Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'm Not Sure What I Have :(


  • This topic is locked This topic is locked
28 replies to this topic

#1 khemsley

khemsley

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 03 April 2014 - 12:24 PM

I downloaded "Video Converter" and then th eproblems started.
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.16521
Run by Teacher at 10:15:12 on 2014-04-03
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3001.1356 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files\Acer\Registration\GregHSRW.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\ProgramData\Websteroids\WebsteroidsService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\ProgramData\Websteroids\Websteroids.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Launch Manager\LManager.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\AOL\1300912955\ee\aolsoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\spool\drivers\w32x86\3\SR0XRCV.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\PdaNet for Android\PdaNetPC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Optimizer Pro\OptProReminder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe
C:\PROGRA~1\SearchProtect\SearchProtect\bin\cltmng.exe
C:\PROGRA~1\SearchProtect\UI\bin\cltmngui.exe
C:\PROGRA~1\MICROS~1\Office12\MSTORDB.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k HPService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com/?gd=&ctid=CT3324066&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=5&UP=SP66D7317F-B7EC-494F-84AB-51E26AF68C55&SSPV=
mStart Page = hxxp://www.yahoo.com/?ilc=8
mDefault_Page_URL = hxxp://www.yahoo.com/?ilc=8
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - c:\program files\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AOL Toolbar: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - 
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - 
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\users\teacher.teacher-10-pc\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Optimizer Pro] c:\program files\optimizer pro\OptProLauncher.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent.exe
mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HostManager] c:\program files\common files\aol\1300912955\ee\AOLSoftware.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SR0XRCV] c:\windows\system32\spool\drivers\w32x86\3\SR0XRCV.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\teache~1.tea\appdata\roaming\micros~1\windows\startm~1\programs\startup\pdanet~1.lnk - c:\program files\pdanet for android\PdaNetPC.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download all with Free Download Manager - c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 10.100.136.2
TCP: Interfaces\{4B9CF50B-5D1B-4BAA-9D55-D04225D7847A} : DHCPNameServer = 10.100.136.2
TCP: Interfaces\{4B9CF50B-5D1B-4BAA-9D55-D04225D7847A}\6596C6C616022556E64716C6370275962756C6563737 : DHCPNameServer = 10.128.128.128
TCP: Interfaces\{4B9CF50B-5D1B-4BAA-9D55-D04225D7847A}\8456D637C65697 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D285C8D0-7ED8-47BF-B403-9C5DE13E1D11} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{E17F98D9-5979-42B7-AFF4-E7114953BA61} : DHCPNameServer = 70.30.0.20
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\searchprotect\searchprotect\bin\spvc32loader.dll c:\progra~1\optimi~1\optpro~1.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.154\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-11-12 255968]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-4 37664]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\skype\toolbars\autoupdate\SkypeC2CAutoUpdateSvc.exe [2014-3-3 1363584]
R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\skype\toolbars\pnrsvc\SkypeC2CPNRSvc.exe [2014-3-3 1748608]
R2 ca82e1a5;Optimizer Pro Crash Monitor;c:\windows\system32\rundll32.exe [2009-7-13 44544]
R2 CltMngSvc;Search Protect by Conduit Service;c:\progra~1\searchprotect\main\bin\CltMngSvc.exe [2014-3-30 2466080]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2009-10-28 727584]
R2 Greg_Service;GRegService;c:\program files\acer\registration\GregHSRW.exe [2009-8-28 1150496]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-8-15 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-8-15 701512]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2010-9-7 202048]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2009-6-17 144640]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-10-28 253952]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-7-10 1153368]
R2 Updater Service;Updater Service;c:\program files\acer\acer updater\UpdaterService.exe [2009-10-28 240160]
R2 Websteroids;Websteroids;c:\programdata\websteroids\WebsteroidsService.exe [2014-3-21 61816]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-5-27 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 21968]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-10-28 51712]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-8-15 22856]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-10-28 6114816]
R3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2011-8-24 13312]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]
S2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.5.0\toolbarupdater.exe --> c:\program files\common files\avg secure search\vtoolbarupdater\15.5.0\ToolbarUpdater.exe [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-12 167264]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-3-13 108032]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2009-7-10 25856]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2010-6-18 19968]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-1-29 8320]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2009-6-17 50432]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-10-28 167424]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-7 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-30 1343400]
.
=============== Created Last 30 ================
.
2014-03-25 18:31:02 -------- d-----w- c:\users\teacher.teacher-10-pc\appdata\roaming\Optimizer Pro
2014-03-25 18:30:57 -------- d-----w- c:\users\teacher.teacher-10-pc\appdata\local\Websteroids
2014-03-25 18:30:31 -------- d-----w- c:\programdata\Websteroids
2014-03-25 18:30:04 -------- d-----w- c:\program files\Optimizer Pro
2014-03-25 18:30:02 -------- d-----w- c:\users\teacher.teacher-10-pc\appdata\local\SearchProtect
2014-03-25 18:30:02 -------- d-----w- c:\program files\SearchProtect
2014-03-25 18:29:52 -------- d-----w- c:\program files\SweetPacks
2014-03-25 18:28:59 -------- d-----w- c:\program files\sweetpacks bundle uninstaller
2014-03-21 23:02:56 1161080 ----a-w- c:\windows\system32\Websteroids.B324755F3F87.dll
2014-03-13 14:55:52 381440 ----a-w- c:\windows\system32\wer.dll
2014-03-13 14:55:52 2349056 ----a-w- c:\windows\system32\win32k.sys
.
==================== Find3M  ====================
.
2014-03-12 00:20:16 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-12 00:20:15 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-01 04:11:20 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-03-01 04:10:48 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-01 03:52:43 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-01 03:38:23 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-01 03:37:35 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-01 03:31:30 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 03:14:15 4244480 ----a-w- c:\windows\system32\jscript9.dll
2014-03-01 03:00:08 1964032 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- c:\windows\system32\wininet.dll
2014-02-04 02:04:11 509440 ----a-w- c:\windows\system32\qedit.dll
.
============= FINISH: 10:16:09.25 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:51 PM

Posted 03 April 2014 - 02:38 PM

Hello khemsley,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.
  • 1.

    Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool .
    • Click on the Scan button.
    • AdwCleaner will begin to scan your computer.
    • After the scan has finished...
    • Click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
    2.
    Download and run Junkware Removal Tool. ***Your Anti Virus may see this download as malicious, don't worry continue on.

    Please download Junkware Removal Tool to your desktop.
    • shut down your protection software now to avoid potential conflicts.
    • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
      the tool will open and start scanning your system
    • please be patient as this can take a while to complete depending on your system's specifications
    • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
    • post the contents of JRT.txt into your next Reply.
    3.
    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
    Things to include in your next reply::
    AdwCleaner log
    JRT.txt
    FRST.txt
    Addition.txt
    How is the machine running now?
    Please don't attach any log! Use multiple post if need to post the logs directly into your reply

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 khemsley

khemsley
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 04 April 2014 - 01:18 PM

# AdwCleaner v3.023 - Report created 04/04/2014 at 11:12:55
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Teacher - TEACHER-10-PC
# Running from : C:\Users\Teacher.teacher-10-PC\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : ca82e1a5
Service Deleted : CltMngSvc
Service Deleted : Websteroids
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Websteroids
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Deleted : C:\Program Files\Optimizer Pro
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\Program Files\sweetpacks bundle uninstaller
 
***** [ Shortcuts ] *****
 
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileParade bundle uninstaller\FileParade bundle uninstaller.lnk
 
***** [ Registry ] *****
 
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~1\optimi~1\optpro~1.dll
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16521
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Google Chrome v33.0.1750.154
 
*************************
 
AdwCleaner[R0].txt - [5202 octets] - [04/04/2014 11:12:06]
AdwCleaner[S0].txt - [4846 octets] - [04/04/2014 11:12:55]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4906 octets] ##########


#4 khemsley

khemsley
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 04 April 2014 - 01:32 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Professional x86
Ran by Teacher on Fri 04/04/2014 at 11:23:27.02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Teacher.teacher-10-PC\AppData\Roaming\optimizer pro"
Successfully deleted: [Folder] "C:\Users\Teacher.teacher-10-PC\AppData\Roaming\pdfforge"
Successfully deleted: [Folder] "C:\Users\Teacher.teacher-10-PC\appdata\local\searchprotect"
Successfully deleted: [Folder] "C:\Program Files\sweetpacks"
Successfully deleted: [Folder] "C:\Users\Teacher.teacher-10-PC\documents\optimizer pro"
Successfully deleted: [Empty Folder] C:\Users\Teacher.teacher-10-PC\appdata\local\{cec7308f-e63a-690e-4028-1e88f311d30b}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 04/04/2014 at 11:26:13.50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#5 khemsley

khemsley
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 04 April 2014 - 01:41 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Teacher (administrator) on TEACHER-10-PC on 04-04-2014 11:35:36
Running from C:\Users\Teacher.teacher-10-PC\Downloads
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Registration\GregHSRW.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AOL Inc.) C:\Program Files\Common Files\AOL\1300912955\ee\aolsoftware.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(SHARP CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\SR0XRCV.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\AcerVCM.exe
() C:\Program Files\PdaNet for Android\PdaNetPC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
() C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe [484920 2009-07-19] (Conexant Systems, Inc.)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [703008 2009-09-30] (Acer Incorporated)
HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\LManager.exe [825864 2009-09-24] (Dritek System Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1549608 2009-08-14] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [Acer Assist Launcher] - C:\Program Files\Acer\Acer Assist\launcher.exe [1261568 2007-11-19] ()
HKLM\...\Run: [AVG_TRAY] - C:\Program Files\AVG\AVG10\avgtray.exe [2345592 2012-08-01] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [HostManager] - C:\Program Files\Common Files\AOL\1300912955\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2011-09-23] (Apple Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [SR0XRCV] - C:\Windows\system32\spool\drivers\w32x86\3\SR0XRCV.exe [102400 2006-10-23] (SHARP CORPORATION)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKU\S-1-5-21-956521614-1672198306-2356860267-1004\...\Run: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-956521614-1672198306-2356860267-1004\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-10-28] (Google Inc.)
HKU\S-1-5-21-956521614-1672198306-2356860267-1004\...\Run: [Google Update] - C:\Users\Teacher.teacher-10-PC\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-09-06] (Google Inc.)
Startup: C:\Users\Teacher.teacher-10-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files\PdaNet for Android\PdaNetPC.exe ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=mkg028
BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: No Name - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -  No File
BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - AOL Toolbar - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll No File
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.100.136.2
 
Chrome: 
=======
CHR HomePage: hxxp://search.conduit.com/?gd=&ctid=CT3324066&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=5&UP=SP66D7317F-B7EC-494F-84AB-51E26AF68C55&SSPV=
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Java™ Platform SE 6 U33) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Teacher.teacher-10-PC\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\Teacher.teacher-10-PC\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Teacher.teacher-10-PC\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Teacher.teacher-10-PC\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.330.5) - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Extension: (Google Docs) - C:\Users\Teacher.teacher-10-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-09]
CHR Extension: (Google Drive) - C:\Users\Teacher.teacher-10-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-19]
CHR Extension: (YouTube) - C:\Users\Teacher.teacher-10-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-09]
CHR Extension: (Google Search) - C:\Users\Teacher.teacher-10-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-09]
CHR Extension: (Skype Click to Call) - C:\Users\Teacher.teacher-10-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-08-30]
CHR Extension: (Google Wallet) - C:\Users\Teacher.teacher-10-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Teacher.teacher-10-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-09]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-03-03]
 
========================== Services (Whitelisted) =================
 
S3 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)
S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
S2 AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [727584 2009-09-30] (Acer Incorporated)
S3 GameConsoleService; C:\Program Files\Acer Games\Acer Game Console\GameConsoleService.exe [250616 2009-05-22] (WildTangent, Inc.)
R2 Greg_Service; C:\Program Files\Acer\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [202048 2010-09-07] ()
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2009-06-17] (NewTech Infosystems, Inc.)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [240160 2009-07-03] (Acer)
S2 vToolbarUpdater15.5.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [134480 2011-05-27] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [22992 2011-02-22] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [24144 2011-02-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSShim; C:\Windows\System32\DRIVERS\AVGIDSShim.Sys [21968 2011-02-10] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [255968 2012-11-12] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [34896 2011-03-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [32592 2011-03-16] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [297168 2011-04-05] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-08-14] (AVG Technologies)
S3 int15.sys; C:\Windows\System32\OEM\Factory\int15.sys [69632 2003-10-01] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 motandroidusb; C:\Windows\System32\Drivers\motoandroid.sys [25856 2009-07-10] (Motorola)
R3 pneteth; C:\Windows\System32\DRIVERS\pneteth.sys [13312 2011-07-19] (June Fabrics Technology Inc.)
U3 TrueSight; C:\Windows\system32\TrueSight.sys [26624 2013-09-06] ()
R3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-29] (America Online, Inc.)
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-04 11:35 - 2014-04-04 11:36 - 00020067 _____ () C:\Users\Teacher.teacher-10-PC\Downloads\FRST.txt
2014-04-04 11:35 - 2014-04-04 11:35 - 01145856 _____ (Farbar) C:\Users\Teacher.teacher-10-PC\Downloads\FRST.exe
2014-04-04 11:35 - 2014-04-04 11:35 - 00000000 ____D () C:\FRST
2014-04-04 11:33 - 2014-04-04 11:33 - 02157056 _____ (Farbar) C:\Users\Teacher.teacher-10-PC\Downloads\FRST64.exe
2014-04-04 11:26 - 2014-04-04 11:26 - 00001663 _____ () C:\Users\Teacher.teacher-10-PC\Desktop\JRT.txt
2014-04-04 11:23 - 2014-04-04 11:23 - 01038974 _____ (Thisisu) C:\Users\Teacher.teacher-10-PC\Downloads\JRT (2).exe
2014-04-04 11:12 - 2014-04-04 11:12 - 00000000 ____D () C:\AdwCleaner
2014-04-04 11:10 - 2014-04-04 11:11 - 01426178 _____ () C:\Users\Teacher.teacher-10-PC\Downloads\AdwCleaner.exe
2014-04-04 08:19 - 2014-04-04 08:19 - 00000967 _____ () C:\Users\Teacher.teacher-10-PC\Desktop\PDF Architect.lnk
2014-04-04 08:19 - 2014-04-04 08:19 - 00000000 ____D () C:\Users\Teacher.teacher-10-PC\Documents\PDF Architect Files
2014-04-04 08:19 - 2014-04-04 08:19 - 00000000 ____D () C:\Program Files\PDF Architect
2014-04-04 08:18 - 2014-04-04 08:18 - 00000993 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2014-04-04 08:18 - 2013-04-09 14:13 - 00095416 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2014-04-04 08:18 - 2012-05-05 10:54 - 00662288 _____ (Microsoft Corporation) C:\Windows\system32\MSCOMCT2.OCX
2014-04-04 08:18 - 2012-05-05 10:54 - 00137000 _____ (Microsoft Corporation) C:\Windows\system32\MSMAPI32.OCX
2014-04-04 08:18 - 2012-05-05 10:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\MSMPIDE.DLL
2014-04-04 08:15 - 2014-04-04 08:15 - 18277248 _____ (pdfforge ) C:\Users\Teacher.teacher-10-PC\Downloads\PDFCreator-1_7_2_setup.exe
2014-04-03 10:16 - 2014-04-03 10:18 - 00018803 _____ () C:\Users\Teacher.teacher-10-PC\Desktop\dds.txt
2014-04-03 10:14 - 2014-04-03 10:14 - 00688992 ____R (Swearware) C:\Users\Teacher.teacher-10-PC\Downloads\dds.com
2014-04-02 13:01 - 2014-04-02 13:01 - 05323264 _____ () C:\Users\Teacher.teacher-10-PC\Downloads\esllessonplans_week_5.pps
2014-04-02 13:00 - 2014-04-02 13:01 - 31884275 _____ () C:\Users\Teacher.teacher-10-PC\Downloads\ESL Lessons.m4v
2014-04-02 13:00 - 2014-04-02 13:00 - 01359360 _____ () C:\Users\Teacher.teacher-10-PC\Downloads\What is SDAIE_2010.pps
2014-04-02 12:57 - 2014-04-02 12:58 - 63155123 _____ () C:\Users\Teacher.teacher-10-PC\Downloads\SDAI_week_5.m4v
2014-03-31 12:06 - 2014-03-31 12:06 - 00095232 _____ () C:\Users\Teacher.teacher-10-PC\Documents\Gift Cert for 3 Girls.pub
2014-03-25 11:30 - 2014-04-04 11:10 - 00000000 ____D () C:\Users\Teacher.teacher-10-PC\AppData\Local\Websteroids
2014-03-25 11:30 - 2014-03-25 11:30 - 00001024 _____ () C:\Users\Teacher.teacher-10-PC\Desktop\Optimizer Pro.lnk
2014-03-25 11:29 - 2014-03-25 11:29 - 00001186 _____ () C:\Users\Public\Desktop\Video Converter.lnk
2014-03-25 11:28 - 2014-03-25 11:28 - 00681272 _____ (ClientConnect) C:\Users\Teacher.teacher-10-PC\Downloads\Video_Converter_TSV16RX2I.exe
2014-03-21 16:02 - 2014-03-21 16:02 - 01161080 _____ () C:\Windows\system32\Websteroids.B324755F3F87.dll
2014-03-19 08:52 - 2014-03-19 08:52 - 04010496 _____ () C:\Users\Teacher.teacher-10-PC\Downloads\2a_ELD standards revision.ppt
2014-03-13 07:56 - 2014-02-28 21:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 07:56 - 2014-02-28 21:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 07:56 - 2014-02-28 21:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 07:56 - 2014-02-28 20:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 07:56 - 2014-02-28 20:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 07:56 - 2014-02-28 20:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 07:56 - 2014-02-28 20:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 07:56 - 2014-02-28 20:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 07:56 - 2014-02-28 20:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 07:56 - 2014-02-28 20:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 07:56 - 2014-02-28 20:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 07:56 - 2014-02-28 20:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 07:56 - 2014-02-28 20:31 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 07:56 - 2014-02-28 20:25 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 07:56 - 2014-02-28 20:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 07:56 - 2014-02-28 20:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 07:56 - 2014-02-28 20:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 07:56 - 2014-02-28 20:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 07:56 - 2014-02-28 19:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 07:56 - 2014-02-28 19:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 07:56 - 2014-02-28 19:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 07:56 - 2014-02-28 19:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 07:56 - 2014-02-03 19:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 07:55 - 2014-02-06 18:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 07:55 - 2014-01-28 19:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-05 16:28 - 2014-03-05 16:29 - 00515906 _____ () C:\Users\Teacher.teacher-10-PC\Downloads\March invite MRA.pptx
 
