
[Address] EAT @explorer.exe (IWICPalette_InitializeCustom_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFEB75)
[Address] EAT @explorer.exe (IWICPalette_InitializeFromBitmap_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD943)
[Address] EAT @explorer.exe (IWICPalette_InitializeFromPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD822)
[Address] EAT @explorer.exe (IWICPalette_InitializePredefined_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD91D)
[Address] EAT @explorer.exe (IWICPixelFormatInfo_GetBitsPerPixel_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFEB03)
[Address] EAT @explorer.exe (IWICPixelFormatInfo_GetChannelCount_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDD50)
[Address] EAT @explorer.exe (IWICPixelFormatInfo_GetChannelMask_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFEB26)
[Address] EAT @explorer.exe (IWICStream_InitializeFromIStream_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDD50)
[Address] EAT @explorer.exe (IWICStream_InitializeFromMemory_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDD73)
[Address] EAT @explorer.exe (WICConvertBitmapSource) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDDB8)
[Address] EAT @explorer.exe (WICCreateBitmapFromSection) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDF8D)
[Address] EAT @explorer.exe (WICCreateBitmapFromSectionEx) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDE8C)
[Address] EAT @explorer.exe (WICCreateColorContext_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFEB52)
[Address] EAT @explorer.exe (WICCreateImagingFactory_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD02B)
[Address] EAT @explorer.exe (WICGetMetadataContentSize) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFE61D)
[Address] EAT @explorer.exe (WICMapGuidToShortName) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD0EC)
[Address] EAT @explorer.exe (WICMapSchemaToName) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD2E0)
[Address] EAT @explorer.exe (WICMapShortNameToGuid) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD217)
[Address] EAT @explorer.exe (WICMatchMetadataContent) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFE072)
[Address] EAT @explorer.exe (WICSerializeMetadataContent) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFE1B4)
[Address] EAT @explorer.exe (WICSetEncoderFormat_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDD99)
[Address] EAT @explorer.exe (DllCanUnloadNow) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD12B3B)
[Address] EAT @explorer.exe (DllGetClassObject) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD2188E)
[Address] EAT @explorer.exe (DllGetVersion) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD12982)
[Address] EAT @explorer.exe (DllRegisterServer) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDA7DC5)
[Address] EAT @explorer.exe (DllUnregisterServer) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDA818F)
[Address] EAT @explorer.exe (Migrate10CachedPackagesA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDAC744)
[Address] EAT @explorer.exe (Migrate10CachedPackagesW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDAE1AC)
[Address] EAT @explorer.exe (MsiAdvertiseProductA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB257F)
[Address] EAT @explorer.exe (MsiAdvertiseProductExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB27D7)
[Address] EAT @explorer.exe (MsiAdvertiseProductExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDAD6C1)
[Address] EAT @explorer.exe (MsiAdvertiseProductW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDAD46F)
[Address] EAT @explorer.exe (MsiAdvertiseScriptA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB8A3F)
[Address] EAT @explorer.exe (MsiAdvertiseScriptW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBB641)
[Address] EAT @explorer.exe (MsiApplyMultiplePatchesA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC5903)
[Address] EAT @explorer.exe (MsiApplyMultiplePatchesW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC1057)
[Address] EAT @explorer.exe (MsiApplyPatchA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB2D5D)
[Address] EAT @explorer.exe (MsiApplyPatchW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDAD943)
[Address] EAT @explorer.exe (MsiBeginTransactionA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC9441)
[Address] EAT @explorer.exe (MsiBeginTransactionW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC39D4)
[Address] EAT @explorer.exe (MsiCloseAllHandles) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD00C3)
[Address] EAT @explorer.exe (MsiCloseHandle) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD0015)
[Address] EAT @explorer.exe (MsiCollectUserInfoA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB1C3A)
[Address] EAT @explorer.exe (MsiCollectUserInfoW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDAD16F)
[Address] EAT @explorer.exe (MsiConfigureFeatureA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB1D5A)
[Address] EAT @explorer.exe (MsiConfigureFeatureFromDescriptorA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBD70A)
[Address] EAT @explorer.exe (MsiConfigureFeatureFromDescriptorW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBE41B)
[Address] EAT @explorer.exe (MsiConfigureFeatureW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDAD2B7)
[Address] EAT @explorer.exe (MsiConfigureProductA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBF256)
[Address] EAT @explorer.exe (MsiConfigureProductExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBDACA)
[Address] EAT @explorer.exe (MsiConfigureProductExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBE891)
[Address] EAT @explorer.exe (MsiConfigureProductW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBF581)
[Address] EAT @explorer.exe (MsiCreateAndVerifyInstallerDirectory) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD2B2E1)
[Address] EAT @explorer.exe (MsiCreateRecord) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD1514)
[Address] EAT @explorer.exe (MsiCreateTransformSummaryInfoA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD55D1)
[Address] EAT @explorer.exe (MsiCreateTransformSummaryInfoW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD48EF)
[Address] EAT @explorer.exe (MsiDatabaseApplyTransformA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD48A9)
[Address] EAT @explorer.exe (MsiDatabaseApplyTransformW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD1397)
[Address] EAT @explorer.exe (MsiDatabaseCommit) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD0DEB)
[Address] EAT @explorer.exe (MsiDatabaseExportA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD4792)
[Address] EAT @explorer.exe (MsiDatabaseExportW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD1008)
[Address] EAT @explorer.exe (MsiDatabaseGenerateTransformA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD485D)
[Address] EAT @explorer.exe (MsiDatabaseGenerateTransformW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD1270)
[Address] EAT @explorer.exe (MsiDatabaseGetPrimaryKeysA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD45FD)
[Address] EAT @explorer.exe (MsiDatabaseGetPrimaryKeysW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD3C54)
[Address] EAT @explorer.exe (MsiDatabaseImportA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD472E)
[Address] EAT @explorer.exe (MsiDatabaseImportW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD0F1E)
[Address] EAT @explorer.exe (MsiDatabaseIsTablePersistentA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD4643)
[Address] EAT @explorer.exe (MsiDatabaseIsTablePersistentW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD0C8F)
[Address] EAT @explorer.exe (MsiDatabaseMergeA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD4817)
[Address] EAT @explorer.exe (MsiDatabaseMergeW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD1111)
[Address] EAT @explorer.exe (MsiDatabaseOpenViewA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD45B7)
[Address] EAT @explorer.exe (MsiDatabaseOpenViewW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD02B7)
[Address] EAT @explorer.exe (MsiDecomposeDescriptorA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBDA7B)
[Address] EAT @explorer.exe (MsiDecomposeDescriptorW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD06286)
[Address] EAT @explorer.exe (MsiDeleteUserDataA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBA367)
[Address] EAT @explorer.exe (MsiDeleteUserDataW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB69EB)
[Address] EAT @explorer.exe (MsiDetermineApplicablePatchesA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDCD4C5)
[Address] EAT @explorer.exe (MsiDetermineApplicablePatchesW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDCC559)
[Address] EAT @explorer.exe (MsiDeterminePatchSequenceA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDCD9D9)
[Address] EAT @explorer.exe (MsiDeterminePatchSequenceW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDCC9E1)
[Address] EAT @explorer.exe (MsiDoActionA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD613D)
[Address] EAT @explorer.exe (MsiDoActionW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD2D61)
[Address] EAT @explorer.exe (MsiEnableLogA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB189B)
[Address] EAT @explorer.exe (MsiEnableLogW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDAFBE9)
[Address] EAT @explorer.exe (MsiEnableUIPreview) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD39CD)
[Address] EAT @explorer.exe (MsiEndTransaction) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC3E11)
[Address] EAT @explorer.exe (MsiEnumClientsA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD2EC96)
[Address] EAT @explorer.exe (MsiEnumClientsExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC5D6E)
[Address] EAT @explorer.exe (MsiEnumClientsExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC13A7)
[Address] EAT @explorer.exe (MsiEnumClientsW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD13647)
[Address] EAT @explorer.exe (MsiEnumComponentCostsA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD7847)
[Address] EAT @explorer.exe (MsiEnumComponentCostsW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD7A95)
[Address] EAT @explorer.exe (MsiEnumComponentQualifiersA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBCD6D)
[Address] EAT @explorer.exe (MsiEnumComponentQualifiersW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD1384D)
[Address] EAT @explorer.exe (MsiEnumComponentsA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB91B9)
[Address] EAT @explorer.exe (MsiEnumComponentsExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC5B08)
[Address] EAT @explorer.exe (MsiEnumComponentsExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC121D)
