Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

i have rootkit and other infections.


  • Please log in to reply
24 replies to this topic

#1 MohRiyal

MohRiyal

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:31 AM

Posted 09 April 2014 - 11:48 AM

i was asked to post here


EDIT:
AII Topic
http://www.bleepingcomputer.com/forums/t/530142/hello-disk-space/page-3#entry3338315
 
Rogue killer log
 
 
RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Lord Pwnz [Admin rights]
Mode : Remove -- Date : 04/09/2014 00:33:50
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH][DLL] explorer.exe -- C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Hook\rndlchrome10browserrecordhelper.dll [x] -> UNLOADED
 
¤¤¤ Registry Entries : 0 ¤¤¤
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
[Address] EAT @explorer.exe (GdipAddPathArc) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E474C6)
[Address] EAT @explorer.exe (GdipAddPathArcI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E47599)
[Address] EAT @explorer.exe (GdipAddPathBezier) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4760F)
[Address] EAT @explorer.exe (GdipAddPathBezierI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E476F4)
[Address] EAT @explorer.exe (GdipAddPathBeziers) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E47778)
[Address] EAT @explorer.exe (GdipAddPathBeziersI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E47838)
[Address] EAT @explorer.exe (GdipAddPathClosedCurve) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E47F15)
[Address] EAT @explorer.exe (GdipAddPathClosedCurve2) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E480DE)
[Address] EAT @explorer.exe (GdipAddPathClosedCurve2I) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E481A5)
[Address] EAT @explorer.exe (GdipAddPathClosedCurveI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E47FD5)
[Address] EAT @explorer.exe (GdipAddPathCurve) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E47941)
[Address] EAT @explorer.exe (GdipAddPathCurve2) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E47B2D)
[Address] EAT @explorer.exe (GdipAddPathCurve2I) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E47BFB)
[Address] EAT @explorer.exe (GdipAddPathCurve3) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E47D2E)
[Address] EAT @explorer.exe (GdipAddPathCurve3I) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E47DFF)
[Address] EAT @explorer.exe (GdipAddPathCurveI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E47A01)
[Address] EAT @explorer.exe (GdipAddPathEllipse) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E485A8)
[Address] EAT @explorer.exe (GdipAddPathEllipseI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E48667)
[Address] EAT @explorer.exe (GdipAddPathLine) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E471D4)
[Address] EAT @explorer.exe (GdipAddPathLine2) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E472FD)
[Address] EAT @explorer.exe (GdipAddPathLine2I) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E473BD)
[Address] EAT @explorer.exe (GdipAddPathLineI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E47295)
[Address] EAT @explorer.exe (GdipAddPathPath) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E489E1)
[Address] EAT @explorer.exe (GdipAddPathPie) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E486CF)
[Address] EAT @explorer.exe (GdipAddPathPieI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E487A2)
[Address] EAT @explorer.exe (GdipAddPathPolygon) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E48818)
[Address] EAT @explorer.exe (GdipAddPathPolygonI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E488D8)
[Address] EAT @explorer.exe (GdipAddPathRectangle) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E482B5)
[Address] EAT @explorer.exe (GdipAddPathRectangleI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E48376)
[Address] EAT @explorer.exe (GdipAddPathRectangles) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E483DE)
[Address] EAT @explorer.exe (GdipAddPathRectanglesI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4849E)
[Address] EAT @explorer.exe (GdipAddPathString) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E48A8A)
[Address] EAT @explorer.exe (GdipAddPathStringI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E48C03)
[Address] EAT @explorer.exe (GdipAlloc) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E624CB)
[Address] EAT @explorer.exe (GdipBeginContainer) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E60E5E)
[Address] EAT @explorer.exe (GdipBeginContainer2) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E60F5F)
[Address] EAT @explorer.exe (GdipBeginContainerI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E61023)
[Address] EAT @explorer.exe (GdipBitmapApplyEffect) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E57307)
[Address] EAT @explorer.exe (GdipBitmapConvertFormat) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5709C)
[Address] EAT @explorer.exe (GdipBitmapCreateApplyEffect) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5726A)
[Address] EAT @explorer.exe (GdipBitmapGetHistogram) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E573BB)
[Address] EAT @explorer.exe (GdipBitmapGetHistogramSize) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E57490)
[Address] EAT @explorer.exe (GdipBitmapGetPixel) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E56CFA)
[Address] EAT @explorer.exe (GdipBitmapLockBits) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E56B83)
[Address] EAT @explorer.exe (GdipBitmapSetPixel) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E56DC0)
[Address] EAT @explorer.exe (GdipBitmapSetResolution) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5762F)
[Address] EAT @explorer.exe (GdipBitmapUnlockBits) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E56C43)
[Address] EAT @explorer.exe (GdipClearPathMarkers) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E46FD4)
[Address] EAT @explorer.exe (GdipCloneBitmapArea) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E66C2A)
[Address] EAT @explorer.exe (GdipCloneBitmapAreaI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E56A8F)
[Address] EAT @explorer.exe (GdipCloneBrush) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4D87E)
[Address] EAT @explorer.exe (GdipCloneCustomLineCap) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E52EB5)
[Address] EAT @explorer.exe (GdipCloneFont) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E62FAC)
[Address] EAT @explorer.exe (GdipCloneFontFamily) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E62A1B)
[Address] EAT @explorer.exe (GdipCloneImage) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E54C90)
[Address] EAT @explorer.exe (GdipCloneImageAttributes) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E577B1)
[Address] EAT @explorer.exe (GdipCloneMatrix) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4AA39)
[Address] EAT @explorer.exe (GdipClonePath) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4651A)
[Address] EAT @explorer.exe (GdipClonePen) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E50B54)
[Address] EAT @explorer.exe (GdipCloneRegion) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4BEC7)
[Address] EAT @explorer.exe (GdipCloneStringFormat) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E63F8B)
[Address] EAT @explorer.exe (GdipClosePathFigure) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E46DEB)
[Address] EAT @explorer.exe (GdipClosePathFigures) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E46E8E)
[Address] EAT @explorer.exe (GdipCombineRegionPath) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4C310)
[Address] EAT @explorer.exe (GdipCombineRegionRect) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4C1BC)
[Address] EAT @explorer.exe (GdipCombineRegionRectI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4C293)
[Address] EAT @explorer.exe (GdipCombineRegionRegion) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4C43E)
[Address] EAT @explorer.exe (GdipComment) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E6325C)
[Address] EAT @explorer.exe (GdipConvertToEmfPlus) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E64F0F)
[Address] EAT @explorer.exe (GdipConvertToEmfPlusToFile) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E64FEF)
[Address] EAT @explorer.exe (GdipConvertToEmfPlusToStream) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E650E3)
[Address] EAT @explorer.exe (GdipCreateAdjustableArrowCap) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E66B65)
[Address] EAT @explorer.exe (GdipCreateBitmapFromDirectDrawSurface) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E56518)
[Address] EAT @explorer.exe (GdipCreateBitmapFromFile) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E55EB5)
[Address] EAT @explorer.exe (GdipCreateBitmapFromFileICM) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E56151)
[Address] EAT @explorer.exe (GdipCreateBitmapFromGdiDib) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E56605)
[Address] EAT @explorer.exe (GdipCreateBitmapFromGraphics) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E563C5)
[Address] EAT @explorer.exe (GdipCreateBitmapFromHBITMAP) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E56707)
[Address] EAT @explorer.exe (GdipCreateBitmapFromHICON) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E56885)
[Address] EAT @explorer.exe (GdipCreateBitmapFromResource) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E56917)
[Address] EAT @explorer.exe (GdipCreateBitmapFromScan0) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E562A0)
[Address] EAT @explorer.exe (GdipCreateBitmapFromStream) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E55D68)
[Address] EAT @explorer.exe (GdipCreateBitmapFromStreamICM) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E56003)
[Address] EAT @explorer.exe (GdipCreateCachedBitmap) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E64A81)
[Address] EAT @explorer.exe (GdipCreateCustomLineCap) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E52CCB)
[Address] EAT @explorer.exe (GdipCreateEffect) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E56E69)
[Address] EAT @explorer.exe (GdipCreateFont) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E627CA)
[Address] EAT @explorer.exe (GdipCreateFontFamilyFromName) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E62590)
[Address] EAT @explorer.exe (GdipCreateFontFromDC) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E63636)
[Address] EAT @explorer.exe (GdipCreateFontFromLogfontA) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E63730)
[Address] EAT @explorer.exe (GdipCreateFontFromLogfontW) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E63833)
[Address] EAT @explorer.exe (GdipCreateFromHDC) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E58301)
[Address] EAT @explorer.exe (GdipCreateFromHDC2) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E583AB)
[Address] EAT @explorer.exe (GdipCreateFromHWND) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E58456)
[Address] EAT @explorer.exe (GdipCreateFromHWNDICM) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E58500)
[Address] EAT @explorer.exe (GdipCreateHBITMAPFromBitmap) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5679C)
[Address] EAT @explorer.exe (GdipCreateHICONFromBitmap) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E569AC)
[Address] EAT @explorer.exe (GdipCreateHalftonePalette) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E64D8C)
[Address] EAT @explorer.exe (GdipCreateHatchBrush) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E662CA)
[Address] EAT @explorer.exe (GdipCreateImageAttributes) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E576DE)
[Address] EAT @explorer.exe (GdipCreateLineBrush) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4DFFA)
[Address] EAT @explorer.exe (GdipCreateLineBrushFromRect) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4E1BF)
[Address] EAT @explorer.exe (GdipCreateLineBrushFromRectI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4E2AF)
[Address] EAT @explorer.exe (GdipCreateLineBrushFromRectWithAngle) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4E377)
[Address] EAT @explorer.exe (GdipCreateLineBrushFromRectWithAngleI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4E46E)
[Address] EAT @explorer.exe (GdipCreateLineBrushI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4E0F0)
[Address] EAT @explorer.exe (GdipCreateMatrix) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4A68E)
[Address] EAT @explorer.exe (GdipCreateMatrix2) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4A744)
[Address] EAT @explorer.exe (GdipCreateMatrix3) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4A884)
[Address] EAT @explorer.exe (GdipCreateMatrix3I) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4A94C)
[Address] EAT @explorer.exe (GdipCreateMetafileFromEmf) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E6153C)
[Address] EAT @explorer.exe (GdipCreateMetafileFromFile) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E61614)
[Address] EAT @explorer.exe (GdipCreateMetafileFromStream) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E617C3)
[Address] EAT @explorer.exe (GdipCreateMetafileFromWmf) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E6145F)
[Address] EAT @explorer.exe (GdipCreateMetafileFromWmfFile) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E616EB)
[Address] EAT @explorer.exe (GdipCreatePath) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E661D9)
[Address] EAT @explorer.exe (GdipCreatePath2) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4627E)
[Address] EAT @explorer.exe (GdipCreatePath2I) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4634F)
[Address] EAT @explorer.exe (GdipCreatePathGradient) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E66893)
[Address] EAT @explorer.exe (GdipCreatePathGradientFromPath) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E66AA7)
[Address] EAT @explorer.exe (GdipCreatePathGradientI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E66955)
[Address] EAT @explorer.exe (GdipCreatePathIter) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E49AB7)
[Address] EAT @explorer.exe (GdipCreatePen1) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E508D0)
[Address] EAT @explorer.exe (GdipCreatePen2) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E50A01)
[Address] EAT @explorer.exe (GdipCreateRegion) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4B9CE)
[Address] EAT @explorer.exe (GdipCreateRegionHrgn) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4BDF8)
[Address] EAT @explorer.exe (GdipCreateRegionPath) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4BBF4)
[Address] EAT @explorer.exe (GdipCreateRegionRect) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4BA87)
[Address] EAT @explorer.exe (GdipCreateRegionRectI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4BB49)
[Address] EAT @explorer.exe (GdipCreateRegionRgnData) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4BD16)
[Address] EAT @explorer.exe (GdipCreateSolidFill) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E6707F)
[Address] EAT @explorer.exe (GdipCreateStreamOnFile) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E45877)
[Address] EAT @explorer.exe (GdipCreateStringFormat) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E63DC1)
[Address] EAT @explorer.exe (GdipCreateTexture) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E663AB)
[Address] EAT @explorer.exe (GdipCreateTexture2) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E664CD)
[Address] EAT @explorer.exe (GdipCreateTexture2I) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E667B9)
[Address] EAT @explorer.exe (GdipCreateTextureIA) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E6660F)
[Address] EAT @explorer.exe (GdipCreateTextureIAI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E66859)
[Address] EAT @explorer.exe (GdipDeleteBrush) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4D958)
[Address] EAT @explorer.exe (GdipDeleteCachedBitmap) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E64BEC)
[Address] EAT @explorer.exe (GdipDeleteCustomLineCap) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E53069)
[Address] EAT @explorer.exe (GdipDeleteEffect) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E56EFA)
[Address] EAT @explorer.exe (GdipDeleteFont) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E63065)
[Address] EAT @explorer.exe (GdipDeleteFontFamily) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E62922)
[Address] EAT @explorer.exe (GdipDeleteGraphics) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E585AA)
[Address] EAT @explorer.exe (GdipDeleteMatrix) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4AB0E)
[Address] EAT @explorer.exe (GdipDeletePath) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E465EE)
[Address] EAT @explorer.exe (GdipDeletePathIter) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E49B70)
[Address] EAT @explorer.exe (GdipDeletePen) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E50C2B)
[Address] EAT @explorer.exe (GdipDeletePrivateFontCollection) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E63A7D)
[Address] EAT @explorer.exe (GdipDeleteRegion) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4BFE6)
[Address] EAT @explorer.exe (GdipDeleteStringFormat) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E64036)
[Address] EAT @explorer.exe (GdipDisposeImage) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E54D5E)
[Address] EAT @explorer.exe (GdipDisposeImageAttributes) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5787F)
[Address] EAT @explorer.exe (GdipDrawArc) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5A4A5)
[Address] EAT @explorer.exe (GdipDrawArcI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5A5DF)
[Address] EAT @explorer.exe (GdipDrawBezier) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5A658)
[Address] EAT @explorer.exe (GdipDrawBezierI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5A7A0)
[Address] EAT @explorer.exe (GdipDrawBeziers) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5A827)
[Address] EAT @explorer.exe (GdipDrawBeziersI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5A951)
[Address] EAT @explorer.exe (GdipDrawCachedBitmap) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E64C86)
[Address] EAT @explorer.exe (GdipDrawClosedCurve) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5BC79)
[Address] EAT @explorer.exe (GdipDrawClosedCurve2) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5BEBC)
[Address] EAT @explorer.exe (GdipDrawClosedCurve2I) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5BFED)
[Address] EAT @explorer.exe (GdipDrawClosedCurveI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5BDA3)
[Address] EAT @explorer.exe (GdipDrawCurve) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5B581)
[Address] EAT @explorer.exe (GdipDrawCurve2) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5B7C4)
[Address] EAT @explorer.exe (GdipDrawCurve2I) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5B8FC)
[Address] EAT @explorer.exe (GdipDrawCurve3) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5BA1C)
[Address] EAT @explorer.exe (GdipDrawCurve3I) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5BB53)
[Address] EAT @explorer.exe (GdipDrawCurveI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5B6AB)
[Address] EAT @explorer.exe (GdipDrawDriverString) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5DA1A)
[Address] EAT @explorer.exe (GdipDrawEllipse) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5AE82)
[Address] EAT @explorer.exe (GdipDrawEllipseI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5AFA6)
[Address] EAT @explorer.exe (GdipDrawImage) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5DF1E)
[Address] EAT @explorer.exe (GdipDrawImageFX) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5EB79)
[Address] EAT @explorer.exe (GdipDrawImageI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5E099)
[Address] EAT @explorer.exe (GdipDrawImagePointRect) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5E553)
[Address] EAT @explorer.exe (GdipDrawImagePointRectI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5E6EF)
[Address] EAT @explorer.exe (GdipDrawImagePoints) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5E2BF)
[Address] EAT @explorer.exe (GdipDrawImagePointsI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5E417)
[Address] EAT @explorer.exe (GdipDrawImagePointsRect) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5E78B)
[Address] EAT @explorer.exe (GdipDrawImagePointsRectI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5E9EA)
[Address] EAT @explorer.exe (GdipDrawImageRect) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5E0F5)
[Address] EAT @explorer.exe (GdipDrawImageRectI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5E254)
[Address] EAT @explorer.exe (GdipDrawImageRectRect) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E66CAE)
[Address] EAT @explorer.exe (GdipDrawImageRectRectI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E66F04)
[Address] EAT @explorer.exe (GdipDrawLine) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5A0D1)
[Address] EAT @explorer.exe (GdipDrawLineI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5A1F5)
[Address] EAT @explorer.exe (GdipDrawLines) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5A260)
[Address] EAT @explorer.exe (GdipDrawLinesI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5A38C)
[Address] EAT @explorer.exe (GdipDrawPath) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5B407)
[Address] EAT @explorer.exe (GdipDrawPie) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5B011)
[Address] EAT @explorer.exe (GdipDrawPieI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5B14B)
[Address] EAT @explorer.exe (GdipDrawPolygon) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5B1C4)
[Address] EAT @explorer.exe (GdipDrawPolygonI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5B2EE)
[Address] EAT @explorer.exe (GdipDrawRectangle) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5AA8D)
[Address] EAT @explorer.exe (GdipDrawRectangleI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5ABB1)
[Address] EAT @explorer.exe (GdipDrawRectangles) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5AC1C)