==================== One Month Modified Files and Folders =======
 
2014-04-04 11:36 - 2014-04-04 11:35 - 00020067 _____ () C:\Users\Teacher.teacher-10-PC\Downloads\FRST.txt
2014-04-04 11:35 - 2014-04-04 11:35 - 01145856 _____ (Farbar) C:\Users\Teacher.teacher-10-PC\Downloads\FRST.exe
2014-04-04 11:35 - 2014-04-04 11:35 - 00000000 ____D () C:\FRST
2014-04-04 11:33 - 2014-04-04 11:33 - 02157056 _____ (Farbar) C:\Users\Teacher.teacher-10-PC\Downloads\FRST64.exe
2014-04-04 11:26 - 2014-04-04 11:26 - 00001663 _____ () C:\Users\Teacher.teacher-10-PC\Desktop\JRT.txt
2014-04-04 11:23 - 2014-04-04 11:23 - 01038974 _____ (Thisisu) C:\Users\Teacher.teacher-10-PC\Downloads\JRT (2).exe
2014-04-04 11:22 - 2009-07-13 21:34 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-04 11:22 - 2009-07-13 21:34 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-04 11:20 - 2012-04-04 08:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-04 11:19 - 2009-10-28 14:54 - 00783402 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-04 11:19 - 2009-07-06 05:47 - 01167541 _____ () C:\Windows\WindowsUpdate.log
2014-04-04 11:14 - 2010-08-19 15:14 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-04 11:14 - 2009-10-28 15:50 - 00066812 _____ () C:\Windows\PFRO.log
2014-04-04 11:14 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-04 11:14 - 2009-07-13 21:39 - 00330719 _____ () C:\Windows\setupact.log
2014-04-04 11:12 - 2014-04-04 11:12 - 00000000 ____D () C:\AdwCleaner
2014-04-04 11:11 - 2014-04-04 11:10 - 01426178 _____ () C:\Users\Teacher.teacher-10-PC\Downloads\AdwCleaner.exe
2014-04-04 11:10 - 2014-03-25 11:30 - 00000000 ____D () C:\Users\Teacher.teacher-10-PC\AppData\Local\Websteroids
2014-04-04 11:06 - 2010-08-19 15:14 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-04 10:49 - 2013-09-06 15:52 - 00000944 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-956521614-1672198306-2356860267-1004UA.job
2014-04-04 09:17 - 2013-01-24 14:22 - 00000000 ____D () C:\Users\Teacher.teacher-10-PC\Desktop\Letters of Rec and Resume
2014-04-04 08:20 - 2013-08-14 15:11 - 00000000 ____D () C:\Program Files\PDFCreator
2014-04-04 08:19 - 2014-04-04 08:19 - 00000967 _____ () C:\Users\Teacher.teacher-10-PC\Desktop\PDF Architect.lnk
2014-04-04 08:19 - 2014-04-04 08:19 - 00000000 ____D () C:\Users\Teacher.teacher-10-PC\Documents\PDF Architect Files
2014-04-04 08:19 - 2014-04-04 08:19 - 00000000 ____D () C:\Program Files\PDF Architect
2014-04-04 08:18 - 2014-04-04 08:18 - 00000993 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2014-04-04 08:15 - 2014-04-04 08:15 - 18277248 _____ (pdfforge ) C:\Users\Teacher.teacher-10-PC\Downloads\PDFCreator-1_7_2_setup.exe
2014-04-04 08:05 - 2013-08-14 15:14 - 00000000 ____D () C:\Users\Teacher.teacher-10-PC\AppData\Local\CUSTPDF Writer
2014-04-04 07:53 - 2013-09-06 15:52 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-956521614-1672198306-2356860267-1004Core.job
2014-04-04 07:44 - 2010-10-29 11:29 - 00000000 ____D () C:\Windows\system32\Drivers\AVG
2014-04-03 10:18 - 2014-04-03 10:16 - 00018803 _____ () C:\Users\Teacher.teacher-10-PC\Desktop\dds.txt
2014-04-03 10:18 - 2013-08-28 16:29 - 00010017 _____ () C:\Users\Teacher.teacher-10-PC\Desktop\attach.txt
2014-04-03 10:14 - 2014-04-03 10:14 - 00688992 ____R (Swearware) C:\Users\Teacher.teacher-10-PC\Downloads\dds.com
2014-04-02 13:01 - 2014-04-02 13:01 - 05323264 _____ () C:\Users\Teacher.teacher-10-PC\Downloads\esllessonplans_week_5.pps
2014-04-02 13:01 - 2014-04-02 13:00 - 31884275 _____ () C:\Users\Teacher.teacher-10-PC\Downloads\ESL Lessons.m4v
2014-04-02 13:00 - 2014-04-02 13:00 - 01359360 _____ () C:\Users\Teacher.teacher-10-PC\Downloads\What is SDAIE_2010.pps
2014-04-02 12:58 - 2014-04-02 12:57 - 63155123 _____ () C:\Users\Teacher.teacher-10-PC\Downloads\SDAI_week_5.m4v
2014-03-31 12:06 - 2014-03-31 12:06 - 00095232 _____ () C:\Users\Teacher.teacher-10-PC\Documents\Gift Cert for 3 Girls.pub
2014-03-30 13:33 - 2010-10-06 08:24 - 00000000 ____D () C:\Users\Teacher.teacher-10-PC\AppData\Roaming\Skype
2014-03-25 11:30 - 2014-03-25 11:30 - 00001024 _____ () C:\Users\Teacher.teacher-10-PC\Desktop\Optimizer Pro.lnk
2014-03-25 11:29 - 2014-03-25 11:29 - 00001186 _____ () C:\Users\Public\Desktop\Video Converter.lnk
2014-03-25 11:28 - 2014-03-25 11:28 - 00681272 _____ (ClientConnect) C:\Users\Teacher.teacher-10-PC\Downloads\Video_Converter_TSV16RX2I.exe
2014-03-21 16:02 - 2014-03-21 16:02 - 01161080 _____ () C:\Windows\system32\Websteroids.B324755F3F87.dll
2014-03-20 12:35 - 2013-09-20 09:51 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-20 12:29 - 2012-07-19 23:03 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-20 12:28 - 2013-08-14 15:12 - 00000000 ____D () C:\Users\Teacher.teacher-10-PC\AppData\Roaming\Mozilla
2014-03-19 08:52 - 2014-03-19 08:52 - 04010496 _____ () C:\Users\Teacher.teacher-10-PC\Downloads\2a_ELD standards revision.ppt
2014-03-16 19:18 - 2010-10-06 08:24 - 00002133 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-14 08:24 - 2010-08-13 14:03 - 00000000 ___RD () C:\Program Files\Skype
2014-03-14 08:24 - 2010-08-13 14:03 - 00000000 ____D () C:\ProgramData\Skype
2014-03-14 08:23 - 2009-07-13 21:33 - 00415424 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 08:21 - 2009-10-28 15:25 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 08:04 - 2009-10-28 15:17 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-11 17:20 - 2012-04-04 08:01 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-11 17:20 - 2011-09-15 07:50 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-05 16:29 - 2014-03-05 16:28 - 00515906 _____ () C:\Users\Teacher.teacher-10-PC\Downloads\March invite MRA.pptx
 
Some content of TEMP:
====================
C:\Users\Teacher.teacher-10-PC\AppData\Local\Temp\nsm45AC.exe
C:\Users\Teacher.teacher-10-PC\AppData\Local\Temp\nsmD7AA.exe
C:\Users\Teacher.teacher-10-PC\AppData\Local\Temp\nsw4E25.exe
C:\Users\Teacher.teacher-10-PC\AppData\Local\Temp\nswDD65.exe
C:\Users\Teacher.teacher-10-PC\AppData\Local\Temp\Quarantine.exe
C:\Users\Teacher.teacher-10-PC\AppData\Local\Temp\SPSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-31 10:28
 
==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by Teacher at 2014-04-04 11:37:10
Running from C:\Users\Teacher.teacher-10-PC\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: AVG Anti-Virus Free Edition 2011 (Disabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Anti-Virus Free Edition 2011 (Disabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
4660_4680_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden
Acer Assist (HKLM\...\Acer Assist) (Version:  - Acer Incorporated)
Acer Crystal Eye Webcam (HKLM\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.7.1 - Suyin Optronics Corp)
Acer ePower Management (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3004 - Acer Incorporated)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated)
Acer Games (HKLM\...\WildTangent acer Master Uninstall) (Version: 1.0.0.71 - WildTangent)
Acer GridVista (HKLM\...\GridVista) (Version: 3.01.0730 - Acer Inc.)
Acer Registration (HKLM\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM\...\Acer Screensaver) (Version: 1.01.0805 - Acer Incorporated)
Acer Updater (HKLM\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3017 - Acer Incorporated)
Acer VCM (HKLM\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3000 - Acer Incorporated)
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.0.19480 - Adobe Systems Incorporated)
Adobe AIR (Version: 2.7.0.19480 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version:  - AOL Inc.)
Apple Application Support (HKLM\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}) (Version: 5.2.0.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.10 - Atheros Communications Inc.)
AVG 2011 (HKLM\...\AVG) (Version: 10.0.1432 - AVG Technologies)
AVG 2011 (Version: 10.0.1432 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.3722 - AVG Technologies) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Business Contact Manager for Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.9.0 - Conexant)
eBay Worldwide (HKLM\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
eSobi v2 (HKLM\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (Version: 2.0.4.000274 - esobi Inc.) Hidden
FileParade bundle uninstaller (HKLM\...\FileParade bundle uninstaller) (Version: 2.0.0.3 - FileParade) <==== ATTENTION
Free Download Manager 3.8 (HKLM\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM\...\{E121A4FE-009B-385B-BB0D-B934E2A88288}) (Version: 5.2.4.18058 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
GoToMeeting 4.8.0.723 (HKCU\...\GoToMeeting) (Version: 4.8.0.723 - CitrixOnline)
HP OfficeJet J4600 All-In-One Series (HKLM\...\{CDDE4895-E348-4230-99E7-F2FA91131D2C}) (Version: 13.0 - HP)
Identity Card (HKLM\...\Identity Card) (Version: 1.00.3002 - Acer Incorporated)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2202 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
InterVideo WinDVD 8 (HKLM\...\InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}) (Version: 8.5.10.39 - InterVideo Inc.)
InterVideo WinDVD 8 (Version: 8.5.10.39 - InterVideo Inc.) Hidden
iTunes (HKLM\...\{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}) (Version: 10.6.3.25 - Apple Inc.)
J4600 (Version: 50.0.165.000 - Hewlett-Packard) Hidden
Java Auto Updater (Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 33 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.330 - Oracle)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Launch Manager (HKLM\...\LManager) (Version: 3.0.03 - Acer Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
McDougal Littell Test Generator (HKLM\...\McDougal Littell Test Generator) (Version:  - )
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft VC9 runtime libraries (Version: 1.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
MotoHelper 2.0.24 Driver 4.7.1 (HKLM\...\MotoHelper) (Version: 2.0.24 - Motorola)
MotoHelper MergeModules (Version: 1.0.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 4.7.1 (Version: 4.7.1 - Motorola Inc.) Hidden
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network (Version: 130.0.579.000 - Hewlett-Packard) Hidden
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.627 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6623 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.12.6623 - NewTech Infosystems) Hidden
PdaNet for Android 3.02 (HKLM\...\PdaNet_is1) (Version:  - June Fabrics Technology Inc)
PDF Architect (HKLM\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF Creator (HKLM\...\PDF Creator) (Version:  - )
PDF Writer Packages (HKCU\...\PDF Writer Packages) (Version:  - ) <==== ATTENTION
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
ProductContext (Version: 50.0.165.000 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30094 - Realtek Semiconductor Corp.)
RLPrintPlugin (HKLM\...\{083F59BD-164C-42BE-B800-F113BD1F0E95}) (Version: 1.3.14 - Renaissance Learning)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Severe Weather Alerts (HKCU\...\Severe Weather Alerts) (Version: 1.23.0.0 - Weather Notifications, LLC)
SHARP AR,MX-B,M Series PCL/PS Printer Driver (HKLM\...\SHARP MX-M283 M363 M423 M453 M503 Series PCL PS Printer Driver) (Version: 1.00.000 - SHARP)
SHARP MX-B,M283/M363/M453/M503 Series PC-Fax Driver (HKLM\...\SHARP MX-M283 M363 M423 M453 M503 Series PC-Fax Driver) (Version: 1.00.000 - SHARP)
Skype Click to Call (HKLM\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.1.15383.6004 - Microsoft Corporation)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.0.3 - Synaptics Incorporated)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{EC1934B0-AE0F-4BBD-8955-54BB3247ED9E}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{EC1934B0-AE0F-4BBD-8955-54BB3247ED9E}) (Version:  - Microsoft)
Video Converter (Version: 1 - SweetPacks) Hidden <==== ATTENTION
VLC media player 2.0.2 (HKLM\...\VLC media player) (Version: 2.0.2 - VideoLAN)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Websteroids (Version: 2.6.71 - Creative Island Media, LLC) Hidden <==== ATTENTION
Welcome Center (HKLM\...\Acer Welcome Center) (Version: 1.00.3008 - Acer Incorporated)
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
 
==================== Restore Points  =========================
 
11-03-2014 15:20:55 Scheduled Checkpoint
14-03-2014 14:59:58 Windows Update
20-03-2014 19:27:31 Windows Update
01-04-2014 17:02:07 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
2009-07-13 19:04 - 2013-09-09 10:06 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {195EBE9A-872A-42F7-B562-6069E3B67034} - System32\Tasks\MotoHelper MUM => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07] ()
Task: {43223821-181E-4188-8E26-8A90D28D111E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-956521614-1672198306-2356860267-1004UA => C:\Users\Teacher.teacher-10-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-06] (Google Inc.)
Task: {539F2DA5-CCB9-422F-9A58-A6811EC8CE5D} - System32\Tasks\MotoHelper Update => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07] ()
Task: {5C898291-2D16-48F4-943E-0212CB4517B8} - System32\Tasks\{87D51634-A000-4D2C-A7A3-A52620A486A7} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {5F9A13B6-6481-44DB-81EA-B0B51ADCE621} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {73555474-E354-4A2F-AC26-639A55A4143F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {7702321F-E1EF-4883-9CED-54A371FD1F6B} - System32\Tasks\MotoHelper Routing => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07] ()
Task: {DE3B3FD8-150A-4D18-80B5-A84CDC5F0F37} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-956521614-1672198306-2356860267-1004Core => C:\Users\Teacher.teacher-10-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-06] (Google Inc.)
Task: {F1B26649-E7A2-4169-A69B-453D5A924B35} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-19] (Google Inc.)
Task: {FD3F7398-0026-4E80-8B25-FDB8F9A2B203} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-19] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-956521614-1672198306-2356860267-1004Core.job => C:\Users\Teacher.teacher-10-PC\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-956521614-1672198306-2356860267-1004UA.job => C:\Users\Teacher.teacher-10-PC\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-08-14 15:11 - 2011-10-04 22:42 - 00086016 _____ () C:\Windows\System32\custmon32i.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-09-07 09:47 - 2010-09-07 09:47 - 00202048 _____ () C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
2010-09-07 09:47 - 2010-09-07 09:47 - 00664896 _____ () C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
2009-07-06 05:55 - 2008-07-29 19:29 - 00200704 _____ () C:\Windows\PLFSetI.exe
2011-08-24 11:43 - 2011-08-17 11:29 - 00480880 _____ () C:\Program Files\PdaNet for Android\PdaNetPC.exe
2011-02-10 07:55 - 2011-02-10 07:55 - 01148256 _____ () C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
2014-03-16 19:18 - 2014-03-14 17:50 - 00051016 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-16 19:18 - 2014-03-14 17:50 - 00716616 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-16 19:18 - 2014-03-14 17:50 - 00100168 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-16 19:18 - 2014-03-14 17:50 - 04061000 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-16 19:18 - 2014-03-14 17:50 - 00394568 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-16 19:18 - 2014-03-14 17:50 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
Name: Photosmart 7510 series
Description: Photosmart 7510 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Officejet Pro 8500 A910
Description: Officejet Pro 8500 A910
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: DesignJet 500+HPGL2 (C7770B)
Description: DesignJet 500+HPGL2 (C7770B)
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP LaserJet P4515
Description: HP LaserJet P4515
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Officejet J4680 series
Description: Officejet J4680 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: hp LaserJet 4250
Description: hp LaserJet 4250
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Officejet J4680 series
Description: Officejet J4680 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
Error: (12/12/2012 04:55:52 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3401 seconds with 2520 seconds of active time.  This session ended with a crash.
 