[Address] EAT @explorer.exe (MsiEnumComponentsW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBBA57)
[Address] EAT @explorer.exe (MsiEnumFeaturesA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB9C04)
[Address] EAT @explorer.exe (MsiEnumFeaturesW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBC259)
[Address] EAT @explorer.exe (MsiEnumPatchesA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC97EB)
[Address] EAT @explorer.exe (MsiEnumPatchesExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC4897)
[Address] EAT @explorer.exe (MsiEnumPatchesExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC0E79)
[Address] EAT @explorer.exe (MsiEnumPatchesW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC468E)
[Address] EAT @explorer.exe (MsiEnumProductsA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB9175)
[Address] EAT @explorer.exe (MsiEnumProductsExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC6313)
[Address] EAT @explorer.exe (MsiEnumProductsExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC1729)
[Address] EAT @explorer.exe (MsiEnumProductsW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD1559D)
[Address] EAT @explorer.exe (MsiEnumRelatedProductsA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB9109)
[Address] EAT @explorer.exe (MsiEnumRelatedProductsW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBB9EB)
[Address] EAT @explorer.exe (MsiEvaluateConditionA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD61C6)
[Address] EAT @explorer.exe (MsiEvaluateConditionW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD30C1)
[Address] EAT @explorer.exe (MsiExtractPatchXMLDataA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC4FAE)
[Address] EAT @explorer.exe (MsiExtractPatchXMLDataW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC4C22)
[Address] EAT @explorer.exe (MsiFormatRecordA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD2A73)
[Address] EAT @explorer.exe (MsiFormatRecordW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD2BF9)
[Address] EAT @explorer.exe (MsiGetActiveDatabase) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD2639)
[Address] EAT @explorer.exe (MsiGetComponentPathA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBEEBD)
[Address] EAT @explorer.exe (MsiGetComponentPathExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC6053)
[Address] EAT @explorer.exe (MsiGetComponentPathExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC1559)
[Address] EAT @explorer.exe (MsiGetComponentPathW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD062DD)
[Address] EAT @explorer.exe (MsiGetComponentStateA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD71E3)
[Address] EAT @explorer.exe (MsiGetComponentStateW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD72DC)
[Address] EAT @explorer.exe (MsiGetDatabaseState) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD0ED9)
[Address] EAT @explorer.exe (MsiGetFeatureCostA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD75FD)
[Address] EAT @explorer.exe (MsiGetFeatureCostW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD7702)
[Address] EAT @explorer.exe (MsiGetFeatureInfoA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB0D1A)
[Address] EAT @explorer.exe (MsiGetFeatureInfoW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDAF5EE)
[Address] EAT @explorer.exe (MsiGetFeatureStateA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD6CD5)
[Address] EAT @explorer.exe (MsiGetFeatureStateW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD6DC3)
[Address] EAT @explorer.exe (MsiGetFeatureUsageA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBA111)
[Address] EAT @explorer.exe (MsiGetFeatureUsageW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBC9BD)
[Address] EAT @explorer.exe (MsiGetFeatureValidStatesA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD7CC5)
[Address] EAT @explorer.exe (MsiGetFeatureValidStatesW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD36EC)
[Address] EAT @explorer.exe (MsiGetFileHashA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB1214)
[Address] EAT @explorer.exe (MsiGetFileHashW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDACA49)
[Address] EAT @explorer.exe (MsiGetFileSignatureInformationA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB128C)
[Address] EAT @explorer.exe (MsiGetFileSignatureInformationW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDACA9F)
[Address] EAT @explorer.exe (MsiGetFileVersionA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB0EF8)
[Address] EAT @explorer.exe (MsiGetFileVersionW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB3D2F)
[Address] EAT @explorer.exe (MsiGetLanguage) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD2727)
[Address] EAT @explorer.exe (MsiGetLastErrorRecord) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD1D69)
[Address] EAT @explorer.exe (MsiGetMode) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD279F)
[Address] EAT @explorer.exe (MsiGetPatchFileListA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDCD25D)
[Address] EAT @explorer.exe (MsiGetPatchFileListW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC8B6E)
[Address] EAT @explorer.exe (MsiGetPatchInfoA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBA24F)
[Address] EAT @explorer.exe (MsiGetPatchInfoExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC55E9)
[Address] EAT @explorer.exe (MsiGetPatchInfoExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC5177)
[Address] EAT @explorer.exe (MsiGetPatchInfoW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBCAFB)
[Address] EAT @explorer.exe (MsiGetProductCodeA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD2EADC)
[Address] EAT @explorer.exe (MsiGetProductCodeFromPackageCodeA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBED5F)
[Address] EAT @explorer.exe (MsiGetProductCodeFromPackageCodeW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBF353)
[Address] EAT @explorer.exe (MsiGetProductCodeW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD2EE6C)
[Address] EAT @explorer.exe (MsiGetProductInfoA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBD362)
[Address] EAT @explorer.exe (MsiGetProductInfoExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC65DE)
[Address] EAT @explorer.exe (MsiGetProductInfoExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC18FF)
[Address] EAT @explorer.exe (MsiGetProductInfoFromScriptA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB0880)
[Address] EAT @explorer.exe (MsiGetProductInfoFromScriptW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDAF132)
[Address] EAT @explorer.exe (MsiGetProductInfoW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD14273)
[Address] EAT @explorer.exe (MsiGetProductPropertyA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB0B90)
[Address] EAT @explorer.exe (MsiGetProductPropertyW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDAF48B)
[Address] EAT @explorer.exe (MsiGetPropertyA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD596D)
[Address] EAT @explorer.exe (MsiGetPropertyW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD5BA3)
[Address] EAT @explorer.exe (MsiGetShortcutTargetA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB2A58)
[Address] EAT @explorer.exe (MsiGetShortcutTargetW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB4689)
[Address] EAT @explorer.exe (MsiGetSourcePathA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD6209)
[Address] EAT @explorer.exe (MsiGetSourcePathW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD640D)
[Address] EAT @explorer.exe (MsiGetSummaryInformationA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD58BD)
[Address] EAT @explorer.exe (MsiGetSummaryInformationW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD4293)
[Address] EAT @explorer.exe (MsiGetTargetPathA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD65F5)
[Address] EAT @explorer.exe (MsiGetTargetPathW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD67F9)
[Address] EAT @explorer.exe (MsiGetUserInfoA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB91FE)
[Address] EAT @explorer.exe (MsiGetUserInfoW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD2E466)
[Address] EAT @explorer.exe (MsiInstallMissingComponentA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB22C7)
[Address] EAT @explorer.exe (MsiInstallMissingComponentW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB43D9)
[Address] EAT @explorer.exe (MsiInstallMissingFileA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB2067)
[Address] EAT @explorer.exe (MsiInstallMissingFileW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB4179)
[Address] EAT @explorer.exe (MsiInstallProductA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB197E)
[Address] EAT @explorer.exe (MsiInstallProductW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDACE4B)
[Address] EAT @explorer.exe (MsiInvalidateFeatureCache) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD6D1D3)
[Address] EAT @explorer.exe (MsiIsProductElevatedA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB3306)
[Address] EAT @explorer.exe (MsiIsProductElevatedW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB4A5D)
[Address] EAT @explorer.exe (MsiJoinTransaction) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC3FEB)
[Address] EAT @explorer.exe (MsiLoadStringA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB141F)
[Address] EAT @explorer.exe (MsiLoadStringW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD1AE09)
[Address] EAT @explorer.exe (MsiLocateComponentA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBF19F)
[Address] EAT @explorer.exe (MsiLocateComponentW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBF4CA)
[Address] EAT @explorer.exe (MsiMessageBoxA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB16DA)
[Address] EAT @explorer.exe (MsiMessageBoxExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB1528)
[Address] EAT @explorer.exe (MsiMessageBoxExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDACCB1)
[Address] EAT @explorer.exe (MsiMessageBoxW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDACE24)
[Address] EAT @explorer.exe (MsiNotifySidChangeA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBA306)
[Address] EAT @explorer.exe (MsiNotifySidChangeW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB501B)
[Address] EAT @explorer.exe (MsiOpenDatabaseA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD4691)
[Address] EAT @explorer.exe (MsiOpenDatabaseW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD3D8D)
[Address] EAT @explorer.exe (MsiOpenPackageA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDAEDC0)
[Address] EAT @explorer.exe (MsiOpenPackageExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDAC63E)