[Address] EAT @explorer.exe (GdipDrawRectanglesI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5AD46)
[Address] EAT @explorer.exe (GdipDrawString) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5D512)
[Address] EAT @explorer.exe (GdipEmfToWmfBits) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E64EB9)
[Address] EAT @explorer.exe (GdipEndContainer) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E610D0)
[Address] EAT @explorer.exe (GdipEnumerateMetafileDestPoint) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5ECBA)
[Address] EAT @explorer.exe (GdipEnumerateMetafileDestPointI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5EE6B)
[Address] EAT @explorer.exe (GdipEnumerateMetafileDestPoints) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5F0F8)
[Address] EAT @explorer.exe (GdipEnumerateMetafileDestPointsI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5F2AC)
[Address] EAT @explorer.exe (GdipEnumerateMetafileDestRect) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5EED3)
[Address] EAT @explorer.exe (GdipEnumerateMetafileDestRectI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5F084)
[Address] EAT @explorer.exe (GdipEnumerateMetafileSrcRectDestPoint) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5F417)
[Address] EAT @explorer.exe (GdipEnumerateMetafileSrcRectDestPointI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5F5F7)
[Address] EAT @explorer.exe (GdipEnumerateMetafileSrcRectDestPoints) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5F8F5)
[Address] EAT @explorer.exe (GdipEnumerateMetafileSrcRectDestPointsI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5FAD8)
[Address] EAT @explorer.exe (GdipEnumerateMetafileSrcRectDestRect) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5F680)
[Address] EAT @explorer.exe (GdipEnumerateMetafileSrcRectDestRectI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5F860)
[Address] EAT @explorer.exe (GdipFillClosedCurve) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5CEEC)
[Address] EAT @explorer.exe (GdipFillClosedCurve2) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5D13E)
[Address] EAT @explorer.exe (GdipFillClosedCurve2I) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5D275)
[Address] EAT @explorer.exe (GdipFillClosedCurveI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5D025)
[Address] EAT @explorer.exe (GdipFillEllipse) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5CA23)
[Address] EAT @explorer.exe (GdipFillEllipseI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5CB4E)
[Address] EAT @explorer.exe (GdipFillPath) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5CD6F)
[Address] EAT @explorer.exe (GdipFillPie) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5CBB9)
[Address] EAT @explorer.exe (GdipFillPieI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5CCF6)
[Address] EAT @explorer.exe (GdipFillPolygon) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5C591)
[Address] EAT @explorer.exe (GdipFillPolygon2) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5C7DD)
[Address] EAT @explorer.exe (GdipFillPolygon2I) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5C90A)
[Address] EAT @explorer.exe (GdipFillPolygonI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5C6C1)
[Address] EAT @explorer.exe (GdipFillRectangle) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5C1B5)
[Address] EAT @explorer.exe (GdipFillRectangleI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5C2E0)
[Address] EAT @explorer.exe (GdipFillRectangles) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5C34B)
[Address] EAT @explorer.exe (GdipFillRectanglesI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5C478)
[Address] EAT @explorer.exe (GdipFillRegion) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5D398)
[Address] EAT @explorer.exe (GdipFindFirstImageItem) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E55ABA)
[Address] EAT @explorer.exe (GdipFindNextImageItem) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E55B60)
[Address] EAT @explorer.exe (GdipFlattenPath) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E48C93)
[Address] EAT @explorer.exe (GdipFlush) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E58645)
[Address] EAT @explorer.exe (GdipFree) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E62546)
[Address] EAT @explorer.exe (GdipGetAdjustableArrowCapFillState) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E53CA4)
[Address] EAT @explorer.exe (GdipGetAdjustableArrowCapHeight) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E53897)
[Address] EAT @explorer.exe (GdipGetAdjustableArrowCapMiddleInset) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E53B4D)
[Address] EAT @explorer.exe (GdipGetAdjustableArrowCapWidth) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E539F2)
[Address] EAT @explorer.exe (GdipGetAllPropertyItems) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E54AB3)
[Address] EAT @explorer.exe (GdipGetBrushType) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4D9F5)
[Address] EAT @explorer.exe (GdipGetCellAscent) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E63456)
[Address] EAT @explorer.exe (GdipGetCellDescent) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E634F6)
[Address] EAT @explorer.exe (GdipGetClip) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E604CC)
[Address] EAT @explorer.exe (GdipGetClipBounds) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E605C4)
[Address] EAT @explorer.exe (GdipGetClipBoundsI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E60677)
[Address] EAT @explorer.exe (GdipGetCompositingMode) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E588EF)
[Address] EAT @explorer.exe (GdipGetCompositingQuality) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E58A3F)
[Address] EAT @explorer.exe (GdipGetCustomLineCapBaseCap) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E53485)
[Address] EAT @explorer.exe (GdipGetCustomLineCapBaseInset) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E535DC)
[Address] EAT @explorer.exe (GdipGetCustomLineCapStrokeCaps) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E531A9)
[Address] EAT @explorer.exe (GdipGetCustomLineCapStrokeJoin) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E53325)
[Address] EAT @explorer.exe (GdipGetCustomLineCapType) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E52FB2)
[Address] EAT @explorer.exe (GdipGetCustomLineCapWidthScale) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E53733)
[Address] EAT @explorer.exe (GdipGetDC) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E630DD)
[Address] EAT @explorer.exe (GdipGetDpiX) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E59BE3)
[Address] EAT @explorer.exe (GdipGetDpiY) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E59C94)
[Address] EAT @explorer.exe (GdipGetEffectParameterSize) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E56FCE)
[Address] EAT @explorer.exe (GdipGetEffectParameters) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E57033)
[Address] EAT @explorer.exe (GdipGetEmHeight) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E633B6)
[Address] EAT @explorer.exe (GdipGetEncoderParameterList) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E54145)
[Address] EAT @explorer.exe (GdipGetEncoderParameterListSize) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E540A4)
[Address] EAT @explorer.exe (GdipGetFamily) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E64140)
[Address] EAT @explorer.exe (GdipGetFamilyName) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5DE91)
[Address] EAT @explorer.exe (GdipGetFontCollectionFamilyCount) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E63B31)
[Address] EAT @explorer.exe (GdipGetFontCollectionFamilyList) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E63BCD)
[Address] EAT @explorer.exe (GdipGetFontHeight) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E62DFB)
[Address] EAT @explorer.exe (GdipGetFontHeightGivenDPI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E62F03)
[Address] EAT @explorer.exe (GdipGetFontSize) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E62D5D)
[Address] EAT @explorer.exe (GdipGetFontStyle) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E62ABB)
[Address] EAT @explorer.exe (GdipGetFontUnit) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E6432A)
[Address] EAT @explorer.exe (GdipGetGenericFontFamilyMonospace) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E62751)
[Address] EAT @explorer.exe (GdipGetGenericFontFamilySansSerif) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E6265F)
[Address] EAT @explorer.exe (GdipGetGenericFontFamilySerif) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E626D8)
[Address] EAT @explorer.exe (GdipGetHatchBackgroundColor) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4DC14)
[Address] EAT @explorer.exe (GdipGetHatchForegroundColor) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4DB5E)
[Address] EAT @explorer.exe (GdipGetHatchStyle) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4DAA8)
[Address] EAT @explorer.exe (GdipGetHemfFromMetafile) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E613A4)
[Address] EAT @explorer.exe (GdipGetImageAttributesAdjustedPalette) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E58219)
[Address] EAT @explorer.exe (GdipGetImageBounds) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E54F73)
[Address] EAT @explorer.exe (GdipGetImageDecoders) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E620EC)
[Address] EAT @explorer.exe (GdipGetImageDecodersSize) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E62063)
[Address] EAT @explorer.exe (GdipGetImageDimension) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E55048)
[Address] EAT @explorer.exe (GdipGetImageEncoders) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E62320)
[Address] EAT @explorer.exe (GdipGetImageEncodersSize) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E62297)
[Address] EAT @explorer.exe (GdipGetImageFlags) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E55459)
[Address] EAT @explorer.exe (GdipGetImageGraphicsContext) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E54E9C)
[Address] EAT @explorer.exe (GdipGetImageHeight) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E551DA)
[Address] EAT @explorer.exe (GdipGetImageHorizontalResolution) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E552AF)
[Address] EAT @explorer.exe (GdipGetImageItemData) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E55C06)
[Address] EAT @explorer.exe (GdipGetImagePalette) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E556DC)
[Address] EAT @explorer.exe (GdipGetImagePaletteSize) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E55864)
[Address] EAT @explorer.exe (GdipGetImagePixelFormat) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E55607)
[Address] EAT @explorer.exe (GdipGetImageRawFormat) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5552E)
[Address] EAT @explorer.exe (GdipGetImageThumbnail) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E559E3)
[Address] EAT @explorer.exe (GdipGetImageType) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E55933)
[Address] EAT @explorer.exe (GdipGetImageVerticalResolution) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E55384)
[Address] EAT @explorer.exe (GdipGetImageWidth) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E55105)
[Address] EAT @explorer.exe (GdipGetInterpolationMode) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E59195)
[Address] EAT @explorer.exe (GdipGetLineBlend) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4E767)
[Address] EAT @explorer.exe (GdipGetLineBlendCount) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4E6B1)
[Address] EAT @explorer.exe (GdipGetLineColors) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4E5F2)
[Address] EAT @explorer.exe (GdipGetLineGammaCorrection) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E457EC)
[Address] EAT @explorer.exe (GdipGetLinePresetBlend) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4E90F)
[Address] EAT @explorer.exe (GdipGetLinePresetBlendCount) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4FC74)
[Address] EAT @explorer.exe (GdipGetLineRect) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4F8E3)
[Address] EAT @explorer.exe (GdipGetLineRectI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4F998)
[Address] EAT @explorer.exe (GdipGetLineSpacing) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E63596)
[Address] EAT @explorer.exe (GdipGetLineTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E501D0)
[Address] EAT @explorer.exe (GdipGetLineWrapMode) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5011D)
[Address] EAT @explorer.exe (GdipGetLogFontA) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E62B59)
[Address] EAT @explorer.exe (GdipGetLogFontW) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E62C5B)
[Address] EAT @explorer.exe (GdipGetMatrixElements) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4B67E)
[Address] EAT @explorer.exe (GdipGetMetafileDownLevelRasterizationLimit) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E61F4B)
[Address] EAT @explorer.exe (GdipGetMetafileHeaderFromEmf) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E611D9)
[Address] EAT @explorer.exe (GdipGetMetafileHeaderFromFile) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E6123C)
[Address] EAT @explorer.exe (GdipGetMetafileHeaderFromMetafile) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E61300)
[Address] EAT @explorer.exe (GdipGetMetafileHeaderFromStream) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E6129D)
[Address] EAT @explorer.exe (GdipGetMetafileHeaderFromWmf) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E6116F)
[Address] EAT @explorer.exe (GdipGetNearestColor) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5A01A)
[Address] EAT @explorer.exe (GdipGetPageScale) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E59A8D)
[Address] EAT @explorer.exe (GdipGetPageUnit) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5991E)
[Address] EAT @explorer.exe (GdipGetPathData) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E46CA4)
[Address] EAT @explorer.exe (GdipGetPathFillMode) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E46B4A)
[Address] EAT @explorer.exe (GdipGetPathGradientBlend) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4FBA0)
[Address] EAT @explorer.exe (GdipGetPathGradientBlendCount) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4E6B1)
[Address] EAT @explorer.exe (GdipGetPathGradientCenterColor) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4F067)
[Address] EAT @explorer.exe (GdipGetPathGradientCenterPoint) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4F500)
[Address] EAT @explorer.exe (GdipGetPathGradientCenterPointI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4F5BA)
[Address] EAT @explorer.exe (GdipGetPathGradientFocusScales) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E50744)
[Address] EAT @explorer.exe (GdipGetPathGradientGammaCorrection) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4FAED)
[Address] EAT @explorer.exe (GdipGetPathGradientPath) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4F4BD)
[Address] EAT @explorer.exe (GdipGetPathGradientPointCount) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4F776)
[Address] EAT @explorer.exe (GdipGetPathGradientPresetBlend) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4FD2E)
[Address] EAT @explorer.exe (GdipGetPathGradientPresetBlendCount) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4FC74)
[Address] EAT @explorer.exe (GdipGetPathGradientRect) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4F8E3)
[Address] EAT @explorer.exe (GdipGetPathGradientRectI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4F998)
[Address] EAT @explorer.exe (GdipGetPathGradientSurroundColorCount) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4F829)
[Address] EAT @explorer.exe (GdipGetPathGradientSurroundColorsWithCount) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4F1D3)
[Address] EAT @explorer.exe (GdipGetPathGradientTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E501D0)
[Address] EAT @explorer.exe (GdipGetPathGradientWrapMode) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5011D)
[Address] EAT @explorer.exe (GdipGetPathLastPoint) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4711A)
[Address] EAT @explorer.exe (GdipGetPathPoints) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E468FA)
[Address] EAT @explorer.exe (GdipGetPathPointsI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E46A06)
[Address] EAT @explorer.exe (GdipGetPathTypes) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E467F1)
[Address] EAT @explorer.exe (GdipGetPathWorldBounds) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E492AF)
[Address] EAT @explorer.exe (GdipGetPathWorldBoundsI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4947B)
[Address] EAT @explorer.exe (GdipGetPenBrushFill) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E52462)
[Address] EAT @explorer.exe (GdipGetPenColor) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E52297)
[Address] EAT @explorer.exe (GdipGetPenCompoundArray) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E52C11)
[Address] EAT @explorer.exe (GdipGetPenCompoundCount) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E52AA7)
[Address] EAT @explorer.exe (GdipGetPenCustomEndCap) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E51856)
[Address] EAT @explorer.exe (GdipGetPenCustomStartCap) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E51697)
[Address] EAT @explorer.exe (GdipGetPenDashArray) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E529ED)
[Address] EAT @explorer.exe (GdipGetPenDashCap197819) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5138A)
[Address] EAT @explorer.exe (GdipGetPenDashCount) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E52883)
[Address] EAT @explorer.exe (GdipGetPenDashOffset) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E52735)
[Address] EAT @explorer.exe (GdipGetPenDashStyle) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E525E4)
[Address] EAT @explorer.exe (GdipGetPenEndCap) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E512DA)
[Address] EAT @explorer.exe (GdipGetPenFillType) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E52527)
[Address] EAT @explorer.exe (GdipGetPenLineJoin) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E514DF)
[Address] EAT @explorer.exe (GdipGetPenMiterLimit) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E519B2)
[Address] EAT @explorer.exe (GdipGetPenMode) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E51B05)
[Address] EAT @explorer.exe (GdipGetPenStartCap) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5122A)
[Address] EAT @explorer.exe (GdipGetPenTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E51CBB)
[Address] EAT @explorer.exe (GdipGetPenUnit) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E50EF0)
[Address] EAT @explorer.exe (GdipGetPenWidth) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E50D81)
[Address] EAT @explorer.exe (GdipGetPixelOffsetMode) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E58D3E)
[Address] EAT @explorer.exe (GdipGetPointCount) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4673E)
[Address] EAT @explorer.exe (GdipGetPropertyCount) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5479D)
[Address] EAT @explorer.exe (GdipGetPropertyIdList) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E54838)
[Address] EAT @explorer.exe (GdipGetPropertyItem) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E54974)
[Address] EAT @explorer.exe (GdipGetPropertyItemSize) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E548D6)
[Address] EAT @explorer.exe (GdipGetPropertySize) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E54A15)
[Address] EAT @explorer.exe (GdipGetRegionBounds) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4C754)
[Address] EAT @explorer.exe (GdipGetRegionBoundsI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4C876)
[Address] EAT @explorer.exe (GdipGetRegionData) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4D062)
[Address] EAT @explorer.exe (GdipGetRegionDataSize) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4CF89)
[Address] EAT @explorer.exe (GdipGetRegionHRgn) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4C9F1)
[Address] EAT @explorer.exe (GdipGetRegionScans) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4D62C)
[Address] EAT @explorer.exe (GdipGetRegionScansCount) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4D504)
[Address] EAT @explorer.exe (GdipGetRegionScansI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4D755)
[Address] EAT @explorer.exe (GdipGetRenderingOrigin) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5877D)
[Address] EAT @explorer.exe (GdipGetSmoothingMode) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E58BAF)
[Address] EAT @explorer.exe (GdipGetSolidFillColor) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4DF44)
[Address] EAT @explorer.exe (GdipGetStringFormatAlign) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E62ABB)
[Address] EAT @explorer.exe (GdipGetStringFormatDigitSubstitution) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E648AF)
[Address] EAT @explorer.exe (GdipGetStringFormatFlags) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E64140)
[Address] EAT @explorer.exe (GdipGetStringFormatHotkeyPrefix) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E64469)
[Address] EAT @explorer.exe (GdipGetStringFormatLineAlign) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E6432A)
[Address] EAT @explorer.exe (GdipGetStringFormatMeasurableCharacterRangeCount) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E64704)
[Address] EAT @explorer.exe (GdipGetStringFormatTabStopCount) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E645B7)
[Address] EAT @explorer.exe (GdipGetStringFormatTabStops) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E64659)
[Address] EAT @explorer.exe (GdipGetStringFormatTrimming) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E649DF)
[Address] EAT @explorer.exe (GdipGetTextContrast) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E58F4F)
[Address] EAT @explorer.exe (GdipGetTextRenderingHint) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E59000)
[Address] EAT @explorer.exe (GdipGetTextureImage) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4DD6E)
[Address] EAT @explorer.exe (GdipGetTextureTransform) : PROPSYS.dll -> HOOKED 