Error: (01/26/2012 01:01:55 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (01/26/2012 01:01:29 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (01/26/2012 01:00:47 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 424 seconds with 360 seconds of active time.  This session ended with a crash.
 
Error: (01/26/2012 00:51:57 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (01/26/2012 00:51:00 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7764 seconds with 1380 seconds of active time.  This session ended with a crash.
 
Error: (05/04/2011 11:12:35 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8844 seconds with 1140 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 36%
Total physical RAM: 3000.93 MB
Available physical RAM: 1897.99 MB
Total Pagefile: 6000.14 MB
Available Pagefile: 4430.6 MB
Total Virtual: 2047.88 MB
Available Virtual: 1898.79 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:118.95 GB) (Free:61.61 GB) NTFS
Drive d: (DATA) (Fixed) (Total:93.83 GB) (Free:93.73 GB) NTFS
Drive e: (lego movie) (CDROM) (Total:0.03 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: A6553275)
 
Partition: GPT Partition Type.


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:51 PM

Posted 05 April 2014 - 07:55 PM

1.
Uninstalling A Program Through "add/remove"

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

FileParade bundle uninstaller
PDF Writer Packages
Video Converter
Websteroids


Additional instructions can be found here if needed.

2.
Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


Attached File  fixlist.txt   2.33KB   2 downloads



How is the machine running?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 khemsley

khemsley
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 06 April 2014 - 08:42 PM

So far it has been running better.  It went back to my original screen when I click on Chrome too.
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014  01
Ran by Teacher at 2014-04-06 18:40:27 Run:1
Running from C:\Users\Teacher.teacher-10-PC\Downloads
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope value is missing.
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: No Name - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -  No File
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
cmd: netsh winsock reset
CHR HomePage: hxxp://search.conduit.com/?gd=&ctid=CT3324066&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=5&UP=SP66D7317F-B7EC-494F-84AB-51E26AF68C55&SSPV=
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR DefaultNewTabURL: 
S2 vToolbarUpdater15.5.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [X]
2014-03-25 11:30 - 2014-04-04 11:10 - 00000000 ____D () C:\Users\Teacher.teacher-10-PC\AppData\Local\Websteroids
2014-03-25 11:30 - 2014-03-25 11:30 - 00001024 _____ () C:\Users\Teacher.teacher-10-PC\Desktop\Optimizer Pro.lnk
2014-03-25 11:29 - 2014-03-25 11:29 - 00001186 _____ () C:\Users\Public\Desktop\Video Converter.lnk
2014-03-25 11:28 - 2014-03-25 11:28 - 00681272 _____ (ClientConnect) C:\Users\Teacher.teacher-10-PC\Downloads\Video_Converter_TSV16RX2I.exe
2014-03-21 16:02 - 2014-03-21 16:02 - 01161080 _____ () C:\Windows\system32\Websteroids.B324755F3F87.dll
2014-04-04 11:10 - 2014-03-25 11:30 - 00000000 ____D () C:\Users\Teacher.teacher-10-PC\AppData\Local\Websteroids
C:\Users\Teacher.teacher-10-PC\AppData\Local\Temp\nsm45AC.exe
C:\Users\Teacher.teacher-10-PC\AppData\Local\Temp\nsmD7AA.exe
C:\Users\Teacher.teacher-10-PC\AppData\Local\Temp\nsw4E25.exe
C:\Users\Teacher.teacher-10-PC\AppData\Local\Temp\nswDD65.exe
C:\Users\Teacher.teacher-10-PC\AppData\Local\Temp\Quarantine.exe
C:\Users\Teacher.teacher-10-PC\AppData\Local\Temp\SPSetup.exe
 
 
 
 
 
 
 
*****************
 
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully.
HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key deleted successfully.
HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key not found.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
 
=========  netsh winsock reset =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
CHR HomePage: hxxp://search.conduit.com/?gd=&ctid=CT3324066&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=5&UP=SP66D7317F-B7EC-494F-84AB-51E26AF68C55&SSPV= ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchKeyword: conduit.search ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchProvider: Conduit Search ==> The Chrome "Settings" can be used to fix the entry.
vToolbarUpdater15.5.0 => Service deleted successfully.
C:\Users\Teacher.teacher-10-PC\AppData\Local\Websteroids => Moved successfully.
C:\Users\Teacher.teacher-10-PC\Desktop\Optimizer Pro.lnk => Moved successfully.
C:\Users\Public\Desktop\Video Converter.lnk => Moved successfully.
C:\Users\Teacher.teacher-10-PC\Downloads\Video_Converter_TSV16RX2I.exe => Moved successfully.
C:\Windows\system32\Websteroids.B324755F3F87.dll => Moved successfully.
"C:\Users\Teacher.teacher-10-PC\AppData\Local\Websteroids" => File/Directory not found.
C:\Users\Teacher.teacher-10-PC\AppData\Local\Temp\nsm45AC.exe => Moved successfully.
C:\Users\Teacher.teacher-10-PC\AppData\Local\Temp\nsmD7AA.exe => Moved successfully.
C:\Users\Teacher.teacher-10-PC\AppData\Local\Temp\nsw4E25.exe => Moved successfully.
C:\Users\Teacher.teacher-10-PC\AppData\Local\Temp\nswDD65.exe => Moved successfully.
C:\Users\Teacher.teacher-10-PC\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Teacher.teacher-10-PC\AppData\Local\Temp\SPSetup.exe => Moved successfully.
 
==== End of Fixlog ====


#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:51 PM

Posted 07 April 2014 - 05:24 PM

Lets check for any leftovers.

 

1.

Please download Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop.

  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.


Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.


Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

 

 

2.

 ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats IS checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)

 

 

Things to include in your next reply::

MBAM log

Eset log

How is your machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 khemsley

khemsley
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 08 April 2014 - 10:00 AM

I don't think I did this right.  But this is the log I found.  My Malware screen looks a little different than described here.  And then I didn't get a screen to "remove Selected"  it said some thing about quarantine, which I didn't do.  
 
I will not do the next step of ESET until I hear from you.
 
Thank you!
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/8/2014
Scan Time: 7:42:01 AM
Logfile: Malware Log.txt
Administrator: Yes
 
Version: 2.00.1.1004
Malware Database: v2014.04.07.14
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Teacher
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 300787
Time Elapsed: 15 hr, 58 min, 50 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 4
PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, Quarantined, [2961b671047757dfdf5edf30c1419a66], 
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarantined, [404a1611681342f4cf3c15fa20e2748c], 
PUP.Optional.SevereWeatherAlerts, HKU\S-1-5-21-956521614-1672198306-2356860267-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Severe Weather Alerts, Quarantined, [a8e2998e473473c33b204bd808f8ca36], 
PUP.Optional.SevereWeatherAlerts.A, HKU\S-1-5-21-956521614-1672198306-2356860267-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\SevereWeatherAlerts.exe, Quarantined, [098139ee3e3dc76f300b5f4058ab57a9], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 10
PUP.Optional.SevereWeatherAlerts, C:\Users\Teacher.teacher-10-PC\AppData\Local\SevereWeatherAlerts, Quarantined, [47438f982c4f53e3c02e3259ae556997], 
PUP.Optional.SevereWeatherAlerts, C:\Users\Teacher.teacher-10-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Severe Weather Alerts, Quarantined, [f991a483384378bebc33cdbe47bc966a], 
PUP.Optional.TopArcadeHits.A, C:\Users\Teacher.teacher-10-PC\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}, Quarantined, [fe8c889f3744a49248d368ee54aebb45], 
PUP.Optional.TopArcadeHits.A, C:\Users\Teacher.teacher-10-PC\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome, Quarantined, [fe8c889f3744a49248d368ee54aebb45], 
PUP.Optional.TopArcadeHits.A, C:\Users\Teacher.teacher-10-PC\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content, Quarantined, [fe8c889f3744a49248d368ee54aebb45], 
PUP.Optional.TopArcadeHits.A, C:\Users\Teacher.teacher-10-PC\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\skin, Quarantined, [fe8c889f3744a49248d368ee54aebb45], 
PUP.Optional.SevereWeatherAlerts, C:\Users\Teacher.teacher-10-PC\AppData\Local\Weather_Notifications,_LL, Quarantined, [c4c68c9bc1ba45f1ec88b89eaa58ca36], 
PUP.Optional.SevereWeatherAlerts, C:\Users\Teacher.teacher-10-PC\AppData\Local\Weather_Notifications,_LL\SevereWeatherAlerts.exe_Url_cjyw2ohn31qoodjq2y0dqxlpjmm2ljbk, Quarantined, [c4c68c9bc1ba45f1ec88b89eaa58ca36], 
PUP.Optional.SevereWeatherAlerts, C:\Users\Teacher.teacher-10-PC\AppData\Local\Weather_Notifications,_LL\SevereWeatherAlerts.exe_Url_cjyw2ohn31qoodjq2y0dqxlpjmm2ljbk\1.21.0.0, Quarantined, [c4c68c9bc1ba45f1ec88b89eaa58ca36], 
PUP.Optional.Conduit.A, C:\Users\Teacher.teacher-10-PC\AppData\Local\Temp\CT3324066, Quarantined, [088274b3f7843ff7a9df66f061a13ac6], 
 
Files: 34
PUP.Optional.Conduit.A, C:\Users\Teacher.teacher-10-PC\AppData\Local\Temp\nsg9B35\SpSetup.exe, Quarantined, [8604f532225971c51cfb22f545bc48b8], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsg7809.exe, Quarantined, [c9c1da4d9fdc6bcb84a324fe0af7d32d], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsk6BE.exe, Quarantined, [deac1017621915217cab5ac8d8297888], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nskFED2.exe, Quarantined, [f1996bbcef8c68ce40e7ce5460a1f709], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsl81A.exe, Quarantined, [96f456d15d1e3402b374f92923de8f71], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nslBAB6.exe, Quarantined, [3654fc2bd1aa1a1c81a6140e0ff2cd33], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nslEDD3.exe, Quarantined, [addd9e899dde8bab01266ab8b94848b8], 
PUP.Optional.Bundle, C:\Users\Teacher.teacher-10-PC\Downloads\PDFWriterSetup.exe, Quarantined, [8a00fe29d9a2bc7a61e224fa08f96898], 
PUP.Optional.SevereWeatherAlerts.A, C:\Users\Teacher.teacher-10-PC\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe, Quarantined, [3f4b81a67407d85ebebd53fcc33e9769], 
PUP.Optional.SevereWeatherAlerts.A, C:\Users\Teacher.teacher-10-PC\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe, Quarantined, [6c1e73b45526a98d8befbb947e8353ad], 
PUP.Optional.SevereWeatherAlerts, C:\Users\Teacher.teacher-10-PC\AppData\Local\SevereWeatherAlerts\uninstall.exe, Quarantined, [a8e2998e473473c33b204bd808f8ca36], 
PUP.Optional.Websteroids.A, C:\Users\Teacher.teacher-10-PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d.websteroidsapp.com_0.localstorage, Quarantined, [b2d8f730b3c8d75ff37b530fee14fd03], 
PUP.Optional.Websteroids.A, C:\Users\Teacher.teacher-10-PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d.websteroidsapp.com_0.localstorage-journal, Quarantined, [8ffba38459228ea8bdb191d110f214ec], 
PUP.Optional.SevereWeatherAlerts, C:\Users\Teacher.teacher-10-PC\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe.config, Quarantined, [47438f982c4f53e3c02e3259ae556997], 
PUP.Optional.SevereWeatherAlerts, C:\Users\Teacher.teacher-10-PC\AppData\Local\SevereWeatherAlerts\ICSharpCode.SharpZipLib.dll, Quarantined, [47438f982c4f53e3c02e3259ae556997], 
PUP.Optional.SevereWeatherAlerts, C:\Users\Teacher.teacher-10-PC\AppData\Local\SevereWeatherAlerts\mod.SevereWeatherAlertsApp0.dat, Quarantined, [47438f982c4f53e3c02e3259ae556997], 
PUP.Optional.SevereWeatherAlerts, C:\Users\Teacher.teacher-10-PC\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp0.dat, Quarantined, [47438f982c4f53e3c02e3259ae556997], 
PUP.Optional.SevereWeatherAlerts, C:\Users\Teacher.teacher-10-PC\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsAppAPI.dll, Quarantined, [47438f982c4f53e3c02e3259ae556997], 
PUP.Optional.SevereWeatherAlerts, C:\Users\Teacher.teacher-10-PC\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsBrowser.exe, Quarantined, [47438f982c4f53e3c02e3259ae556997], 
PUP.Optional.SevereWeatherAlerts, C:\Users\Teacher.teacher-10-PC\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsK.dat, Quarantined, [47438f982c4f53e3c02e3259ae556997], 
PUP.Optional.SevereWeatherAlerts, C:\Users\Teacher.teacher-10-PC\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsU.dat, Quarantined, [47438f982c4f53e3c02e3259ae556997], 
PUP.Optional.SevereWeatherAlerts, C:\Users\Teacher.teacher-10-PC\AppData\Local\SevereWeatherAlerts\SWAUpdater.exe, Quarantined, [47438f982c4f53e3c02e3259ae556997], 
PUP.Optional.SevereWeatherAlerts, C:\Users\Teacher.teacher-10-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Severe Weather Alerts\Severe Weather Alerts.lnk, Quarantined, [f991a483384378bebc33cdbe47bc966a], 
PUP.Optional.TopArcadeHits.A, C:\Users\Teacher.teacher-10-PC\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome.manifest, Quarantined, [fe8c889f3744a49248d368ee54aebb45], 
PUP.Optional.TopArcadeHits.A, C:\Users\Teacher.teacher-10-PC\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\icon.png, Quarantined, [fe8c889f3744a49248d368ee54aebb45], 
PUP.Optional.TopArcadeHits.A, C:\Users\Teacher.teacher-10-PC\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\install.rdf, Quarantined, [fe8c889f3744a49248d368ee54aebb45], 
PUP.Optional.TopArcadeHits.A, C:\Users\Teacher.teacher-10-PC\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content\browser.xul, Quarantined, [fe8c889f3744a49248d368ee54aebb45], 
PUP.Optional.TopArcadeHits.A, C:\Users\Teacher.teacher-10-PC\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content\toparcadehits.js, Quarantined, [fe8c889f3744a49248d368ee54aebb45], 
PUP.Optional.TopArcadeHits.A, C:\Users\Teacher.teacher-10-PC\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\skin\style.css, Quarantined, [fe8c889f3744a49248d368ee54aebb45], 
PUP.Optional.SevereWeatherAlerts, C:\Users\Teacher.teacher-10-PC\AppData\Local\Weather_Notifications,_LL\SevereWeatherAlerts.exe_Url_cjyw2ohn31qoodjq2y0dqxlpjmm2ljbk\1.21.0.0\user.config, Quarantined, [c4c68c9bc1ba45f1ec88b89eaa58ca36], 
PUP.Optional.Conduit.A, C:\Users\Teacher.teacher-10-PC\AppData\Local\Temp\CT3324066\ddt.csf, Quarantined, [088274b3f7843ff7a9df66f061a13ac6], 
PUP.Optional.Conduit.A, C:\Users\Teacher.teacher-10-PC\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (   "homepage": "http://search.conduit.com/?gd=&ctid=CT3324066&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=5&UP=SP66D7317F-B7EC-494F-84AB-51E26AF68C55&SSPV=",), Replaced,[9cee86a17605cb6b6a8d0d3591736898]
PUP.Optional.Conduit.A, C:\Users\Teacher.teacher-10-PC\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "http://search.conduit.com/?gd=&ctid=CT3324066&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=5&UP=SP66D7317F-B7EC-494F-84AB-51E26AF68C55&SSPV=" ],), Replaced,[6228d651314a66d08a9f0b38c044d52b]
PUP.Optional.Conduit.A, C:\Users\Teacher.teacher-10-PC\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "search_url": "http://search.conduit.com/Results.aspx?gd=&ctid=CT3324066&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=58&CUI=&UM=5&UP=SP66D7317F-B7EC-494F-84AB-51E26AF68C55&q={searchTerms}&SSPV=",), Replaced,[12782601b4c750e688cd2f14956f07f9]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:51 PM

Posted 08 April 2014 - 06:22 PM

MBAM log is correct.  Do you have the Eset log? Will you please run MBAM again and post the new log also.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 khemsley

khemsley
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 08 April 2014 - 06:46 PM

I am running the MBAM now.  And I don't get the "Remove Selected"  I just get "Choose an action" and there is a thing to click that says "quarantine all"  What should I do?