[Address] EAT @explorer.exe (MsiOpenPackageExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDAC8E9)
[Address] EAT @explorer.exe (MsiOpenPackageW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDAF7AB)
[Address] EAT @explorer.exe (MsiOpenProductA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB8BF2)
[Address] EAT @explorer.exe (MsiOpenProductW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBB857)
[Address] EAT @explorer.exe (MsiPreviewBillboardA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD7D4E)
[Address] EAT @explorer.exe (MsiPreviewBillboardW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD3AEA)
[Address] EAT @explorer.exe (MsiPreviewDialogA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD7D0B)
[Address] EAT @explorer.exe (MsiPreviewDialogW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD3A96)
[Address] EAT @explorer.exe (MsiProcessAdvertiseScriptA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBCBB2)
[Address] EAT @explorer.exe (MsiProcessAdvertiseScriptW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBDF39)
[Address] EAT @explorer.exe (MsiProcessMessage) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD2F51)
[Address] EAT @explorer.exe (MsiProvideAssemblyA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBFD5D)
[Address] EAT @explorer.exe (MsiProvideAssemblyW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC0765)
[Address] EAT @explorer.exe (MsiProvideComponentA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBF7B9)
[Address] EAT @explorer.exe (MsiProvideComponentFromDescriptorA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBFAB3)
[Address] EAT @explorer.exe (MsiProvideComponentFromDescriptorW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD14F84)
[Address] EAT @explorer.exe (MsiProvideComponentW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC030C)
[Address] EAT @explorer.exe (MsiProvideQualifiedComponentA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD2C385)
[Address] EAT @explorer.exe (MsiProvideQualifiedComponentExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD2D411)
[Address] EAT @explorer.exe (MsiProvideQualifiedComponentExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD08A47)
[Address] EAT @explorer.exe (MsiProvideQualifiedComponentW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD08C86)
[Address] EAT @explorer.exe (MsiQueryComponentStateA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC687C)
[Address] EAT @explorer.exe (MsiQueryComponentStateW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC1AE1)
[Address] EAT @explorer.exe (MsiQueryFeatureStateA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBF6F1)
[Address] EAT @explorer.exe (MsiQueryFeatureStateExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC6A94)
[Address] EAT @explorer.exe (MsiQueryFeatureStateExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC1CD9)
[Address] EAT @explorer.exe (MsiQueryFeatureStateFromDescriptorA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBFC02)
[Address] EAT @explorer.exe (MsiQueryFeatureStateFromDescriptorW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC057D)
[Address] EAT @explorer.exe (MsiQueryFeatureStateW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD0617D)
[Address] EAT @explorer.exe (MsiQueryProductStateA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBD45D)
[Address] EAT @explorer.exe (MsiQueryProductStateW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD149FE)
[Address] EAT @explorer.exe (MsiRecordClearData) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD1D27)
[Address] EAT @explorer.exe (MsiRecordDataSize) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD16E5)
[Address] EAT @explorer.exe (MsiRecordGetFieldCount) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD1916)
[Address] EAT @explorer.exe (MsiRecordGetInteger) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD18B5)
[Address] EAT @explorer.exe (MsiRecordGetStringA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD3F1D)
[Address] EAT @explorer.exe (MsiRecordGetStringW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD40CC)
[Address] EAT @explorer.exe (MsiRecordIsNull) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD15F5)
[Address] EAT @explorer.exe (MsiRecordReadStream) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD1B6D)
[Address] EAT @explorer.exe (MsiRecordSetInteger) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD17C2)
[Address] EAT @explorer.exe (MsiRecordSetStreamA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD5877)
[Address] EAT @explorer.exe (MsiRecordSetStreamW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD1A03)
[Address] EAT @explorer.exe (MsiRecordSetStringA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD561D)
[Address] EAT @explorer.exe (MsiRecordSetStringW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD572E)
[Address] EAT @explorer.exe (MsiReinstallFeatureA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB1EDE)
[Address] EAT @explorer.exe (MsiReinstallFeatureFromDescriptorA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBD8C2)
[Address] EAT @explorer.exe (MsiReinstallFeatureFromDescriptorW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBE657)
[Address] EAT @explorer.exe (MsiReinstallFeatureW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD18C24)
[Address] EAT @explorer.exe (MsiReinstallProductA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB1AFE)
[Address] EAT @explorer.exe (MsiReinstallProductW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDACFF1)
[Address] EAT @explorer.exe (MsiRemovePatchesA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC9606)
[Address] EAT @explorer.exe (MsiRemovePatchesW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC3702)
[Address] EAT @explorer.exe (MsiSequenceA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD6180)
[Address] EAT @explorer.exe (MsiSequenceW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD2E4B)
[Address] EAT @explorer.exe (MsiSetComponentStateA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD73EB)
[Address] EAT @explorer.exe (MsiSetComponentStateW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD74E5)
[Address] EAT @explorer.exe (MsiSetExternalUIA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDAC72F)
[Address] EAT @explorer.exe (MsiSetExternalUIRecord) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC336B)
[Address] EAT @explorer.exe (MsiSetExternalUIW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD14E86)
[Address] EAT @explorer.exe (MsiSetFeatureAttributesA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD7001)
[Address] EAT @explorer.exe (MsiSetFeatureAttributesW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD70B4)
[Address] EAT @explorer.exe (MsiSetFeatureStateA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD6E2D)
[Address] EAT @explorer.exe (MsiSetFeatureStateW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD6EDF)
[Address] EAT @explorer.exe (MsiSetInstallLevel) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD3424)
[Address] EAT @explorer.exe (MsiSetInternalUI) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD14FE6)
[Address] EAT @explorer.exe (MsiSetMode) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD28BB)
[Address] EAT @explorer.exe (MsiSetOfflineContextW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD8485)
[Address] EAT @explorer.exe (MsiSetPropertyA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD5DC1)
[Address] EAT @explorer.exe (MsiSetPropertyW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD5F85)
[Address] EAT @explorer.exe (MsiSetTargetPathA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD69DD)
[Address] EAT @explorer.exe (MsiSetTargetPathW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD6B61)
[Address] EAT @explorer.exe (MsiSourceListAddMediaDiskA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC7136)
[Address] EAT @explorer.exe (MsiSourceListAddMediaDiskW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC2165)
[Address] EAT @explorer.exe (MsiSourceListAddSourceA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB3037)
[Address] EAT @explorer.exe (MsiSourceListAddSourceExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC6F13)
[Address] EAT @explorer.exe (MsiSourceListAddSourceExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC1F43)
[Address] EAT @explorer.exe (MsiSourceListAddSourceW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDADC51)
[Address] EAT @explorer.exe (MsiSourceListClearAllA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB2EF0)
[Address] EAT @explorer.exe (MsiSourceListClearAllExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC7875)
[Address] EAT @explorer.exe (MsiSourceListClearAllExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC281B)
[Address] EAT @explorer.exe (MsiSourceListClearAllW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDADAEB)
[Address] EAT @explorer.exe (MsiSourceListClearMediaDiskA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC764A)
[Address] EAT @explorer.exe (MsiSourceListClearMediaDiskW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC260D)
[Address] EAT @explorer.exe (MsiSourceListClearSourceA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC7436)
[Address] EAT @explorer.exe (MsiSourceListClearSourceW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC2405)
[Address] EAT @explorer.exe (MsiSourceListEnumMediaDisksA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC834E)
[Address] EAT @explorer.exe (MsiSourceListEnumMediaDisksW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC31B5)
[Address] EAT @explorer.exe (MsiSourceListEnumSourcesA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC7C4B)
[Address] EAT @explorer.exe (MsiSourceListEnumSourcesW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC2C07)
[Address] EAT @explorer.exe (MsiSourceListForceResolutionA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB31B8)
[Address] EAT @explorer.exe (MsiSourceListForceResolutionExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC7A6C)
[Address] EAT @explorer.exe (MsiSourceListForceResolutionExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC2A09)
[Address] EAT @explorer.exe (MsiSourceListForceResolutionW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDADDDB)
[Address] EAT @explorer.exe (MsiSourceListGetInfoA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC7E30)
[Address] EAT @explorer.exe (MsiSourceListGetInfoW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC2DB5)
[Address] EAT @explorer.exe (MsiSourceListSetInfoA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC80F8)
[Address] EAT @explorer.exe (MsiSourceListSetInfoW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC2FAB)
[Address] EAT @explorer.exe (MsiSummaryInfoGetPropertyA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD21B9)
