Hi everyone. I came here to get these hooks analyzed to see if it's possible rootkit. This is from an avz4 log after an extended scan. Code: 1. Searching for Rootkits and programs intercepting API functions 1.1 Searching for user-mode API hooks Analysis: kernel32.dll, export table found in section .text Function kernel32.dll:CopyFileA (114) intercepted, method APICodeHijack.JmpTo[1002CC36] Function kernel32.dll:CopyFileExA (115) intercepted, method APICodeHijack.JmpTo[1002CBF6] Function kernel32.dll:CopyFileExW (116) intercepted, method APICodeHijack.JmpTo[1002CBD6] Function kernel32.dll:CopyFileW (119) intercepted, method APICodeHijack.JmpTo[1002CC16] Function kernel32.dll:CreateFileA (138) intercepted, method APICodeHijack.JmpTo[1002CC76] Function kernel32.dll:CreateFileW (145) intercepted, method APICodeHijack.JmpTo[1002CC56] Function kernel32.dll:CreateProcessA (166) intercepted, method APICodeHijack.JmpTo[10028316] Function kernel32.dll:CreateProcessW (170) intercepted, method APICodeHijack.JmpTo[10027786] Function kernel32.dll:DeleteFileA (213) intercepted, method APICodeHijack.JmpTo[1002CAF6] Function kernel32.dll:DeleteFileW (216) intercepted, method APICodeHijack.JmpTo[1002CAD6] Function kernel32.dll:GetModuleHandleA (535) intercepted, method APICodeHijack.JmpTo[1002CAB6] Function kernel32.dll:GetModuleHandleW (538) intercepted, method APICodeHijack.JmpTo[1002CA96] Function kernel32.dll:GetProcAddress (583) intercepted, method APICodeHijack.JmpTo[1002CD16] Function kernel32.dll:LoadLibraryA (829) intercepted, method APICodeHijack.JmpTo[1002CA76] Function kernel32.dll:LoadLibraryExA (830) intercepted, method APICodeHijack.JmpTo[1002CCD6] Function kernel32.dll:LoadLibraryExW (831) intercepted, method APICodeHijack.JmpTo[1002CCB6] Function kernel32.dll:LoadLibraryW (832) intercepted, method APICodeHijack.JmpTo[1002CA56] Function kernel32.dll:LoadModule (833) intercepted, method APICodeHijack.JmpTo[1002CCF6] Function kernel32.dll:MoveFileA (863) intercepted, method APICodeHijack.JmpTo[1002CBB6] Function kernel32.dll:MoveFileExA (864) intercepted, method APICodeHijack.JmpTo[1002CB76] Function kernel32.dll:MoveFileExW (865) intercepted, method APICodeHijack.JmpTo[1002CB56] Function kernel32.dll:MoveFileW (868) intercepted, method APICodeHijack.JmpTo[1002CB96] Function kernel32.dll:MoveFileWithProgressA (869) intercepted, method APICodeHijack.JmpTo[1002CB36] Function kernel32.dll:MoveFileWithProgressW (870) intercepted, method APICodeHijack.JmpTo[1002CB16] Function kernel32.dll:OpenFile (887) intercepted, method APICodeHijack.JmpTo[1002CC96] Function kernel32.dll:WinExec (1299) intercepted, method APICodeHijack.JmpTo[1002CA36] Analysis: ntdll.dll, export table found in section .text Function ntdll.dll:LdrGetProcedureAddress (130) intercepted, method APICodeHijack.JmpTo[1002CD36] Function ntdll.dll:LdrLoadDll (137) intercepted, method APICodeHijack.JmpTo[1002A626] Function ntdll.dll:LdrUnloadDll (161) intercepted, method APICodeHijack.JmpTo[1001CE36] Function ntdll.dll:NtAdjustPrivilegesToken (190) intercepted, method APICodeHijack.JmpTo[100206A6] Function ntdll.dll:NtAllocateVirtualMemory (197) intercepted, method APICodeHijack.JmpTo[1002CDF6] Function ntdll.dll:NtAlpcConnectPort (200) intercepted, method APICodeHijack.JmpTo[100210C6] Function ntdll.dll:NtClose (228) intercepted, method APICodeHijack.JmpTo[1001CD16] Function ntdll.dll:NtConnectPort (237) intercepted, method APICodeHijack.JmpTo[10023BF6] Function ntdll.dll:NtCreateEvent (242) intercepted, method APICodeHijack.JmpTo[10020256] Function ntdll.dll:NtCreateFile (244) intercepted, method APICodeHijack.JmpTo[1002CDB6] Function ntdll.dll:NtCreateMutant (252) intercepted, method APICodeHijack.JmpTo[100202A6] Function ntdll.dll:NtCreateProcess (257) intercepted, method APICodeHijack.JmpTo[1002CE76] Function ntdll.dll:NtCreateProcessEx (258) intercepted, method APICodeHijack.JmpTo[1002CE56] Function ntdll.dll:NtCreateSection (262) intercepted, method APICodeHijack.JmpTo[10022A76] Function ntdll.dll:NtCreateSemaphore (263) intercepted, method APICodeHijack.JmpTo[10020206] Function ntdll.dll:NtCreateSymbolicLinkObject (264) intercepted, method APICodeHijack.JmpTo[100202C6] Function ntdll.dll:NtCreateThread (265) intercepted, method APICodeHijack.JmpTo[100243C6] Function ntdll.dll:NtCreateThreadEx (266) intercepted, method APICodeHijack.JmpTo[10020D26] Function ntdll.dll:NtDeleteFile (281) intercepted, method APICodeHijack.JmpTo[1002CE16] Function ntdll.dll:NtFreeVirtualMemory (310) intercepted, method APICodeHijack.JmpTo[1002C486] Function ntdll.dll:NtLoadDriver (335) intercepted, method APICodeHijack.JmpTo[1002CDD6] Function ntdll.dll:NtMakeTemporaryObject (344) intercepted, method APICodeHijack.JmpTo[10023566] Function ntdll.dll:NtOpenEvent (357) intercepted, method APICodeHijack.JmpTo[10020236] Function ntdll.dll:NtOpenFile (359) intercepted, method APICodeHijack.JmpTo[1002CD96] Function ntdll.dll:NtOpenMutant (367) intercepted, method APICodeHijack.JmpTo[10020286] Function ntdll.dll:NtOpenSection (374) intercepted, method APICodeHijack.JmpTo[100230A6] Function ntdll.dll:NtOpenSemaphore (375) intercepted, method APICodeHijack.JmpTo[100201E6] Function ntdll.dll:NtProtectVirtualMemory (395) intercepted, method APICodeHijack.JmpTo[1002C436] Function ntdll.dll:NtSetInformationProcess (513) intercepted, method APICodeHijack.JmpTo[1002CD56] Function ntdll.dll:NtSetSystemInformation (530) intercepted, method APICodeHijack.JmpTo[100237A6] Function ntdll.dll:NtShutdownSystem (540) intercepted, method APICodeHijack.JmpTo[10020956] Function ntdll.dll:NtSystemDebugControl (548) intercepted, method APICodeHijack.JmpTo[10023366] Function ntdll.dll:NtTerminateProcess (550) intercepted, method APICodeHijack.JmpTo[10023F66] Function ntdll.dll:NtTerminateThread (551) intercepted, method APICodeHijack.JmpTo[10024186] Function ntdll.dll:NtUnloadDriver (559) intercepted, method APICodeHijack.JmpTo[1002CD76] Function ntdll.dll:NtWriteVirtualMemory (598) intercepted, method APICodeHijack.JmpTo[1002CE36] Function ntdll.dll:RtlAllocateHeap (645) intercepted, method APICodeHijack.JmpTo[1002C4D6] Function ntdll.dll:ZwAdjustPrivilegesToken (1441) intercepted, method APICodeHijack.JmpTo[100206A6] Function ntdll.dll:ZwAllocateVirtualMemory (1448) intercepted, method APICodeHijack.JmpTo[1002CDF6] Function ntdll.dll:ZwAlpcConnectPort (1451) intercepted, method APICodeHijack.JmpTo[100210C6] Function ntdll.dll:ZwClose (1479) intercepted, method APICodeHijack.JmpTo[1001CD16] Function ntdll.dll:ZwConnectPort (1488) intercepted, method APICodeHijack.JmpTo[10023BF6] Function ntdll.dll:ZwCreateEvent (1493) intercepted, method APICodeHijack.JmpTo[10020256] Function ntdll.dll:ZwCreateFile (1495) intercepted, method APICodeHijack.JmpTo[1002CDB6] Function ntdll.dll:ZwCreateMutant (1503) intercepted, method APICodeHijack.JmpTo[100202A6] Function ntdll.dll:ZwCreateProcess (1508) intercepted, method APICodeHijack.JmpTo[1002CE76] Function ntdll.dll:ZwCreateProcessEx (1509) intercepted, method APICodeHijack.JmpTo[1002CE56] Function ntdll.dll:ZwCreateSection (1513) intercepted, method APICodeHijack.JmpTo[10022A76] Function ntdll.dll:ZwCreateSemaphore (1514) intercepted, method APICodeHijack.JmpTo[10020206] Function ntdll.dll:ZwCreateSymbolicLinkObject (1515) intercepted, method APICodeHijack.JmpTo[100202C6] Function ntdll.dll:ZwCreateThread (1516) intercepted, method APICodeHijack.JmpTo[100243C6] Function ntdll.dll:ZwCreateThreadEx (1517) intercepted, method APICodeHijack.JmpTo[10020D26] Function ntdll.dll:ZwDeleteFile (1531) intercepted, method APICodeHijack.JmpTo[1002CE16] Function ntdll.dll:ZwFreeVirtualMemory (1560) intercepted, method APICodeHijack.JmpTo[1002C486] Function ntdll.dll:ZwLoadDriver (1584) intercepted, method APICodeHijack.JmpTo[1002CDD6] Function ntdll.dll:ZwMakeTemporaryObject (1593) intercepted, method APICodeHijack.JmpTo[10023566] Function ntdll.dll:ZwOpenEvent (1606) intercepted, method APICodeHijack.JmpTo[10020236] Function ntdll.dll:ZwOpenFile (1608) intercepted, method APICodeHijack.JmpTo[1002CD96] Function ntdll.dll:ZwOpenMutant (1616) intercepted, method APICodeHijack.JmpTo[10020286] Function ntdll.dll:ZwOpenSection (1623) intercepted, method APICodeHijack.JmpTo[100230A6] Function ntdll.dll:ZwOpenSemaphore (1624) intercepted, method APICodeHijack.JmpTo[100201E6] Function ntdll.dll:ZwProtectVirtualMemory (1644) intercepted, method APICodeHijack.JmpTo[1002C436] Function ntdll.dll:ZwSetInformationProcess (1762) intercepted, method APICodeHijack.JmpTo[1002CD56] Function ntdll.dll:ZwSetSystemInformation (1779) intercepted, method APICodeHijack.JmpTo[100237A6] Function ntdll.dll:ZwShutdownSystem (1789) intercepted, method APICodeHijack.JmpTo[10020956] Function ntdll.dll:ZwSystemDebugControl (1797) intercepted, method APICodeHijack.JmpTo[10023366] Function ntdll.dll:ZwTerminateProcess (1799) intercepted, method APICodeHijack.JmpTo[10023F66] Function ntdll.dll:ZwTerminateThread (1800) intercepted, method APICodeHijack.JmpTo[10024186] Function ntdll.dll:ZwUnloadDriver (1808) intercepted, method APICodeHijack.JmpTo[1002CD76] Function ntdll.dll:ZwWriteVirtualMemory (1847) intercepted, method APICodeHijack.JmpTo[1002CE36] Analysis: user32.dll, export table found in section .text Function user32.dll:BlockInput (1517) intercepted, method APICodeHijack.JmpTo[10018176] Function user32.dll:DefDlgProcA (1657) intercepted, method ProcAddressHijack.GetProcAddress ->767A5F5A->77028944 Function user32.dll:DefDlgProcW (1658) intercepted, method ProcAddressHijack.GetProcAddress ->767A5F75->77013F54 Function user32.dll:DefWindowProcA (1664) intercepted, method ProcAddressHijack.GetProcAddress ->767A5F90->76FF2893 Function user32.dll:DefWindowProcW (1665) intercepted, method ProcAddressHijack.GetProcAddress ->767A5FAB->76FE247D Function user32.dll:EnableWindow (1725) intercepted, method APICodeHijack.JmpTo[10017A96] Function user32.dll:EndTask (1730) intercepted, method APICodeHijack.JmpTo[1002E3B6] Function user32.dll:ExitWindowsEx (1754) intercepted, method APICodeHijack.JmpTo[10017886] Function user32.dll:GetAsyncKeyState (1772) intercepted, method APICodeHijack.JmpTo[10018D16] Function user32.dll:GetClipboardData (1787) intercepted, method APICodeHijack.JmpTo[10017F66] Function user32.dll:GetKeyState (1826) intercepted, method APICodeHijack.JmpTo[10018FC6] Function user32.dll:GetKeyboardState (1831) intercepted, method APICodeHijack.JmpTo[10019276] Function user32.dll:MoveWindow (2052) intercepted, method APICodeHijack.JmpTo[10018816] Function user32.dll:PostMessageA (2078) intercepted, method APICodeHijack.JmpTo[1001BAB6] Function user32.dll:PostMessageW (2079) intercepted, method APICodeHijack.JmpTo[1001B816] Function user32.dll:PostThreadMessageA (2081) intercepted, method APICodeHijack.JmpTo[1001B576] Function user32.dll:PostThreadMessageW (2082) intercepted, method APICodeHijack.JmpTo[1001B2D6] Function user32.dll:RegisterHotKey (2111) intercepted, method APICodeHijack.JmpTo[10017D36] Function user32.dll:RegisterRawInputDevices (2115) intercepted, method APICodeHijack.JmpTo[10018AF6] Function user32.dll:SendDlgItemMessageA (2139) intercepted, method APICodeHijack.JmpTo[10019AA6] Function user32.dll:SendDlgItemMessageW (2140) intercepted, method APICodeHijack.JmpTo[100197F6] Function user32.dll:SendInput (2143) intercepted, method APICodeHijack.JmpTo[10019526] Function user32.dll:SendMessageA (2144) intercepted, method APICodeHijack.JmpTo[1001B036] Function user32.dll:SendMessageCallbackA (2145) intercepted, method APICodeHijack.JmpTo[1001A556] Function user32.dll:SendMessageCallbackW (2146) intercepted, method APICodeHijack.JmpTo[1001A296] Function user32.dll:SendMessageTimeoutA (2147) intercepted, method APICodeHijack.JmpTo[1001AAD6] Function user32.dll:SendMessageTimeoutW (2148) intercepted, method APICodeHijack.JmpTo[1001A816] Function user32.dll:SendMessageW (2149) intercepted, method APICodeHijack.JmpTo[1001AD96] Function user32.dll:SendNotifyMessageA (2150) intercepted, method APICodeHijack.JmpTo[10019FF6] Function user32.dll:SendNotifyMessageW (2151) intercepted, method APICodeHijack.JmpTo[10019D56] Function user32.dll:SetClipboardViewer (2160) intercepted, method APICodeHijack.JmpTo[10018376] Function user32.dll:SetParent (2191) intercepted, method APICodeHijack.JmpTo[10018576] Function user32.dll:SetWinEventHook (2216) intercepted, method APICodeHijack.JmpTo[1001BD56] Function user32.dll:SetWindowsHookExA (2231) intercepted, method APICodeHijack.JmpTo[1001C716] Function user32.dll:SetWindowsHookExW (2232) intercepted, method APICodeHijack.JmpTo[1001C4A6] Function user32.dll:SystemParametersInfoA (2260) intercepted, method APICodeHijack.JmpTo[1001C286] Function user32.dll:SystemParametersInfoW (2261) intercepted, method APICodeHijack.JmpTo[1001C066] Function user32.dll:keybd_event (2329) intercepted, method APICodeHijack.JmpTo[1002B966] Function user32.dll:mouse_event (2330) intercepted, method APICodeHijack.JmpTo[1002B756] Analysis: advapi32.dll, export table found in section .text Function advapi32.dll:AddMandatoryAce (1029) intercepted, method ProcAddressHijack.GetProcAddress ->764F24B5->765DC334 Function advapi32.dll:CreateProcessAsUserA (1125) intercepted, method APICodeHijack.JmpTo[10026BE6] Function advapi32.dll:I_QueryTagInformation (1361) intercepted, method ProcAddressHijack.GetProcAddress ->764F2655->767772D8 Function advapi32.dll:I_ScIsSecurityProcess (1362) intercepted, method ProcAddressHijack.GetProcAddress ->764F268C->7677733F Function advapi32.dll:I_ScPnPGetServiceName (1363) intercepted, method ProcAddressHijack.GetProcAddress ->764F26C3->76777C40 Function advapi32.dll:I_ScQueryServiceConfig (1364) intercepted, method ProcAddressHijack.GetProcAddress ->764F26FA->76775F8A Function advapi32.dll:I_ScSendPnPMessage (1365) intercepted, method ProcAddressHijack.GetProcAddress ->764F2732->76775E7D Function advapi32.dll:I_ScSendTSMessage (1366) intercepted, method ProcAddressHijack.GetProcAddress ->764F2766->767771C5 Function advapi32.dll:I_ScValidatePnPService (1369) intercepted, method ProcAddressHijack.GetProcAddress ->764F2799->76776B9D Function advapi32.dll:IsValidRelativeSecurityDescriptor (1389) intercepted, method ProcAddressHijack.GetProcAddress ->764F27D1->765DC5DF Function advapi32.dll:PerfCreateInstance (1515) intercepted, method ProcAddressHijack.GetProcAddress ->764F2858->6E702187 Function advapi32.dll:PerfDecrementULongCounterValue (1516) intercepted, method ProcAddressHijack.GetProcAddress ->764F2871->6E702A1D Function advapi32.dll:PerfDecrementULongLongCounterValue (1517) intercepted, method ProcAddressHijack.GetProcAddress ->764F2896->6E702B3C Function advapi32.dll:PerfDeleteInstance (1519) intercepted, method ProcAddressHijack.GetProcAddress ->764F28BF->6E702259 Function advapi32.dll:PerfIncrementULongCounterValue (1522) intercepted, method ProcAddressHijack.GetProcAddress ->764F28D8->6E7027B9 Function advapi32.dll:PerfIncrementULongLongCounterValue (1523) intercepted, method ProcAddressHijack.GetProcAddress ->764F28FD->6E7028D6 Function advapi32.dll:PerfQueryInstance (1528) intercepted, method ProcAddressHijack.GetProcAddress ->764F2926->6E702373 Function advapi32.dll:PerfSetCounterRefValue (1529) intercepted, method ProcAddressHijack.GetProcAddress ->764F293E->6E702447 Function advapi32.dll:PerfSetCounterSetInfo (1530) intercepted, method ProcAddressHijack.GetProcAddress ->764F295B->6E7020B0 Function advapi32.dll:PerfSetULongCounterValue (1531) intercepted, method ProcAddressHijack.GetProcAddress ->764F2977->6E702565 Function advapi32.dll:PerfSetULongLongCounterValue (1532) intercepted, method ProcAddressHijack.GetProcAddress ->764F2996->6E702680 Function advapi32.dll:PerfStartProvider (1533) intercepted, method ProcAddressHijack.GetProcAddress ->764F29B9->6E701FED Function advapi32.dll:PerfStartProviderEx (1534) intercepted, method ProcAddressHijack.GetProcAddress ->764F29D1->6E701F34 Function advapi32.dll:PerfStopProvider (1535) intercepted, method ProcAddressHijack.GetProcAddress ->764F29EB->6E702026 Function advapi32.dll:SystemFunction035 (1753) intercepted, method ProcAddressHijack.GetProcAddress ->764F2A3C->730C3EA8 Analysis: ws2_32.dll, export table found in section .text Function ws2_32.dll:WSASocketA (99) intercepted, method APICodeHijack.JmpTo[1002C936] Analysis: wininet.dll, export table found in section .text Function wininet.dll:InternetConnectA (231) intercepted, method APICodeHijack.JmpTo[1002C976] Function wininet.dll:InternetConnectW (232) intercepted, method APICodeHijack.JmpTo[1002C956] Analysis: rasapi32.dll, export table found in section .text Analysis: urlmon.dll, export table found in section .text Function urlmon.dll:URLDownloadToCacheFileA (216) intercepted, method APICodeHijack.JmpTo[1002C8B6] Function urlmon.dll:URLDownloadToCacheFileW (217) intercepted, method APICodeHijack.JmpTo[1002C896] Function urlmon.dll:URLDownloadToFileA (218) intercepted, method APICodeHijack.JmpTo[1002C8F6] Function urlmon.dll:URLDownloadToFileW (219) intercepted, method APICodeHijack.JmpTo[1002C8D6] Analysis: netapi32.dll, export table found in section .text Function netapi32.dll:DavAddConnection (1) intercepted, method ProcAddressHijack.GetProcAddress ->72443B10->6E6F29DD Function netapi32.dll:DavDeleteConnection (2) intercepted, method ProcAddressHijack.GetProcAddress ->72443B29->6E6F181B Function netapi32.dll:DavFlushFile (3) intercepted, method ProcAddressHijack.GetProcAddress ->72443B45->6E6F1713 Function netapi32.dll:DavGetExtendedError (4) intercepted, method ProcAddressHijack.GetProcAddress ->72443B5A->6E6F2347 Function netapi32.dll:DavGetHTTPFromUNCPath (5) intercepted, method ProcAddressHijack.GetProcAddress ->72443B76->6E6F275B Function netapi32.dll:DavGetUNCFromHTTPPath (6) intercepted, method ProcAddressHijack.GetProcAddress ->72443B94->6E6F257D Function netapi32.dll:DsAddressToSiteNamesA (7) intercepted, method ProcAddressHijack.GetProcAddress ->72443BB2->6E6D4A4D Function netapi32.dll:DsAddressToSiteNamesExA (8) intercepted, method ProcAddressHijack.GetProcAddress ->72443BD1->6E6D4D79 Function netapi32.dll:DsAddressToSiteNamesExW (9) intercepted, method ProcAddressHijack.GetProcAddress ->72443BF2->6E6D5049 Function netapi32.dll:DsAddressToSiteNamesW (10) intercepted, method ProcAddressHijack.GetProcAddress ->72443C13->6E6D4C29 Function netapi32.dll:DsDeregisterDnsHostRecordsA (11) intercepted, method ProcAddressHijack.GetProcAddress ->72443C32->6E6D6DD9 Function netapi32.dll:DsDeregisterDnsHostRecordsW (12) intercepted, method ProcAddressHijack.GetProcAddress ->72443C57->6E6D6D59 Function netapi32.dll:DsEnumerateDomainTrustsA (13) intercepted, method ProcAddressHijack.GetProcAddress ->72443C7C->6E6D6771 Function netapi32.dll:DsEnumerateDomainTrustsW (14) intercepted, method ProcAddressHijack.GetProcAddress ->72443C9E->6E6C60BC Function netapi32.dll:DsGetDcCloseW (15) intercepted, method ProcAddressHijack.GetProcAddress ->72443CC0->6E6D495D Function netapi32.dll:DsGetDcNameA (16) intercepted, method ProcAddressHijack.GetProcAddress ->72443CD7->6E6D5BB2 Function netapi32.dll:DsGetDcNameW (17) intercepted, method ProcAddressHijack.GetProcAddress ->72443CED->6E6C4CA8 Function netapi32.dll:DsGetDcNameWithAccountA (18) intercepted, method ProcAddressHijack.GetProcAddress ->72443D03->6E6D55E9 Function netapi32.dll:DsGetDcNameWithAccountW (19) intercepted, method ProcAddressHijack.GetProcAddress ->72443D24->6E6C4CD1 Function netapi32.dll:DsGetDcNextA (20) intercepted, method ProcAddressHijack.GetProcAddress ->72443D45->6E6D4896 Function netapi32.dll:DsGetDcNextW (21) intercepted, method ProcAddressHijack.GetProcAddress ->72443D5B->6E6D47ED Function netapi32.dll:DsGetDcOpenA (22) intercepted, method ProcAddressHijack.GetProcAddress ->72443D71->6E6D473D Function netapi32.dll:DsGetDcOpenW (23) intercepted, method ProcAddressHijack.GetProcAddress ->72443D87->6E6D46AB Function netapi32.dll:DsGetDcSiteCoverageA (24) intercepted, method ProcAddressHijack.GetProcAddress ->72443D9D->6E6D5239 Function netapi32.dll:DsGetDcSiteCoverageW (25) intercepted, method ProcAddressHijack.GetProcAddress ->72443DBB->6E6D5409 Function netapi32.dll:DsGetForestTrustInformationW (26) intercepted, method ProcAddressHijack.GetProcAddress ->72443DD9->6E6D6E6F Function netapi32.dll:DsGetSiteNameA (27) intercepted, method ProcAddressHijack.GetProcAddress ->72443DFF->6E6D5B39 Function netapi32.dll:DsGetSiteNameW (28) intercepted, method ProcAddressHijack.GetProcAddress ->72443E17->6E6C5F24 Function netapi32.dll:DsMergeForestTrustInformationW (29) intercepted, method ProcAddressHijack.GetProcAddress ->72443E2F->6E6D6F71 Function netapi32.dll:DsRoleAbortDownlevelServerUpgrade (30) intercepted, method ProcAddressHijack.GetProcAddress ->72443E57->6E6B4339 Function netapi32.dll:DsRoleCancel (31) intercepted, method ProcAddressHijack.GetProcAddress ->72443E80->6E6B34A9 Function netapi32.dll:DsRoleDcAsDc (32) intercepted, method ProcAddressHijack.GetProcAddress ->72443E94->6E6B3EAD Function netapi32.dll:DsRoleDcAsReplica (33) intercepted, method ProcAddressHijack.GetProcAddress ->72443EA8->6E6B3F99 Function netapi32.dll:DsRoleDemoteDc (34) intercepted, method ProcAddressHijack.GetProcAddress ->72443EC1->6E6B4189 Function netapi32.dll:DsRoleDnsNameToFlatName (35) intercepted, method ProcAddressHijack.GetProcAddress ->72443ED7->6E6B32B5 Function netapi32.dll:DsRoleFreeMemory (36) intercepted, method ProcAddressHijack.GetProcAddress ->72443EF6->6E6B19A9 Function netapi32.dll:DsRoleGetDatabaseFacts (37) intercepted, method ProcAddressHijack.GetProcAddress ->72443F0E->6E6B3651 Function netapi32.dll:DsRoleGetDcOperationProgress (38) intercepted, method ProcAddressHijack.GetProcAddress ->72443F2C->6E6B3351 Function netapi32.dll:DsRoleGetDcOperationResults (39) intercepted, method ProcAddressHijack.GetProcAddress ->72443F50->6E6B3401 Function netapi32.dll:DsRoleGetPrimaryDomainInformation (40) intercepted, method ProcAddressHijack.GetProcAddress ->72443F73->6E6B1F3D Function netapi32.dll:DsRoleIfmHandleFree (41) intercepted, method ProcAddressHijack.GetProcAddress ->72443F9C->6E6B3539 Function netapi32.dll:DsRoleServerSaveStateForUpgrade (42) intercepted, method ProcAddressHijack.GetProcAddress ->72443FB7->6E6B35C9 Function netapi32.dll:DsRoleUpgradeDownlevelServer (43) intercepted, method ProcAddressHijack.GetProcAddress ->72443FDE->6E6B4261 Function netapi32.dll:DsValidateSubnetNameA (44) intercepted, method ProcAddressHijack.GetProcAddress ->72444002->6E6D5AF9 Function netapi32.dll:DsValidateSubnetNameW (45) intercepted, method ProcAddressHijack.GetProcAddress ->72444021->6E6D49E1 Function netapi32.dll:I_BrowserDebugCall (46) intercepted, method ProcAddressHijack.GetProcAddress ->72444040->6E6A24A9 Function netapi32.dll:I_BrowserDebugTrace (47) intercepted, method ProcAddressHijack.GetProcAddress ->7244405B->6E6A2581 Function netapi32.dll:I_BrowserQueryEmulatedDomains (48) intercepted, method ProcAddressHijack.GetProcAddress ->72444077->6E6A29F9 Function netapi32.dll:I_BrowserQueryOtherDomains (49) intercepted, method ProcAddressHijack.GetProcAddress ->7244409D->6E6A22C1 Function netapi32.dll:I_BrowserQueryStatistics (50) intercepted, method ProcAddressHijack.GetProcAddress ->724440C0->6E6A2651 Function netapi32.dll:I_BrowserResetNetlogonState (51) intercepted, method ProcAddressHijack.GetProcAddress ->724440E1->6E6A23D1 Function netapi32.dll:I_BrowserResetStatistics (52) intercepted, method ProcAddressHijack.GetProcAddress ->72444105->6E6A2729 Function netapi32.dll:I_BrowserServerEnum (53) intercepted, method ProcAddressHijack.GetProcAddress ->72444126->6E6A20BF Function netapi32.dll:I_BrowserSetNetlogonState (54) intercepted, method ProcAddressHijack.GetProcAddress ->72444142->6E6A2919 Function netapi32.dll:I_DsUpdateReadOnlyServerDnsRecords (55) intercepted, method ProcAddressHijack.GetProcAddress ->72444164->6E6D5569 Function netapi32.dll:I_NetAccountDeltas (56) intercepted, method ProcAddressHijack.GetProcAddress ->72444190->6E6D63AB Function netapi32.dll:I_NetAccountSync (57) intercepted, method ProcAddressHijack.GetProcAddress ->724441AC->6E6D63AB Function netapi32.dll:I_NetChainSetClientAttributes (59) intercepted, method ProcAddressHijack.GetProcAddress ->724441C6->6E6D6FA6 Function netapi32.dll:I_NetChainSetClientAttributes2 (58) intercepted, method