#12 khemsley

khemsley
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 08 April 2014 - 07:01 PM

Havimg trouble accessing anything on IE.  I will try to do ESET next.

MBAM 2

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/8/2014
Scan Time: 4:49:40 PM
Logfile: MBAM 2.txt
Administrator: Yes
 
Version: 2.00.1.1004
Malware Database: v2014.04.08.09
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Teacher
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 301075
Time Elapsed: 23 min, 4 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 3
PUP.Optional.Conduit.A, C:\Users\Teacher.teacher-10-PC\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (   "homepage": "http://search.conduit.com/?gd=&ctid=CT3324066&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=5&UP=SP66D7317F-B7EC-494F-84AB-51E26AF68C55&SSPV=",), Replaced,[e009091ea9d2ca6ceafb80c4f2127d83]
PUP.Optional.Conduit.A, C:\Users\Teacher.teacher-10-PC\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "http://search.conduit.com/?gd=&ctid=CT3324066&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=5&UP=SP66D7317F-B7EC-494F-84AB-51E26AF68C55&SSPV=" ],), Replaced,[767342e516656cca76a18abb976d1de3]
PUP.Optional.Conduit.A, C:\Users\Teacher.teacher-10-PC\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "search_url": "http://search.conduit.com/Results.aspx?gd=&ctid=CT3324066&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=58&CUI=&UM=5&UP=SP66D7317F-B7EC-494F-84AB-51E26AF68C55&q={searchTerms}&SSPV=",), Replaced,[db0e12156d0e54e2ff44ea5bf2121ee2]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#13 khemsley

khemsley
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 09 April 2014 - 04:03 PM

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a5abd30de4195646b38d894de0fcdd82
# engine=14869
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-08-22 05:01:20
# local_time=2013-08-22 10:01:20 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1032 16777213 100 96 0 119404624 0 0
# compatibility_mode=5893 16776574 100 94 33497006 128735671 0 0
# scanned=150829
# found=29
# cleaned=0
# scan_time=3763
sh=F711CC85724202A84D4082639A87C4C7383F1757 ft=1 fh=5f581e7635345bfa vn="Win32/Sirefef.EV trojan" ac=I fn="C:\Qoobox\Quarantine\C\Windows\Installer\{cec7308f-e63a-690e-4028-1e88f311d30b}\n.vir"
sh=A3AA67884223F3E8F8C52AFDBC779DCB19FF00E6 ft=1 fh=046b86e38f417135 vn="Win32/Conedex.D trojan" ac=I fn="C:\Qoobox\Quarantine\C\Windows\Installer\{cec7308f-e63a-690e-4028-1e88f311d30b}\U\00000004.@.vir"
sh=1A9C6C8418E30BD33923AECA0D7EF826021322DC ft=1 fh=1a64171ea74d3ef0 vn="Win32/Sirefef.FG trojan" ac=I fn="C:\Qoobox\Quarantine\C\Windows\Installer\{cec7308f-e63a-690e-4028-1e88f311d30b}\U\00000008.@.vir"
sh=97D178F9F9541E90C2A527C3FF97A43A1B69CB25 ft=1 fh=658c8a56b6c5d815 vn="Win32/Conedex.E trojan" ac=I fn="C:\Qoobox\Quarantine\C\Windows\Installer\{cec7308f-e63a-690e-4028-1e88f311d30b}\U\000000cb.@.vir"
sh=978E4706B700938780D134263B519E5BF17A8AED ft=1 fh=7addc9af6c4233fe vn="a variant of Win32/Sirefef.FA trojan" ac=I fn="C:\Qoobox\Quarantine\C\Windows\Installer\{cec7308f-e63a-690e-4028-1e88f311d30b}\U\80000000.@.vir"
sh=A731C7E05B95FE83343D28509F204D30BC6DE440 ft=1 fh=92acd6430df4bef2 vn="Win32/Sirefef.FD trojan" ac=I fn="C:\Qoobox\Quarantine\C\Windows\Installer\{cec7308f-e63a-690e-4028-1e88f311d30b}\U\80000032.@.vir"
sh=982337DB5B7B58A090156FAD6F305397787FFD67 ft=1 fh=23fd793b5f14ca5f vn="Win32/Sirefef.FC trojan" ac=I fn="C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir"
sh=775CEB1BD0D24DF850773B5B57EA588983AA18D2 ft=1 fh=2251fd2697041a5b vn="a variant of MSIL/Adware.StrongVault.A application" ac=I fn="C:\Users\Teacher.teacher-10-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQ7YYWIP\swa1_23[1].exe"
sh=580E74BAEC15BC6D64438E4435D95B0F8A63E336 ft=1 fh=7d7d41c38ca4a0f6 vn="a variant of MSIL/Adware.StrongVault.A application" ac=I fn="C:\Users\Teacher.teacher-10-PC\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe"
sh=BC29B81A1DC1C68E6071FA35F7354915C8A44972 ft=1 fh=082e2b143309c0a4 vn="a variant of Win32/AirAdInstaller.A application" ac=I fn="C:\Users\Teacher.teacher-10-PC\AppData\Local\Temp\air2517.exe"
sh=BC29B81A1DC1C68E6071FA35F7354915C8A44972 ft=1 fh=082e2b143309c0a4 vn="a variant of Win32/AirAdInstaller.A application" ac=I fn="C:\Users\Teacher.teacher-10-PC\AppData\Local\Temp\air3981.exe"
sh=775CEB1BD0D24DF850773B5B57EA588983AA18D2 ft=1 fh=2251fd2697041a5b vn="a variant of MSIL/Adware.StrongVault.A application" ac=I fn="C:\Users\Teacher.teacher-10-PC\AppData\Local\Temp\air3E9D.exe"
sh=EEB4FAC441814F275BD64907E44D896CC2CCF643 ft=1 fh=462483313309c0a4 vn="a variant of Win32/AirAdInstaller.A application" ac=I fn="C:\Users\Teacher.teacher-10-PC\AppData\Local\Temp\air6E46.exe"
sh=EEB4FAC441814F275BD64907E44D896CC2CCF643 ft=1 fh=462483313309c0a4 vn="a variant of Win32/AirAdInstaller.A application" ac=I fn="C:\Users\Teacher.teacher-10-PC\AppData\Local\Temp\air814A.exe"
sh=BC29B81A1DC1C68E6071FA35F7354915C8A44972 ft=1 fh=082e2b143309c0a4 vn="a variant of Win32/AirAdInstaller.A application" ac=I fn="C:\Users\Teacher.teacher-10-PC\AppData\Local\Temp\setup.exe"
sh=DED201AE02FB9EA3646489AFEDA49270C4620D9C ft=1 fh=c71c001196f8c3ac vn="a variant of Win32/Toolbar.Babylon.F application" ac=I fn="C:\Users\Teacher.teacher-10-PC\AppData\Local\Temp\7DAC389B-BAB0-7891-8CED-717A0464E461\Latest\BExternal.dll"
sh=7759A3318DE2ABC3755EBB7F50322C6D586B5286 ft=1 fh=e3d39714b3bfb2a0 vn="Win32/Toolbar.Babylon.E application" ac=I fn="C:\Users\Teacher.teacher-10-PC\AppData\Local\Temp\7DAC389B-BAB0-7891-8CED-717A0464E461\Latest\IEHelper.dll"
sh=D957B0EC634B5C52AA2B8934223A6248D5152807 ft=1 fh=4c2491a4bea30714 vn="a variant of Win32/InstallCore.A application" ac=I fn="C:\Users\Teacher.teacher-10-PC\AppData\Local\Temp\is357113909\message.exe"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="a variant of Win32/InstallCore.AZ application" ac=I fn="C:\Users\Teacher.teacher-10-PC\AppData\Local\Temp\is357113909\uninstaller.exe"
sh=A3AA67884223F3E8F8C52AFDBC779DCB19FF00E6 ft=1 fh=046b86e38f417135 vn="Win32/Conedex.D trojan" ac=I fn="C:\Users\Teacher.teacher-10-PC\AppData\Local\{cec7308f-e63a-690e-4028-1e88f311d30b}\U\00000004.@"
sh=1A9C6C8418E30BD33923AECA0D7EF826021322DC ft=1 fh=1a64171ea74d3ef0 vn="Win32/Sirefef.FG trojan" ac=I fn="C:\Users\Teacher.teacher-10-PC\AppData\Local\{cec7308f-e63a-690e-4028-1e88f311d30b}\U\00000008.@"
sh=97D178F9F9541E90C2A527C3FF97A43A1B69CB25 ft=1 fh=658c8a56b6c5d815 vn="Win32/Conedex.E trojan" ac=I fn="C:\Users\Teacher.teacher-10-PC\AppData\Local\{cec7308f-e63a-690e-4028-1e88f311d30b}\U\000000cb.@"
sh=4E41D53BFE6E578B288EC8C8D69566E5CE8F53C5 ft=1 fh=ac177b8240bd8967 vn="Win32/Sirefef.FA trojan" ac=I fn="C:\Users\Teacher.teacher-10-PC\AppData\Local\{cec7308f-e63a-690e-4028-1e88f311d30b}\U\80000000.@"
sh=3D28DAA6821D6AFC27A15B5BE23C937C46886662 ft=1 fh=9a945b881e02e73c vn="a variant of Win32/Sirefef.FD trojan" ac=I fn="C:\Users\Teacher.teacher-10-PC\AppData\Local\{cec7308f-e63a-690e-4028-1e88f311d30b}\U\80000032.@"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="a variant of Win32/InstallCore.AZ application" ac=I fn="C:\Users\Teacher.teacher-10-PC\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\PDF Writer Packages\uninstaller.exe"
sh=87F4CBEAA38C018051B6361092E4C3B79791419F ft=1 fh=5e119b319b9d4846 vn="a variant of Win32/InstallCore.CF application" ac=I fn="C:\Users\Teacher.teacher-10-PC\Downloads\PDFWriterSetup.exe"
sh=BC29B81A1DC1C68E6071FA35F7354915C8A44972 ft=1 fh=082e2b143309c0a4 vn="a variant of Win32/AirAdInstaller.A application" ac=I fn="C:\Users\Teacher.teacher-10-PC\Downloads\Setup (1).exe"
sh=EEB4FAC441814F275BD64907E44D896CC2CCF643 ft=1 fh=462483313309c0a4 vn="a variant of Win32/AirAdInstaller.A application" ac=I fn="C:\Users\Teacher.teacher-10-PC\Downloads\Setup.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of MSIL/Adware.StrongVault.A application" ac=I fn="${Memory}"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a5abd30de4195646b38d894de0fcdd82
# engine=17823
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-09 08:59:15
# local_time=2014-04-09 01:59:15 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1032 16777213 100 96 0 139290899 0 0
# compatibility_mode=5893 16776574 100 94 17292701 148621946 0 0
# scanned=160402
# found=7
# cleaned=7
# scan_time=6042
sh=9ABE489AF3684ABB96AB39F112768F69C83D0F8E ft=1 fh=f7fcd12f54d4e5cc vn="a variant of Win32/SpeedingUpMyPC application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Optimizer Pro\OptimizerPro.exe.vir"
sh=2F367F244D08950211E4C05FB8EF8E0959BB773A ft=1 fh=20d3e0bbdedcd685 vn="a variant of Win32/AdWare.SpeedingUpMyPC.D application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Optimizer Pro\OptProLauncher.exe.vir"
sh=E5DB01AF8C7541396D4C619A55B7B664281A5375 ft=1 fh=97edb4dad52fbf6e vn="a variant of Win32/Adware.SpeedingUpMyPC.C application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Optimizer Pro\OptProSmartScan.exe.vir"
sh=2CDAC140B71911CFE8C9BB2CD7D383E11413A69A ft=1 fh=765497c44fa2b0ff vn="a variant of MSIL/Adware.PullUpdate.D application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\Websteroids\Websteroids.exe.vir"
sh=0B282431D560C9CB16696F6313A29B5B2853A366 ft=1 fh=868041b6d05f6e12 vn="a variant of MSIL/Adware.PullUpdate.A application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\Websteroids\WebsteroidsService.exe.vir"
sh=C810606DBB12C4717858ADD8001BAA2B85AB8C30 ft=1 fh=b1248b29de58b62b vn="a variant of MSIL/Adware.PullUpdate.C application (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Windows\system32\Websteroids.B324755F3F87.dll.xBAD"
sh=DB5E4E4F64BAA359255F230C658BE286E266892A ft=1 fh=cc4c339215781df4 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Teacher.teacher-10-PC\AppData\Local\Temp\{3FA3ACF5-9093-4D05-9597-BA546F4EE1DA}\setup.exe"


#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:51 PM

Posted 09 April 2014 - 08:12 PM

1.

  •    
  • Download RogueKiller on the desktop
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Scan 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

 

2.

Please delete your copy of TDSSKiller and download the latest version from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    image000q.png
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    image001h.png
  • Click the Start Scan button.