[Address] EAT @explorer.exe (MsiSummaryInfoGetPropertyCount) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD1E3D)
[Address] EAT @explorer.exe (MsiSummaryInfoGetPropertyW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD238B)
[Address] EAT @explorer.exe (MsiSummaryInfoPersist) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD2551)
[Address] EAT @explorer.exe (MsiSummaryInfoSetPropertyA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD5906)
[Address] EAT @explorer.exe (MsiSummaryInfoSetPropertyW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD1F2B)
[Address] EAT @explorer.exe (MsiUseFeatureA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC0D83)
[Address] EAT @explorer.exe (MsiUseFeatureExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBF9E8)
[Address] EAT @explorer.exe (MsiUseFeatureExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD14D3A)
[Address] EAT @explorer.exe (MsiUseFeatureW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC0DA0)
[Address] EAT @explorer.exe (MsiVerifyDiskSpace) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD3863)
[Address] EAT @explorer.exe (MsiVerifyPackageA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB07AA)
[Address] EAT @explorer.exe (MsiVerifyPackageW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDAF097)
[Address] EAT @explorer.exe (MsiViewClose) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD0BAF)
[Address] EAT @explorer.exe (MsiViewExecute) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD070F)
[Address] EAT @explorer.exe (MsiViewFetch) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD0833)
[Address] EAT @explorer.exe (MsiViewGetColumnInfo) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD0A91)
[Address] EAT @explorer.exe (MsiViewGetErrorA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD03F1)
[Address] EAT @explorer.exe (MsiViewGetErrorW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD05CE)
[Address] EAT @explorer.exe (MsiViewModify) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD093F)
[Address] EAT @explorer.exe (QueryInstanceCount) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD12B2A)
[Address] EAT @explorer.exe (BeginBufferedAnimation) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x743709AE)
[Address] EAT @explorer.exe (BeginBufferedPaint) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x743649A1)
[Address] EAT @explorer.exe (BeginPanningFeedback) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74390731)
[Address] EAT @explorer.exe (BufferedPaintClear) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74366395)
[Address] EAT @explorer.exe (BufferedPaintInit) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7436940E)
[Address] EAT @explorer.exe (BufferedPaintRenderAnimation) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x743708ED)
[Address] EAT @explorer.exe (BufferedPaintSetAlpha) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7437E6B3)
[Address] EAT @explorer.exe (BufferedPaintStopAllAnimations) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7437D395)
[Address] EAT @explorer.exe (BufferedPaintUnInit) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x743694AB)
[Address] EAT @explorer.exe (CloseThemeData) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74366A18)
[Address] EAT @explorer.exe (DrawThemeBackground) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74363982)
[Address] EAT @explorer.exe (DrawThemeBackgroundEx) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7437D9DA)
[Address] EAT @explorer.exe (DrawThemeEdge) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74383B52)
[Address] EAT @explorer.exe (DrawThemeIcon) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x743935E7)
[Address] EAT @explorer.exe (DrawThemeParentBackground) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x743653E5)
[Address] EAT @explorer.exe (DrawThemeParentBackgroundEx) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x743651BF)
[Address] EAT @explorer.exe (DrawThemeText) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74364EA1)
[Address] EAT @explorer.exe (DrawThemeTextEx) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x743663E6)
[Address] EAT @explorer.exe (EnableThemeDialogTexture) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7436FCAF)
[Address] EAT @explorer.exe (EnableTheming) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74392FEB)
[Address] EAT @explorer.exe (EndBufferedAnimation) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74363F9A)
[Address] EAT @explorer.exe (EndBufferedPaint) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74363F9A)
[Address] EAT @explorer.exe (EndPanningFeedback) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x743906CC)
[Address] EAT @explorer.exe (GetBufferedPaintBits) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74364BAF)
[Address] EAT @explorer.exe (GetBufferedPaintDC) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x743704BC)
[Address] EAT @explorer.exe (GetBufferedPaintTargetDC) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74370473)
[Address] EAT @explorer.exe (GetBufferedPaintTargetRect) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74392E7F)
[Address] EAT @explorer.exe (GetCurrentThemeName) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x743705DD)
[Address] EAT @explorer.exe (GetThemeAppProperties) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74370FB1)
[Address] EAT @explorer.exe (GetThemeBackgroundContentRect) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7436CD2E)
[Address] EAT @explorer.exe (GetThemeBackgroundExtent) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7436F8BF)
[Address] EAT @explorer.exe (GetThemeBackgroundRegion) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7437165D)
[Address] EAT @explorer.exe (GetThemeBitmap) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7436BF93)
[Address] EAT @explorer.exe (GetThemeBool) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74367C1F)
[Address] EAT @explorer.exe (GetThemeColor) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7436616C)
[Address] EAT @explorer.exe (GetThemeDocumentationProperty) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74392932)
[Address] EAT @explorer.exe (GetThemeEnumValue) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7436616C)
[Address] EAT @explorer.exe (GetThemeFilename) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74392412)
[Address] EAT @explorer.exe (GetThemeFont) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7436FF21)
[Address] EAT @explorer.exe (GetThemeInt) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7436616C)
[Address] EAT @explorer.exe (GetThemeIntList) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x743923B1)
[Address] EAT @explorer.exe (GetThemeMargins) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x743686E9)
[Address] EAT @explorer.exe (GetThemeMetric) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x743706E2)
[Address] EAT @explorer.exe (GetThemePartSize) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7436CDB1)
[Address] EAT @explorer.exe (GetThemePosition) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74392350)
[Address] EAT @explorer.exe (GetThemePropertyOrigin) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74383FBB)
[Address] EAT @explorer.exe (GetThemeRect) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74373611)
[Address] EAT @explorer.exe (GetThemeStream) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x743739D9)
[Address] EAT @explorer.exe (GetThemeString) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x743922E4)
[Address] EAT @explorer.exe (GetThemeSysBool) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74393172)
[Address] EAT @explorer.exe (GetThemeSysColor) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74383274)
[Address] EAT @explorer.exe (GetThemeSysColorBrush) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7439301E)
[Address] EAT @explorer.exe (GetThemeSysFont) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x743929C4)
[Address] EAT @explorer.exe (GetThemeSysInt) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74392BD3)
[Address] EAT @explorer.exe (GetThemeSysSize) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7439320B)
[Address] EAT @explorer.exe (GetThemeSysString) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74392B3F)
[Address] EAT @explorer.exe (GetThemeTextExtent) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74362D57)
[Address] EAT @explorer.exe (GetThemeTextMetrics) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7436F992)
[Address] EAT @explorer.exe (GetThemeTransitionDuration) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74371081)
[Address] EAT @explorer.exe (GetWindowTheme) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7436DF46)
[Address] EAT @explorer.exe (HitTestThemeBackground) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74373CE3)
[Address] EAT @explorer.exe (IsAppThemed) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7436F869)
[Address] EAT @explorer.exe (IsCompositionActive) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74362E9A)
[Address] EAT @explorer.exe (IsThemeActive) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7436F785)
[Address] EAT @explorer.exe (IsThemeBackgroundPartiallyTransparent) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x743660AB)
[Address] EAT @explorer.exe (IsThemeDialogTextureEnabled) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7439312B)
[Address] EAT @explorer.exe (IsThemePartDefined) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x743685B4)
[Address] EAT @explorer.exe (OpenThemeData) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x743673D2)
[Address] EAT @explorer.exe (OpenThemeDataEx) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74383D43)
[Address] EAT @explorer.exe (SetThemeAppProperties) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74393296)
[Address] EAT @explorer.exe (SetWindowTheme) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74370134)
[Address] EAT @explorer.exe (SetWindowThemeAttribute) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7437CFE6)
[Address] EAT @explorer.exe (ThemeInitApiHook) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7436B176)
[Address] EAT @explorer.exe (UpdatePanningFeedback) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7439068D)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : PUP ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3250318AS ATA Device +++++
--- User ---
[MBR] 49cc9bc7ec92624b369cc46216164d29
[BSP] 6f48ee592070847b7dbe7615b5691c9b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 227273 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 467914752 | Size: 10000 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_04172014_082938.txt >>
RKreport[0]_S_01232014_153127.txt