ProcAddressHijack.GetProcAddress ->724441ED->6E6D7029 Function netapi32.dll:I_NetDatabaseDeltas (60) intercepted, method ProcAddressHijack.GetProcAddress ->72444215->6E6D6391 Function netapi32.dll:I_NetDatabaseRedo (61) intercepted, method ProcAddressHijack.GetProcAddress ->72444232->6E6D6521 Function netapi32.dll:I_NetDatabaseSync (63) intercepted, method ProcAddressHijack.GetProcAddress ->7244424D->6E6D6391 Function netapi32.dll:I_NetDatabaseSync2 (62) intercepted, method ProcAddressHijack.GetProcAddress ->72444268->6E6D639E Function netapi32.dll:I_NetDfsGetVersion (64) intercepted, method ProcAddressHijack.GetProcAddress ->72444284->73107CA1 Function netapi32.dll:I_NetDfsIsThisADomainName (65) intercepted, method ProcAddressHijack.GetProcAddress ->7244429E->6E694E39 Function netapi32.dll:I_NetGetDCList (66) intercepted, method ProcAddressHijack.GetProcAddress ->724442BF->6E6D5D9C Function netapi32.dll:I_NetGetForestTrustInformation (67) intercepted, method ProcAddressHijack.GetProcAddress ->724442D7->6E6D6EF1 Function netapi32.dll:I_NetLogonControl (69) intercepted, method ProcAddressHijack.GetProcAddress ->724442FF->6E6D63B8 Function netapi32.dll:I_NetLogonControl2 (68) intercepted, method ProcAddressHijack.GetProcAddress ->7244431A->6E6D6439 Function netapi32.dll:I_NetLogonGetDomainInfo (70) intercepted, method ProcAddressHijack.GetProcAddress ->72444336->6E6C64A4 Function netapi32.dll:I_NetLogonSamLogoff (71) intercepted, method ProcAddressHijack.GetProcAddress ->72444357->6E6D6091 Function netapi32.dll:I_NetLogonSamLogon (72) intercepted, method ProcAddressHijack.GetProcAddress ->72444374->6E6D5F39 Function netapi32.dll:I_NetLogonSamLogonEx (73) intercepted, method ProcAddressHijack.GetProcAddress ->72444390->6E6D5FE1 Function netapi32.dll:I_NetLogonSamLogonWithFlags (74) intercepted, method ProcAddressHijack.GetProcAddress ->724443AE->6E6CB22A Function netapi32.dll:I_NetLogonSendToSam (75) intercepted, method ProcAddressHijack.GetProcAddress ->724443D3->6E6D6111 Function netapi32.dll:I_NetLogonUasLogoff (76) intercepted, method ProcAddressHijack.GetProcAddress ->724443F0->6E6D5EC9 Function netapi32.dll:I_NetLogonUasLogon (77) intercepted, method ProcAddressHijack.GetProcAddress ->7244440D->6E6D5E53 Function netapi32.dll:I_NetServerAuthenticate (80) intercepted, method ProcAddressHijack.GetProcAddress ->72444429->6E6D6191 Function netapi32.dll:I_NetServerAuthenticate2 (78) intercepted, method ProcAddressHijack.GetProcAddress ->7244444A->6E6D6211 Function netapi32.dll:I_NetServerAuthenticate3 (79) intercepted, method ProcAddressHijack.GetProcAddress ->7244446C->6E6C6393 Function netapi32.dll:I_NetServerGetTrustInfo (81) intercepted, method ProcAddressHijack.GetProcAddress ->7244448E->6E6D6C61 Function netapi32.dll:I_NetServerPasswordGet (82) intercepted, method ProcAddressHijack.GetProcAddress ->724444AF->6E6D6B61 Function netapi32.dll:I_NetServerPasswordSet (84) intercepted, method ProcAddressHijack.GetProcAddress ->724444CF->6E6D6291 Function netapi32.dll:I_NetServerPasswordSet2 (83) intercepted, method ProcAddressHijack.GetProcAddress ->724444EF->6E6D6311 Function netapi32.dll:I_NetServerReqChallenge (85) intercepted, method ProcAddressHijack.GetProcAddress ->72444510->6E6C6424 Function netapi32.dll:I_NetServerSetServiceBits (86) intercepted, method ProcAddressHijack.GetProcAddress ->72444531->7310426D Function netapi32.dll:I_NetServerSetServiceBitsEx (87) intercepted, method ProcAddressHijack.GetProcAddress ->72444552->73106D11 Function netapi32.dll:I_NetServerTrustPasswordsGet (88) intercepted, method ProcAddressHijack.GetProcAddress ->72444575->6E6D6BE1 Function netapi32.dll:I_NetlogonComputeClientDigest (89) intercepted, method ProcAddressHijack.GetProcAddress ->7244459B->6E6C5C20 Function netapi32.dll:I_NetlogonComputeServerDigest (90) intercepted, method ProcAddressHijack.GetProcAddress ->724445C2->6E6D6AEC Function netapi32.dll:NetAddAlternateComputerName (97) intercepted, method ProcAddressHijack.GetProcAddress ->724445E9->72425B21 Function netapi32.dll:NetAddServiceAccount (98) intercepted, method ProcAddressHijack.GetProcAddress ->7244460C->6E6D70B1 Function netapi32.dll:NetApiBufferAllocate (101) intercepted, method ProcAddressHijack.GetProcAddress ->7244462A->72431415 Function netapi32.dll:NetApiBufferFree (102) intercepted, method ProcAddressHijack.GetProcAddress ->72444648->724313D2 Function netapi32.dll:NetApiBufferReallocate (103) intercepted, method ProcAddressHijack.GetProcAddress ->72444662->72433729 Function netapi32.dll:NetApiBufferSize (104) intercepted, method ProcAddressHijack.GetProcAddress ->72444682->72433771 Function netapi32.dll:NetBrowserStatisticsGet (108) intercepted, method ProcAddressHijack.GetProcAddress ->7244469C->6E6A2801 Function netapi32.dll:NetConnectionEnum (112) intercepted, method ProcAddressHijack.GetProcAddress ->724446BC->73105521 Function netapi32.dll:NetDfsAdd (113) intercepted, method ProcAddressHijack.GetProcAddress ->724446D5->6E6978FD Function netapi32.dll:NetDfsAddFtRoot (114) intercepted, method ProcAddressHijack.GetProcAddress ->724446E6->6E696859 Function netapi32.dll:NetDfsAddRootTarget (115) intercepted, method ProcAddressHijack.GetProcAddress ->724446FD->6E697401 Function netapi32.dll:NetDfsAddStdRoot (116) intercepted, method ProcAddressHijack.GetProcAddress ->72444718->6E692B1E Function netapi32.dll:NetDfsAddStdRootForced (117) intercepted, method ProcAddressHijack.GetProcAddress ->72444730->6E692BB1 Function netapi32.dll:NetDfsEnum (118) intercepted, method ProcAddressHijack.GetProcAddress ->7244474E->6E6970F9 Function netapi32.dll:NetDfsGetClientInfo (119) intercepted, method ProcAddressHijack.GetProcAddress ->72444760->6E693F25 Function netapi32.dll:NetDfsGetDcAddress (120) intercepted, method ProcAddressHijack.GetProcAddress ->7244477B->6E692C51 Function netapi32.dll:NetDfsGetFtContainerSecurity (121) intercepted, method ProcAddressHijack.GetProcAddress ->72444795->6E695363 Function netapi32.dll:NetDfsGetInfo (122) intercepted, method ProcAddressHijack.GetProcAddress ->724447B9->6E692D69 Function netapi32.dll:NetDfsGetSecurity (123) intercepted, method ProcAddressHijack.GetProcAddress ->724447CE->6E697741 Function netapi32.dll:NetDfsGetStdContainerSecurity (124) intercepted, method ProcAddressHijack.GetProcAddress ->724447E7->6E693AD5 Function netapi32.dll:NetDfsGetSupportedNamespaceVersion (125) intercepted, method ProcAddressHijack.GetProcAddress ->7244480C->6E695C19 Function netapi32.dll:NetDfsManagerGetConfigInfo (126) intercepted, method ProcAddressHijack.GetProcAddress ->72444836->6E692E9C Function netapi32.dll:NetDfsManagerInitialize (127) intercepted, method ProcAddressHijack.GetProcAddress ->72444858->6E692F91 Function netapi32.dll:NetDfsManagerSendSiteInfo (128) intercepted, method ProcAddressHijack.GetProcAddress ->72444877->6E6972C5 Function netapi32.dll:NetDfsMove (129) intercepted, method ProcAddressHijack.GetProcAddress ->72444898->6E695651 Function netapi32.dll:NetDfsRemove (130) intercepted, method ProcAddressHijack.GetProcAddress ->724448AA->6E697A19 Function netapi32.dll:NetDfsRemoveFtRoot (131) intercepted, method ProcAddressHijack.GetProcAddress ->724448BE->6E696A99 Function netapi32.dll:NetDfsRemoveFtRootForced (132) intercepted, method ProcAddressHijack.GetProcAddress ->724448D8->6E696BE5 Function netapi32.dll:NetDfsRemoveRootTarget (133) intercepted, method ProcAddressHijack.GetProcAddress ->724448F8->6E695879 Function netapi32.dll:NetDfsRemoveStdRoot (134) intercepted, method ProcAddressHijack.GetProcAddress ->72444916->6E692CE1 Function netapi32.dll:NetDfsRename (135) intercepted, method ProcAddressHijack.GetProcAddress ->72444931->6E692E91 Function netapi32.dll:NetDfsSetClientInfo (136) intercepted, method ProcAddressHijack.GetProcAddress ->72444945->6E694301 Function netapi32.dll:NetDfsSetFtContainerSecurity (137) intercepted, method ProcAddressHijack.GetProcAddress ->72444960->6E6953AF Function netapi32.dll:NetDfsSetInfo (138) intercepted, method ProcAddressHijack.GetProcAddress ->72444984->6E696D8B Function netapi32.dll:NetDfsSetSecurity (139) intercepted, method ProcAddressHijack.GetProcAddress ->72444999->6E697822 Function netapi32.dll:NetDfsSetStdContainerSecurity (140) intercepted, method ProcAddressHijack.GetProcAddress ->724449B2->6E693B24 Function netapi32.dll:NetEnumerateComputerNames (141) intercepted, method ProcAddressHijack.GetProcAddress ->724449D7->72425E39 Function netapi32.dll:NetEnumerateServiceAccounts (142) intercepted, method ProcAddressHijack.GetProcAddress ->724449F8->6E6D7199 Function netapi32.dll:NetEnumerateTrustedDomains (143) intercepted, method ProcAddressHijack.GetProcAddress ->72444A1D->6E6D652E Function netapi32.dll:NetFileClose (147) intercepted, method ProcAddressHijack.GetProcAddress ->72444A41->73105659 Function netapi32.dll:NetFileEnum (148) intercepted, method ProcAddressHijack.GetProcAddress ->72444A55->73105729 Function netapi32.dll:NetFileGetInfo (149) intercepted, method ProcAddressHijack.GetProcAddress ->72444A68->73105859 Function netapi32.dll:NetGetAnyDCName (150) intercepted, method ProcAddressHijack.GetProcAddress ->72444A7E->6E6D496D Function netapi32.dll:NetGetDCName (151) intercepted, method ProcAddressHijack.GetProcAddress ->72444A97->6E6D5913 Function netapi32.dll:NetGetDisplayInformationIndex (152) intercepted, method ProcAddressHijack.GetProcAddress ->72444AAD->72414117 Function netapi32.dll:NetGetJoinInformation (153) intercepted, method ProcAddressHijack.GetProcAddress ->72444AD2->72422DC7 Function netapi32.dll:NetGetJoinableOUs (154) intercepted, method ProcAddressHijack.GetProcAddress ->72444AEF->724259D1 Function netapi32.dll:NetGroupAdd (155) intercepted, method ProcAddressHijack.GetProcAddress ->72444B08->724171C3 Function netapi32.dll:NetGroupAddUser (156) intercepted, method ProcAddressHijack.GetProcAddress ->72444B1B->724173AD Function netapi32.dll:NetGroupDel (157) intercepted, method ProcAddressHijack.GetProcAddress ->72444B32->724173CB Function netapi32.dll:NetGroupDelUser (158) intercepted, method ProcAddressHijack.GetProcAddress ->72444B45->724173EB Function netapi32.dll:NetGroupEnum (159) intercepted, method ProcAddressHijack.GetProcAddress ->72444B5C->72417409 Function netapi32.dll:NetGroupGetInfo (160) intercepted, method ProcAddressHijack.GetProcAddress ->72444B70->724178C8 Function netapi32.dll:NetGroupGetUsers (161) intercepted, method ProcAddressHijack.GetProcAddress ->72444B87->72417952 Function netapi32.dll:NetGroupSetInfo (162) intercepted, method ProcAddressHijack.GetProcAddress ->72444B9F->72417C02 Function netapi32.dll:NetGroupSetUsers (163) intercepted, method ProcAddressHijack.GetProcAddress ->72444BB6->72417DAE Function netapi32.dll:NetIsServiceAccount (164) intercepted, method ProcAddressHijack.GetProcAddress ->72444BCE->6E6D72D9 Function netapi32.dll:NetJoinDomain (165) intercepted, method ProcAddressHijack.GetProcAddress ->72444BEB->724254B9 Function netapi32.dll:NetLocalGroupAdd (166) intercepted, method ProcAddressHijack.GetProcAddress ->72444C00->7241875A Function netapi32.dll:NetLocalGroupAddMember (167) intercepted, method ProcAddressHijack.GetProcAddress ->72444C18->72418886 Function netapi32.dll:NetLocalGroupAddMembers (168) intercepted, method ProcAddressHijack.GetProcAddress ->72444C36->72418E99 Function netapi32.dll:NetLocalGroupDel (169) intercepted, method ProcAddressHijack.GetProcAddress ->72444C55->724188A4 Function netapi32.dll:NetLocalGroupDelMember (170) intercepted, method ProcAddressHijack.GetProcAddress ->72444C6D->72418928 Function netapi32.dll:NetLocalGroupDelMembers (171) intercepted, method ProcAddressHijack.GetProcAddress ->72444C8B->72418EBD Function netapi32.dll:NetLocalGroupEnum (172) intercepted, method ProcAddressHijack.GetProcAddress ->72444CAA->72418946 Function netapi32.dll:NetLocalGroupGetInfo (173) intercepted, method ProcAddressHijack.GetProcAddress ->72444CC3->72418CE4 Function netapi32.dll:NetLocalGroupGetMembers (174) intercepted, method ProcAddressHijack.GetProcAddress ->72444CDF->72412265 Function netapi32.dll:NetLocalGroupSetInfo (175) intercepted, method ProcAddressHijack.GetProcAddress ->72444CFE->72418D57 Function