    19695967.jpg
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    62117367.jpg

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 khemsley

khemsley
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 10 April 2014 - 10:46 AM

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Teacher [Admin rights]
Mode : Scan -- Date : 04/10/2014 08:43:12
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 1 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
[Address] EAT @explorer.exe (GdipAddPathArc) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E74C6)
[Address] EAT @explorer.exe (GdipAddPathArcI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E7599)
[Address] EAT @explorer.exe (GdipAddPathBezier) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E760F)
[Address] EAT @explorer.exe (GdipAddPathBezierI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E76F4)
[Address] EAT @explorer.exe (GdipAddPathBeziers) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E7778)
[Address] EAT @explorer.exe (GdipAddPathBeziersI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E7838)
[Address] EAT @explorer.exe (GdipAddPathClosedCurve) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E7F15)
[Address] EAT @explorer.exe (GdipAddPathClosedCurve2) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E80DE)
[Address] EAT @explorer.exe (GdipAddPathClosedCurve2I) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E81A5)
[Address] EAT @explorer.exe (GdipAddPathClosedCurveI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E7FD5)
[Address] EAT @explorer.exe (GdipAddPathCurve) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E7941)
[Address] EAT @explorer.exe (GdipAddPathCurve2) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E7B2D)
[Address] EAT @explorer.exe (GdipAddPathCurve2I) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E7BFB)
[Address] EAT @explorer.exe (GdipAddPathCurve3) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E7D2E)
[Address] EAT @explorer.exe (GdipAddPathCurve3I) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E7DFF)
[Address] EAT @explorer.exe (GdipAddPathCurveI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E7A01)
[Address] EAT @explorer.exe (GdipAddPathEllipse) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E85A8)
[Address] EAT @explorer.exe (GdipAddPathEllipseI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E8667)
[Address] EAT @explorer.exe (GdipAddPathLine) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E71D4)
[Address] EAT @explorer.exe (GdipAddPathLine2) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E72FD)
[Address] EAT @explorer.exe (GdipAddPathLine2I) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E73BD)
[Address] EAT @explorer.exe (GdipAddPathLineI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E7295)
[Address] EAT @explorer.exe (GdipAddPathPath) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E89E1)
[Address] EAT @explorer.exe (GdipAddPathPie) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E86CF)
[Address] EAT @explorer.exe (GdipAddPathPieI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E87A2)
[Address] EAT @explorer.exe (GdipAddPathPolygon) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E8818)
[Address] EAT @explorer.exe (GdipAddPathPolygonI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E88D8)
[Address] EAT @explorer.exe (GdipAddPathRectangle) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E82B5)
[Address] EAT @explorer.exe (GdipAddPathRectangleI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E8376)
[Address] EAT @explorer.exe (GdipAddPathRectangles) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E83DE)
[Address] EAT @explorer.exe (GdipAddPathRectanglesI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E849E)
[Address] EAT @explorer.exe (GdipAddPathString) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E8A8A)
[Address] EAT @explorer.exe (GdipAddPathStringI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E8C03)
[Address] EAT @explorer.exe (GdipAlloc) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A024CB)
[Address] EAT @explorer.exe (GdipBeginContainer) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A00E5E)
[Address] EAT @explorer.exe (GdipBeginContainer2) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A00F5F)
[Address] EAT @explorer.exe (GdipBeginContainerI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A01023)
[Address] EAT @explorer.exe (GdipBitmapApplyEffect) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F7307)
[Address] EAT @explorer.exe (GdipBitmapConvertFormat) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F709C)
[Address] EAT @explorer.exe (GdipBitmapCreateApplyEffect) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F726A)
[Address] EAT @explorer.exe (GdipBitmapGetHistogram) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F73BB)
[Address] EAT @explorer.exe (GdipBitmapGetHistogramSize) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F7490)
[Address] EAT @explorer.exe (GdipBitmapGetPixel) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F6CFA)
[Address] EAT @explorer.exe (GdipBitmapLockBits) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F6B83)
[Address] EAT @explorer.exe (GdipBitmapSetPixel) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F6DC0)
[Address] EAT @explorer.exe (GdipBitmapSetResolution) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F762F)
[Address] EAT @explorer.exe (GdipBitmapUnlockBits) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F6C43)
[Address] EAT @explorer.exe (GdipClearPathMarkers) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E6FD4)
[Address] EAT @explorer.exe (GdipCloneBitmapArea) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A06C2A)
[Address] EAT @explorer.exe (GdipCloneBitmapAreaI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F6A8F)
[Address] EAT @explorer.exe (GdipCloneBrush) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739ED87E)
[Address] EAT @explorer.exe (GdipCloneCustomLineCap) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F2EB5)
[Address] EAT @explorer.exe (GdipCloneFont) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A02FAC)
[Address] EAT @explorer.exe (GdipCloneFontFamily) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A02A1B)
[Address] EAT @explorer.exe (GdipCloneImage) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F4C90)
[Address] EAT @explorer.exe (GdipCloneImageAttributes) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F77B1)
[Address] EAT @explorer.exe (GdipCloneMatrix) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EAA39)
[Address] EAT @explorer.exe (GdipClonePath) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E651A)
[Address] EAT @explorer.exe (GdipClonePen) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F0B54)
[Address] EAT @explorer.exe (GdipCloneRegion) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EBEC7)
[Address] EAT @explorer.exe (GdipCloneStringFormat) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A03F8B)
[Address] EAT @explorer.exe (GdipClosePathFigure) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E6DEB)
[Address] EAT @explorer.exe (GdipClosePathFigures) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E6E8E)
[Address] EAT @explorer.exe (GdipCombineRegionPath) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EC310)
[Address] EAT @explorer.exe (GdipCombineRegionRect) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EC1BC)
[Address] EAT @explorer.exe (GdipCombineRegionRectI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EC293)
[Address] EAT @explorer.exe (GdipCombineRegionRegion) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EC43E)
[Address] EAT @explorer.exe (GdipComment) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A0325C)
[Address] EAT @explorer.exe (GdipConvertToEmfPlus) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A04F0F)
[Address] EAT @explorer.exe (GdipConvertToEmfPlusToFile) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A04FEF)
[Address] EAT @explorer.exe (GdipConvertToEmfPlusToStream) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A050E3)
[Address] EAT @explorer.exe (GdipCreateAdjustableArrowCap) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A06B65)
[Address] EAT @explorer.exe (GdipCreateBitmapFromDirectDrawSurface) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F6518)
[Address] EAT @explorer.exe (GdipCreateBitmapFromFile) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F5EB5)
[Address] EAT @explorer.exe (GdipCreateBitmapFromFileICM) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F6151)
[Address] EAT @explorer.exe (GdipCreateBitmapFromGdiDib) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F6605)
[Address] EAT @explorer.exe (GdipCreateBitmapFromGraphics) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F63C5)
[Address] EAT @explorer.exe (GdipCreateBitmapFromHBITMAP) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F6707)
[Address] EAT @explorer.exe (GdipCreateBitmapFromHICON) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F6885)
[Address] EAT @explorer.exe (GdipCreateBitmapFromResource) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F6917)
[Address] EAT @explorer.exe (GdipCreateBitmapFromScan0) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F62A0)
[Address] EAT @explorer.exe (GdipCreateBitmapFromStream) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F5D68)
[Address] EAT @explorer.exe (GdipCreateBitmapFromStreamICM) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F6003)
[Address] EAT @explorer.exe (GdipCreateCachedBitmap) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A04A81)
[Address] EAT @explorer.exe (GdipCreateCustomLineCap) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F2CCB)
[Address] EAT @explorer.exe (GdipCreateEffect) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F6E69)
[Address] EAT @explorer.exe (GdipCreateFont) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A027CA)
[Address] EAT @explorer.exe (GdipCreateFontFamilyFromName) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A02590)
[Address] EAT @explorer.exe (GdipCreateFontFromDC) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A03636)
[Address] EAT @explorer.exe (GdipCreateFontFromLogfontA) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A03730)
[Address] EAT @explorer.exe (GdipCreateFontFromLogfontW) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A03833)
[Address] EAT @explorer.exe (GdipCreateFromHDC) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F8301)
[Address] EAT @explorer.exe (GdipCreateFromHDC2) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F83AB)
[Address] EAT @explorer.exe (GdipCreateFromHWND) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F8456)
[Address] EAT @explorer.exe (GdipCreateFromHWNDICM) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F8500)
[Address] EAT @explorer.exe (GdipCreateHBITMAPFromBitmap) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F679C)
[Address] EAT @explorer.exe (GdipCreateHICONFromBitmap) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F69AC)
[Address] EAT @explorer.exe (GdipCreateHalftonePalette) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A04D8C)
[Address] EAT @explorer.exe (GdipCreateHatchBrush) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A062CA)
[Address] EAT @explorer.exe (GdipCreateImageAttributes) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F76DE)
[Address] EAT @explorer.exe (GdipCreateLineBrush) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EDFFA)
[Address] EAT @explorer.exe (GdipCreateLineBrushFromRect) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EE1BF)
[Address] EAT @explorer.exe (GdipCreateLineBrushFromRectI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EE2AF)
[Address] EAT @explorer.exe (GdipCreateLineBrushFromRectWithAngle) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EE377)
[Address] EAT @explorer.exe (GdipCreateLineBrushFromRectWithAngleI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EE46E)
[Address] EAT @explorer.exe (GdipCreateLineBrushI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EE0F0)
[Address] EAT @explorer.exe (GdipCreateMatrix) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EA68E)
[Address] EAT @explorer.exe (GdipCreateMatrix2) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EA744)
[Address] EAT @explorer.exe (GdipCreateMatrix3) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EA884)
[Address] EAT @explorer.exe (GdipCreateMatrix3I) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EA94C)
[Address] EAT @explorer.exe (GdipCreateMetafileFromEmf) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A0153C)
[Address] EAT @explorer.exe (GdipCreateMetafileFromFile) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A01614)
[Address] EAT @explorer.exe (GdipCreateMetafileFromStream) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A017C3)
[Address] EAT @explorer.exe (GdipCreateMetafileFromWmf) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A0145F)
[Address] EAT @explorer.exe (GdipCreateMetafileFromWmfFile) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A016EB)
[Address] EAT @explorer.exe (GdipCreatePath) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A061D9)
[Address] EAT @explorer.exe (GdipCreatePath2) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E627E)
[Address] EAT @explorer.exe (GdipCreatePath2I) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E634F)
[Address] EAT @explorer.exe (GdipCreatePathGradient) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A06893)
[Address] EAT @explorer.exe (GdipCreatePathGradientFromPath) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A06AA7)
[Address] EAT @explorer.exe (GdipCreatePathGradientI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A06955)
[Address] EAT @explorer.exe (GdipCreatePathIter) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E9AB7)
[Address] EAT @explorer.exe (GdipCreatePen1) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F08D0)
[Address] EAT @explorer.exe (GdipCreatePen2) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F0A01)
[Address] EAT @explorer.exe (GdipCreateRegion) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EB9CE)
[Address] EAT @explorer.exe (GdipCreateRegionHrgn) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EBDF8)
[Address] EAT @explorer.exe (GdipCreateRegionPath) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EBBF4)
[Address] EAT @explorer.exe (GdipCreateRegionRect) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EBA87)
[Address] EAT @explorer.exe (GdipCreateRegionRectI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EBB49)
[Address] EAT @explorer.exe (GdipCreateRegionRgnData) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EBD16)
[Address] EAT @explorer.exe (GdipCreateSolidFill) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A0707F)
[Address] EAT @explorer.exe (GdipCreateStreamOnFile) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E5877)
[Address] EAT @explorer.exe (GdipCreateStringFormat) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A03DC1)
[Address] EAT @explorer.exe (GdipCreateTexture) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A063AB)
[Address] EAT @explorer.exe (GdipCreateTexture2) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A064CD)
[Address] EAT @explorer.exe (GdipCreateTexture2I) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A067B9)
[Address] EAT @explorer.exe (GdipCreateTextureIA) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A0660F)
[Address] EAT @explorer.exe (GdipCreateTextureIAI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A06859)
[Address] EAT @explorer.exe (GdipDeleteBrush) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739ED958)
[Address] EAT @explorer.exe (GdipDeleteCachedBitmap) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A04BEC)
[Address] EAT @explorer.exe (GdipDeleteCustomLineCap) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F3069)
[Address] EAT @explorer.exe (GdipDeleteEffect) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F6EFA)
[Address] EAT @explorer.exe (GdipDeleteFont) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A03065)
[Address] EAT @explorer.exe (GdipDeleteFontFamily) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A02922)
[Address] EAT @explorer.exe (GdipDeleteGraphics) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F85AA)
[Address] EAT @explorer.exe (GdipDeleteMatrix) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EAB0E)
[Address] EAT @explorer.exe (GdipDeletePath) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E65EE)
[Address] EAT @explorer.exe (GdipDeletePathIter) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E9B70)
[Address] EAT @explorer.exe (GdipDeletePen) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F0C2B)
[Address] EAT @explorer.exe (GdipDeletePrivateFontCollection) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A03A7D)
[Address] EAT @explorer.exe (GdipDeleteRegion) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EBFE6)
[Address] EAT @explorer.exe (GdipDeleteStringFormat) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A04036)
[Address] EAT @explorer.exe (GdipDisposeImage) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F4D5E)
[Address] EAT @explorer.exe (GdipDisposeImageAttributes) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F787F)
[Address] EAT @explorer.exe (GdipDrawArc) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FA4A5)
[Address] EAT @explorer.exe (GdipDrawArcI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FA5DF)
[Address] EAT @explorer.exe (GdipDrawBezier) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FA658)
[Address] EAT @explorer.exe (GdipDrawBezierI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FA7A0)
[Address] EAT @explorer.exe (GdipDrawBeziers) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FA827)
[Address] EAT @explorer.exe (GdipDrawBeziersI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FA951)
[Address] EAT @explorer.exe (GdipDrawCachedBitmap) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A04C86)
[Address] EAT @explorer.exe (GdipDrawClosedCurve) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FBC79)
[Address] EAT @explorer.exe (GdipDrawClosedCurve2) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FBEBC)
[Address] EAT @explorer.exe (GdipDrawClosedCurve2I) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FBFED)
[Address] EAT @explorer.exe (GdipDrawClosedCurveI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FBDA3)
[Address] EAT @explorer.exe (GdipDrawCurve) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FB581)
[Address] EAT @explorer.exe (GdipDrawCurve2) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FB7C4)
[Address] EAT @explorer.exe (GdipDrawCurve2I) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FB8FC)
[Address] EAT @explorer.exe (GdipDrawCurve3) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FBA1C)
[Address] EAT @explorer.exe (GdipDrawCurve3I) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FBB53)
[Address] EAT @explorer.exe (GdipDrawCurveI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FB6AB)
[Address] EAT @explorer.exe (GdipDrawDriverString) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FDA1A)
[Address] EAT @explorer.exe (GdipDrawEllipse) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FAE82)
[Address] EAT @explorer.exe (GdipDrawEllipseI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FAFA6)
[Address] EAT @explorer.exe (GdipDrawImage) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FDF1E)
[Address] EAT @explorer.exe (GdipDrawImageFX) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FEB79)
[Address] EAT @explorer.exe (GdipDrawImageI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FE099)
[Address] EAT @explorer.exe (GdipDrawImagePointRect) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FE553)
[Address] EAT @explorer.exe (GdipDrawImagePointRectI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FE6EF)
[Address] EAT @explorer.exe (GdipDrawImagePoints) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FE2BF)
[Address] EAT @explorer.exe (GdipDrawImagePointsI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FE417)
[Address] EAT @explorer.exe (GdipDrawImagePointsRect) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FE78B)
[Address] EAT @explorer.exe (GdipDrawImagePointsRectI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FE9EA)
[Address] EAT @explorer.exe (GdipDrawImageRect) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FE0F5)
[Address] EAT @explorer.exe (GdipDrawImageRectI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FE254)
[Address] EAT @explorer.exe (GdipDrawImageRectRect) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A06CAE)
[Address] EAT @explorer.exe (GdipDrawImageRectRectI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A06F04)
[Address] EAT @explorer.exe (GdipDrawLine) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FA0D1)
[Address] EAT @explorer.exe (GdipDrawLineI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FA1F5)
[Address] EAT @explorer.exe (GdipDrawLines) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FA260)
[Address] EAT @explorer.exe (GdipDrawLinesI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FA38C)
[Address] EAT @explorer.exe (GdipDrawPath) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FB407)
[Address] EAT @explorer.exe (GdipDrawPie) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FB011)
[Address] EAT @explorer.exe (GdipDrawPieI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FB14B)
[Address] EAT @explorer.exe (GdipDrawPolygon) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FB1C4)
[Address] EAT @explorer.exe (GdipDrawPolygonI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FB2EE)
[Address] EAT @explorer.exe (GdipDrawRectangle) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FAA8D)
[Address] EAT @explorer.exe (GdipDrawRectangleI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FABB1)
[Address] EAT @explorer.exe (GdipDrawRectangles) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FAC1C)
[Address] EAT @explorer.exe (GdipDrawRectanglesI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FAD46)
[Address] EAT @explorer.exe (GdipDrawString) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FD512)
[Address] EAT @explorer.exe (GdipEmfToWmfBits) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A04EB9)
[Address] EAT @explorer.exe (GdipEndContainer) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A010D0)
[Address] EAT @explorer.exe (GdipEnumerateMetafileDestPoint) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FECBA)
[Address] EAT @explorer.exe (GdipEnumerateMetafileDestPointI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FEE6B)
[Address] EAT @explorer.exe (GdipEnumerateMetafileDestPoints) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FF0F8)
[Address] EAT @explorer.exe (GdipEnumerateMetafileDestPointsI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FF2AC)
[Address] EAT @explorer.exe (GdipEnumerateMetafileDestRect) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FEED3)
[Address] EAT @explorer.exe (GdipEnumerateMetafileDestRectI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FF084)