 



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:57 AM

Posted 17 April 2014 - 02:29 PM

Let's clean that up and see how it is.
  • Close all programs and disconnect any USB or external drives before running the tool.
  • Double-click RogueKiller.exe to run the tool again (Vista or 7 users: Right-click and select Run As Administrator).
  • Once the Prescan has finished, click Scan.
  • Once the Status box shows "Scan Finished", this time click the Delete button.
  • Copy and paste the report that opens into your next reply.
    • The log can also be found on your desktop labeled (RKreport[X]_D_xxdatexx_xtimex)
    • The highest number of [X], is the most recent Delete

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 trek8500xtr

trek8500xtr
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 17 April 2014 - 03:33 PM

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Becky [Admin rights]
Mode : Remove -- Date : 04/17/2014 15:33:17
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] JuniperSetupClient.exe -- C:\Users\Becky\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 6 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 1 ¤¤¤
[FF][PUP] f57myann.default : Yahoo! Toolbar

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] EAT @explorer.exe (DllGetClassObject) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFCF9D)
[Address] EAT @explorer.exe (IEnumString_Next_WIC_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFE000)
[Address] EAT @explorer.exe (IEnumString_Reset_WIC_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFE029)
[Address] EAT @explorer.exe (IPropertyBag2_Write_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFE049)
[Address] EAT @explorer.exe (IWICBitmapClipper_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDD2A)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_DoesSupportAnimation_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFEA9A)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_DoesSupportLossless_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFEABD)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_DoesSupportMultiframe_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFEAE0)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetContainerFormat_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFE9D3)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetDeviceManufacturer_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFE9F6)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetDeviceModels_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFEA1F)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetFileExtensions_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFEA71)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetMimeTypes_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFEA48)
[Address] EAT @explorer.exe (IWICBitmapDecoder_CopyPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD845)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetColorContexts_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFE9AA)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetDecoderInfo_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD822)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetFrameCount_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD9A2)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetFrame_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD868)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetMetadataQueryReader_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD8DA)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetPreview_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDC74)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetThumbnail_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFE9D3)
[Address] EAT @explorer.exe (IWICBitmapEncoder_Commit_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDC05)
[Address] EAT @explorer.exe (IWICBitmapEncoder_CreateNewFrame_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDB87)
[Address] EAT @explorer.exe (IWICBitmapEncoder_GetEncoderInfo_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDB5E)
[Address] EAT @explorer.exe (IWICBitmapEncoder_GetMetadataQueryWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD9A2)
[Address] EAT @explorer.exe (IWICBitmapEncoder_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDB32)
[Address] EAT @explorer.exe (IWICBitmapEncoder_SetPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDBDC)
[Address] EAT @explorer.exe (IWICBitmapEncoder_SetThumbnail_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDBB3)
[Address] EAT @explorer.exe (IWICBitmapFlipRotator_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDD2A)
[Address] EAT @explorer.exe (IWICBitmapFrameDecode_GetColorContexts_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD88E)
[Address] EAT @explorer.exe (IWICBitmapFrameDecode_GetMetadataQueryReader_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD8DA)
[Address] EAT @explorer.exe (IWICBitmapFrameDecode_GetThumbnail_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD8B7)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_Commit_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD9C5)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_GetMetadataQueryWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFEB03)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDFB7)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetColorContexts_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDB06)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetResolution_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDA17)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetSize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD9E5)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetThumbnail_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDADD)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_WriteSource_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDA71)
[Address] EAT @explorer.exe (IWICBitmapLock_GetDataPointer_STA_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD7FC)
[Address] EAT @explorer.exe (IWICBitmapLock_GetStride_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDC25)
[Address] EAT @explorer.exe (IWICBitmapScaler_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDCFE)
[Address] EAT @explorer.exe (IWICBitmapSource_CopyPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD822)
[Address] EAT @explorer.exe (IWICBitmapSource_CopyPixels_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDC48)
[Address] EAT @explorer.exe (IWICBitmapSource_GetPixelFormat_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDC25)
[Address] EAT @explorer.exe (IWICBitmapSource_GetResolution_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD7FC)
[Address] EAT @explorer.exe (IWICBitmapSource_GetSize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD91D)
[Address] EAT @explorer.exe (IWICBitmap_Lock_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFE981)
[Address] EAT @explorer.exe (IWICBitmap_SetPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDC74)
[Address] EAT @explorer.exe (IWICBitmap_SetResolution_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDC97)
[Address] EAT @explorer.exe (IWICColorContext_InitializeFromMemory_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFEB75)
[Address] EAT @explorer.exe (IWICComponentFactory_CreateMetadataWriterFromReader_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD7AA)
[Address] EAT @explorer.exe (IWICComponentFactory_CreateQueryWriterFromBlockWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD7D3)
[Address] EAT @explorer.exe (IWICComponentInfo_GetAuthor_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFE958)
[Address] EAT @explorer.exe (IWICComponentInfo_GetCLSID_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDC25)
[Address] EAT @explorer.exe (IWICComponentInfo_GetFriendlyName_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFE9AA)
[Address] EAT @explorer.exe (IWICComponentInfo_GetSpecVersion_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD88E)
[Address] EAT @explorer.exe (IWICComponentInfo_GetVersion_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFE981)
[Address] EAT @explorer.exe (IWICFastMetadataEncoder_Commit_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD8FD)
[Address] EAT @explorer.exe (IWICFastMetadataEncoder_GetMetadataQueryWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDC25)
[Address] EAT @explorer.exe (IWICFormatConverter_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDCC7)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapClipper_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD557)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFlipRotator_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD580)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromHBITMAP_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD6BA)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromHICON_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD6E6)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromMemory_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD656)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromSource_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD62D)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapScaler_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD52E)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmap_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD68B)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateComponentInfo_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD4D9)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateDecoderFromFileHandle_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD4A1)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateDecoderFromFilename_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD466)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateDecoderFromStream_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD42E)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateEncoder_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD5D2)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateFastMetadataEncoderFromDecoder_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD70C)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateFastMetadataEncoderFromFrameDecode_ProxÓ©áp8Lø"Ö) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD732)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateFormatConverter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD505)
[Address] EAT @explorer.exe (IWICImagingFactory_CreatePalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDADD)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateQueryWriterFromReader_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD781)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateQueryWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD758)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateStream_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD5A9)
[Address] EAT @explorer.exe (IWICMetadataBlockReader_GetCount_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDC25)
[Address] EAT @explorer.exe (IWICMetadataBlockReader_GetReaderByIndex_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD7FC)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetContainerFormat_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDFB7)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetEnumerator_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD822)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetLocation_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFE049)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetMetadataByName_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD7FC)
[Address] EAT @explorer.exe (IWICMetadataQueryWriter_RemoveMetadataByName_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD8DA)
[Address] EAT @explorer.exe (IWICMetadataQueryWriter_SetMetadataByName_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDFDA)
[Address] EAT @explorer.exe (IWICPalette_GetColorCount_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD96C)
[Address] EAT @explorer.exe (IWICPalette_GetColors_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD88E)
[Address] EAT @explorer.exe (IWICPalette_GetType_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD845)
[Address] EAT @explorer.exe (IWICPalette_HasAlpha_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD9A2)
[Address] EAT @explorer.exe (IWICPalette_InitializeCustom_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFEB75)
[Address] EAT @explorer.exe (IWICPalette_InitializeFromBitmap_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD943)
[Address] EAT @explorer.exe (IWICPalette_InitializeFromPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD822)
[Address] EAT @explorer.exe (IWICPalette_InitializePredefined_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD91D)
[Address] EAT @explorer.exe (IWICPixelFormatInfo_GetBitsPerPixel_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFEB03)
[Address] EAT @explorer.exe (IWICPixelFormatInfo_GetChannelCount_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDD50)
[Address] EAT @explorer.exe (IWICPixelFormatInfo_GetChannelMask_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFEB26)
[Address] EAT @explorer.exe (IWICStream_InitializeFromIStream_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDD50)
[Address] EAT @explorer.exe (IWICStream_InitializeFromMemory_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDD73)
[Address] EAT @explorer.exe (WICConvertBitmapSource) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDDB8)
[Address] EAT @explorer.exe (WICCreateBitmapFromSection) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDF8D)
[Address] EAT @explorer.exe (WICCreateBitmapFromSectionEx) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDE8C)
[Address] EAT @explorer.exe (WICCreateColorContext_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFEB52)