Continue of rogue killer log , divided to 2 parts because it told me post too long
this is a continue of log
 
(C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E501D0)
[Address] EAT @explorer.exe (GdipGetTextureWrapMode) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5011D)
[Address] EAT @explorer.exe (GdipGetVisibleClipBounds) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E60837)
[Address] EAT @explorer.exe (GdipGetVisibleClipBoundsI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E608EA)
[Address] EAT @explorer.exe (GdipGetWorldTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E59782)
[Address] EAT @explorer.exe (GdipGraphicsClear) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5C10D)
[Address] EAT @explorer.exe (GdipGraphicsSetAbort) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E57590)
[Address] EAT @explorer.exe (GdipImageForceValidation) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E55CAC)
[Address] EAT @explorer.exe (GdipImageGetFrameCount) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E545B5)
[Address] EAT @explorer.exe (GdipImageGetFrameDimensionsCount) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E54482)
[Address] EAT @explorer.exe (GdipImageGetFrameDimensionsList) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5451A)
[Address] EAT @explorer.exe (GdipImageRotateFlip) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E54705)
[Address] EAT @explorer.exe (GdipImageSelectActiveFrame) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E54650)
[Address] EAT @explorer.exe (GdipImageSetAbort) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E574EA)
[Address] EAT @explorer.exe (GdipInitializePalette) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5718C)
[Address] EAT @explorer.exe (GdipInvertMatrix) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4B0F4)
[Address] EAT @explorer.exe (GdipIsClipEmpty) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E60782)
[Address] EAT @explorer.exe (GdipIsEmptyRegion) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4CB35)
[Address] EAT @explorer.exe (GdipIsEqualRegion) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4CDC5)
[Address] EAT @explorer.exe (GdipIsInfiniteRegion) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4CC7D)
[Address] EAT @explorer.exe (GdipIsMatrixEqual) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4B899)
[Address] EAT @explorer.exe (GdipIsMatrixIdentity) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4B7E6)
[Address] EAT @explorer.exe (GdipIsMatrixInvertible) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4B731)
[Address] EAT @explorer.exe (GdipIsOutlineVisiblePathPoint) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4982D)
[Address] EAT @explorer.exe (GdipIsOutlineVisiblePathPointI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E49A55)
[Address] EAT @explorer.exe (GdipIsStyleAvailable) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E63317)
[Address] EAT @explorer.exe (GdipIsVisibleClipEmpty) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E609F5)
[Address] EAT @explorer.exe (GdipIsVisiblePathPoint) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E49647)
[Address] EAT @explorer.exe (GdipIsVisiblePathPointI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E497CE)
[Address] EAT @explorer.exe (GdipIsVisiblePoint) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E60AAA)
[Address] EAT @explorer.exe (GdipIsVisiblePointI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E60B6F)
[Address] EAT @explorer.exe (GdipIsVisibleRect) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E60BCB)
[Address] EAT @explorer.exe (GdipIsVisibleRectI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E60C9F)
[Address] EAT @explorer.exe (GdipIsVisibleRegionPoint) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4D155)
[Address] EAT @explorer.exe (GdipIsVisibleRegionPointI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4D2C0)
[Address] EAT @explorer.exe (GdipIsVisibleRegionRect) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4D31F)
[Address] EAT @explorer.exe (GdipIsVisibleRegionRectI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4D496)
[Address] EAT @explorer.exe (GdipLoadImageFromFile) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E53E2B)
[Address] EAT @explorer.exe (GdipLoadImageFromFileICM) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E53FD1)
[Address] EAT @explorer.exe (GdipLoadImageFromStream) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E53D58)
[Address] EAT @explorer.exe (GdipLoadImageFromStreamICM) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E53EFE)
[Address] EAT @explorer.exe (GdipMeasureCharacterRanges) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5D896)
[Address] EAT @explorer.exe (GdipMeasureDriverString) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5DC8D)
[Address] EAT @explorer.exe (GdipMeasureString) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5D6FB)
[Address] EAT @explorer.exe (GdipMultiplyLineTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E50485)
[Address] EAT @explorer.exe (GdipMultiplyMatrix) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4AC7D)
[Address] EAT @explorer.exe (GdipMultiplyPathGradientTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E50485)
[Address] EAT @explorer.exe (GdipMultiplyPenTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E51E61)
[Address] EAT @explorer.exe (GdipMultiplyTextureTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E50485)
[Address] EAT @explorer.exe (GdipMultiplyWorldTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E593D4)
[Address] EAT @explorer.exe (GdipNewInstalledFontCollection) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E63936)
[Address] EAT @explorer.exe (GdipNewPrivateFontCollection) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E639B9)
[Address] EAT @explorer.exe (GdipPathIterCopyData) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4A586)
[Address] EAT @explorer.exe (GdipPathIterEnumerate) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4A481)
[Address] EAT @explorer.exe (GdipPathIterGetCount) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4A0EA)
[Address] EAT @explorer.exe (GdipPathIterGetSubpathCount) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4A1A7)
[Address] EAT @explorer.exe (GdipPathIterHasCurve) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4A321)
[Address] EAT @explorer.exe (GdipPathIterIsValid) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4A264)
[Address] EAT @explorer.exe (GdipPathIterNextMarker) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E49F2B)
[Address] EAT @explorer.exe (GdipPathIterNextMarkerPath) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4A02A)
[Address] EAT @explorer.exe (GdipPathIterNextPathType) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E49E0D)
[Address] EAT @explorer.exe (GdipPathIterNextSubpath) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E49C0A)
[Address] EAT @explorer.exe (GdipPathIterNextSubpathPath) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E49D28)
[Address] EAT @explorer.exe (GdipPathIterRewind) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4A3D2)
[Address] EAT @explorer.exe (GdipPlayMetafileRecord) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5FC76)
[Address] EAT @explorer.exe (GdipPlayTSClientRecord) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E651D7)
[Address] EAT @explorer.exe (GdipPrivateAddFontFile) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E63C82)
[Address] EAT @explorer.exe (GdipPrivateAddMemoryFont) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E63D20)
[Address] EAT @explorer.exe (GdipRecordMetafile) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E61898)
[Address] EAT @explorer.exe (GdipRecordMetafileFileName) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E61A6D)
[Address] EAT @explorer.exe (GdipRecordMetafileFileNameI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E61BA5)
[Address] EAT @explorer.exe (GdipRecordMetafileI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E619B7)
[Address] EAT @explorer.exe (GdipRecordMetafileStream) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E61C5E)
[Address] EAT @explorer.exe (GdipRecordMetafileStreamI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E61D96)
[Address] EAT @explorer.exe (GdipReleaseDC) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E631A4)
[Address] EAT @explorer.exe (GdipRemovePropertyItem) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E54B54)
[Address] EAT @explorer.exe (GdipResetClip) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E60328)
[Address] EAT @explorer.exe (GdipResetImageAttributes) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E579D5)
[Address] EAT @explorer.exe (GdipResetLineTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E503E2)
[Address] EAT @explorer.exe (GdipResetPageTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E59878)
[Address] EAT @explorer.exe (GdipResetPath) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4669B)
[Address] EAT @explorer.exe (GdipResetPathGradientTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E503E2)
[Address] EAT @explorer.exe (GdipResetPenTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E51DC1)
[Address] EAT @explorer.exe (GdipResetTextureTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E503E2)
[Address] EAT @explorer.exe (GdipResetWorldTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E59336)
[Address] EAT @explorer.exe (GdipRestoreGraphics) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E60DBF)
[Address] EAT @explorer.exe (GdipReversePath) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E47077)
[Address] EAT @explorer.exe (GdipRotateLineTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E50677)
[Address] EAT @explorer.exe (GdipRotateMatrix) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4AF5C)
[Address] EAT @explorer.exe (GdipRotatePathGradientTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E50677)
[Address] EAT @explorer.exe (GdipRotatePenTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E52123)
[Address] EAT @explorer.exe (GdipRotateTextureTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E50677)
[Address] EAT @explorer.exe (GdipRotateWorldTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E596BA)
[Address] EAT @explorer.exe (GdipSaveAdd) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5433D)
[Address] EAT @explorer.exe (GdipSaveAddImage) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E543DB)
[Address] EAT @explorer.exe (GdipSaveGraphics) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E60D0A)
[Address] EAT @explorer.exe (GdipSaveImageToFile) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E54293)
[Address] EAT @explorer.exe (GdipSaveImageToStream) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E541E9)
[Address] EAT @explorer.exe (GdipScaleLineTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5059E)
[Address] EAT @explorer.exe (GdipScaleMatrix) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4AE8A)
[Address] EAT @explorer.exe (GdipScalePathGradientTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5059E)
[Address] EAT @explorer.exe (GdipScalePenTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5204D)
[Address] EAT @explorer.exe (GdipScaleTextureTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5059E)
[Address] EAT @explorer.exe (GdipScaleWorldTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E595E6)
[Address] EAT @explorer.exe (GdipSetAdjustableArrowCapFillState) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E53C01)
[Address] EAT @explorer.exe (GdipSetAdjustableArrowCapHeight) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E537F0)
[Address] EAT @explorer.exe (GdipSetAdjustableArrowCapMiddleInset) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E53AA6)
[Address] EAT @explorer.exe (GdipSetAdjustableArrowCapWidth) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5394B)
[Address] EAT @explorer.exe (GdipSetClipGraphics) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5FD64)
[Address] EAT @explorer.exe (GdipSetClipHrgn) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E6023B)
[Address] EAT @explorer.exe (GdipSetClipPath) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5FFDA)
[Address] EAT @explorer.exe (GdipSetClipRect) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5FE90)
[Address] EAT @explorer.exe (GdipSetClipRectI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5FF6F)
[Address] EAT @explorer.exe (GdipSetClipRegion) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E6010D)
[Address] EAT @explorer.exe (GdipSetCompositingMode) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E58850)
[Address] EAT @explorer.exe (GdipSetCompositingQuality) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E589A0)
[Address] EAT @explorer.exe (GdipSetCustomLineCapBaseCap) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E533E2)
[Address] EAT @explorer.exe (GdipSetCustomLineCapBaseInset) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E53542)
[Address] EAT @explorer.exe (GdipSetCustomLineCapStrokeCaps) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E53103)
[Address] EAT @explorer.exe (GdipSetCustomLineCapStrokeJoin) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5328B)
[Address] EAT @explorer.exe (GdipSetCustomLineCapWidthScale) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E53699)
[Address] EAT @explorer.exe (GdipSetEffectParameters) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E56F65)
[Address] EAT @explorer.exe (GdipSetEmpty) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4C11E)
[Address] EAT @explorer.exe (GdipSetImageAttributesCachedBackground) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E580CD)
[Address] EAT @explorer.exe (GdipSetImageAttributesColorKeys) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E57DA9)
[Address] EAT @explorer.exe (GdipSetImageAttributesColorMatrix) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E57A92)
[Address] EAT @explorer.exe (GdipSetImageAttributesGamma) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E57C22)
[Address] EAT @explorer.exe (GdipSetImageAttributesNoOp) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E57CE9)
[Address] EAT @explorer.exe (GdipSetImageAttributesOutputChannel) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E57E81)
[Address] EAT @explorer.exe (GdipSetImageAttributesOutputChannelColorProfile) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E57F44)
[Address] EAT @explorer.exe (GdipSetImageAttributesRemapTable) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E58007)
[Address] EAT @explorer.exe (GdipSetImageAttributesThreshold) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E57B5B)
[Address] EAT @explorer.exe (GdipSetImageAttributesToIdentity) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E57918)
[Address] EAT @explorer.exe (GdipSetImageAttributesWrapMode) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E58170)
[Address] EAT @explorer.exe (GdipSetImagePalette) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E55796)
[Address] EAT @explorer.exe (GdipSetInfinite) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4C080)
[Address] EAT @explorer.exe (GdipSetInterpolationMode) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E590B1)
[Address] EAT @explorer.exe (GdipSetLineBlend) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4E83B)
[Address] EAT @explorer.exe (GdipSetLineColors) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4E53D)
[Address] EAT @explorer.exe (GdipSetLineGammaCorrection) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E45793)
[Address] EAT @explorer.exe (GdipSetLineLinearBlend) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4EE2A)
[Address] EAT @explorer.exe (GdipSetLinePresetBlend) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4EB24)
[Address] EAT @explorer.exe (GdipSetLineSigmaBlend) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4ED78)
[Address] EAT @explorer.exe (GdipSetLineTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E502D9)
[Address] EAT @explorer.exe (GdipSetLineWrapMode) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4EEDC)
[Address] EAT @explorer.exe (GdipSetMatrixElements) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4ABB9)
[Address] EAT @explorer.exe (GdipSetMetafileDownLevelRasterizationLimit) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E61E4F)
[Address] EAT @explorer.exe (GdipSetPageScale) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E59B3E)
[Address] EAT @explorer.exe (GdipSetPageUnit) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E599CF)
[Address] EAT @explorer.exe (GdipSetPathFillMode) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E46C00)
[Address] EAT @explorer.exe (GdipSetPathGradientBlend) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4E83B)
[Address] EAT @explorer.exe (GdipSetPathGradientCenterColor) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4F12F)
[Address] EAT @explorer.exe (GdipSetPathGradientCenterPoint) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4F64E)
[Address] EAT @explorer.exe (GdipSetPathGradientCenterPointI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4F708)
[Address] EAT @explorer.exe (GdipSetPathGradientFocusScales) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E50829)
[Address] EAT @explorer.exe (GdipSetPathGradientGammaCorrection) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4FA50)
[Address] EAT @explorer.exe (GdipSetPathGradientLinearBlend) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4EE2A)
[Address] EAT @explorer.exe (GdipSetPathGradientPath) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4F4BD)
[Address] EAT @explorer.exe (GdipSetPathGradientPresetBlend) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4FEDA)
[Address] EAT @explorer.exe (GdipSetPathGradientSigmaBlend) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4ED78)
[Address] EAT @explorer.exe (GdipSetPathGradientSurroundColorsWithCount) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4F301)
[Address] EAT @explorer.exe (GdipSetPathGradientTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E502D9)
[Address] EAT @explorer.exe (GdipSetPathGradientWrapMode) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4DCCA)
[Address] EAT @explorer.exe (GdipSetPathMarker) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E46F31)
[Address] EAT @explorer.exe (GdipSetPenBrushFill) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E52357)
[Address] EAT @explorer.exe (GdipSetPenColor) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E521ED)
[Address] EAT @explorer.exe (GdipSetPenCompoundArray) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E52B57)
[Address] EAT @explorer.exe (GdipSetPenCustomEndCap) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5174E)
[Address] EAT @explorer.exe (GdipSetPenCustomStartCap) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5158F)
[Address] EAT @explorer.exe (GdipSetPenDashArray) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E52933)
[Address] EAT @explorer.exe (GdipSetPenDashCap197819) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E51189)
[Address] EAT @explorer.exe (GdipSetPenDashOffset) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E527E5)
[Address] EAT @explorer.exe (GdipSetPenDashStyle) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E52694)
[Address] EAT @explorer.exe (GdipSetPenEndCap) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E510E8)
[Address] EAT @explorer.exe (GdipSetPenLineCap197819) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E50FA0)
[Address] EAT @explorer.exe (GdipSetPenLineJoin) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E51441)
[Address] EAT @explorer.exe (GdipSetPenMiterLimit) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E5190D)
[Address] EAT @explorer.exe (GdipSetPenMode) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E51A62)
[Address] EAT @explorer.exe (GdipSetPenStartCap) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E51047)
[Address] EAT @explorer.exe (GdipSetPenTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E51BB5)
[Address] EAT @explorer.exe (GdipSetPenUnit) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E50E31)
[Address] EAT @explorer.exe (GdipSetPenWidth) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E50CE3)
[Address] EAT @explorer.exe (GdipSetPixelOffsetMode) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E58C85)
[Address] EAT @explorer.exe (GdipSetPropertyItem) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E54BEF)
[Address] EAT @explorer.exe (GdipSetRenderingOrigin) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E586DB)
[Address] EAT @explorer.exe (GdipSetSmoothingMode) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E58AF0)
[Address] EAT @explorer.exe (GdipSetSolidFillColor) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4DEA1)
[Address] EAT @explorer.exe (GdipSetStringFormatAlign) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E641DE)
[Address] EAT @explorer.exe (GdipSetStringFormatDigitSubstitution) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E6481E)
[Address] EAT @explorer.exe (GdipSetStringFormatFlags) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E640B4)
[Address] EAT @explorer.exe (GdipSetStringFormatHotkeyPrefix) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E643C8)
[Address] EAT @explorer.exe (GdipSetStringFormatLineAlign) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E64284)
[Address] EAT @explorer.exe (GdipSetStringFormatMeasurableCharacterRanges) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E64786)
[Address] EAT @explorer.exe (GdipSetStringFormatTabStops) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E6450B)