[Address] EAT @explorer.exe (GdipEnumerateMetafileSrcRectDestPoint) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FF417)
[Address] EAT @explorer.exe (GdipEnumerateMetafileSrcRectDestPointI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FF5F7)
[Address] EAT @explorer.exe (GdipEnumerateMetafileSrcRectDestPoints) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FF8F5)
[Address] EAT @explorer.exe (GdipEnumerateMetafileSrcRectDestPointsI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FFAD8)
[Address] EAT @explorer.exe (GdipEnumerateMetafileSrcRectDestRect) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FF680)
[Address] EAT @explorer.exe (GdipEnumerateMetafileSrcRectDestRectI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FF860)
[Address] EAT @explorer.exe (GdipFillClosedCurve) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FCEEC)
[Address] EAT @explorer.exe (GdipFillClosedCurve2) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FD13E)
[Address] EAT @explorer.exe (GdipFillClosedCurve2I) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FD275)
[Address] EAT @explorer.exe (GdipFillClosedCurveI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FD025)
[Address] EAT @explorer.exe (GdipFillEllipse) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FCA23)
[Address] EAT @explorer.exe (GdipFillEllipseI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FCB4E)
[Address] EAT @explorer.exe (GdipFillPath) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FCD6F)
[Address] EAT @explorer.exe (GdipFillPie) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FCBB9)
[Address] EAT @explorer.exe (GdipFillPieI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FCCF6)
[Address] EAT @explorer.exe (GdipFillPolygon) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FC591)
[Address] EAT @explorer.exe (GdipFillPolygon2) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FC7DD)
[Address] EAT @explorer.exe (GdipFillPolygon2I) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FC90A)
[Address] EAT @explorer.exe (GdipFillPolygonI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FC6C1)
[Address] EAT @explorer.exe (GdipFillRectangle) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FC1B5)
[Address] EAT @explorer.exe (GdipFillRectangleI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FC2E0)
[Address] EAT @explorer.exe (GdipFillRectangles) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FC34B)
[Address] EAT @explorer.exe (GdipFillRectanglesI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FC478)
[Address] EAT @explorer.exe (GdipFillRegion) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FD398)
[Address] EAT @explorer.exe (GdipFindFirstImageItem) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F5ABA)
[Address] EAT @explorer.exe (GdipFindNextImageItem) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F5B60)
[Address] EAT @explorer.exe (GdipFlattenPath) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E8C93)
[Address] EAT @explorer.exe (GdipFlush) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F8645)
[Address] EAT @explorer.exe (GdipFree) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A02546)
[Address] EAT @explorer.exe (GdipGetAdjustableArrowCapFillState) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F3CA4)
[Address] EAT @explorer.exe (GdipGetAdjustableArrowCapHeight) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F3897)
[Address] EAT @explorer.exe (GdipGetAdjustableArrowCapMiddleInset) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F3B4D)
[Address] EAT @explorer.exe (GdipGetAdjustableArrowCapWidth) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F39F2)
[Address] EAT @explorer.exe (GdipGetAllPropertyItems) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F4AB3)
[Address] EAT @explorer.exe (GdipGetBrushType) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739ED9F5)
[Address] EAT @explorer.exe (GdipGetCellAscent) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A03456)
[Address] EAT @explorer.exe (GdipGetCellDescent) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A034F6)
[Address] EAT @explorer.exe (GdipGetClip) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A004CC)
[Address] EAT @explorer.exe (GdipGetClipBounds) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A005C4)
[Address] EAT @explorer.exe (GdipGetClipBoundsI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A00677)
[Address] EAT @explorer.exe (GdipGetCompositingMode) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F88EF)
[Address] EAT @explorer.exe (GdipGetCompositingQuality) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F8A3F)
[Address] EAT @explorer.exe (GdipGetCustomLineCapBaseCap) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F3485)
[Address] EAT @explorer.exe (GdipGetCustomLineCapBaseInset) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F35DC)
[Address] EAT @explorer.exe (GdipGetCustomLineCapStrokeCaps) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F31A9)
[Address] EAT @explorer.exe (GdipGetCustomLineCapStrokeJoin) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F3325)
[Address] EAT @explorer.exe (GdipGetCustomLineCapType) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F2FB2)
[Address] EAT @explorer.exe (GdipGetCustomLineCapWidthScale) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F3733)
[Address] EAT @explorer.exe (GdipGetDC) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A030DD)
[Address] EAT @explorer.exe (GdipGetDpiX) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F9BE3)
[Address] EAT @explorer.exe (GdipGetDpiY) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F9C94)
[Address] EAT @explorer.exe (GdipGetEffectParameterSize) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F6FCE)
[Address] EAT @explorer.exe (GdipGetEffectParameters) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F7033)
[Address] EAT @explorer.exe (GdipGetEmHeight) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A033B6)
[Address] EAT @explorer.exe (GdipGetEncoderParameterList) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F4145)
[Address] EAT @explorer.exe (GdipGetEncoderParameterListSize) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F40A4)
[Address] EAT @explorer.exe (GdipGetFamily) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A04140)
[Address] EAT @explorer.exe (GdipGetFamilyName) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FDE91)
[Address] EAT @explorer.exe (GdipGetFontCollectionFamilyCount) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A03B31)
[Address] EAT @explorer.exe (GdipGetFontCollectionFamilyList) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A03BCD)
[Address] EAT @explorer.exe (GdipGetFontHeight) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A02DFB)
[Address] EAT @explorer.exe (GdipGetFontHeightGivenDPI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A02F03)
[Address] EAT @explorer.exe (GdipGetFontSize) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A02D5D)
[Address] EAT @explorer.exe (GdipGetFontStyle) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A02ABB)
[Address] EAT @explorer.exe (GdipGetFontUnit) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A0432A)
[Address] EAT @explorer.exe (GdipGetGenericFontFamilyMonospace) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A02751)
[Address] EAT @explorer.exe (GdipGetGenericFontFamilySansSerif) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A0265F)
[Address] EAT @explorer.exe (GdipGetGenericFontFamilySerif) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A026D8)
[Address] EAT @explorer.exe (GdipGetHatchBackgroundColor) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EDC14)
[Address] EAT @explorer.exe (GdipGetHatchForegroundColor) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EDB5E)
[Address] EAT @explorer.exe (GdipGetHatchStyle) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EDAA8)
[Address] EAT @explorer.exe (GdipGetHemfFromMetafile) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A013A4)
[Address] EAT @explorer.exe (GdipGetImageAttributesAdjustedPalette) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F8219)
[Address] EAT @explorer.exe (GdipGetImageBounds) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F4F73)
[Address] EAT @explorer.exe (GdipGetImageDecoders) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A020EC)
[Address] EAT @explorer.exe (GdipGetImageDecodersSize) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A02063)
[Address] EAT @explorer.exe (GdipGetImageDimension) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F5048)
[Address] EAT @explorer.exe (GdipGetImageEncoders) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A02320)
[Address] EAT @explorer.exe (GdipGetImageEncodersSize) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A02297)
[Address] EAT @explorer.exe (GdipGetImageFlags) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F5459)
[Address] EAT @explorer.exe (GdipGetImageGraphicsContext) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F4E9C)
[Address] EAT @explorer.exe (GdipGetImageHeight) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F51DA)
[Address] EAT @explorer.exe (GdipGetImageHorizontalResolution) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F52AF)
[Address] EAT @explorer.exe (GdipGetImageItemData) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F5C06)
[Address] EAT @explorer.exe (GdipGetImagePalette) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F56DC)
[Address] EAT @explorer.exe (GdipGetImagePaletteSize) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F5864)
[Address] EAT @explorer.exe (GdipGetImagePixelFormat) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F5607)
[Address] EAT @explorer.exe (GdipGetImageRawFormat) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F552E)
[Address] EAT @explorer.exe (GdipGetImageThumbnail) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F59E3)
[Address] EAT @explorer.exe (GdipGetImageType) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F5933)
[Address] EAT @explorer.exe (GdipGetImageVerticalResolution) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F5384)
[Address] EAT @explorer.exe (GdipGetImageWidth) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F5105)
[Address] EAT @explorer.exe (GdipGetInterpolationMode) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F9195)
[Address] EAT @explorer.exe (GdipGetLineBlend) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EE767)
[Address] EAT @explorer.exe (GdipGetLineBlendCount) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EE6B1)
[Address] EAT @explorer.exe (GdipGetLineColors) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EE5F2)
[Address] EAT @explorer.exe (GdipGetLineGammaCorrection) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E57EC)
[Address] EAT @explorer.exe (GdipGetLinePresetBlend) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EE90F)
[Address] EAT @explorer.exe (GdipGetLinePresetBlendCount) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EFC74)
[Address] EAT @explorer.exe (GdipGetLineRect) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EF8E3)
[Address] EAT @explorer.exe (GdipGetLineRectI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EF998)
[Address] EAT @explorer.exe (GdipGetLineSpacing) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A03596)
[Address] EAT @explorer.exe (GdipGetLineTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F01D0)
[Address] EAT @explorer.exe (GdipGetLineWrapMode) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F011D)
[Address] EAT @explorer.exe (GdipGetLogFontA) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A02B59)
[Address] EAT @explorer.exe (GdipGetLogFontW) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A02C5B)
[Address] EAT @explorer.exe (GdipGetMatrixElements) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EB67E)
[Address] EAT @explorer.exe (GdipGetMetafileDownLevelRasterizationLimit) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A01F4B)
[Address] EAT @explorer.exe (GdipGetMetafileHeaderFromEmf) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A011D9)
[Address] EAT @explorer.exe (GdipGetMetafileHeaderFromFile) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A0123C)
[Address] EAT @explorer.exe (GdipGetMetafileHeaderFromMetafile) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A01300)
[Address] EAT @explorer.exe (GdipGetMetafileHeaderFromStream) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A0129D)
[Address] EAT @explorer.exe (GdipGetMetafileHeaderFromWmf) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A0116F)
[Address] EAT @explorer.exe (GdipGetNearestColor) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FA01A)
[Address] EAT @explorer.exe (GdipGetPageScale) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F9A8D)
[Address] EAT @explorer.exe (GdipGetPageUnit) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F991E)
[Address] EAT @explorer.exe (GdipGetPathData) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E6CA4)
[Address] EAT @explorer.exe (GdipGetPathFillMode) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E6B4A)
[Address] EAT @explorer.exe (GdipGetPathGradientBlend) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EFBA0)
[Address] EAT @explorer.exe (GdipGetPathGradientBlendCount) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EE6B1)
[Address] EAT @explorer.exe (GdipGetPathGradientCenterColor) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EF067)
[Address] EAT @explorer.exe (GdipGetPathGradientCenterPoint) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EF500)
[Address] EAT @explorer.exe (GdipGetPathGradientCenterPointI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EF5BA)
[Address] EAT @explorer.exe (GdipGetPathGradientFocusScales) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F0744)
[Address] EAT @explorer.exe (GdipGetPathGradientGammaCorrection) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EFAED)
[Address] EAT @explorer.exe (GdipGetPathGradientPath) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EF4BD)
[Address] EAT @explorer.exe (GdipGetPathGradientPointCount) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EF776)
[Address] EAT @explorer.exe (GdipGetPathGradientPresetBlend) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EFD2E)
[Address] EAT @explorer.exe (GdipGetPathGradientPresetBlendCount) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EFC74)
[Address] EAT @explorer.exe (GdipGetPathGradientRect) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EF8E3)
[Address] EAT @explorer.exe (GdipGetPathGradientRectI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EF998)
[Address] EAT @explorer.exe (GdipGetPathGradientSurroundColorCount) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EF829)
[Address] EAT @explorer.exe (GdipGetPathGradientSurroundColorsWithCount) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EF1D3)
[Address] EAT @explorer.exe (GdipGetPathGradientTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F01D0)
[Address] EAT @explorer.exe (GdipGetPathGradientWrapMode) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F011D)
[Address] EAT @explorer.exe (GdipGetPathLastPoint) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E711A)
[Address] EAT @explorer.exe (GdipGetPathPoints) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E68FA)
[Address] EAT @explorer.exe (GdipGetPathPointsI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E6A06)
[Address] EAT @explorer.exe (GdipGetPathTypes) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E67F1)
[Address] EAT @explorer.exe (GdipGetPathWorldBounds) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E92AF)
[Address] EAT @explorer.exe (GdipGetPathWorldBoundsI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E947B)
[Address] EAT @explorer.exe (GdipGetPenBrushFill) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F2462)
[Address] EAT @explorer.exe (GdipGetPenColor) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F2297)
[Address] EAT @explorer.exe (GdipGetPenCompoundArray) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F2C11)
[Address] EAT @explorer.exe (GdipGetPenCompoundCount) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F2AA7)
[Address] EAT @explorer.exe (GdipGetPenCustomEndCap) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F1856)
[Address] EAT @explorer.exe (GdipGetPenCustomStartCap) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F1697)
[Address] EAT @explorer.exe (GdipGetPenDashArray) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F29ED)
[Address] EAT @explorer.exe (GdipGetPenDashCap197819) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F138A)
[Address] EAT @explorer.exe (GdipGetPenDashCount) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F2883)
[Address] EAT @explorer.exe (GdipGetPenDashOffset) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F2735)
[Address] EAT @explorer.exe (GdipGetPenDashStyle) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F25E4)
[Address] EAT @explorer.exe (GdipGetPenEndCap) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F12DA)
[Address] EAT @explorer.exe (GdipGetPenFillType) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F2527)
[Address] EAT @explorer.exe (GdipGetPenLineJoin) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F14DF)
[Address] EAT @explorer.exe (GdipGetPenMiterLimit) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F19B2)
[Address] EAT @explorer.exe (GdipGetPenMode) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F1B05)
[Address] EAT @explorer.exe (GdipGetPenStartCap) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F122A)
[Address] EAT @explorer.exe (GdipGetPenTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F1CBB)
[Address] EAT @explorer.exe (GdipGetPenUnit) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F0EF0)
[Address] EAT @explorer.exe (GdipGetPenWidth) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F0D81)
[Address] EAT @explorer.exe (GdipGetPixelOffsetMode) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F8D3E)
[Address] EAT @explorer.exe (GdipGetPointCount) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E673E)
[Address] EAT @explorer.exe (GdipGetPropertyCount) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F479D)
[Address] EAT @explorer.exe (GdipGetPropertyIdList) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F4838)
[Address] EAT @explorer.exe (GdipGetPropertyItem) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F4974)
[Address] EAT @explorer.exe (GdipGetPropertyItemSize) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F48D6)
[Address] EAT @explorer.exe (GdipGetPropertySize) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F4A15)
[Address] EAT @explorer.exe (GdipGetRegionBounds) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EC754)
[Address] EAT @explorer.exe (GdipGetRegionBoundsI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EC876)
[Address] EAT @explorer.exe (GdipGetRegionData) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739ED062)
[Address] EAT @explorer.exe (GdipGetRegionDataSize) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739ECF89)
[Address] EAT @explorer.exe (GdipGetRegionHRgn) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EC9F1)
[Address] EAT @explorer.exe (GdipGetRegionScans) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739ED62C)
[Address] EAT @explorer.exe (GdipGetRegionScansCount) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739ED504)
[Address] EAT @explorer.exe (GdipGetRegionScansI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739ED755)
[Address] EAT @explorer.exe (GdipGetRenderingOrigin) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F877D)
[Address] EAT @explorer.exe (GdipGetSmoothingMode) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F8BAF)
[Address] EAT @explorer.exe (GdipGetSolidFillColor) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EDF44)
[Address] EAT @explorer.exe (GdipGetStringFormatAlign) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A02ABB)
[Address] EAT @explorer.exe (GdipGetStringFormatDigitSubstitution) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A048AF)
[Address] EAT @explorer.exe (GdipGetStringFormatFlags) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A04140)
[Address] EAT @explorer.exe (GdipGetStringFormatHotkeyPrefix) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A04469)
[Address] EAT @explorer.exe (GdipGetStringFormatLineAlign) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A0432A)
[Address] EAT @explorer.exe (GdipGetStringFormatMeasurableCharacterRangeCount) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A04704)
[Address] EAT @explorer.exe (GdipGetStringFormatTabStopCount) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A045B7)
[Address] EAT @explorer.exe (GdipGetStringFormatTabStops) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A04659)
[Address] EAT @explorer.exe (GdipGetStringFormatTrimming) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A049DF)
[Address] EAT @explorer.exe (GdipGetTextContrast) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F8F4F)
[Address] EAT @explorer.exe (GdipGetTextRenderingHint) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F9000)
[Address] EAT @explorer.exe (GdipGetTextureImage) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EDD6E)
[Address] EAT @explorer.exe (GdipGetTextureTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F01D0)
[Address] EAT @explorer.exe (GdipGetTextureWrapMode) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F011D)
[Address] EAT @explorer.exe (GdipGetVisibleClipBounds) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A00837)
[Address] EAT @explorer.exe (GdipGetVisibleClipBoundsI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A008EA)
[Address] EAT @explorer.exe (GdipGetWorldTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F9782)
[Address] EAT @explorer.exe (GdipGraphicsClear) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FC10D)
[Address] EAT @explorer.exe (GdipGraphicsSetAbort) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F7590)
[Address] EAT @explorer.exe (GdipImageForceValidation) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F5CAC)
[Address] EAT @explorer.exe (GdipImageGetFrameCount) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F45B5)
[Address] EAT @explorer.exe (GdipImageGetFrameDimensionsCount) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F4482)
[Address] EAT @explorer.exe (GdipImageGetFrameDimensionsList) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F451A)
[Address] EAT @explorer.exe (GdipImageRotateFlip) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F4705)
[Address] EAT @explorer.exe (GdipImageSelectActiveFrame) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F4650)
[Address] EAT @explorer.exe (GdipImageSetAbort) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F74EA)
[Address] EAT @explorer.exe (GdipInitializePalette) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F718C)
[Address] EAT @explorer.exe (GdipInvertMatrix) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EB0F4)