[Address] EAT @explorer.exe (WICCreateImagingFactory_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD02B)
[Address] EAT @explorer.exe (WICGetMetadataContentSize) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFE61D)
[Address] EAT @explorer.exe (WICMapGuidToShortName) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD0EC)
[Address] EAT @explorer.exe (WICMapSchemaToName) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD2E0)
[Address] EAT @explorer.exe (WICMapShortNameToGuid) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFD217)
[Address] EAT @explorer.exe (WICMatchMetadataContent) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFE072)
[Address] EAT @explorer.exe (WICSerializeMetadataContent) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFE1B4)
[Address] EAT @explorer.exe (WICSetEncoderFormat_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x73EFDD99)
[Address] EAT @explorer.exe (DllCanUnloadNow) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD12B3B)
[Address] EAT @explorer.exe (DllGetClassObject) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD2188E)
[Address] EAT @explorer.exe (DllGetVersion) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD12982)
[Address] EAT @explorer.exe (DllRegisterServer) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDA7DC5)
[Address] EAT @explorer.exe (DllUnregisterServer) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDA818F)
[Address] EAT @explorer.exe (Migrate10CachedPackagesA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDAC744)
[Address] EAT @explorer.exe (Migrate10CachedPackagesW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDAE1AC)
[Address] EAT @explorer.exe (MsiAdvertiseProductA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB257F)
[Address] EAT @explorer.exe (MsiAdvertiseProductExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB27D7)
[Address] EAT @explorer.exe (MsiAdvertiseProductExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDAD6C1)
[Address] EAT @explorer.exe (MsiAdvertiseProductW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDAD46F)
[Address] EAT @explorer.exe (MsiAdvertiseScriptA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB8A3F)
[Address] EAT @explorer.exe (MsiAdvertiseScriptW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBB641)
[Address] EAT @explorer.exe (MsiApplyMultiplePatchesA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC5903)
[Address] EAT @explorer.exe (MsiApplyMultiplePatchesW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC1057)
[Address] EAT @explorer.exe (MsiApplyPatchA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB2D5D)
[Address] EAT @explorer.exe (MsiApplyPatchW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDAD943)
[Address] EAT @explorer.exe (MsiBeginTransactionA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC9441)
[Address] EAT @explorer.exe (MsiBeginTransactionW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC39D4)
[Address] EAT @explorer.exe (MsiCloseAllHandles) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD00C3)
[Address] EAT @explorer.exe (MsiCloseHandle) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD0015)
[Address] EAT @explorer.exe (MsiCollectUserInfoA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB1C3A)
[Address] EAT @explorer.exe (MsiCollectUserInfoW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDAD16F)
[Address] EAT @explorer.exe (MsiConfigureFeatureA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB1D5A)
[Address] EAT @explorer.exe (MsiConfigureFeatureFromDescriptorA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBD70A)
[Address] EAT @explorer.exe (MsiConfigureFeatureFromDescriptorW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBE41B)
[Address] EAT @explorer.exe (MsiConfigureFeatureW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDAD2B7)
[Address] EAT @explorer.exe (MsiConfigureProductA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBF256)
[Address] EAT @explorer.exe (MsiConfigureProductExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBDACA)
[Address] EAT @explorer.exe (MsiConfigureProductExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBE891)
[Address] EAT @explorer.exe (MsiConfigureProductW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBF581)
[Address] EAT @explorer.exe (MsiCreateAndVerifyInstallerDirectory) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD2B2E1)
[Address] EAT @explorer.exe (MsiCreateRecord) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD1514)
[Address] EAT @explorer.exe (MsiCreateTransformSummaryInfoA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD55D1)
[Address] EAT @explorer.exe (MsiCreateTransformSummaryInfoW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD48EF)
[Address] EAT @explorer.exe (MsiDatabaseApplyTransformA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD48A9)
[Address] EAT @explorer.exe (MsiDatabaseApplyTransformW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD1397)
[Address] EAT @explorer.exe (MsiDatabaseCommit) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD0DEB)
[Address] EAT @explorer.exe (MsiDatabaseExportA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD4792)
[Address] EAT @explorer.exe (MsiDatabaseExportW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD1008)
[Address] EAT @explorer.exe (MsiDatabaseGenerateTransformA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD485D)
[Address] EAT @explorer.exe (MsiDatabaseGenerateTransformW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD1270)
[Address] EAT @explorer.exe (MsiDatabaseGetPrimaryKeysA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD45FD)
[Address] EAT @explorer.exe (MsiDatabaseGetPrimaryKeysW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD3C54)
[Address] EAT @explorer.exe (MsiDatabaseImportA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD472E)
[Address] EAT @explorer.exe (MsiDatabaseImportW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD0F1E)
[Address] EAT @explorer.exe (MsiDatabaseIsTablePersistentA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD4643)
[Address] EAT @explorer.exe (MsiDatabaseIsTablePersistentW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD0C8F)
[Address] EAT @explorer.exe (MsiDatabaseMergeA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD4817)
[Address] EAT @explorer.exe (MsiDatabaseMergeW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD1111)
[Address] EAT @explorer.exe (MsiDatabaseOpenViewA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD45B7)
[Address] EAT @explorer.exe (MsiDatabaseOpenViewW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD02B7)
[Address] EAT @explorer.exe (MsiDecomposeDescriptorA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBDA7B)
[Address] EAT @explorer.exe (MsiDecomposeDescriptorW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD06286)
[Address] EAT @explorer.exe (MsiDeleteUserDataA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBA367)
[Address] EAT @explorer.exe (MsiDeleteUserDataW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB69EB)
[Address] EAT @explorer.exe (MsiDetermineApplicablePatchesA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDCD4C5)
[Address] EAT @explorer.exe (MsiDetermineApplicablePatchesW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDCC559)
[Address] EAT @explorer.exe (MsiDeterminePatchSequenceA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDCD9D9)
[Address] EAT @explorer.exe (MsiDeterminePatchSequenceW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDCC9E1)
[Address] EAT @explorer.exe (MsiDoActionA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD613D)
[Address] EAT @explorer.exe (MsiDoActionW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD2D61)
[Address] EAT @explorer.exe (MsiEnableLogA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB189B)
[Address] EAT @explorer.exe (MsiEnableLogW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDAFBE9)
[Address] EAT @explorer.exe (MsiEnableUIPreview) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD39CD)
[Address] EAT @explorer.exe (MsiEndTransaction) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC3E11)
[Address] EAT @explorer.exe (MsiEnumClientsA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD2EC96)
[Address] EAT @explorer.exe (MsiEnumClientsExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC5D6E)
[Address] EAT @explorer.exe (MsiEnumClientsExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC13A7)
[Address] EAT @explorer.exe (MsiEnumClientsW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD13647)
[Address] EAT @explorer.exe (MsiEnumComponentCostsA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD7847)
[Address] EAT @explorer.exe (MsiEnumComponentCostsW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD7A95)
[Address] EAT @explorer.exe (MsiEnumComponentQualifiersA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBCD6D)
[Address] EAT @explorer.exe (MsiEnumComponentQualifiersW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD1384D)
[Address] EAT @explorer.exe (MsiEnumComponentsA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB91B9)
[Address] EAT @explorer.exe (MsiEnumComponentsExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC5B08)
[Address] EAT @explorer.exe (MsiEnumComponentsExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC121D)
[Address] EAT @explorer.exe (MsiEnumComponentsW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBBA57)
[Address] EAT @explorer.exe (MsiEnumFeaturesA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB9C04)
[Address] EAT @explorer.exe (MsiEnumFeaturesW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBC259)
[Address] EAT @explorer.exe (MsiEnumPatchesA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC97EB)
[Address] EAT @explorer.exe (MsiEnumPatchesExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC4897)
[Address] EAT @explorer.exe (MsiEnumPatchesExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC0E79)
[Address] EAT @explorer.exe (MsiEnumPatchesW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC468E)
[Address] EAT @explorer.exe (MsiEnumProductsA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB9175)
[Address] EAT @explorer.exe (MsiEnumProductsExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC6313)
[Address] EAT @explorer.exe (MsiEnumProductsExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC1729)
[Address] EAT @explorer.exe (MsiEnumProductsW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD1559D)
[Address] EAT @explorer.exe (MsiEnumRelatedProductsA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB9109)
[Address] EAT @explorer.exe (MsiEnumRelatedProductsW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBB9EB)
[Address] EAT @explorer.exe (MsiEvaluateConditionA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD61C6)
[Address] EAT @explorer.exe (MsiEvaluateConditionW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD30C1)
[Address] EAT @explorer.exe (MsiExtractPatchXMLDataA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC4FAE)
[Address] EAT @explorer.exe (MsiExtractPatchXMLDataW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC4C22)
[Address] EAT @explorer.exe (MsiFormatRecordA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD2A73)
[Address] EAT @explorer.exe (MsiFormatRecordW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD2BF9)
[Address] EAT @explorer.exe (MsiGetActiveDatabase) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD2639)
[Address] EAT @explorer.exe (MsiGetComponentPathA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBEEBD)
[Address] EAT @explorer.exe (MsiGetComponentPathExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC6053)
[Address] EAT @explorer.exe (MsiGetComponentPathExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC1559)
[Address] EAT @explorer.exe (MsiGetComponentPathW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD062DD)
[Address] EAT @explorer.exe (MsiGetComponentStateA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD71E3)
[Address] EAT @explorer.exe (MsiGetComponentStateW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD72DC)
[Address] EAT @explorer.exe (MsiGetDatabaseState) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD0ED9)
[Address] EAT @explorer.exe (MsiGetFeatureCostA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD75FD)
[Address] EAT @explorer.exe (MsiGetFeatureCostW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD7702)
[Address] EAT @explorer.exe (MsiGetFeatureInfoA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB0D1A)
[Address] EAT @explorer.exe (MsiGetFeatureInfoW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDAF5EE)
[Address] EAT @explorer.exe (MsiGetFeatureStateA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD6CD5)
[Address] EAT @explorer.exe (MsiGetFeatureStateW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD6DC3)
[Address] EAT @explorer.exe (MsiGetFeatureUsageA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBA111)
[Address] EAT @explorer.exe (MsiGetFeatureUsageW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBC9BD)
[Address] EAT @explorer.exe (MsiGetFeatureValidStatesA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD7CC5)
[Address] EAT @explorer.exe (MsiGetFeatureValidStatesW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD36EC)
[Address] EAT @explorer.exe (MsiGetFileHashA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB1214)
[Address] EAT @explorer.exe (MsiGetFileHashW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDACA49)
[Address] EAT @explorer.exe (MsiGetFileSignatureInformationA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB128C)
[Address] EAT @explorer.exe (MsiGetFileSignatureInformationW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDACA9F)
[Address] EAT @explorer.exe (MsiGetFileVersionA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB0EF8)
[Address] EAT @explorer.exe (MsiGetFileVersionW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB3D2F)
[Address] EAT @explorer.exe (MsiGetLanguage) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD2727)