[Address] EAT @explorer.exe (GdipSetStringFormatTrimming) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E64940)
[Address] EAT @explorer.exe (GdipSetTextContrast) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E58EAE)
[Address] EAT @explorer.exe (GdipSetTextRenderingHint) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E58DEF)
[Address] EAT @explorer.exe (GdipSetTextureTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E502D9)
[Address] EAT @explorer.exe (GdipSetTextureWrapMode) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4DCCA)
[Address] EAT @explorer.exe (GdipSetWorldTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E59232)
[Address] EAT @explorer.exe (GdipShearMatrix) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4B022)
[Address] EAT @explorer.exe (GdipStartPathFigure) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E46D4A)
[Address] EAT @explorer.exe (GdipStringFormatGetGenericDefault) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E63E91)
[Address] EAT @explorer.exe (GdipStringFormatGetGenericTypographic) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E63F14)
[Address] EAT @explorer.exe (GdipTestControl) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E64E42)
[Address] EAT @explorer.exe (GdipTransformMatrixPoints) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4B192)
[Address] EAT @explorer.exe (GdipTransformMatrixPointsI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4B24B)
[Address] EAT @explorer.exe (GdipTransformPath) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E491A8)
[Address] EAT @explorer.exe (GdipTransformPoints) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E59D45)
[Address] EAT @explorer.exe (GdipTransformPointsI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E59E06)
[Address] EAT @explorer.exe (GdipTransformRegion) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4C64E)
[Address] EAT @explorer.exe (GdipTranslateClip) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E603C6)
[Address] EAT @explorer.exe (GdipTranslateClipI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E60473)
[Address] EAT @explorer.exe (GdipTranslateLineTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4EF8E)
[Address] EAT @explorer.exe (GdipTranslateMatrix) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4ADB8)
[Address] EAT @explorer.exe (GdipTranslatePathGradientTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4EF8E)
[Address] EAT @explorer.exe (GdipTranslatePenTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E51F77)
[Address] EAT @explorer.exe (GdipTranslateRegion) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4C56E)
[Address] EAT @explorer.exe (GdipTranslateRegionI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4C5F5)
[Address] EAT @explorer.exe (GdipTranslateTextureTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4EF8E)
[Address] EAT @explorer.exe (GdipTranslateWorldTransform) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E59512)
[Address] EAT @explorer.exe (GdipVectorTransformMatrixPoints) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4B3C1)
[Address] EAT @explorer.exe (GdipVectorTransformMatrixPointsI) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4B47A)
[Address] EAT @explorer.exe (GdipWarpPath) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E49048)
[Address] EAT @explorer.exe (GdipWidenPath) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E48EC5)
[Address] EAT @explorer.exe (GdipWindingModeOutline) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E48DAB)
[Address] EAT @explorer.exe (GdiplusNotificationHook) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E46189)
[Address] EAT @explorer.exe (GdiplusNotificationUnhook) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E46205)
[Address] EAT @explorer.exe (GdiplusShutdown) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E456EC)
[Address] EAT @explorer.exe (GdiplusStartup) : PROPSYS.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73E4562E)
[Address] EAT @explorer.exe (BeginBufferedAnimation) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x741709AE)
[Address] EAT @explorer.exe (BeginBufferedPaint) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x741649A1)
[Address] EAT @explorer.exe (BeginPanningFeedback) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74190731)
[Address] EAT @explorer.exe (BufferedPaintClear) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74166395)
[Address] EAT @explorer.exe (BufferedPaintInit) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7416940E)
[Address] EAT @explorer.exe (BufferedPaintRenderAnimation) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x741708ED)
[Address] EAT @explorer.exe (BufferedPaintSetAlpha) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7417E6B3)
[Address] EAT @explorer.exe (BufferedPaintStopAllAnimations) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7417D395)
[Address] EAT @explorer.exe (BufferedPaintUnInit) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x741694AB)
[Address] EAT @explorer.exe (CloseThemeData) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74166A18)
[Address] EAT @explorer.exe (DrawThemeBackground) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74163982)
[Address] EAT @explorer.exe (DrawThemeBackgroundEx) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7417D9DA)
[Address] EAT @explorer.exe (DrawThemeEdge) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74183B52)
[Address] EAT @explorer.exe (DrawThemeIcon) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x741935E7)
[Address] EAT @explorer.exe (DrawThemeParentBackground) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x741653E5)
[Address] EAT @explorer.exe (DrawThemeParentBackgroundEx) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x741651BF)
[Address] EAT @explorer.exe (DrawThemeText) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74164EA1)
[Address] EAT @explorer.exe (DrawThemeTextEx) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x741663E6)
[Address] EAT @explorer.exe (EnableThemeDialogTexture) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7416FCAF)
[Address] EAT @explorer.exe (EnableTheming) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74192FEB)
[Address] EAT @explorer.exe (EndBufferedAnimation) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74163F9A)
[Address] EAT @explorer.exe (EndBufferedPaint) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74163F9A)
[Address] EAT @explorer.exe (EndPanningFeedback) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x741906CC)
[Address] EAT @explorer.exe (GetBufferedPaintBits) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74164BAF)
[Address] EAT @explorer.exe (GetBufferedPaintDC) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x741704BC)
[Address] EAT @explorer.exe (GetBufferedPaintTargetDC) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74170473)
[Address] EAT @explorer.exe (GetBufferedPaintTargetRect) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74192E7F)
[Address] EAT @explorer.exe (GetCurrentThemeName) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x741705DD)
[Address] EAT @explorer.exe (GetThemeAppProperties) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74170FB1)
[Address] EAT @explorer.exe (GetThemeBackgroundContentRect) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7416CD2E)
[Address] EAT @explorer.exe (GetThemeBackgroundExtent) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7416F8BF)
[Address] EAT @explorer.exe (GetThemeBackgroundRegion) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7417165D)
[Address] EAT @explorer.exe (GetThemeBitmap) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7416BF93)
[Address] EAT @explorer.exe (GetThemeBool) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74167C1F)
[Address] EAT @explorer.exe (GetThemeColor) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7416616C)
[Address] EAT @explorer.exe (GetThemeDocumentationProperty) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74192932)
[Address] EAT @explorer.exe (GetThemeEnumValue) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7416616C)
[Address] EAT @explorer.exe (GetThemeFilename) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74192412)
[Address] EAT @explorer.exe (GetThemeFont) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7416FF21)
[Address] EAT @explorer.exe (GetThemeInt) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7416616C)
[Address] EAT @explorer.exe (GetThemeIntList) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x741923B1)
[Address] EAT @explorer.exe (GetThemeMargins) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x741686E9)
[Address] EAT @explorer.exe (GetThemeMetric) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x741706E2)
[Address] EAT @explorer.exe (GetThemePartSize) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7416CDB1)
[Address] EAT @explorer.exe (GetThemePosition) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74192350)
[Address] EAT @explorer.exe (GetThemePropertyOrigin) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74183FBB)
[Address] EAT @explorer.exe (GetThemeRect) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74173611)
[Address] EAT @explorer.exe (GetThemeStream) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x741739D9)
[Address] EAT @explorer.exe (GetThemeString) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x741922E4)
[Address] EAT @explorer.exe (GetThemeSysBool) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74193172)
[Address] EAT @explorer.exe (GetThemeSysColor) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74183274)
[Address] EAT @explorer.exe (GetThemeSysColorBrush) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7419301E)
[Address] EAT @explorer.exe (GetThemeSysFont) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x741929C4)
[Address] EAT @explorer.exe (GetThemeSysInt) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74192BD3)
[Address] EAT @explorer.exe (GetThemeSysSize) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7419320B)
[Address] EAT @explorer.exe (GetThemeSysString) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74192B3F)
[Address] EAT @explorer.exe (GetThemeTextExtent) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74162D57)
[Address] EAT @explorer.exe (GetThemeTextMetrics) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7416F992)
[Address] EAT @explorer.exe (GetThemeTransitionDuration) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74171081)
[Address] EAT @explorer.exe (GetWindowTheme) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7416DF46)
[Address] EAT @explorer.exe (HitTestThemeBackground) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74173CE3)
[Address] EAT @explorer.exe (IsAppThemed) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7416F869)
[Address] EAT @explorer.exe (IsCompositionActive) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74162E9A)
[Address] EAT @explorer.exe (IsThemeActive) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7416F785)
[Address] EAT @explorer.exe (IsThemeBackgroundPartiallyTransparent) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x741660AB)
[Address] EAT @explorer.exe (IsThemeDialogTextureEnabled) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7419312B)
[Address] EAT @explorer.exe (IsThemePartDefined) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x741685B4)
[Address] EAT @explorer.exe (OpenThemeData) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x741673D2)
[Address] EAT @explorer.exe (OpenThemeDataEx) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74183D43)
[Address] EAT @explorer.exe (SetThemeAppProperties) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74193296)
[Address] EAT @explorer.exe (SetWindowTheme) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x74170134)
[Address] EAT @explorer.exe (SetWindowThemeAttribute) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7417CFE6)
[Address] EAT @explorer.exe (ThemeInitApiHook) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7416B176)
[Address] EAT @explorer.exe (UpdatePanningFeedback) : MMDevApi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x7419068D)
[Address] EAT @explorer.exe (DllCanUnloadNow) : EhStorAPI.dll -> HOOKED (C:\Windows\system32\SearchFolder.dll @ 0x685B29B6)
[Address] EAT @explorer.exe (DllGetClassObject) : EhStorAPI.dll -> HOOKED (C:\Windows\system32\SearchFolder.dll @ 0x685B3E5E)
[Address] EAT @explorer.exe (DllRegisterServer) : EhStorAPI.dll -> HOOKED (C:\Windows\system32\SearchFolder.dll @ 0x685FA698)
[Address] EAT @explorer.exe (DllUnregisterServer) : EhStorAPI.dll -> HOOKED (C:\Windows\system32\SearchFolder.dll @ 0x685FA698)
[Address] IAT @iexplore.exe (GetProcAddress) : KERNEL32.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x70E213C5)
[Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\system32\shlwapi.DLL @ 0x765546E9)
[Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\system32\shlwapi.DLL @ 0x765546E9)
[Address] EAT @iexplore.exe (BeginBufferedAnimation) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x741709AE)
[Address] EAT @iexplore.exe (BeginBufferedPaint) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x741649A1)
[Address] EAT @iexplore.exe (BeginPanningFeedback) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x74190731)
[Address] EAT @iexplore.exe (BufferedPaintClear) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x74166395)
[Address] EAT @iexplore.exe (BufferedPaintInit) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7416940E)
[Address] EAT @iexplore.exe (BufferedPaintRenderAnimation) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x741708ED)
[Address] EAT @iexplore.exe (BufferedPaintSetAlpha) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7417E6B3)
[Address] EAT @iexplore.exe (BufferedPaintStopAllAnimations) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7417D395)
[Address] EAT @iexplore.exe (BufferedPaintUnInit) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x741694AB)
[Address] EAT @iexplore.exe (CloseThemeData) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x74166A18)
[Address] EAT @iexplore.exe (DrawThemeBackground) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x74163982)
[Address] EAT @iexplore.exe (DrawThemeBackgroundEx) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7417D9DA)
[Address] EAT @iexplore.exe (DrawThemeEdge) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x74183B52)
[Address] EAT @iexplore.exe (DrawThemeIcon) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x741935E7)
[Address] EAT @iexplore.exe (DrawThemeParentBackground) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x741653E5)
[Address] EAT @iexplore.exe (DrawThemeParentBackgroundEx) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x741651BF)
[Address] EAT @iexplore.exe (DrawThemeText) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x74164EA1)
[Address] EAT @iexplore.exe (DrawThemeTextEx) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x741663E6)
[Address] EAT @iexplore.exe (EnableThemeDialogTexture) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7416FCAF)
[Address] EAT @iexplore.exe (EnableTheming) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x74192FEB)
[Address] EAT @iexplore.exe (EndBufferedAnimation) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x74163F9A)
[Address] EAT @iexplore.exe (EndBufferedPaint) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x74163F9A)
[Address] EAT @iexplore.exe (EndPanningFeedback) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x741906CC)
[Address] EAT @iexplore.exe (GetBufferedPaintBits) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x74164BAF)
[Address] EAT @iexplore.exe (GetBufferedPaintDC) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x741704BC)
[Address] EAT @iexplore.exe (GetBufferedPaintTargetDC) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x74170473)
[Address] EAT @iexplore.exe (GetBufferedPaintTargetRect) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x74192E7F)
[Address] EAT @iexplore.exe (GetCurrentThemeName) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x741705DD)
[Address] EAT @iexplore.exe (GetThemeAppProperties) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x74170FB1)
[Address] EAT @iexplore.exe (GetThemeBackgroundContentRect) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7416CD2E)
[Address] EAT @iexplore.exe (GetThemeBackgroundExtent) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7416F8BF)
[Address] EAT @iexplore.exe (GetThemeBackgroundRegion) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7417165D)
[Address] EAT @iexplore.exe (GetThemeBitmap) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7416BF93)
[Address] EAT @iexplore.exe (GetThemeBool) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x74167C1F)
[Address] EAT @iexplore.exe (GetThemeColor) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7416616C)
[Address] EAT @iexplore.exe (GetThemeDocumentationProperty) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x74192932)
[Address] EAT @iexplore.exe (GetThemeEnumValue) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7416616C)
[Address] EAT @iexplore.exe (GetThemeFilename) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x74192412)
[Address] EAT @iexplore.exe (GetThemeFont) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7416FF21)
[Address] EAT @iexplore.exe (GetThemeInt) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7416616C)
[Address] EAT @iexplore.exe (GetThemeIntList) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x741923B1)
[Address] EAT @iexplore.exe (GetThemeMargins) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x741686E9)
[Address] EAT @iexplore.exe (GetThemeMetric) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x741706E2)
[Address] EAT @iexplore.exe (GetThemePartSize) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7416CDB1)
[Address] EAT @iexplore.exe (GetThemePosition) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x74192350)
[Address] EAT @iexplore.exe (GetThemePropertyOrigin) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x74183FBB)
[Address] EAT @iexplore.exe (GetThemeRect) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x74173611)
[Address] EAT @iexplore.exe (GetThemeStream) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x741739D9)
[Address] EAT @iexplore.exe (GetThemeString) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x741922E4)
[Address] EAT @iexplore.exe (GetThemeSysBool) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x74193172)
[Address] EAT @iexplore.exe (GetThemeSysColor) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x74183274)
[Address] EAT @iexplore.exe (GetThemeSysColorBrush) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7419301E)
[Address] EAT @iexplore.exe (GetThemeSysFont) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x741929C4)
[Address] EAT @iexplore.exe (GetThemeSysInt) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x74192BD3)
[Address] EAT @iexplore.exe (GetThemeSysSize) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7419320B)
[Address] EAT @iexplore.exe (GetThemeSysString) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x74192B3F)
[Address] EAT @iexplore.exe (GetThemeTextExtent) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x74162D57)
[Address] EAT @iexplore.exe (GetThemeTextMetrics) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7416F992)
[Address] EAT @iexplore.exe (GetThemeTransitionDuration) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x74171081)
[Address] EAT @iexplore.exe (GetWindowTheme) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7416DF46)
[Address] EAT @iexplore.exe (HitTestThemeBackground) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x74173CE3)
[Address] EAT @iexplore.exe (IsAppThemed) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7416F869)
[Address] EAT @iexplore.exe (IsCompositionActive) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x74162E9A)
[Address] EAT @iexplore.exe (IsThemeActive) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7416F785)
[Address] EAT @iexplore.exe (IsThemeBackgroundPartiallyTransparent) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x741660AB)
[Address] EAT @iexplore.exe (IsThemeDialogTextureEnabled) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7419312B)
[Address] EAT @iexplore.exe (IsThemePartDefined) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x741685B4)
[Address] EAT @iexplore.exe (OpenThemeData) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x741673D2)
[Address] EAT @iexplore.exe (OpenThemeDataEx) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x74183D43)
[Address] EAT @iexplore.exe (SetThemeAppProperties) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x74193296)
[Address] EAT @iexplore.exe (SetWindowTheme) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x74170134)
[Address] EAT @iexplore.exe (SetWindowThemeAttribute) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7417CFE6)
[Address] EAT @iexplore.exe (ThemeInitApiHook) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7416B176)
[Address] EAT @iexplore.exe (UpdatePanningFeedback) : MMDevApi.dll -> HOOKED (C:\Windows\system32\uxtheme.dll @ 0x7419068D)
[Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\system32\shlwapi.DLL @ 0x765546E9)
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST500DM002-1BD142 ATA Device +++++
--- User ---
[MBR] ce7a1a086c24a369b7f6007802ce2750
[BSP] c735692ff819ca0f66c726b89c666bba : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 150005 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 307210995 | Size: 326932 MB
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_D_04092014_003350.txt >>
RKreport[0]_D_04092014_001449.txt;RKreport[0]_S_04082014_235145.txt;RKreport[0]_S_04092014_003243.txt