[Address] EAT @explorer.exe (GdipIsClipEmpty) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A00782)
[Address] EAT @explorer.exe (GdipIsEmptyRegion) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739ECB35)
[Address] EAT @explorer.exe (GdipIsEqualRegion) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739ECDC5)
[Address] EAT @explorer.exe (GdipIsInfiniteRegion) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739ECC7D)
[Address] EAT @explorer.exe (GdipIsMatrixEqual) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EB899)
[Address] EAT @explorer.exe (GdipIsMatrixIdentity) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EB7E6)
[Address] EAT @explorer.exe (GdipIsMatrixInvertible) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EB731)
[Address] EAT @explorer.exe (GdipIsOutlineVisiblePathPoint) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E982D)
[Address] EAT @explorer.exe (GdipIsOutlineVisiblePathPointI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E9A55)
[Address] EAT @explorer.exe (GdipIsStyleAvailable) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A03317)
[Address] EAT @explorer.exe (GdipIsVisibleClipEmpty) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A009F5)
[Address] EAT @explorer.exe (GdipIsVisiblePathPoint) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E9647)
[Address] EAT @explorer.exe (GdipIsVisiblePathPointI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E97CE)
[Address] EAT @explorer.exe (GdipIsVisiblePoint) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A00AAA)
[Address] EAT @explorer.exe (GdipIsVisiblePointI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A00B6F)
[Address] EAT @explorer.exe (GdipIsVisibleRect) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A00BCB)
[Address] EAT @explorer.exe (GdipIsVisibleRectI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A00C9F)
[Address] EAT @explorer.exe (GdipIsVisibleRegionPoint) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739ED155)
[Address] EAT @explorer.exe (GdipIsVisibleRegionPointI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739ED2C0)
[Address] EAT @explorer.exe (GdipIsVisibleRegionRect) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739ED31F)
[Address] EAT @explorer.exe (GdipIsVisibleRegionRectI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739ED496)
[Address] EAT @explorer.exe (GdipLoadImageFromFile) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F3E2B)
[Address] EAT @explorer.exe (GdipLoadImageFromFileICM) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F3FD1)
[Address] EAT @explorer.exe (GdipLoadImageFromStream) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F3D58)
[Address] EAT @explorer.exe (GdipLoadImageFromStreamICM) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F3EFE)
[Address] EAT @explorer.exe (GdipMeasureCharacterRanges) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FD896)
[Address] EAT @explorer.exe (GdipMeasureDriverString) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FDC8D)
[Address] EAT @explorer.exe (GdipMeasureString) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FD6FB)
[Address] EAT @explorer.exe (GdipMultiplyLineTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F0485)
[Address] EAT @explorer.exe (GdipMultiplyMatrix) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EAC7D)
[Address] EAT @explorer.exe (GdipMultiplyPathGradientTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F0485)
[Address] EAT @explorer.exe (GdipMultiplyPenTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F1E61)
[Address] EAT @explorer.exe (GdipMultiplyTextureTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F0485)
[Address] EAT @explorer.exe (GdipMultiplyWorldTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F93D4)
[Address] EAT @explorer.exe (GdipNewInstalledFontCollection) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A03936)
[Address] EAT @explorer.exe (GdipNewPrivateFontCollection) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A039B9)
[Address] EAT @explorer.exe (GdipPathIterCopyData) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EA586)
[Address] EAT @explorer.exe (GdipPathIterEnumerate) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EA481)
[Address] EAT @explorer.exe (GdipPathIterGetCount) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EA0EA)
[Address] EAT @explorer.exe (GdipPathIterGetSubpathCount) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EA1A7)
[Address] EAT @explorer.exe (GdipPathIterHasCurve) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EA321)
[Address] EAT @explorer.exe (GdipPathIterIsValid) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EA264)
[Address] EAT @explorer.exe (GdipPathIterNextMarker) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E9F2B)
[Address] EAT @explorer.exe (GdipPathIterNextMarkerPath) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EA02A)
[Address] EAT @explorer.exe (GdipPathIterNextPathType) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E9E0D)
[Address] EAT @explorer.exe (GdipPathIterNextSubpath) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E9C0A)
[Address] EAT @explorer.exe (GdipPathIterNextSubpathPath) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E9D28)
[Address] EAT @explorer.exe (GdipPathIterRewind) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EA3D2)
[Address] EAT @explorer.exe (GdipPlayMetafileRecord) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FFC76)
[Address] EAT @explorer.exe (GdipPlayTSClientRecord) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A051D7)
[Address] EAT @explorer.exe (GdipPrivateAddFontFile) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A03C82)
[Address] EAT @explorer.exe (GdipPrivateAddMemoryFont) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A03D20)
[Address] EAT @explorer.exe (GdipRecordMetafile) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A01898)
[Address] EAT @explorer.exe (GdipRecordMetafileFileName) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A01A6D)
[Address] EAT @explorer.exe (GdipRecordMetafileFileNameI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A01BA5)
[Address] EAT @explorer.exe (GdipRecordMetafileI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A019B7)
[Address] EAT @explorer.exe (GdipRecordMetafileStream) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A01C5E)
[Address] EAT @explorer.exe (GdipRecordMetafileStreamI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A01D96)
[Address] EAT @explorer.exe (GdipReleaseDC) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A031A4)
[Address] EAT @explorer.exe (GdipRemovePropertyItem) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F4B54)
[Address] EAT @explorer.exe (GdipResetClip) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A00328)
[Address] EAT @explorer.exe (GdipResetImageAttributes) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F79D5)
[Address] EAT @explorer.exe (GdipResetLineTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F03E2)
[Address] EAT @explorer.exe (GdipResetPageTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F9878)
[Address] EAT @explorer.exe (GdipResetPath) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E669B)
[Address] EAT @explorer.exe (GdipResetPathGradientTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F03E2)
[Address] EAT @explorer.exe (GdipResetPenTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F1DC1)
[Address] EAT @explorer.exe (GdipResetTextureTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F03E2)
[Address] EAT @explorer.exe (GdipResetWorldTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F9336)
[Address] EAT @explorer.exe (GdipRestoreGraphics) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A00DBF)
[Address] EAT @explorer.exe (GdipReversePath) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E7077)
[Address] EAT @explorer.exe (GdipRotateLineTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F0677)
[Address] EAT @explorer.exe (GdipRotateMatrix) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EAF5C)
[Address] EAT @explorer.exe (GdipRotatePathGradientTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F0677)
[Address] EAT @explorer.exe (GdipRotatePenTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F2123)
[Address] EAT @explorer.exe (GdipRotateTextureTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F0677)
[Address] EAT @explorer.exe (GdipRotateWorldTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F96BA)
[Address] EAT @explorer.exe (GdipSaveAdd) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F433D)
[Address] EAT @explorer.exe (GdipSaveAddImage) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F43DB)
[Address] EAT @explorer.exe (GdipSaveGraphics) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A00D0A)
[Address] EAT @explorer.exe (GdipSaveImageToFile) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F4293)
[Address] EAT @explorer.exe (GdipSaveImageToStream) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F41E9)
[Address] EAT @explorer.exe (GdipScaleLineTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F059E)
[Address] EAT @explorer.exe (GdipScaleMatrix) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EAE8A)
[Address] EAT @explorer.exe (GdipScalePathGradientTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F059E)
[Address] EAT @explorer.exe (GdipScalePenTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F204D)
[Address] EAT @explorer.exe (GdipScaleTextureTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F059E)
[Address] EAT @explorer.exe (GdipScaleWorldTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F95E6)
[Address] EAT @explorer.exe (GdipSetAdjustableArrowCapFillState) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F3C01)
[Address] EAT @explorer.exe (GdipSetAdjustableArrowCapHeight) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F37F0)
[Address] EAT @explorer.exe (GdipSetAdjustableArrowCapMiddleInset) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F3AA6)
[Address] EAT @explorer.exe (GdipSetAdjustableArrowCapWidth) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F394B)
[Address] EAT @explorer.exe (GdipSetClipGraphics) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FFD64)
[Address] EAT @explorer.exe (GdipSetClipHrgn) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A0023B)
[Address] EAT @explorer.exe (GdipSetClipPath) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FFFDA)
[Address] EAT @explorer.exe (GdipSetClipRect) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FFE90)
[Address] EAT @explorer.exe (GdipSetClipRectI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739FFF6F)
[Address] EAT @explorer.exe (GdipSetClipRegion) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A0010D)
[Address] EAT @explorer.exe (GdipSetCompositingMode) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F8850)
[Address] EAT @explorer.exe (GdipSetCompositingQuality) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F89A0)
[Address] EAT @explorer.exe (GdipSetCustomLineCapBaseCap) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F33E2)
[Address] EAT @explorer.exe (GdipSetCustomLineCapBaseInset) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F3542)
[Address] EAT @explorer.exe (GdipSetCustomLineCapStrokeCaps) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F3103)
[Address] EAT @explorer.exe (GdipSetCustomLineCapStrokeJoin) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F328B)
[Address] EAT @explorer.exe (GdipSetCustomLineCapWidthScale) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F3699)
[Address] EAT @explorer.exe (GdipSetEffectParameters) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F6F65)
[Address] EAT @explorer.exe (GdipSetEmpty) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EC11E)
[Address] EAT @explorer.exe (GdipSetImageAttributesCachedBackground) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F80CD)
[Address] EAT @explorer.exe (GdipSetImageAttributesColorKeys) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F7DA9)
[Address] EAT @explorer.exe (GdipSetImageAttributesColorMatrix) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F7A92)
[Address] EAT @explorer.exe (GdipSetImageAttributesGamma) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F7C22)
[Address] EAT @explorer.exe (GdipSetImageAttributesNoOp) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F7CE9)
[Address] EAT @explorer.exe (GdipSetImageAttributesOutputChannel) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F7E81)
[Address] EAT @explorer.exe (GdipSetImageAttributesOutputChannelColorProfile) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F7F44)
[Address] EAT @explorer.exe (GdipSetImageAttributesRemapTable) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F8007)
[Address] EAT @explorer.exe (GdipSetImageAttributesThreshold) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F7B5B)
[Address] EAT @explorer.exe (GdipSetImageAttributesToIdentity) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F7918)
[Address] EAT @explorer.exe (GdipSetImageAttributesWrapMode) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F8170)
[Address] EAT @explorer.exe (GdipSetImagePalette) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F5796)
[Address] EAT @explorer.exe (GdipSetInfinite) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EC080)
[Address] EAT @explorer.exe (GdipSetInterpolationMode) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F90B1)
[Address] EAT @explorer.exe (GdipSetLineBlend) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EE83B)
[Address] EAT @explorer.exe (GdipSetLineColors) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EE53D)
[Address] EAT @explorer.exe (GdipSetLineGammaCorrection) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E5793)
[Address] EAT @explorer.exe (GdipSetLineLinearBlend) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EEE2A)
[Address] EAT @explorer.exe (GdipSetLinePresetBlend) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EEB24)
[Address] EAT @explorer.exe (GdipSetLineSigmaBlend) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EED78)
[Address] EAT @explorer.exe (GdipSetLineTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F02D9)
[Address] EAT @explorer.exe (GdipSetLineWrapMode) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EEEDC)
[Address] EAT @explorer.exe (GdipSetMatrixElements) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EABB9)
[Address] EAT @explorer.exe (GdipSetMetafileDownLevelRasterizationLimit) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A01E4F)
[Address] EAT @explorer.exe (GdipSetPageScale) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F9B3E)
[Address] EAT @explorer.exe (GdipSetPageUnit) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F99CF)
[Address] EAT @explorer.exe (GdipSetPathFillMode) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E6C00)
[Address] EAT @explorer.exe (GdipSetPathGradientBlend) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EE83B)
[Address] EAT @explorer.exe (GdipSetPathGradientCenterColor) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EF12F)
[Address] EAT @explorer.exe (GdipSetPathGradientCenterPoint) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EF64E)
[Address] EAT @explorer.exe (GdipSetPathGradientCenterPointI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EF708)
[Address] EAT @explorer.exe (GdipSetPathGradientFocusScales) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F0829)
[Address] EAT @explorer.exe (GdipSetPathGradientGammaCorrection) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EFA50)
[Address] EAT @explorer.exe (GdipSetPathGradientLinearBlend) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EEE2A)
[Address] EAT @explorer.exe (GdipSetPathGradientPath) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EF4BD)
[Address] EAT @explorer.exe (GdipSetPathGradientPresetBlend) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EFEDA)
[Address] EAT @explorer.exe (GdipSetPathGradientSigmaBlend) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EED78)
[Address] EAT @explorer.exe (GdipSetPathGradientSurroundColorsWithCount) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EF301)
[Address] EAT @explorer.exe (GdipSetPathGradientTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F02D9)
[Address] EAT @explorer.exe (GdipSetPathGradientWrapMode) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EDCCA)
[Address] EAT @explorer.exe (GdipSetPathMarker) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E6F31)
[Address] EAT @explorer.exe (GdipSetPenBrushFill) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F2357)
[Address] EAT @explorer.exe (GdipSetPenColor) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F21ED)
[Address] EAT @explorer.exe (GdipSetPenCompoundArray) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F2B57)
[Address] EAT @explorer.exe (GdipSetPenCustomEndCap) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F174E)
[Address] EAT @explorer.exe (GdipSetPenCustomStartCap) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F158F)
[Address] EAT @explorer.exe (GdipSetPenDashArray) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F2933)
[Address] EAT @explorer.exe (GdipSetPenDashCap197819) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F1189)
[Address] EAT @explorer.exe (GdipSetPenDashOffset) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F27E5)
[Address] EAT @explorer.exe (GdipSetPenDashStyle) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F2694)
[Address] EAT @explorer.exe (GdipSetPenEndCap) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F10E8)
[Address] EAT @explorer.exe (GdipSetPenLineCap197819) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F0FA0)
[Address] EAT @explorer.exe (GdipSetPenLineJoin) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F1441)
[Address] EAT @explorer.exe (GdipSetPenMiterLimit) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F190D)
[Address] EAT @explorer.exe (GdipSetPenMode) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F1A62)
[Address] EAT @explorer.exe (GdipSetPenStartCap) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F1047)
[Address] EAT @explorer.exe (GdipSetPenTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F1BB5)
[Address] EAT @explorer.exe (GdipSetPenUnit) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F0E31)
[Address] EAT @explorer.exe (GdipSetPenWidth) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F0CE3)
[Address] EAT @explorer.exe (GdipSetPixelOffsetMode) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F8C85)
[Address] EAT @explorer.exe (GdipSetPropertyItem) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F4BEF)
[Address] EAT @explorer.exe (GdipSetRenderingOrigin) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F86DB)
[Address] EAT @explorer.exe (GdipSetSmoothingMode) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F8AF0)
[Address] EAT @explorer.exe (GdipSetSolidFillColor) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EDEA1)
[Address] EAT @explorer.exe (GdipSetStringFormatAlign) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A041DE)
[Address] EAT @explorer.exe (GdipSetStringFormatDigitSubstitution) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A0481E)
[Address] EAT @explorer.exe (GdipSetStringFormatFlags) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A040B4)
[Address] EAT @explorer.exe (GdipSetStringFormatHotkeyPrefix) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A043C8)
[Address] EAT @explorer.exe (GdipSetStringFormatLineAlign) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A04284)
[Address] EAT @explorer.exe (GdipSetStringFormatMeasurableCharacterRanges) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A04786)
[Address] EAT @explorer.exe (GdipSetStringFormatTabStops) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A0450B)
[Address] EAT @explorer.exe (GdipSetStringFormatTrimming) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A04940)
[Address] EAT @explorer.exe (GdipSetTextContrast) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F8EAE)
[Address] EAT @explorer.exe (GdipSetTextRenderingHint) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F8DEF)
[Address] EAT @explorer.exe (GdipSetTextureTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F02D9)
[Address] EAT @explorer.exe (GdipSetTextureWrapMode) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EDCCA)
[Address] EAT @explorer.exe (GdipSetWorldTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F9232)
[Address] EAT @explorer.exe (GdipShearMatrix) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EB022)
[Address] EAT @explorer.exe (GdipStartPathFigure) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E6D4A)
[Address] EAT @explorer.exe (GdipStringFormatGetGenericDefault) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A03E91)
[Address] EAT @explorer.exe (GdipStringFormatGetGenericTypographic) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A03F14)
[Address] EAT @explorer.exe (GdipTestControl) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A04E42)
[Address] EAT @explorer.exe (GdipTransformMatrixPoints) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EB192)
[Address] EAT @explorer.exe (GdipTransformMatrixPointsI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EB24B)
[Address] EAT @explorer.exe (GdipTransformPath) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E91A8)
[Address] EAT @explorer.exe (GdipTransformPoints) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F9D45)
[Address] EAT @explorer.exe (GdipTransformPointsI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F9E06)
[Address] EAT @explorer.exe (GdipTransformRegion) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EC64E)
[Address] EAT @explorer.exe (GdipTranslateClip) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A003C6)
[Address] EAT @explorer.exe (GdipTranslateClipI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73A00473)
[Address] EAT @explorer.exe (GdipTranslateLineTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EEF8E)
[Address] EAT @explorer.exe (GdipTranslateMatrix) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EADB8)
[Address] EAT @explorer.exe (GdipTranslatePathGradientTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EEF8E)
[Address] EAT @explorer.exe (GdipTranslatePenTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F1F77)
[Address] EAT @explorer.exe (GdipTranslateRegion) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EC56E)
[Address] EAT @explorer.exe (GdipTranslateRegionI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EC5F5)
[Address] EAT @explorer.exe (GdipTranslateTextureTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EEF8E)
[Address] EAT @explorer.exe (GdipTranslateWorldTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739F9512)
[Address] EAT @explorer.exe (GdipVectorTransformMatrixPoints) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EB3C1)
[Address] EAT @explorer.exe (GdipVectorTransformMatrixPointsI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739EB47A)
[Address] EAT @explorer.exe (GdipWarpPath) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E9048)
[Address] EAT @explorer.exe (GdipWidenPath) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E8EC5)