[Address] EAT @explorer.exe (MsiGetLastErrorRecord) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD1D69)
[Address] EAT @explorer.exe (MsiGetMode) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD279F)
[Address] EAT @explorer.exe (MsiGetPatchFileListA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDCD25D)
[Address] EAT @explorer.exe (MsiGetPatchFileListW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC8B6E)
[Address] EAT @explorer.exe (MsiGetPatchInfoA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBA24F)
[Address] EAT @explorer.exe (MsiGetPatchInfoExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC55E9)
[Address] EAT @explorer.exe (MsiGetPatchInfoExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC5177)
[Address] EAT @explorer.exe (MsiGetPatchInfoW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBCAFB)
[Address] EAT @explorer.exe (MsiGetProductCodeA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD2EADC)
[Address] EAT @explorer.exe (MsiGetProductCodeFromPackageCodeA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBED5F)
[Address] EAT @explorer.exe (MsiGetProductCodeFromPackageCodeW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBF353)
[Address] EAT @explorer.exe (MsiGetProductCodeW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD2EE6C)
[Address] EAT @explorer.exe (MsiGetProductInfoA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBD362)
[Address] EAT @explorer.exe (MsiGetProductInfoExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC65DE)
[Address] EAT @explorer.exe (MsiGetProductInfoExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC18FF)
[Address] EAT @explorer.exe (MsiGetProductInfoFromScriptA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB0880)
[Address] EAT @explorer.exe (MsiGetProductInfoFromScriptW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDAF132)
[Address] EAT @explorer.exe (MsiGetProductInfoW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD14273)
[Address] EAT @explorer.exe (MsiGetProductPropertyA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB0B90)
[Address] EAT @explorer.exe (MsiGetProductPropertyW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDAF48B)
[Address] EAT @explorer.exe (MsiGetPropertyA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD596D)
[Address] EAT @explorer.exe (MsiGetPropertyW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD5BA3)
[Address] EAT @explorer.exe (MsiGetShortcutTargetA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB2A58)
[Address] EAT @explorer.exe (MsiGetShortcutTargetW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB4689)
[Address] EAT @explorer.exe (MsiGetSourcePathA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD6209)
[Address] EAT @explorer.exe (MsiGetSourcePathW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD640D)
[Address] EAT @explorer.exe (MsiGetSummaryInformationA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD58BD)
[Address] EAT @explorer.exe (MsiGetSummaryInformationW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD4293)
[Address] EAT @explorer.exe (MsiGetTargetPathA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD65F5)
[Address] EAT @explorer.exe (MsiGetTargetPathW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD67F9)
[Address] EAT @explorer.exe (MsiGetUserInfoA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB91FE)
[Address] EAT @explorer.exe (MsiGetUserInfoW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD2E466)
[Address] EAT @explorer.exe (MsiInstallMissingComponentA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB22C7)
[Address] EAT @explorer.exe (MsiInstallMissingComponentW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB43D9)
[Address] EAT @explorer.exe (MsiInstallMissingFileA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB2067)
[Address] EAT @explorer.exe (MsiInstallMissingFileW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB4179)
[Address] EAT @explorer.exe (MsiInstallProductA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB197E)
[Address] EAT @explorer.exe (MsiInstallProductW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDACE4B)
[Address] EAT @explorer.exe (MsiInvalidateFeatureCache) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD6D1D3)
[Address] EAT @explorer.exe (MsiIsProductElevatedA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB3306)
[Address] EAT @explorer.exe (MsiIsProductElevatedW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB4A5D)
[Address] EAT @explorer.exe (MsiJoinTransaction) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC3FEB)
[Address] EAT @explorer.exe (MsiLoadStringA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB141F)
[Address] EAT @explorer.exe (MsiLoadStringW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD1AE09)
[Address] EAT @explorer.exe (MsiLocateComponentA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBF19F)
[Address] EAT @explorer.exe (MsiLocateComponentW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBF4CA)
[Address] EAT @explorer.exe (MsiMessageBoxA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB16DA)
[Address] EAT @explorer.exe (MsiMessageBoxExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB1528)
[Address] EAT @explorer.exe (MsiMessageBoxExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDACCB1)
[Address] EAT @explorer.exe (MsiMessageBoxW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDACE24)
[Address] EAT @explorer.exe (MsiNotifySidChangeA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBA306)
[Address] EAT @explorer.exe (MsiNotifySidChangeW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB501B)
[Address] EAT @explorer.exe (MsiOpenDatabaseA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD4691)
[Address] EAT @explorer.exe (MsiOpenDatabaseW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD3D8D)
[Address] EAT @explorer.exe (MsiOpenPackageA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDAEDC0)
[Address] EAT @explorer.exe (MsiOpenPackageExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDAC63E)
[Address] EAT @explorer.exe (MsiOpenPackageExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDAC8E9)
[Address] EAT @explorer.exe (MsiOpenPackageW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDAF7AB)
[Address] EAT @explorer.exe (MsiOpenProductA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB8BF2)
[Address] EAT @explorer.exe (MsiOpenProductW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBB857)
[Address] EAT @explorer.exe (MsiPreviewBillboardA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD7D4E)
[Address] EAT @explorer.exe (MsiPreviewBillboardW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD3AEA)
[Address] EAT @explorer.exe (MsiPreviewDialogA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD7D0B)
[Address] EAT @explorer.exe (MsiPreviewDialogW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD3A96)
[Address] EAT @explorer.exe (MsiProcessAdvertiseScriptA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBCBB2)
[Address] EAT @explorer.exe (MsiProcessAdvertiseScriptW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBDF39)
[Address] EAT @explorer.exe (MsiProcessMessage) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD2F51)
[Address] EAT @explorer.exe (MsiProvideAssemblyA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBFD5D)
[Address] EAT @explorer.exe (MsiProvideAssemblyW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC0765)
[Address] EAT @explorer.exe (MsiProvideComponentA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBF7B9)
[Address] EAT @explorer.exe (MsiProvideComponentFromDescriptorA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBFAB3)
[Address] EAT @explorer.exe (MsiProvideComponentFromDescriptorW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD14F84)
[Address] EAT @explorer.exe (MsiProvideComponentW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC030C)
[Address] EAT @explorer.exe (MsiProvideQualifiedComponentA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD2C385)
[Address] EAT @explorer.exe (MsiProvideQualifiedComponentExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD2D411)
[Address] EAT @explorer.exe (MsiProvideQualifiedComponentExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD08A47)
[Address] EAT @explorer.exe (MsiProvideQualifiedComponentW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD08C86)
[Address] EAT @explorer.exe (MsiQueryComponentStateA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC687C)
[Address] EAT @explorer.exe (MsiQueryComponentStateW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC1AE1)
[Address] EAT @explorer.exe (MsiQueryFeatureStateA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBF6F1)
[Address] EAT @explorer.exe (MsiQueryFeatureStateExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC6A94)
[Address] EAT @explorer.exe (MsiQueryFeatureStateExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC1CD9)
[Address] EAT @explorer.exe (MsiQueryFeatureStateFromDescriptorA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBFC02)
[Address] EAT @explorer.exe (MsiQueryFeatureStateFromDescriptorW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC057D)
[Address] EAT @explorer.exe (MsiQueryFeatureStateW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD0617D)
[Address] EAT @explorer.exe (MsiQueryProductStateA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBD45D)
[Address] EAT @explorer.exe (MsiQueryProductStateW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD149FE)
[Address] EAT @explorer.exe (MsiRecordClearData) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD1D27)
[Address] EAT @explorer.exe (MsiRecordDataSize) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD16E5)
[Address] EAT @explorer.exe (MsiRecordGetFieldCount) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD1916)
[Address] EAT @explorer.exe (MsiRecordGetInteger) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD18B5)
[Address] EAT @explorer.exe (MsiRecordGetStringA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD3F1D)
[Address] EAT @explorer.exe (MsiRecordGetStringW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD40CC)
[Address] EAT @explorer.exe (MsiRecordIsNull) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD15F5)
[Address] EAT @explorer.exe (MsiRecordReadStream) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD1B6D)
[Address] EAT @explorer.exe (MsiRecordSetInteger) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD17C2)
[Address] EAT @explorer.exe (MsiRecordSetStreamA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD5877)
[Address] EAT @explorer.exe (MsiRecordSetStreamW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD1A03)
[Address] EAT @explorer.exe (MsiRecordSetStringA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD561D)
[Address] EAT @explorer.exe (MsiRecordSetStringW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD572E)
[Address] EAT @explorer.exe (MsiReinstallFeatureA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB1EDE)
[Address] EAT @explorer.exe (MsiReinstallFeatureFromDescriptorA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBD8C2)
[Address] EAT @explorer.exe (MsiReinstallFeatureFromDescriptorW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBE657)
[Address] EAT @explorer.exe (MsiReinstallFeatureW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD18C24)
[Address] EAT @explorer.exe (MsiReinstallProductA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB1AFE)
[Address] EAT @explorer.exe (MsiReinstallProductW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDACFF1)
[Address] EAT @explorer.exe (MsiRemovePatchesA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC9606)
[Address] EAT @explorer.exe (MsiRemovePatchesW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC3702)
[Address] EAT @explorer.exe (MsiSequenceA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD6180)
[Address] EAT @explorer.exe (MsiSequenceW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD2E4B)
[Address] EAT @explorer.exe (MsiSetComponentStateA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD73EB)
[Address] EAT @explorer.exe (MsiSetComponentStateW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD74E5)
[Address] EAT @explorer.exe (MsiSetExternalUIA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDAC72F)
[Address] EAT @explorer.exe (MsiSetExternalUIRecord) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC336B)
[Address] EAT @explorer.exe (MsiSetExternalUIW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD14E86)
[Address] EAT @explorer.exe (MsiSetFeatureAttributesA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD7001)
[Address] EAT @explorer.exe (MsiSetFeatureAttributesW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD70B4)
[Address] EAT @explorer.exe (MsiSetFeatureStateA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD6E2D)
[Address] EAT @explorer.exe (MsiSetFeatureStateW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD6EDF)
[Address] EAT @explorer.exe (MsiSetInstallLevel) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD3424)
[Address] EAT @explorer.exe (MsiSetInternalUI) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD14FE6)
[Address] EAT @explorer.exe (MsiSetMode) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD28BB)
[Address] EAT @explorer.exe (MsiSetOfflineContextW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD8485)
[Address] EAT @explorer.exe (MsiSetPropertyA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD5DC1)
[Address] EAT @explorer.exe (MsiSetPropertyW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD5F85)
[Address] EAT @explorer.exe (MsiSetTargetPathA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD69DD)
[Address] EAT @explorer.exe (MsiSetTargetPathW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD6B61)
[Address] EAT @explorer.exe (MsiSourceListAddMediaDiskA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC7136)
[Address] EAT @explorer.exe (MsiSourceListAddMediaDiskW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC2165)
[Address] EAT @explorer.exe (MsiSourceListAddSourceA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB3037)