HitmanPro 3.7.9.216
www.hitmanpro.com
 
   Computer name . . . . : PC2012080221ibq
   Windows . . . . . . . : 6.1.1.7601.X86/2
   User name . . . . . . : PC2012080221ibq\Lord Pwnz
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2014-04-09 00:30:15
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 8m 37s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 39
 
   Objects scanned . . . : 1,241,698
   Files scanned . . . . : 53,182
   Remnants scanned  . . : 450,943 files / 737,573 keys
 
Suspicious files ____________________________________________________________
 
   C:\Users\Lord Pwnz\AppData\Local\PunkBuster\FC3\pb\pbcl.dll
      Size . . . . . . . : 953,886 bytes
      Age  . . . . . . . : 6.1 days (2014-04-02 21:40:28)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 6D5E2CD4A7A43EB00B600BA783AD3BEE6B817C030A40600D40367173A6ECEB13
      Fuzzy  . . . . . . : 31.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
         Program contains PE structure anomalies. This is not typical for most programs.
      Forensic Cluster
         -0.0s C:\Users\Lord Pwnz\AppData\Local\PunkBuster\
         -0.0s C:\Users\Lord Pwnz\AppData\Local\PunkBuster\FC3\
         -0.0s C:\Users\Lord Pwnz\AppData\Local\PunkBuster\FC3\pb\
         -0.0s C:\Users\Lord Pwnz\AppData\Local\PunkBuster\FC3\pb\pbclgame.cfg
         -0.0s C:\Users\Lord Pwnz\AppData\Local\PunkBuster\FC3\pb\pbcl.db
          0.0s C:\Users\Lord Pwnz\AppData\Local\PunkBuster\FC3\pb\pbcl.dll
          0.3s C:\Users\Lord Pwnz\AppData\Local\PunkBuster\FC3\pb\pbag.dll
          0.4s C:\Users\Lord Pwnz\AppData\Local\PunkBuster\FC3\pb\scrnshot\
          0.4s C:\Users\Lord Pwnz\AppData\Local\PunkBuster\FC3\pb\dll\
          0.4s C:\Users\Lord Pwnz\AppData\Local\PunkBuster\FC3\pb\htm\
 
   C:\Users\Lord Pwnz\AppData\Roaming\PnkBstrK.sys
      Size . . . . . . . : 138,904 bytes
      Age  . . . . . . . : 205.4 days (2013-09-15 15:49:57)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : DA71664514D8ED17F9D550E28258F75D771B17BFD367101007F06A611E9BBF28
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.
 
 
Potential Unwanted Programs _________________________________________________
 
   search.conduit.com
   C:\Users\T-user\AppData\Local\Google\Chrome\User Data\Default\Web Data
 
   HKU\S-1-5-21-4251438179-3114221706-532651990-1000\Software\AppDataLow\Software\Conduit\ (Conduit)
   HKU\S-1-5-21-4251438179[color=rgb(102,102,0)]-[/color][color=rgb(0,102,102)]3114221706[/color][color=rgb(102,102,0)]-[/color][color=rgb(0,102,102)]532651990[/color][color=rgb(102,102,0)]-[/color][color=rgb(0,102,102)]1000[/color]\Software\AppDataLow\Software\Smartbar\ [color=rgb(102,102,0)]([/color][color=rgb(102,0,102)]Conduit[/color][color=rgb(102,102,0)])[/color]
   HKU\S[color=rgb(102,102,0)]-[/color][color=rgb(0,102,102)]1[/color][color=rgb(102,102,0)]-[/color][color=rgb(0,102,102)]5[/color][color=rgb(102,102,0)]-[/color][color=rgb(0,102,102)]21[/color][color=rgb(102,102,0)]-[/color][color=rgb(0,102,102)]4251438179[/color][color=rgb(102,102,0)]-[/color][color=rgb(0,102,102)]3114221706[/color][color=rgb(102,102,0)]-[/color][color=rgb(0,102,102)]532651990[/color][color=rgb(102,102,0)]-[/color][color=rgb(0,102,102)]1000[/color]\Software\Conduit\ [color=rgb(102,102,0)]([/color][color=rgb(102,0,102)]Conduit[/color][color=rgb(102,102,0)])[/color]
   HKU\S[color=rgb(102,102,0)]-[/color][color=rgb(0,102,102)]1[/color][color=rgb(102,102,0)]-[/color][color=rgb(0,102,102)]5[/color][color=rgb(102,102,0)]-[/color][color=rgb(0,102,102)]21[/color][color=rgb(102,102,0)]-[/color][color=rgb(0,102,102)]4251438179[/color][color=rgb(102,102,0)]-[/color][color=rgb(0,102,102)]3114221706[/color][color=rgb(102,102,0)]-[/color][color=rgb(0,102,102)]532651990[/color][color=rgb(102,102,0)]-[/color][color=rgb(0,102,102)]1000[/color]\Software\Microsoft\Internet [color=rgb(102,0,102)]Explorer[/color]\SearchScopes\{afdbddaa[color=rgb(102,102,0)]-[/color][color=rgb(0,102,102)]5d3f[/color][color=rgb(102,102,0)]-[/color][color=rgb(0,102,102)]42ee[/color][color=rgb(102,102,0)]-[/color]b79c[color=rgb(102,102,0)]-[/color][color=rgb(0,102,102)]185a7020515b[/color][color=rgb(102,102,0)]}[/color]\ [color=rgb(102,102,0)]([/color][color=rgb(102,0,102)]Conduit[/color][color=rgb(102,102,0)])[/color]
 
[color=rgb(102,0,102)]Cookies[/color] _____________________________________________________________________
 