netapi32.dll:NetLocalGroupSetMembers (176) intercepted, method ProcAddressHijack.GetProcAddress ->72444D1A->72418E75 Function netapi32.dll:NetLogonGetTimeServiceParentDomain (177) intercepted, method ProcAddressHijack.GetProcAddress ->72444D39->6E6D6CE9 Function netapi32.dll:NetLogonSetServiceBits (178) intercepted, method ProcAddressHijack.GetProcAddress ->72444D65->6E6C603C Function netapi32.dll:NetProvisionComputerAccount (184) intercepted, method ProcAddressHijack.GetProcAddress ->72444D85->6E67F2D3 Function netapi32.dll:NetQueryDisplayInformation (185) intercepted, method ProcAddressHijack.GetProcAddress ->72444DA9->72413D87 Function netapi32.dll:NetQueryServiceAccount (186) intercepted, method ProcAddressHijack.GetProcAddress ->72444DCB->6E6D7249 Function netapi32.dll:NetRemoteComputerSupports (188) intercepted, method ProcAddressHijack.GetProcAddress ->72444DEB->72432160 Function netapi32.dll:NetRemoteTOD (189) intercepted, method ProcAddressHijack.GetProcAddress ->72444E0E->73106C11 Function netapi32.dll:NetRemoveAlternateComputerName (190) intercepted, method ProcAddressHijack.GetProcAddress ->72444E22->72425C29 Function netapi32.dll:NetRemoveServiceAccount (191) intercepted, method ProcAddressHijack.GetProcAddress ->72444E48->6E6D7129 Function netapi32.dll:NetRenameMachineInDomain (192) intercepted, method ProcAddressHijack.GetProcAddress ->72444E69->72425751 Function netapi32.dll:NetRequestOfflineDomainJoin (208) intercepted, method ProcAddressHijack.GetProcAddress ->72444E89->6E67B52F Function netapi32.dll:NetScheduleJobAdd (209) intercepted, method ProcAddressHijack.GetProcAddress ->72444EAD->6E6519D1 Function netapi32.dll:NetScheduleJobDel (210) intercepted, method ProcAddressHijack.GetProcAddress ->72444EC8->6E651AC9 Function netapi32.dll:NetScheduleJobEnum (211) intercepted, method ProcAddressHijack.GetProcAddress ->72444EE3->6E651BC1 Function netapi32.dll:NetScheduleJobGetInfo (212) intercepted, method ProcAddressHijack.GetProcAddress ->72444EFF->6E651CE1 Function netapi32.dll:NetServerAliasAdd (213) intercepted, method ProcAddressHijack.GetProcAddress ->72444F1E->73107843 Function netapi32.dll:NetServerAliasDel (214) intercepted, method ProcAddressHijack.GetProcAddress ->72444F37->73107A79 Function netapi32.dll:NetServerAliasEnum (215) intercepted, method ProcAddressHijack.GetProcAddress ->72444F50->73107931 Function netapi32.dll:NetServerComputerNameAdd (216) intercepted, method ProcAddressHijack.GetProcAddress ->72444F6A->73107411 Function netapi32.dll:NetServerComputerNameDel (217) intercepted, method ProcAddressHijack.GetProcAddress ->72444F8A->731076FB Function netapi32.dll:NetServerDiskEnum (218) intercepted, method ProcAddressHijack.GetProcAddress ->72444FAA->73106559 Function netapi32.dll:NetServerEnum (219) intercepted, method ProcAddressHijack.GetProcAddress ->72444FC3->6E6A2F61 Function netapi32.dll:NetServerEnumEx (220) intercepted, method ProcAddressHijack.GetProcAddress ->72444FD9->6E6A2C5F Function netapi32.dll:NetServerGetInfo (221) intercepted, method ProcAddressHijack.GetProcAddress ->72444FF1->73103CFA Function netapi32.dll:NetServerSetInfo (222) intercepted, method ProcAddressHijack.GetProcAddress ->72445009->73106681 Function netapi32.dll:NetServerTransportAdd (223) intercepted, method ProcAddressHijack.GetProcAddress ->72445021->73106851 Function netapi32.dll:NetServerTransportAddEx (224) intercepted, method ProcAddressHijack.GetProcAddress ->7244503E->73107329 Function netapi32.dll:NetServerTransportDel (225) intercepted, method ProcAddressHijack.GetProcAddress ->7244505D->73106A01 Function netapi32.dll:NetServerTransportEnum (226) intercepted, method ProcAddressHijack.GetProcAddress ->7244507A->73106AD9 Function netapi32.dll:NetSessionDel (231) intercepted, method ProcAddressHijack.GetProcAddress ->72445098->73105941 Function netapi32.dll:NetSessionEnum (232) intercepted, method ProcAddressHijack.GetProcAddress ->724450AD->73105A11 Function netapi32.dll:NetSessionGetInfo (233) intercepted, method ProcAddressHijack.GetProcAddress ->724450C3->73105B41 Function netapi32.dll:NetSetPrimaryComputerName (234) intercepted, method ProcAddressHijack.GetProcAddress ->724450DC->72425D31 Function netapi32.dll:NetShareAdd (235) intercepted, method ProcAddressHijack.GetProcAddress ->724450FD->73105C81 Function netapi32.dll:NetShareCheck (236) intercepted, method ProcAddressHijack.GetProcAddress ->72445110->73105E91 Function netapi32.dll:NetShareDel (237) intercepted, method ProcAddressHijack.GetProcAddress ->72445125->73105F81 Function netapi32.dll:NetShareDelEx (238) intercepted, method ProcAddressHijack.GetProcAddress ->72445138->73107B61 Function netapi32.dll:NetShareDelSticky (239) intercepted, method ProcAddressHijack.GetProcAddress ->7244514D->731060D1 Function netapi32.dll:NetShareEnum (240) intercepted, method ProcAddressHijack.GetProcAddress ->72445166->73103F91 Function netapi32.dll:NetShareEnumSticky (241) intercepted, method ProcAddressHijack.GetProcAddress ->7244517A->731061C9 Function netapi32.dll:NetShareGetInfo (242) intercepted, method ProcAddressHijack.GetProcAddress ->72445194->7310433F Function netapi32.dll:NetShareSetInfo (243) intercepted, method ProcAddressHijack.GetProcAddress ->724451AB->73106341 Function netapi32.dll:NetUnjoinDomain (245) intercepted, method ProcAddressHijack.GetProcAddress ->724451C2->72425641 Function netapi32.dll:NetUseAdd (247) intercepted, method ProcAddressHijack.GetProcAddress ->724451D9->72423693 Function netapi32.dll:NetUseDel (248) intercepted, method ProcAddressHijack.GetProcAddress ->724451EA->72425FA9 Function netapi32.dll:NetUseEnum (249) intercepted, method ProcAddressHijack.GetProcAddress ->724451FB->72423184 Function netapi32.dll:NetUseGetInfo (250) intercepted, method ProcAddressHijack.GetProcAddress ->7244520D->72426039 Function netapi32.dll:NetUserAdd (251) intercepted, method ProcAddressHijack.GetProcAddress ->72445222->7241464F Function netapi32.dll:NetUserChangePassword (252) intercepted, method ProcAddressHijack.GetProcAddress ->72445234->72415A06 Function netapi32.dll:NetUserDel (253) intercepted, method