[Address] EAT @explorer.exe (MsiSourceListAddSourceExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC6F13)
[Address] EAT @explorer.exe (MsiSourceListAddSourceExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC1F43)
[Address] EAT @explorer.exe (MsiSourceListAddSourceW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDADC51)
[Address] EAT @explorer.exe (MsiSourceListClearAllA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB2EF0)
[Address] EAT @explorer.exe (MsiSourceListClearAllExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC7875)
[Address] EAT @explorer.exe (MsiSourceListClearAllExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC281B)
[Address] EAT @explorer.exe (MsiSourceListClearAllW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDADAEB)
[Address] EAT @explorer.exe (MsiSourceListClearMediaDiskA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC764A)
[Address] EAT @explorer.exe (MsiSourceListClearMediaDiskW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC260D)
[Address] EAT @explorer.exe (MsiSourceListClearSourceA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC7436)
[Address] EAT @explorer.exe (MsiSourceListClearSourceW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC2405)
[Address] EAT @explorer.exe (MsiSourceListEnumMediaDisksA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC834E)
[Address] EAT @explorer.exe (MsiSourceListEnumMediaDisksW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC31B5)
[Address] EAT @explorer.exe (MsiSourceListEnumSourcesA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC7C4B)
[Address] EAT @explorer.exe (MsiSourceListEnumSourcesW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC2C07)
[Address] EAT @explorer.exe (MsiSourceListForceResolutionA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB31B8)
[Address] EAT @explorer.exe (MsiSourceListForceResolutionExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC7A6C)
[Address] EAT @explorer.exe (MsiSourceListForceResolutionExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC2A09)
[Address] EAT @explorer.exe (MsiSourceListForceResolutionW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDADDDB)
[Address] EAT @explorer.exe (MsiSourceListGetInfoA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC7E30)
[Address] EAT @explorer.exe (MsiSourceListGetInfoW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC2DB5)
[Address] EAT @explorer.exe (MsiSourceListSetInfoA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC80F8)
[Address] EAT @explorer.exe (MsiSourceListSetInfoW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC2FAB)
[Address] EAT @explorer.exe (MsiSummaryInfoGetPropertyA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD21B9)
[Address] EAT @explorer.exe (MsiSummaryInfoGetPropertyCount) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD1E3D)
[Address] EAT @explorer.exe (MsiSummaryInfoGetPropertyW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD238B)
[Address] EAT @explorer.exe (MsiSummaryInfoPersist) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD2551)
[Address] EAT @explorer.exe (MsiSummaryInfoSetPropertyA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD5906)
[Address] EAT @explorer.exe (MsiSummaryInfoSetPropertyW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD1F2B)
[Address] EAT @explorer.exe (MsiUseFeatureA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC0D83)
[Address] EAT @explorer.exe (MsiUseFeatureExA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDBF9E8)
[Address] EAT @explorer.exe (MsiUseFeatureExW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD14D3A)
[Address] EAT @explorer.exe (MsiUseFeatureW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDC0DA0)
[Address] EAT @explorer.exe (MsiVerifyDiskSpace) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD3863)
[Address] EAT @explorer.exe (MsiVerifyPackageA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDB07AA)
[Address] EAT @explorer.exe (MsiVerifyPackageW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDAF097)
[Address] EAT @explorer.exe (MsiViewClose) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD0BAF)
[Address] EAT @explorer.exe (MsiViewExecute) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD070F)
[Address] EAT @explorer.exe (MsiViewFetch) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD0833)
[Address] EAT @explorer.exe (MsiViewGetColumnInfo) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD0A91)
[Address] EAT @explorer.exe (MsiViewGetErrorA) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD03F1)
[Address] EAT @explorer.exe (MsiViewGetErrorW) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD05CE)
[Address] EAT @explorer.exe (MsiViewModify) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BDD093F)
[Address] EAT @explorer.exe (QueryInstanceCount) : api-ms-win-downlevel-shell32-l1-1-0.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x6BD12B2A)
[Address] EAT @explorer.exe (BeginBufferedAnimation) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x743709AE)
[Address] EAT @explorer.exe (BeginBufferedPaint) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x743649A1)
[Address] EAT @explorer.exe (BeginPanningFeedback) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74390731)
[Address] EAT @explorer.exe (BufferedPaintClear) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74366395)
[Address] EAT @explorer.exe (BufferedPaintInit) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7436940E)
[Address] EAT @explorer.exe (BufferedPaintRenderAnimation) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x743708ED)
[Address] EAT @explorer.exe (BufferedPaintSetAlpha) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7437E6B3)
[Address] EAT @explorer.exe (BufferedPaintStopAllAnimations) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7437D395)
[Address] EAT @explorer.exe (BufferedPaintUnInit) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x743694AB)
[Address] EAT @explorer.exe (CloseThemeData) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74366A18)
[Address] EAT @explorer.exe (DrawThemeBackground) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74363982)
[Address] EAT @explorer.exe (DrawThemeBackgroundEx) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7437D9DA)
[Address] EAT @explorer.exe (DrawThemeEdge) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74383B52)
[Address] EAT @explorer.exe (DrawThemeIcon) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x743935E7)
[Address] EAT @explorer.exe (DrawThemeParentBackground) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x743653E5)
[Address] EAT @explorer.exe (DrawThemeParentBackgroundEx) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x743651BF)
[Address] EAT @explorer.exe (DrawThemeText) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74364EA1)
[Address] EAT @explorer.exe (DrawThemeTextEx) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x743663E6)
[Address] EAT @explorer.exe (EnableThemeDialogTexture) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7436FCAF)
[Address] EAT @explorer.exe (EnableTheming) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74392FEB)
[Address] EAT @explorer.exe (EndBufferedAnimation) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74363F9A)
[Address] EAT @explorer.exe (EndBufferedPaint) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74363F9A)
[Address] EAT @explorer.exe (EndPanningFeedback) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x743906CC)
[Address] EAT @explorer.exe (GetBufferedPaintBits) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74364BAF)
[Address] EAT @explorer.exe (GetBufferedPaintDC) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x743704BC)
[Address] EAT @explorer.exe (GetBufferedPaintTargetDC) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74370473)
[Address] EAT @explorer.exe (GetBufferedPaintTargetRect) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74392E7F)
[Address] EAT @explorer.exe (GetCurrentThemeName) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x743705DD)
[Address] EAT @explorer.exe (GetThemeAppProperties) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74370FB1)
[Address] EAT @explorer.exe (GetThemeBackgroundContentRect) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7436CD2E)
[Address] EAT @explorer.exe (GetThemeBackgroundExtent) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7436F8BF)
[Address] EAT @explorer.exe (GetThemeBackgroundRegion) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7437165D)
[Address] EAT @explorer.exe (GetThemeBitmap) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7436BF93)
[Address] EAT @explorer.exe (GetThemeBool) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74367C1F)
[Address] EAT @explorer.exe (GetThemeColor) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7436616C)
[Address] EAT @explorer.exe (GetThemeDocumentationProperty) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74392932)
[Address] EAT @explorer.exe (GetThemeEnumValue) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7436616C)
[Address] EAT @explorer.exe (GetThemeFilename) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74392412)
[Address] EAT @explorer.exe (GetThemeFont) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7436FF21)
[Address] EAT @explorer.exe (GetThemeInt) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7436616C)
[Address] EAT @explorer.exe (GetThemeIntList) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x743923B1)
[Address] EAT @explorer.exe (GetThemeMargins) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x743686E9)
[Address] EAT @explorer.exe (GetThemeMetric) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x743706E2)
[Address] EAT @explorer.exe (GetThemePartSize) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7436CDB1)
[Address] EAT @explorer.exe (GetThemePosition) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74392350)
[Address] EAT @explorer.exe (GetThemePropertyOrigin) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74383FBB)
[Address] EAT @explorer.exe (GetThemeRect) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74373611)
[Address] EAT @explorer.exe (GetThemeStream) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x743739D9)
[Address] EAT @explorer.exe (GetThemeString) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x743922E4)
[Address] EAT @explorer.exe (GetThemeSysBool) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74393172)
[Address] EAT @explorer.exe (GetThemeSysColor) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74383274)
[Address] EAT @explorer.exe (GetThemeSysColorBrush) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7439301E)
[Address] EAT @explorer.exe (GetThemeSysFont) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x743929C4)
[Address] EAT @explorer.exe (GetThemeSysInt) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74392BD3)
[Address] EAT @explorer.exe (GetThemeSysSize) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7439320B)
[Address] EAT @explorer.exe (GetThemeSysString) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74392B3F)
[Address] EAT @explorer.exe (GetThemeTextExtent) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74362D57)
[Address] EAT @explorer.exe (GetThemeTextMetrics) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7436F992)
[Address] EAT @explorer.exe (GetThemeTransitionDuration) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74371081)
[Address] EAT @explorer.exe (GetWindowTheme) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7436DF46)
[Address] EAT @explorer.exe (HitTestThemeBackground) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74373CE3)
[Address] EAT @explorer.exe (IsAppThemed) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7436F869)
[Address] EAT @explorer.exe (IsCompositionActive) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74362E9A)
[Address] EAT @explorer.exe (IsThemeActive) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7436F785)
[Address] EAT @explorer.exe (IsThemeBackgroundPartiallyTransparent) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x743660AB)
[Address] EAT @explorer.exe (IsThemeDialogTextureEnabled) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7439312B)
[Address] EAT @explorer.exe (IsThemePartDefined) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x743685B4)
[Address] EAT @explorer.exe (OpenThemeData) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x743673D2)
[Address] EAT @explorer.exe (OpenThemeDataEx) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74383D43)
[Address] EAT @explorer.exe (SetThemeAppProperties) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74393296)
[Address] EAT @explorer.exe (SetWindowTheme) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74370134)
[Address] EAT @explorer.exe (SetWindowThemeAttribute) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7437CFE6)
[Address] EAT @explorer.exe (ThemeInitApiHook) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7436B176)
[Address] EAT @explorer.exe (UpdatePanningFeedback) : nlaapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7439068D)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : PUP ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3250318AS ATA Device +++++
--- User ---
[MBR] 49cc9bc7ec92624b369cc46216164d29
[BSP] 6f48ee592070847b7dbe7615b5691c9b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 227273 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 467914752 | Size: 10000 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_04172014_153316.txt >>
RKreport[0]_S_01232014_153127.txt;RKreport[0]_S_04172014_082938.txt;RKreport[0]_S_04172014_153302.txt



 



#11 trek8500xtr

trek8500xtr
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 22 April 2014 - 08:43 AM

Any other ideas?



#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:57 AM

Posted 23 April 2014 - 11:38 AM

If you still hear it after all these then we need to get a deeper look. Please follow this Preparation Guide, do steps 6,7 and 8 and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users