   C[color=rgb(102,102,0)]:[/color]\Users\Administrator\AppData\Local\Google\Chrome\User [color=rgb(102,0,102)]Data[/color]\Default\Cookies[color=rgb(102,102,0)]:[/color]ads[color=rgb(102,102,0)].[/color]ookla[color=rgb(102,102,0)].[/color]com
   C[color=rgb(102,102,0)]:[/color]\Users\Administrator\AppData\Local\Google\Chrome\User [color=rgb(102,0,102)]Data[/color]\Default\Cookies[color=rgb(102,102,0)]:[/color]doubleclick[color=rgb(102,102,0)].[/color]net
   C[color=rgb(102,102,0)]:[/color]\Users\Lord [color=rgb(102,0,102)]Pwnz[/color]\AppData\Local\Google\Chrome\User [color=rgb(102,0,102)]Data[/color]\Default\Cookies[color=rgb(102,102,0)]:[/color]doubleclick[color=rgb(102,102,0)].[/color]net
   C[color=rgb(102,102,0)]:[/color]\Users\Lord [color=rgb(102,0,102)]Pwnz[/color]\AppData\Local\Google\Chrome\User [color=rgb(102,0,102)]Data[/color]\Default\Cookies[color=rgb(102,102,0)]:[/color]yadro[color=rgb(102,102,0)].[/color]ru
   C[color=rgb(102,102,0)]:[/color]\Users\Lord [color=rgb(102,0,102)]Pwnz[/color]\AppData\Roaming\Microsoft\Windows\Cookies\9CDSL0U8[color=rgb(102,102,0)].[/color]txt
   C[color=rgb(102,102,0)]:[/color]\Users\T[color=rgb(102,102,0)]-[/color]user\AppData\Local\Google\Chrome\User [color=rgb(102,0,102)]Data[/color]\Default\Cookies[color=rgb(102,102,0)]:[/color]ad[color=rgb(102,102,0)].[/color]yieldmanager[color=rgb(102,102,0)].[/color]com
   C[color=rgb(102,102,0)]:[/color]\Users\T[color=rgb(102,102,0)]-[/color]user\AppData\Local\Google\Chrome\User [color=rgb(102,0,102)]Data[/color]\Default\Cookies[color=rgb(102,102,0)]:[/color]ads[color=rgb(102,102,0)].[/color]creative[color=rgb(102,102,0)]-[/color]serving[color=rgb(102,102,0)].[/color]com
   C[color=rgb(102,102,0)]:[/color]\Users\T[color=rgb(102,102,0)]-[/color]user\AppData\Local\Google\Chrome\User [color=rgb(102,0,102)]Data[/color]\Default\Cookies[color=rgb(102,102,0)]:[/color]ads[color=rgb(102,102,0)].[/color]p161[color=rgb(102,102,0)].[/color]net
   C[color=rgb(102,102,0)]:[/color]\Users\T[color=rgb(102,102,0)]-[/color]user\AppData\Local\Google\Chrome\User [color=rgb(102,0,102)]Data[/color]\Default\Cookies[color=rgb(102,102,0)]:[/color]ads[color=rgb(102,102,0)].[/color]pointroll[color=rgb(102,102,0)].[/color]com
   C[color=rgb(102,102,0)]:[/color]\Users\T[color=rgb(102,102,0)]-[/color]user\AppData\Local\Google\Chrome\User [color=rgb(102,0,102)]Data[/color]\Default\Cookies[color=rgb(102,102,0)]:[/color]adtechus[color=rgb(102,102,0)].[/color]com
   C[color=rgb(102,102,0)]:[/color]\Users\T[color=rgb(102,102,0)]-[/color]user\AppData\Local\Google\Chrome\User [color=rgb(102,0,102)]Data[/color]\Default\Cookies[color=rgb(102,102,0)]:[/color]adultadworld[color=rgb(102,102,0)].[/color]com
   C[color=rgb(102,102,0)]:[/color]\Users\T[color=rgb(102,102,0)]-[/color]user\AppData\Local\Google\Chrome\User [color=rgb(102,0,102)]Data[/color]\Default\Cookies[color=rgb(102,102,0)]:[/color]advertising[color=rgb(102,102,0)].[/color]com
   C[color=rgb(102,102,0)]:[/color]\Users\T[color=rgb(102,102,0)]-[/color]user\AppData\Local\Google\Chrome\User [color=rgb(102,0,102)]Data[/color]\Default\Cookies[color=rgb(102,102,0)]:[/color]apmebf[color=rgb(102,102,0)].[/color]com
   C[color=rgb(102,102,0)]:[/color]\Users\T[color=rgb(102,102,0)]-[/color]user\AppData\Local\Google\Chrome\User [color=rgb(102,0,102)]Data[/color]\Default\Cookies[color=rgb(102,102,0)]:[/color]atdmt[color=rgb(102,102,0)].[/color]com
   C[color=rgb(102,102,0)]:[/color]\Users\T[color=rgb(102,102,0)]-[/color]user\AppData\Local\Google\Chrome\User [color=rgb(102,0,102)]Data[/color]\Default\Cookies[color=rgb(102,102,0)]:[/color]casalemedia[color=rgb(102,102,0)].[/color]com
   C[color=rgb(102,102,0)]:[/color]\Users\T[color=rgb(102,102,0)]-[/color]user\AppData\Local\Google\Chrome\User [color=rgb(102,0,102)]Data[/color]\Default\Cookies[color=rgb(102,102,0)]:[/color]clickbank[color=rgb(102,102,0)].[/color]net
   C[color=rgb(102,102,0)]:[/color]\Users\T[color=rgb(102,102,0)]-[/color]user\AppData\Local\Google\Chrome\User [color=rgb(102,0,102)]Data[/color]\Default\Cookies[color=rgb(102,102,0)]:[/color]doubleclick[color=rgb(102,102,0)].[/color]net
   C[color=rgb(102,102,0)]:[/color]\Users\T[color=rgb(102,102,0)]-[/color]user\AppData\Local\Google\Chrome\User [color=rgb(102,0,102)]Data[/color]\Default\Cookies[color=rgb(102,102,0)]:[/color]ero[color=rgb(102,102,0)]-[/color]advertising[color=rgb(102,102,0)].[/color]com
   C[color=rgb(102,102,0)]:[/color]\Users\T[color=rgb(102,102,0)]-[/color]user\AppData\Local\Google\Chrome\User [color=rgb(102,0,102)]Data[/color]\Default\Cookies[color=rgb(102,102,0)]:[/color]exoclick[color=rgb(102,102,0)].[/color]com
   C[color=rgb(102,102,0)]:[/color]\Users\T[color=rgb(102,102,0)]-[/color]user\AppData\Local\Google\Chrome\User [color=rgb(102,0,102)]Data[/color]\Default\Cookies[color=rgb(102,102,0)]:[/color]fastclick[color=rgb(102,102,0)].[/color]net
   C[color=rgb(102,102,0)]:[/color]\Users\T[color=rgb(102,102,0)]-[/color]user\AppData\Local\Google\Chrome\User [color=rgb(102,0,102)]Data[/color]\Default\Cookies[color=rgb(102,102,0)]:[/color]invitemedia[color=rgb(102,102,0)].[/color]com
   C[color=rgb(102,102,0)]:[/color]\Users\T[color=rgb(102,102,0)]-[/color]user\AppData\Local\Google\Chrome\User [color=rgb(102,0,102)]Data[/color]\Default\Cookies[color=rgb(102,102,0)]:[/color]microsoftsto[color=rgb(102,102,0)].[/color][color=rgb(0,102,102)]112.2o7.net[/color]
   C[color=rgb(102,102,0)]:[/color]\Users\T[color=rgb(102,102,0)]-[/color]user\AppData\Local\Google\Chrome\User [color=rgb(102,0,102)]Data[/color]\Default\Cookies[color=rgb(102,102,0)]:[/color]newt1[color=rgb(102,102,0)].[/color]adultadworld[color=rgb(102,102,0)].[/color]com
   C[color=rgb(102,102,0)]:[/color]\Users\T[color=rgb(102,102,0)]-[/color]user\AppData\Local\Google\Chrome\User [color=rgb(102,0,102)]Data[/color]\Default\Cookies[color=rgb(102,102,0)]:[/color]pointroll[color=rgb(102,102,0)].[/color]com
   C[color=rgb(102,102,0)]:[/color]\Users\T[color=rgb(102,102,0)]-[/color]user\AppData\Local\Google\Chrome\User [color=rgb(102,0,102)]Data[/color]\Default\Cookies[color=rgb(102,102,0)]:[/color]ru4[color=rgb(102,102,0)].[/color]com
   C[color=rgb(102,102,0)]:[/color]\Users\T[color=rgb(102,102,0)]-[/color]user\AppData\Local\Google\Chrome\User [color=rgb(102,0,102)]Data[/color]\Default\Cookies[color=rgb(102,102,0)]:[/color]server[color=rgb(102,102,0)].[/color]cpmstar[color=rgb(102,102,0)].[/color]com
   C[color=rgb(102,102,0)]:[/color]\Users\T[color=rgb(102,102,0)]-[/color]user\AppData\Local\Google\Chrome\User [color=rgb(102,0,102)]Data[/color]\Default\Cookies[color=rgb(102,102,0)]:[/color]serving[color=rgb(102,102,0)]-[/color]sys[color=rgb(102,102,0)].[/color]com
   C[color=rgb(102,102,0)]:[/color]\Users\T[color=rgb(102,102,0)]-[/color]user\AppData\Local\Google\Chrome\User [color=rgb(102,0,102)]Data[/color]\Default\Cookies[color=rgb(102,102,0)]:[/color]sexier[color=rgb(102,102,0)].[/color]com
   C[color=rgb(102,102,0)]:[/color]\Users\T[color=rgb(102,102,0)]-[/color]user\AppData\Local\Google\Chrome\User [color=rgb(102,0,102)]Data[/color]\Default\Cookies[color=rgb(102,102,0)]:[/color]specificclick[color=rgb(102,102,0)].[/color]net
   C[color=rgb(102,102,0)]:[/color]\Users\T[color=rgb(102,102,0)]-[/color]user\AppData\Local\Google\Chrome\User [color=rgb(102,0,102)]Data[/color]\Default\Cookies[color=rgb(102,102,0)]:[/color]statcounter[color=rgb(102,102,0)].[/color]com
   C[color=rgb(102,102,0)]:[/color]\Users\T[color=rgb(102,102,0)]-[/color]user\AppData\Local\Google\Chrome\User [color=rgb(102,0,102)]Data[/color]\Default\Cookies[color=rgb(102,102,0)]:[/color]track[color=rgb(102,102,0)].[/color]adform[color=rgb(102,102,0)].[/color]net
   C[color=rgb(102,102,0)]:[/color]\Users\T[color=rgb(102,102,0)]-[/color]user\AppData\Local\Google\Chrome\User [color=rgb(102,0,102)]Data[/color]\Default\Cookies[color=rgb(102,102,0)]:[/color]yadro[color=rgb(102,102,0)].[/color]ru