ProcAddressHijack.GetProcAddress ->72445251->72414826 Function netapi32.dll:NetUserEnum (254) intercepted, method ProcAddressHijack.GetProcAddress ->72445263->724149D6 Function netapi32.dll:NetUserGetGroups (255) intercepted, method ProcAddressHijack.GetProcAddress ->72445276->72414E01 Function netapi32.dll:NetUserGetInfo (256) intercepted, method ProcAddressHijack.GetProcAddress ->7244528E->72411C60 Function netapi32.dll:NetUserGetLocalGroups (257) intercepted, method ProcAddressHijack.GetProcAddress ->724452A4->72412875 Function netapi32.dll:NetUserModalsGet (258) intercepted, method ProcAddressHijack.GetProcAddress ->724452C1->7241206B Function netapi32.dll:NetUserModalsSet (259) intercepted, method ProcAddressHijack.GetProcAddress ->724452D9->724154AA Function netapi32.dll:NetUserSetGroups (260) intercepted, method ProcAddressHijack.GetProcAddress ->724452F1->72415095 Function netapi32.dll:NetUserSetInfo (261) intercepted, method ProcAddressHijack.GetProcAddress ->72445309->72414D1D Function netapi32.dll:NetValidateName (262) intercepted, method ProcAddressHijack.GetProcAddress ->7244531F->72425859 Function netapi32.dll:NetValidatePasswordPolicy (263) intercepted, method ProcAddressHijack.GetProcAddress ->72445336->72419967 Function netapi32.dll:NetValidatePasswordPolicyFree (264) intercepted, method ProcAddressHijack.GetProcAddress ->72445357->72419B6B Function netapi32.dll:NetWkstaTransportAdd (267) intercepted, method ProcAddressHijack.GetProcAddress ->7244537C->72424E45 Function netapi32.dll:NetWkstaTransportDel (268) intercepted, method ProcAddressHijack.GetProcAddress ->72445398->72424F21 Function netapi32.dll:NetWkstaTransportEnum (269) intercepted, method ProcAddressHijack.GetProcAddress ->724453B4->72424CF9 Function netapi32.dll:NetWkstaUserEnum (270) intercepted, method ProcAddressHijack.GetProcAddress ->724453D1->72424AD1 Function netapi32.dll:NetWkstaUserGetInfo (271) intercepted, method ProcAddressHijack.GetProcAddress ->724453E9->72423280 Function netapi32.dll:NetWkstaUserSetInfo (272) intercepted, method ProcAddressHijack.GetProcAddress ->72445404->72424C15 Function netapi32.dll:NetapipBufferAllocate (273) intercepted, method ProcAddressHijack.GetProcAddress ->7244541F->724337AA Function netapi32.dll:NetpIsRemote (289) intercepted, method ProcAddressHijack.GetProcAddress ->7244543E->7243382D Function netapi32.dll:NetpwNameCanonicalize (296) intercepted, method ProcAddressHijack.GetProcAddress ->72445454->72431C30 Function netapi32.dll:NetpwNameCompare (297) intercepted, method ProcAddressHijack.GetProcAddress ->72445473->72431F2E Function netapi32.dll:NetpwNameValidate (298) intercepted, method ProcAddressHijack.GetProcAddress ->7244548D->72431990 Function netapi32.dll:NetpwPathCanonicalize (299) intercepted, method ProcAddressHijack.GetProcAddress ->724454A8->7243275D Function netapi32.dll:NetpwPathCompare (300) intercepted, method ProcAddressHijack.GetProcAddress ->724454C7->72434086 Function netapi32.dll:NetpwPathType (301) intercepted, method ProcAddressHijack.GetProcAddress ->724454E1->72432533 Function netapi32.dll:NlBindingAddServerToCache (302) intercepted, method ProcAddressHijack.GetProcAddress ->724454F8->6E6C61F8 Function netapi32.dll:NlBindingRemoveServerFromCache (303) intercepted, method ProcAddressHijack.GetProcAddress ->7244551B->6E6C5D67 Function netapi32.dll:NlBindingSetAuthInfo (304) intercepted, method ProcAddressHijack.GetProcAddress ->72445543->6E6C6198 PLEASE, please please please, do not reply with suggestions for tools to scan with, what programs to run, ect. I'm just trying to figure out what these hooks are, why they are there, and what put them there. See, this is a brand new fresh installation of windows enterprise that I downloaded directly from microsoft.com (It's a 90 day trial of the enterprise version) and installed from a wiped HD. So either these hooks are already created from the Windows Enterprise version of Windows 7 from Microsoft (Highly unlikely. It shouldn't have ANY hooks AT ALL, EVER, on a fresh install.) ...or, abootkit/rootkit is creating these hooks as windows installs, after windows installs, or shortly after I boot into the new fresh install of windows. (I installed this windows after wiping my whole HD. The hooks are still there.) AVZ4 supports 64 bit and enterprise versions of windows. There is one way to find out for sure, and that's if someone downloads the 90 day trial of Windows Enterprise from microsoft.com, installs it, and then scans with AVZ4 from Kaspersky to see if they have the same hooks show up in the logs. If they do, then that means the hooks are legit and come from windows. If they don't show up in the logs, then that means my machine is compromised. I don't think it's Windows thats creating the hooks...there is no reason to hook internet-related functions like that.... Anyone care to analyze the hooks and tell me what the heck they're doing?
As it is an install from a valid source I don't see why those hooks would be anything but the normal computer operation http://en.wikipedia.org/wiki/Hooking
Windows doesn't have hooks unless a program installs them. For example, when I scan a fresh install of Windows Vista with the AVZ4 utility there are no hooks found. That's a lot of hooks on multiple files...has to be a reason why. I googled "Windows Enterprise hooks" and some other keywords, but nothing.
If it's a fresh install and you're using AVZ to scan for rootkits (I wonder why), then have you considered a possibility of these hooks coming from AVZ itself seeing that you are seemingly running this on a 64-bit system where there exists PatchGuard? I'm making a wild guess here...
You should try other tools. Kernel Detective is very good for what you want. Even has its own debugger so you can see the assembly code of the hooks and follow the jumps. Meriadoc is one of those plugged in types, when Meriadoc makes a statement take the time to understand it or ask for clarification. As for Microsoft, wouldn't that be for the purpose of gathering usage statistics from those who download the trial OS?