[Address] EAT @explorer.exe (GdipWindingModeOutline) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E8DAB)
[Address] EAT @explorer.exe (GdiplusNotificationHook) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E6189)
[Address] EAT @explorer.exe (GdiplusNotificationUnhook) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E6205)
[Address] EAT @explorer.exe (GdiplusShutdown) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E56EC)
[Address] EAT @explorer.exe (GdiplusStartup) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x739E562E)
[Address] EAT @explorer.exe (BeginBufferedAnimation) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E509AE)
[Address] EAT @explorer.exe (BeginBufferedPaint) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E449A1)
[Address] EAT @explorer.exe (BeginPanningFeedback) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E70731)
[Address] EAT @explorer.exe (BufferedPaintClear) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E46395)
[Address] EAT @explorer.exe (BufferedPaintInit) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E4940E)
[Address] EAT @explorer.exe (BufferedPaintRenderAnimation) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E508ED)
[Address] EAT @explorer.exe (BufferedPaintSetAlpha) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E5E6B3)
[Address] EAT @explorer.exe (BufferedPaintStopAllAnimations) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E5D395)
[Address] EAT @explorer.exe (BufferedPaintUnInit) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E494AB)
[Address] EAT @explorer.exe (CloseThemeData) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E46A18)
[Address] EAT @explorer.exe (DrawThemeBackground) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E43982)
[Address] EAT @explorer.exe (DrawThemeBackgroundEx) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E5D9DA)
[Address] EAT @explorer.exe (DrawThemeEdge) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E63B52)
[Address] EAT @explorer.exe (DrawThemeIcon) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E735E7)
[Address] EAT @explorer.exe (DrawThemeParentBackground) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E453E5)
[Address] EAT @explorer.exe (DrawThemeParentBackgroundEx) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E451BF)
[Address] EAT @explorer.exe (DrawThemeText) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E44EA1)
[Address] EAT @explorer.exe (DrawThemeTextEx) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E463E6)
[Address] EAT @explorer.exe (EnableThemeDialogTexture) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E4FCAF)
[Address] EAT @explorer.exe (EnableTheming) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E72FEB)
[Address] EAT @explorer.exe (EndBufferedAnimation) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E43F9A)
[Address] EAT @explorer.exe (EndBufferedPaint) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E43F9A)
[Address] EAT @explorer.exe (EndPanningFeedback) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E706CC)
[Address] EAT @explorer.exe (GetBufferedPaintBits) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E44BAF)
[Address] EAT @explorer.exe (GetBufferedPaintDC) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E504BC)
[Address] EAT @explorer.exe (GetBufferedPaintTargetDC) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E50473)
[Address] EAT @explorer.exe (GetBufferedPaintTargetRect) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E72E7F)
[Address] EAT @explorer.exe (GetCurrentThemeName) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E505DD)
[Address] EAT @explorer.exe (GetThemeAppProperties) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E50FB1)
[Address] EAT @explorer.exe (GetThemeBackgroundContentRect) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E4CD2E)
[Address] EAT @explorer.exe (GetThemeBackgroundExtent) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E4F8BF)
[Address] EAT @explorer.exe (GetThemeBackgroundRegion) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E5165D)
[Address] EAT @explorer.exe (GetThemeBitmap) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E4BF93)
[Address] EAT @explorer.exe (GetThemeBool) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E47C1F)
[Address] EAT @explorer.exe (GetThemeColor) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E4616C)
[Address] EAT @explorer.exe (GetThemeDocumentationProperty) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E72932)
[Address] EAT @explorer.exe (GetThemeEnumValue) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E4616C)
[Address] EAT @explorer.exe (GetThemeFilename) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E72412)
[Address] EAT @explorer.exe (GetThemeFont) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E4FF21)
[Address] EAT @explorer.exe (GetThemeInt) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E4616C)
[Address] EAT @explorer.exe (GetThemeIntList) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E723B1)
[Address] EAT @explorer.exe (GetThemeMargins) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E486E9)
[Address] EAT @explorer.exe (GetThemeMetric) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E506E2)
[Address] EAT @explorer.exe (GetThemePartSize) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E4CDB1)
[Address] EAT @explorer.exe (GetThemePosition) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E72350)
[Address] EAT @explorer.exe (GetThemePropertyOrigin) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E63FBB)
[Address] EAT @explorer.exe (GetThemeRect) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E53611)
[Address] EAT @explorer.exe (GetThemeStream) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E539D9)
[Address] EAT @explorer.exe (GetThemeString) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E722E4)
[Address] EAT @explorer.exe (GetThemeSysBool) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E73172)
[Address] EAT @explorer.exe (GetThemeSysColor) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E63274)
[Address] EAT @explorer.exe (GetThemeSysColorBrush) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E7301E)
[Address] EAT @explorer.exe (GetThemeSysFont) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E729C4)
[Address] EAT @explorer.exe (GetThemeSysInt) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E72BD3)
[Address] EAT @explorer.exe (GetThemeSysSize) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E7320B)
[Address] EAT @explorer.exe (GetThemeSysString) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E72B3F)
[Address] EAT @explorer.exe (GetThemeTextExtent) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E42D57)
[Address] EAT @explorer.exe (GetThemeTextMetrics) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E4F992)
[Address] EAT @explorer.exe (GetThemeTransitionDuration) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E51081)
[Address] EAT @explorer.exe (GetWindowTheme) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E4DF46)
[Address] EAT @explorer.exe (HitTestThemeBackground) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E53CE3)
[Address] EAT @explorer.exe (IsAppThemed) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E4F869)
[Address] EAT @explorer.exe (IsCompositionActive) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E42E9A)
[Address] EAT @explorer.exe (IsThemeActive) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E4F785)
[Address] EAT @explorer.exe (IsThemeBackgroundPartiallyTransparent) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E460AB)
[Address] EAT @explorer.exe (IsThemeDialogTextureEnabled) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E7312B)
[Address] EAT @explorer.exe (IsThemePartDefined) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E485B4)
[Address] EAT @explorer.exe (OpenThemeData) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E473D2)
[Address] EAT @explorer.exe (OpenThemeDataEx) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E63D43)
[Address] EAT @explorer.exe (SetThemeAppProperties) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E73296)
[Address] EAT @explorer.exe (SetWindowTheme) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E50134)
[Address] EAT @explorer.exe (SetWindowThemeAttribute) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E5CFE6)
[Address] EAT @explorer.exe (ThemeInitApiHook) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E4B176)
[Address] EAT @explorer.exe (UpdatePanningFeedback) : SAMLIB.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E7068D)
[Address] EAT @explorer.exe (DllGetClassObject) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1CFAD)
[Address] EAT @explorer.exe (IEnumString_Next_WIC_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1E059)
[Address] EAT @explorer.exe (IEnumString_Reset_WIC_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1E082)
[Address] EAT @explorer.exe (IPropertyBag2_Write_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1E0A2)
[Address] EAT @explorer.exe (IWICBitmapClipper_Initialize_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1DDA6)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_DoesSupportAnimation_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1EAD0)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_DoesSupportLossless_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1EAF3)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_DoesSupportMultiframe_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1EB16)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetContainerFormat_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D855)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetDeviceManufacturer_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1EA2C)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetDeviceModels_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1EA55)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetFileExtensions_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1EAA7)
[Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetMimeTypes_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1EA7E)
[Address] EAT @explorer.exe (IWICBitmapDecoder_CopyPalette_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D832)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetColorContexts_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1EA03)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetDecoderInfo_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1DCA1)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetFrameCount_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D9FB)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetFrame_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D89B)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetMetadataQueryReader_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D878)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetPreview_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1DCF0)
[Address] EAT @explorer.exe (IWICBitmapDecoder_GetThumbnail_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D855)
[Address] EAT @explorer.exe (IWICBitmapEncoder_Commit_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1DC81)
[Address] EAT @explorer.exe (IWICBitmapEncoder_CreateNewFrame_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1DC03)
[Address] EAT @explorer.exe (IWICBitmapEncoder_GetEncoderInfo_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1DBDA)
[Address] EAT @explorer.exe (IWICBitmapEncoder_GetMetadataQueryWriter_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D9FB)
[Address] EAT @explorer.exe (IWICBitmapEncoder_Initialize_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1DBAE)
[Address] EAT @explorer.exe (IWICBitmapEncoder_SetPalette_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1DC58)
[Address] EAT @explorer.exe (IWICBitmapEncoder_SetThumbnail_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1DC2F)
[Address] EAT @explorer.exe (IWICBitmapFlipRotator_Initialize_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1DDA6)
[Address] EAT @explorer.exe (IWICBitmapFrameDecode_GetColorContexts_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D8C1)
[Address] EAT @explorer.exe (IWICBitmapFrameDecode_GetMetadataQueryReader_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D878)
[Address] EAT @explorer.exe (IWICBitmapFrameDecode_GetThumbnail_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D8EA)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_Commit_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1DA1E)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_GetMetadataQueryWriter_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1DACA)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_Initialize_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1E010)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetColorContexts_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1DB82)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetResolution_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1DA70)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetSize_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1DA3E)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetThumbnail_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1DB59)
[Address] EAT @explorer.exe (IWICBitmapFrameEncode_WriteSource_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1DAED)
[Address] EAT @explorer.exe (IWICBitmapLock_GetDataPointer_STA_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D80C)
[Address] EAT @explorer.exe (IWICBitmapLock_GetStride_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D92D)
[Address] EAT @explorer.exe (IWICBitmapScaler_Initialize_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1DD7A)
[Address] EAT @explorer.exe (IWICBitmapSource_CopyPalette_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1DCA1)
[Address] EAT @explorer.exe (IWICBitmapSource_CopyPixels_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1DCC4)
[Address] EAT @explorer.exe (IWICBitmapSource_GetPixelFormat_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D92D)
[Address] EAT @explorer.exe (IWICBitmapSource_GetResolution_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D80C)
[Address] EAT @explorer.exe (IWICBitmapSource_GetSize_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D950)
[Address] EAT @explorer.exe (IWICBitmap_Lock_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1E9DA)
[Address] EAT @explorer.exe (IWICBitmap_SetPalette_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1DCF0)
[Address] EAT @explorer.exe (IWICBitmap_SetResolution_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1DD13)
[Address] EAT @explorer.exe (IWICColorContext_InitializeFromMemory_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D976)
[Address] EAT @explorer.exe (IWICComponentFactory_CreateMetadataWriterFromReader_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D7BA)
[Address] EAT @explorer.exe (IWICComponentFactory_CreateQueryWriterFromBlockWriter_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D7E3)
[Address] EAT @explorer.exe (IWICComponentInfo_GetAuthor_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1E9B1)
[Address] EAT @explorer.exe (IWICComponentInfo_GetCLSID_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D92D)
[Address] EAT @explorer.exe (IWICComponentInfo_GetFriendlyName_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1EA03)
[Address] EAT @explorer.exe (IWICComponentInfo_GetSpecVersion_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D8C1)
[Address] EAT @explorer.exe (IWICComponentInfo_GetVersion_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1E9DA)
[Address] EAT @explorer.exe (IWICFastMetadataEncoder_Commit_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D90D)
[Address] EAT @explorer.exe (IWICFastMetadataEncoder_GetMetadataQueryWriter_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D92D)
[Address] EAT @explorer.exe (IWICFormatConverter_Initialize_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1DD43)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapClipper_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D567)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFlipRotator_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D590)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromHBITMAP_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D6CA)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromHICON_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D6F6)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromMemory_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D666)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromSource_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D63D)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapScaler_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D53E)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmap_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D69B)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateComponentInfo_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D4E9)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateDecoderFromFileHandle_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D4B1)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateDecoderFromFilename_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D476)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateDecoderFromStream_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D43E)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateEncoder_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D5E2)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateFastMetadataEncoderFromDecoder_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D71C)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateFastMetadataEncoderFromFrameDecode_ProxH6wðtø"Ü) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D742)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateFormatConverter_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D515)
[Address] EAT @explorer.exe (IWICImagingFactory_CreatePalette_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1DB59)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateQueryWriterFromReader_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D791)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateQueryWriter_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D768)
[Address] EAT @explorer.exe (IWICImagingFactory_CreateStream_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D5B9)
[Address] EAT @explorer.exe (IWICMetadataBlockReader_GetCount_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D92D)
[Address] EAT @explorer.exe (IWICMetadataBlockReader_GetReaderByIndex_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D80C)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetContainerFormat_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1E010)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetEnumerator_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1DCA1)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetLocation_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1E0A2)
[Address] EAT @explorer.exe (IWICMetadataQueryReader_GetMetadataByName_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D80C)
[Address] EAT @explorer.exe (IWICMetadataQueryWriter_RemoveMetadataByName_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D878)
[Address] EAT @explorer.exe (IWICMetadataQueryWriter_SetMetadataByName_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1E033)
[Address] EAT @explorer.exe (IWICPalette_GetColorCount_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D9C5)
[Address] EAT @explorer.exe (IWICPalette_GetColors_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D8C1)
[Address] EAT @explorer.exe (IWICPalette_GetType_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D832)
[Address] EAT @explorer.exe (IWICPalette_HasAlpha_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D9FB)
[Address] EAT @explorer.exe (IWICPalette_InitializeCustom_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D976)
[Address] EAT @explorer.exe (IWICPalette_InitializeFromBitmap_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D99C)
[Address] EAT @explorer.exe (IWICPalette_InitializeFromPalette_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1DCA1)
[Address] EAT @explorer.exe (IWICPalette_InitializePredefined_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D950)
[Address] EAT @explorer.exe (IWICPixelFormatInfo_GetBitsPerPixel_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1DACA)
[Address] EAT @explorer.exe (IWICPixelFormatInfo_GetChannelCount_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1EB39)
[Address] EAT @explorer.exe (IWICPixelFormatInfo_GetChannelMask_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1EB5C)
[Address] EAT @explorer.exe (IWICStream_InitializeFromIStream_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1EB39)
[Address] EAT @explorer.exe (IWICStream_InitializeFromMemory_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1DDCC)
[Address] EAT @explorer.exe (WICConvertBitmapSource) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1DE11)
[Address] EAT @explorer.exe (WICCreateBitmapFromSection) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1DFE6)
[Address] EAT @explorer.exe (WICCreateBitmapFromSectionEx) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1DEE5)
[Address] EAT @explorer.exe (WICCreateColorContext_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1EB88)
[Address] EAT @explorer.exe (WICCreateImagingFactory_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D03B)
[Address] EAT @explorer.exe (WICGetMetadataContentSize) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1E676)
[Address] EAT @explorer.exe (WICMapGuidToShortName) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D0FC)
[Address] EAT @explorer.exe (WICMapSchemaToName) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D2F0)
[Address] EAT @explorer.exe (WICMapShortNameToGuid) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1D227)
[Address] EAT @explorer.exe (WICMatchMetadataContent) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1E0CB)
[Address] EAT @explorer.exe (WICSerializeMetadataContent) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1E20D)
[Address] EAT @explorer.exe (WICSetEncoderFormat_Proxy) : ksuser.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x72D1DDF2)
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK2555GSX +++++
--- User ---
[MBR] 87bbbb9be27f9f2f9a2d6128aaa33e68
[BSP] 82dc2f1a513b7ac506e666a8429bee5c : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 20480 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 41945088 | Size: 100 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 42149888 | Size: 121806 MB
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 291608576 | Size: 96087 MB
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_04102014_084312.txt >>





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users