DDS log
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.16428
Run by Lord Pwnz at 19:44:50 on 2014-04-09
Microsoft Windows 7 Professional   6.1.7601.1.1256.962.1033.18.1762.905 [GMT 3:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\IObit\Advanced SystemCare 7\RealTimeProtector.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.exe
C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - c:\program files\iobit\iobit uninstaller\UninstallExplorer32.dll
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - c:\program files\microsoft\bingbar\7.3.132.0\BingExt.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\program files\iobit\surfing protection\browerprotect\ASCPlugin_Protection.dll
BHO: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - <orphaned>
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - c:\program files\microsoft\bingbar\7.3.132.0\BingExt.dll
uRun: [Pando Media Booster] "c:\program files\pando networks\media booster\PMB.exe"
uRun: [Advanced SystemCare 7] "c:\program files\iobit\advanced systemcare 7\ASCTray.exe" /Auto
uRun: [CCleaner Monitoring] "c:\program files\ccleaner\CCleaner.exe" /MONITOR
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
mRun: [Persistence] "c:\windows\system32\igfxpers.exe"
mRun: [RTHDVCPL] "c:\program files\realtek\audio\hda\RtHDVCpl.exe" -s
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{4729273D-E19E-4FD1-A990-FF5B9E67D319} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\lord pwnz\appdata\roaming\mozilla\firefox\profiles\c623yd8c.default\
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\users\lord pwnz\appdata\local\facebook\messenger\2.1.4814.0\npFbDesktopPlugin.dll
FF - plugin: c:\users\lord pwnz\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_77.dll
FF - ExtSQL: 2014-03-29 22:51; ascsurfingprotection@iobit.com; c:\users\lord pwnz\appdata\roaming\mozilla\firefox\profiles\c623yd8c.default\extensions\ascsurfingprotection@iobit.com
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-23 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-23 175176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-2-17 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-2-17 369584]
R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files\iobit\advanced systemcare 7\ASCService.exe [2014-3-29 881952]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-2-17 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-2-17 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-2-27 46808]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-4-2 1809720]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-4-2 857912]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-4-16 39056]
R2 TeamViewer9;TeamViewer 9;c:\program files\teamviewer\version9\TeamViewer_Service.exe [2014-3-2 4915040]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.3.132.0\SeaPort.EXE [2014-3-11 247968]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2014-4-9 30976]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2012-8-2 69232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-4-2 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-4-2 107736]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-4-2 51416]
R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\TeeDriver.sys [2014-3-20 86488]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.3.132.0\BBSvc.EXE [2014-3-11 193696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 LiveUpdateSvc;LiveUpdate;c:\program files\iobit\liveupdate\LiveUpdate.exe [2014-3-29 2151200]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-9-21 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-4-8 108032]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2014-4-3 14848]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-11 139776]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-4-3 49664]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-7-1 1343400]
.
=============== Created Last 30 ================
.
2014-04-09 04:48:04 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{32825948-a62c-4313-9d9b-9229cccad890}\offreg.dll
2014-04-08 21:41:09 30976 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2014-04-08 21:16:09 -------- d-----w- c:\programdata\HitmanPro
2014-04-08 17:06:30 -------- d-----w- c:\program files\ESET
2014-04-07 14:37:50 -------- d-----w- c:\program files\VirtualDJ
2014-04-07 12:38:51 -------- d-----w- c:\users\lord pwnz\appdata\roaming\NCH Software
2014-04-07 12:38:48 -------- d-----w- c:\program files\NCH Software
2014-04-05 19:19:27 -------- d-sh--w- C:\$RECYCLE.BIN
2014-04-05 16:39:13 -------- d-----w- c:\program files\CCleaner
2014-04-05 13:12:44 -------- d-----w- c:\program files\VS Revo Group
2014-04-05 12:14:39 -------- d-----w- c:\users\lord pwnz\appdata\local\temp
2014-04-05 11:50:17 -------- d-----w- C:\AdwCleaner
2014-04-04 20:26:09 2616320 ----a-w- c:\windows\explorer.exe
2014-04-03 13:13:50 -------- d-----w- c:\users\lord pwnz\appdata\roaming\rmi
2014-04-03 13:13:43 -------- d-----w- c:\users\lord pwnz\appdata\local\rmi
2014-04-03 12:34:19 -------- d-----w- c:\users\lord pwnz\appdata\roaming\Wise Disk Cleaner
2014-04-03 12:34:13 -------- d-----w- c:\program files\Wise
2014-04-03 12:24:25 -------- d-----w- c:\program files\WinDirStat
2014-04-03 11:43:45 7969936 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{32825948-a62c-4313-9d9b-9229cccad890}\mpengine.dll
2014-04-03 11:07:28 240576 ----a-w- c:\windows\system32\drivers\netio.sys
2014-04-03 11:06:11 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-04-03 11:06:11 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-04-03 11:06:11 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-04-03 11:06:11 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-04-03 11:06:11 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-04-03 11:06:11 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-04-03 11:06:11 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-04-03 11:02:55 164864 ----a-w- c:\program files\windows media player\wmplayer.exe
2014-04-03 10:59:09 81408 ----a-w- c:\windows\system32\drivers\drmk.sys
2014-04-03 10:59:09 177152 ----a-w- c:\windows\system32\drivers\portcls.sys
2014-04-03 10:54:39 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-03 10:54:39 369848 ----a-w- c:\windows\system32\drivers\cng.sys
2014-04-03 10:54:39 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-03 10:49:24 115712 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-04-03 10:46:55 86016 ----a-w- c:\windows\system32\drivers\usbcir.sys
2014-04-03 10:46:55 80896 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2014-04-03 10:46:17 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2014-04-03 10:45:44 55808 ----a-w- c:\windows\system32\drivers\hidclass.sys
2014-04-03 10:45:44 25728 ----a-w- c:\windows\system32\drivers\hidparse.sys
2014-04-03 10:44:05 729024 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-04-03 10:44:05 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2014-04-03 10:30:49 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2014-04-03 10:30:49 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-04-03 10:29:01 49664 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2014-04-03 10:29:01 14848 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2014-04-03 10:25:40 133056 ----a-w- c:\windows\system32\drivers\ataport.sys
2014-04-03 10:16:18 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2014-04-03 10:14:40 680960 ----a-w- c:\program files\windows defender\MpSvc.dll
2014-04-03 10:14:40 392704 ----a-w- c:\program files\windows defender\MpClient.dll
2014-04-03 10:14:40 224768 ----a-w- c:\program files\windows defender\MpCommu.dll
2014-04-03 10:13:31 988672 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2014-04-03 10:13:31 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2014-04-03 10:13:31 936448 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2014-04-03 10:13:31 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2014-04-03 09:57:35 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys
2014-04-03 09:27:08 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-04-03 09:27:08 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-04-03 09:12:55 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2014-04-03 09:10:11 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2014-04-03 09:10:11 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2014-04-03 08:41:12 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2014-04-03 08:41:12 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2014-04-03 08:41:12 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2014-04-03 08:41:12 148864 ----a-w- c:\windows\system32\drivers\storport.sys
2014-04-03 08:41:12 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2014-04-03 08:41:12 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2014-04-03 08:39:21 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-04-02 20:28:07 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-02 20:27:42 73432 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-02 20:27:42 51416 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-02 20:27:41 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-02 20:27:41 -------- d-----w- c:\programdata\Malwarebytes
2014-04-02 20:27:41 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-04-02 18:40:28 -------- d-----w- c:\users\lord pwnz\appdata\local\PunkBuster
2014-03-30 11:27:11 -------- d-----w- C:\IObit
2014-03-29 16:51:07 -------- d-----w- c:\programdata\ProductData
2014-03-29 16:50:28 -------- d-----w- c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-03-29 13:26:49 -------- d-----w- c:\program files\VideoLAN
2014-03-20 10:53:57 -------- d-----w- c:\program files\Realtek
2014-03-20 10:53:24 5804772 ----a-w- c:\windows\system32\drivers\rtvienna.dat
2014-03-20 10:53:23 3001048 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2014-03-20 10:53:20 732833 ----a-w- c:\windows\system32\drivers\RTAIODAT.DAT
2014-03-20 10:45:11 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2014-03-20 10:44:52 86488 ----a-w- c:\windows\system32\drivers\TeeDriver.sys
2014-03-20 10:37:09 3768320 ----a-w- c:\windows\system32\drivers\igdkmd32.sys
2014-03-20 10:29:48 -------- d-----w- c:\users\lord pwnz\appdata\roaming\IObit
2014-03-20 10:29:48 -------- d-----w- c:\programdata\IObit
2014-03-20 10:29:42 -------- d-----w- c:\program files\IObit
.
==================== Find3M  ====================
.
2014-04-08 20:27:27 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-04-04 20:25:55 317440 ----a-w- c:\windows\system32\spoolsv.exe
2014-04-03 11:41:16 509440 ----a-w- c:\windows\system32\qedit.dll
2014-04-03 11:40:33 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-04-03 11:39:36 381440 ----a-w- c:\windows\system32\wer.dll
2014-04-03 11:38:57 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2014-04-03 11:38:57 185344 ----a-w- c:\windows\system32\wwansvc.dll
2014-04-03 11:30:45 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-04-03 11:30:45 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-04-03 11:09:45 87040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2014-04-03 11:09:45 87040 ----a-w- c:\windows\system32\secproc_ssp.dll
2014-04-03 11:09:45 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe
2014-04-03 11:09:45 572416 ----a-w- c:\windows\system32\RMActivate.exe
2014-04-03 11:09:45 510976 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2014-04-03 11:09:45 508928 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2014-04-03 11:09:45 428032 ----a-w- c:\windows\system32\secproc.dll
2014-04-03 11:09:45 423936 ----a-w- c:\windows\system32\secproc_isv.dll
2014-04-03 11:09:45 390144 ----a-w- c:\windows\system32\msdrm.dll
2014-04-03 11:04:23 301568 ----a-w- c:\windows\system32\msieftp.dll
2014-04-03 11:02:55 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2014-04-03 11:01:23 2048 ----a-w- c:\windows\system32\tzres.dll
2014-04-03 11:00:00 163840 ----a-w- c:\windows\system32\scrrun.dll
2014-04-03 11:00:00 141824 ----a-w- c:\windows\system32\wscript.exe
2014-04-03 11:00:00 126976 ----a-w- c:\windows\system32\cscript.exe
2014-04-03 11:00:00 121856 ----a-w- c:\windows\system32\wshom.ocx
2014-04-03 10:58:39 159232 ----a-w- c:\windows\system32\imagehlp.dll
2014-04-03 10:57:32 1796096 ----a-w- c:\windows\system32\authui.dll
2014-04-03 10:57:32 168960 ----a-w- c:\windows\system32\credui.dll
2014-04-03 10:57:32 152576 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2014-04-03 10:56:38 1168384 ----a-w- c:\windows\system32\crypt32.dll
2014-04-03 10:55:35 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-04-03 10:54:39 99840 ----a-w- c:\windows\system32\sspicli.dll
2014-04-03 10:54:39 247808 ----a-w- c:\windows\system32\schannel.dll
2014-04-03 10:54:39 220160 ----a-w- c:\windows\system32\ncrypt.dll
2014-04-03 10:54:39 22016 ----a-w- c:\windows\system32\secur32.dll
2014-04-03 10:54:39 22016 ----a-w- c:\windows\system32\lsass.exe
2014-04-03 10:54:39 15872 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-03 10:54:39 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-03 10:51:39 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
2014-04-03 10:51:39 656896 ----a-w- c:\windows\system32\nshwfp.dll
2014-04-03 10:51:39 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2014-04-03 10:51:06 530432 ----a-w- c:\windows\system32\comctl32.dll
2014-04-03 10:50:15 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2014-04-03 10:49:24 81920 ----a-w- c:\windows\system32\davclnt.dll
2014-04-03 10:49:24 205824 ----a-w- c:\windows\system32\WebClnt.dll
2014-04-03 10:48:52 640512 ----a-w- c:\windows\system32\advapi32.dll
2014-04-03 10:48:52 619520 ----a-w- c:\windows\system32\tdh.dll
2014-04-03 10:48:52 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2014-04-03 10:48:52 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
2014-04-03 10:48:52 1289096 ----a-w- c:\windows\system32\ntdll.dll
2014-04-03 10:48:16 434688 ----a-w- c:\windows\system32\scavengeui.dll
2014-04-03 10:44:47 70656 ----a-w- c:\windows\system32\fontsub.dll
2014-04-03 10:44:47 34304 ----a-w- c:\windows\system32\atmlib.dll
2014-04-03 10:44:47 295424 ----a-w- c:\windows\system32\atmfd.dll
2014-04-03 10:44:47 26112 ----a-w- c:\windows\system32\lpk.dll
2014-04-03 10:44:47 10240 ----a-w- c:\windows\system32\dciman32.dll
2014-04-03 10:32:52 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-04-03 10:32:10 1505280 ----a-w- c:\windows\system32\d3d11.dll
2014-04-03 10:30:49 231424 ----a-w- c:\windows\system32\mswsock.dll
2014-04-03 10:25:06 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2014-04-03 10:17:27 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2014-04-03 10:15:35 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2014-04-03 10:15:35 103936 ----a-w- c:\windows\system32\cryptnet.dll
2014-04-03 10:15:34 175104 ----a-w- c:\windows\system32\wintrust.dll
2014-04-03 10:01:14 492544 ----a-w- c:\windows\system32\win32spl.dll
2014-04-03 10:00:39 903168 ----a-w- c:\windows\system32\certutil.exe
2014-04-03 10:00:39 43008 ----a-w- c:\windows\system32\certenc.dll
2014-04-03 09:59:17 47104 ----a-w- c:\windows\system32\appinfo.dll
2014-04-03 09:59:17 101720 ----a-w- c:\windows\system32\consent.exe
2014-04-03 09:58:11 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2014-04-03 09:58:11 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2014-04-03 09:58:11 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2014-04-03 09:49:46 49152 ----a-w- c:\windows\system32\taskhost.exe
2014-04-03 09:49:24 626688 ----a-w- c:\windows\system32\usp10.dll
2014-04-03 09:27:08 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-04-03 09:27:08 613888 ----a-w- c:\windows\system32\WUDFx.dll
2014-04-03 09:27:08 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-04-03 09:27:08 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2014-04-03 09:27:08 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-04-03 09:13:38 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2014-04-03 09:13:38 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2014-04-03 09:12:55 52224 ----a-w- c:\windows\system32\nlaapi.dll
2014-04-03 09:12:55 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2014-04-03 09:12:55 242176 ----a-w- c:\windows\system32\nlasvc.dll
2014-04-03 09:12:55 18944 ----a-w- c:\windows\system32\netevent.dll
2014-04-03 09:12:55 175104 ----a-w- c:\windows\system32\netcorehc.dll
2014-04-03 09:12:55 156672 ----a-w- c:\windows\system32\ncsi.dll
2014-04-03 09:11:52 400896 ----a-w- c:\windows\system32\srcore.dll
2014-04-03 09:10:40 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2014-04-03 09:09:46 514560 ----a-w- c:\windows\system32\qdvd.dll
2014-04-03 09:09:28 164352 ----a-w- c:\windows\system32\profsvc.dll
2014-04-03 09:08:31 2342400 ----a-w- c:\windows\system32\msi.dll
2014-04-03 08:53:31 442880 ----a-w- c:\windows\system32\ntshrui.dll
2014-04-03 08:53:10 478720 ----a-w- c:\windows\system32\timedate.cpl
2014-04-03 08:41:12 74240 ----a-w- c:\windows\system32\fsutil.exe
2014-04-03 08:41:12 1699328 ----a-w- c:\windows\system32\esent.dll
2014-04-03 08:40:42 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2014-04-03 08:40:42 666624 ----a-w- c:\windows\system32\mssvp.dll
2014-04-03 08:40:42 59392 ----a-w- c:\windows\system32\msscntrs.dll
2014-04-03 08:40:42 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
.
============= FINISH: 19:46:01.83 ===============


ROGUEKILLER ATTACHMENT

Attached Files


Edited by boopme, 09 April 2014 - 01:46 PM.


BC AdBot (Login to Remove)

 


#2 MohRiyal

MohRiyal
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:31 AM

Posted 13 April 2014 - 08:40 AM

been 5 days

Bump?



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:31 PM

Posted 14 April 2014 - 11:50 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/530491 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 MohRiyal

MohRiyal
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:31 AM

Posted 16 April 2014 - 09:59 AM

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.16428
Run by Lord Pwnz at 17:56:50 on 2014-04-16
Microsoft Windows 7 Professional   6.1.7601.1.1256.962.1033.18.1762.519 [GMT 3:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\IObit\Advanced SystemCare 7\RealTimeProtector.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.exe
C:\Windows\Explorer.EXE
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.205\deploy\LoLLauncher.exe
C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.80\deploy\LolClient.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files\Voobly\voobly.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - c:\program files\iobit\iobit uninstaller\UninstallExplorer32.dll
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - c:\program files\microsoft\bingbar\7.3.132.0\BingExt.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\program files\iobit\surfing protection\browerprotect\ASCPlugin_Protection.dll
BHO: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - <orphaned>
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - c:\program files\microsoft\bingbar\7.3.132.0\BingExt.dll
uRun: [Pando Media Booster] "c:\program files\pando networks\media booster\PMB.exe"
uRun: [Advanced SystemCare 7] "c:\program files\iobit\advanced systemcare 7\ASCTray.exe" /Auto
uRun: [CCleaner Monitoring] "c:\program files\ccleaner\CCleaner.exe" /MONITOR
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
mRun: [Persistence] "c:\windows\system32\igfxpers.exe"
mRun: [RTHDVCPL] "c:\program files\realtek\audio\hda\RtHDVCpl.exe" -s
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{4729273D-E19E-4FD1-A990-FF5B9E67D319} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\lord pwnz\appdata\roaming\mozilla\firefox\profiles\c623yd8c.default\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\users\lord pwnz\appdata\local\facebook\messenger\2.1.4814.0\npFbDesktopPlugin.dll
FF - plugin: c:\users\lord pwnz\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_77.dll
FF - ExtSQL: 2014-03-29 22:51; ascsurfingprotection@iobit.com; c:\users\lord pwnz\appdata\roaming\mozilla\firefox\profiles\c623yd8c.default\extensions\ascsurfingprotection@iobit.com
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-23 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-23 175176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-2-17 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-2-17 369584]
R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files\iobit\advanced systemcare 7\ASCService.exe [2014-3-29 881952]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-2-17 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-2-17 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-2-27 46808]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-4-16 39056]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.3.132.0\SeaPort.EXE [2014-3-11 247968]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2012-8-2 69232]
R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\TeeDriver.sys [2014-3-20 86488]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.3.132.0\BBSvc.EXE [2014-3-11 193696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 LiveUpdateSvc;LiveUpdate;c:\program files\iobit\liveupdate\LiveUpdate.exe [2014-3-29 2151200]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-4-2 1809720]
S2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-4-2 857912]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-9-21 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2014-4-9 30976]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-4-8 108032]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-4-2 23256]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2014-4-3 14848]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-11 139776]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-4-3 49664]
.
=============== Created Last 30 ================
.
2014-04-16 00:24:41 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{32825948-a62c-4313-9d9b-9229cccad890}\offreg.dll
2014-04-15 22:26:00 93808 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2014-04-15 22:26:00 276592 ----a-w- c:\program files\mozilla firefox\updater.exe
2014-04-15 22:26:00 23186032 ----a-w- c:\program files\mozilla firefox\xul.dll
2014-04-15 22:26:00 170960 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
2014-04-09 03:51:55 2853 ----a-w- c:\users\lord pwnz\dds - Shortcut.pif
2014-04-08 21:41:09 30976 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2014-04-08 21:16:09 -------- d-----w- c:\programdata\HitmanPro
2014-04-08 20:27:27 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-04-08 20:04:37 -------- d-----w- c:\users\lord pwnz\RK_Quarantine
2014-04-08 17:06:30 -------- d-----w- c:\program files\ESET
2014-04-07 14:37:50 -------- d-----w- c:\program files\VirtualDJ
2014-04-07 12:38:51 -------- d-----w- c:\users\lord pwnz\appdata\roaming\NCH Software
2014-04-07 12:38:48 -------- d-----w- c:\program files\NCH Software
2014-04-05 19:19:27 -------- d-sh--w- C:\$RECYCLE.BIN
2014-04-05 16:39:13 -------- d-----w- c:\program files\CCleaner
2014-04-05 13:12:44 -------- d-----w- c:\program files\VS Revo Group
2014-04-05 12:14:39 -------- d-----w- c:\users\lord pwnz\appdata\local\temp
2014-04-05 11:50:17 -------- d-----w- C:\AdwCleaner
2014-04-04 20:26:09 2616320 ----a-w- c:\windows\explorer.exe
2014-04-04 20:25:55 317440 ----a-w- c:\windows\system32\spoolsv.exe
2014-04-03 13:13:50 -------- d-----w- c:\users\lord pwnz\appdata\roaming\rmi
2014-04-03 13:13:43 -------- d-----w- c:\users\lord pwnz\appdata\local\rmi
2014-04-03 12:34:19 -------- d-----w- c:\users\lord pwnz\appdata\roaming\Wise Disk Cleaner
2014-04-03 12:34:13 -------- d-----w- c:\program files\Wise
2014-04-03 12:24:25 -------- d-----w- c:\program files\WinDirStat
2014-04-03 11:43:45 7969936 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{32825948-a62c-4313-9d9b-9229cccad890}\mpengine.dll
2014-04-03 11:41:15 509440 ----a-w- c:\windows\system32\qedit.dll
2014-04-03 11:40:33 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-04-03 11:39:36 381440 ----a-w- c:\windows\system32\wer.dll
2014-04-03 11:38:57 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2014-04-03 11:38:57 185344 ----a-w- c:\windows\system32\wwansvc.dll
2014-04-03 11:30:45 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-04-03 11:30:45 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-04-03 11:09:45 87040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2014-04-03 11:09:45 87040 ----a-w- c:\windows\system32\secproc_ssp.dll
2014-04-03 11:09:45 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe
2014-04-03 11:09:45 572416 ----a-w- c:\windows\system32\RMActivate.exe
2014-04-03 11:09:45 510976 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2014-04-03 11:09:45 508928 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2014-04-03 11:09:45 428032 ----a-w- c:\windows\system32\secproc.dll
2014-04-03 11:09:45 423936 ----a-w- c:\windows\system32\secproc_isv.dll
2014-04-03 11:09:45 390144 ----a-w- c:\windows\system32\msdrm.dll
2014-04-03 11:07:28 240576 ----a-w- c:\windows\system32\drivers\netio.sys
2014-04-03 11:06:11 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-04-03 11:06:11 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-04-03 11:06:11 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-04-03 11:06:11 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-04-03 11:06:11 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-04-03 11:06:11 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-04-03 11:06:11 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-04-03 11:04:22 301568 ----a-w- c:\windows\system32\msieftp.dll
2014-04-03 11:02:55 164864 ----a-w- c:\program files\windows media player\wmplayer.exe
2014-04-03 11:02:55 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2014-04-03 11:01:23 2048 ----a-w- c:\windows\system32\tzres.dll
2014-04-03 11:00:00 163840 ----a-w- c:\windows\system32\scrrun.dll
2014-04-03 11:00:00 141824 ----a-w- c:\windows\system32\wscript.exe
2014-04-03 11:00:00 126976 ----a-w- c:\windows\system32\cscript.exe
2014-04-03 11:00:00 121856 ----a-w- c:\windows\system32\wshom.ocx
2014-04-03 10:59:09 81408 ----a-w- c:\windows\system32\drivers\drmk.sys
2014-04-03 10:59:09 177152 ----a-w- c:\windows\system32\drivers\portcls.sys
2014-04-03 10:58:39 159232 ----a-w- c:\windows\system32\imagehlp.dll
2014-04-03 10:57:32 1796096 ----a-w- c:\windows\system32\authui.dll
2014-04-03 10:57:32 168960 ----a-w- c:\windows\system32\credui.dll
2014-04-03 10:57:32 152576 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2014-04-03 10:56:38 1168384 ----a-w- c:\windows\system32\crypt32.dll
2014-04-03 10:55:35 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-04-03 10:54:39 99840 ----a-w- c:\windows\system32\sspicli.dll
2014-04-03 10:54:39 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-03 10:54:39 369848 ----a-w- c:\windows\system32\drivers\cng.sys
2014-04-03 10:54:39 247808 ----a-w- c:\windows\system32\schannel.dll
2014-04-03 10:54:39 220160 ----a-w- c:\windows\system32\ncrypt.dll
2014-04-03 10:54:39 22016 ----a-w- c:\windows\system32\secur32.dll
2014-04-03 10:54:39 22016 ----a-w- c:\windows\system32\lsass.exe
2014-04-03 10:54:39 15872 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-03 10:54:39 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-03 10:54:39 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-03 10:51:39 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
2014-04-03 10:51:39 656896 ----a-w- c:\windows\system32\nshwfp.dll
2014-04-03 10:51:39 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2014-04-03 10:51:06 530432 ----a-w- c:\windows\system32\comctl32.dll
2014-04-03 10:50:15 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2014-04-03 10:49:24 81920 ----a-w- c:\windows\system32\davclnt.dll
2014-04-03 10:49:24 205824 ----a-w- c:\windows\system32\WebClnt.dll
2014-04-03 10:49:24 115712 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-04-03 10:48:52 640512 ----a-w- c:\windows\system32\advapi32.dll
2014-04-03 10:48:52 619520 ----a-w- c:\windows\system32\tdh.dll
2014-04-03 10:48:52 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2014-04-03 10:48:52 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
2014-04-03 10:48:52 1289096 ----a-w- c:\windows\system32\ntdll.dll
2014-04-03 10:48:16 434688 ----a-w- c:\windows\system32\scavengeui.dll
2014-04-03 10:46:55 86016 ----a-w- c:\windows\system32\drivers\usbcir.sys
2014-04-03 10:46:55 80896 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2014-04-03 10:46:17 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2014-04-03 10:45:44 55808 ----a-w- c:\windows\system32\drivers\hidclass.sys
2014-04-03 10:45:44 25728 ----a-w- c:\windows\system32\drivers\hidparse.sys
2014-04-03 10:44:47 70656 ----a-w- c:\windows\system32\fontsub.dll
2014-04-03 10:44:47 34304 ----a-w- c:\windows\system32\atmlib.dll
2014-04-03 10:44:47 295424 ----a-w- c:\windows\system32\atmfd.dll
2014-04-03 10:44:47 26112 ----a-w- c:\windows\system32\lpk.dll
2014-04-03 10:44:47 10240 ----a-w- c:\windows\system32\dciman32.dll
2014-04-03 10:44:05 729024 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-04-03 10:44:05 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2014-04-03 10:32:52 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-04-03 10:32:10 1505280 ----a-w- c:\windows\system32\d3d11.dll
2014-04-03 10:30:49 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2014-04-03 10:30:49 231424 ----a-w- c:\windows\system32\mswsock.dll
2014-04-03 10:30:49 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-04-03 10:25:40 133056 ----a-w- c:\windows\system32\drivers\ataport.sys
2014-04-03 10:25:06 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2014-04-03 10:17:27 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2014-04-03 10:16:18 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2014-04-03 10:15:35 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2014-04-03 10:15:35 103936 ----a-w- c:\windows\system32\cryptnet.dll
2014-04-03 10:15:34 175104 ----a-w- c:\windows\system32\wintrust.dll
2014-04-03 10:14:40 680960 ----a-w- c:\program files\windows defender\MpSvc.dll
2014-04-03 10:14:40 392704 ----a-w- c:\program files\windows defender\MpClient.dll
2014-04-03 10:14:40 224768 ----a-w- c:\program files\windows defender\MpCommu.dll
2014-04-03 10:13:31 988672 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2014-04-03 10:13:31 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2014-04-03 10:13:31 936448 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2014-04-03 10:13:31 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2014-04-03 10:01:14 492544 ----a-w- c:\windows\system32\win32spl.dll
2014-04-03 10:00:39 903168 ----a-w- c:\windows\system32\certutil.exe
2014-04-03 10:00:39 43008 ----a-w- c:\windows\system32\certenc.dll
2014-04-03 09:59:17 47104 ----a-w- c:\windows\system32\appinfo.dll
2014-04-03 09:59:17 101720 ----a-w- c:\windows\system32\consent.exe
2014-04-03 09:57:35 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys
2014-04-03 09:49:46 49152 ----a-w- c:\windows\system32\taskhost.exe
2014-04-03 09:49:24 626688 ----a-w- c:\windows\system32\usp10.dll
2014-04-03 09:27:08 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-04-03 09:27:08 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-04-03 09:27:08 613888 ----a-w- c:\windows\system32\WUDFx.dll
2014-04-03 09:27:08 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-04-03 09:27:08 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2014-04-03 09:27:08 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-04-03 09:27:08 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-04-03 09:13:38 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2014-04-03 09:13:38 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2014-04-03 09:12:55 52224 ----a-w- c:\windows\system32\nlaapi.dll
2014-04-03 09:12:55 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2014-04-03 09:12:55 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2014-04-03 09:12:55 242176 ----a-w- c:\windows\system32\nlasvc.dll
2014-04-03 09:12:55 18944 ----a-w- c:\windows\system32\netevent.dll
2014-04-03 09:12:55 175104 ----a-w- c:\windows\system32\netcorehc.dll
2014-04-03 09:12:55 156672 ----a-w- c:\windows\system32\ncsi.dll
2014-04-03 09:11:52 400896 ----a-w- c:\windows\system32\srcore.dll
2014-04-03 09:10:40 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2014-04-03 09:10:11 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2014-04-03 09:10:11 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2014-04-03 09:09:46 514560 ----a-w- c:\windows\system32\qdvd.dll
2014-04-03 09:09:28 164352 ----a-w- c:\windows\system32\profsvc.dll
2014-04-03 09:08:31 2342400 ----a-w- c:\windows\system32\msi.dll
2014-04-03 08:53:31 442880 ----a-w- c:\windows\system32\ntshrui.dll
2014-04-03 08:53:10 478720 ----a-w- c:\windows\system32\timedate.cpl
2014-04-03 08:41:12 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2014-04-03 08:41:12 74240 ----a-w- c:\windows\system32\fsutil.exe
2014-04-03 08:41:12 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2014-04-03 08:41:12 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2014-04-03 08:41:12 1699328 ----a-w- c:\windows\system32\esent.dll
2014-04-03 08:41:12 148864 ----a-w- c:\windows\system32\drivers\storport.sys
2014-04-03 08:41:12 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2014-04-03 08:41:12 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2014-04-03 08:40:42 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2014-04-03 08:40:42 666624 ----a-w- c:\windows\system32\mssvp.dll
2014-04-03 08:40:42 59392 ----a-w- c:\windows\system32\msscntrs.dll
2014-04-03 08:40:42 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2014-04-03 08:40:42 337408 ----a-w- c:\windows\system32\mssph.dll
2014-04-03 08:40:42 197120 ----a-w- c:\windows\system32\mssphtb.dll
2014-04-03 08:40:42 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2014-04-03 08:40:42 1549312 ----a-w- c:\windows\system32\tquery.dll
2014-04-03 08:40:42 1401344 ----a-w- c:\windows\system32\mssrch.dll
2014-04-03 08:39:21 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-04-03 08:38:39 31232 ----a-w- c:\windows\system32\prevhost.exe
2014-04-03 08:37:40 24384 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2014-04-02 20:28:07 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-02 20:27:42 73432 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-02 20:27:42 51416 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-02 20:27:41 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-02 20:27:41 -------- d-----w- c:\programdata\Malwarebytes
2014-04-02 20:27:41 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-04-02 18:40:28 -------- d-----w- c:\users\lord pwnz\appdata\local\PunkBuster
2014-03-30 11:27:11 -------- d-----w- C:\IObit
2014-03-29 16:51:07 -------- d-----w- c:\programdata\ProductData
2014-03-29 16:50:28 -------- d-----w- c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-03-29 13:26:49 -------- d-----w- c:\program files\VideoLAN
2014-03-20 10:45:11 9728 ----a-w- c:\windows\system32\Wdfres.dll
2014-03-20 10:45:11 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2014-03-20 10:44:52 86488 ----a-w- c:\windows\system32\drivers\TeeDriver.sys
2014-03-20 10:44:52 1629040 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
2014-03-20 10:29:48 -------- d-----w- c:\users\lord pwnz\appdata\roaming\IObit
2014-03-20 10:29:48 -------- d-----w- c:\programdata\IObit
2014-03-20 10:29:42 -------- d-----w- c:\program files\IObit
.
==================== Find3M  ====================
.
2014-04-08 20:27:27 906240 ----a-w- c:\windows\system32\FntCache.dll
2014-04-03 10:29:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-04-03 09:58:11 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2014-04-03 09:58:11 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2014-04-03 09:58:11 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2014-03-20 10:53:25 819648 ----a-w- c:\windows\system32\tadefxapo2.dll
2014-03-20 10:37:13 59904 ----a-w- c:\windows\system32\igfxsrvc.dll
2014-03-12 19:09:47 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 19:09:47 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-22 14:52:25 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-22 14:52:25 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-01-22 14:52:25 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-22 14:52:24 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-01-22 14:52:23 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-01-22 14:51:40 41664 ----a-w- c:\windows\avastSS.scr
.
============= FINISH: 17:59:03.36 ===============
dds new log


#5 MohRiyal

MohRiyal
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:31 AM

Posted 16 April 2014 - 10:05 AM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional 
Boot Device: \Device\HarddiskVolume1
Install Date: 02/08/2012 09:38:32 م
System Uptime: 15/04/2014 10:18:09 ص (31 hours ago)
.
Motherboard: Foxconn                |  | H61MXL/H61MXL-K       
Processor: Intel® Pentium® CPU G620 @ 2.60GHz | SOCKET 0 | 1586/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 146 GiB total, 29.32 GiB free.
D: is FIXED (NTFS) - 319 GiB total, 284.057 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
Adobe AIR
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
Advanced SystemCare 7
Age of Wushu
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
avast! Free Antivirus
Batman: Arkham Asylum GOTY Edition
Bing Bar
CCleaner
Crysis 2 Maximum Edition
Dota 2
Driver Booster
EAX™ Unified (SHELL)
ESET Online Scanner v3
Facebook Messenger 2.1.4814.0
Golden Al-Wafi Translator
Google Chrome
Google Drive
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Intel® Processor Graphics
IObit Uninstaller
JavaFX 2.1.1
Junk Mail filter update
K-Lite Codec Pack 5.7.0 (Full)
League of Legends
Malwarebytes Anti-Malware version 2.0.1.1004
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft_VC100_CRT_SP1_x86
Mirror's Edge
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSVC80_x86_v2
MSVC90_x86
MSVCRT
Nokia Connectivity Cable Driver
NVIDIA PhysX
OpenAL
ophcrack 3.6.0
Origin
Pando Media Booster
Password Safe
PC Connectivity Solution
PowerISO
Rainmeter
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Revo Uninstaller 1.95
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
Skype™ 5.8
Steam
Surfing Protection
TeamViewer 9
The Plan
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition
VirtualDJ Home FREE
VLC media player 2.1.3
Voobly
WinDirStat 1.1.2
Windows Driver Package - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver
Wise Disk Cleaner 8.06
Yahoo! Messenger
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
15/04/2014 10:20:15 ص, Error: Service Control Manager [7034]  - The LiveUpdate service terminated unexpectedly.  It has done this 1 time(s).
15/04/2014 08:25:56 ص, Error: Service Control Manager [7034]  - The LiveUpdate service terminated unexpectedly.  It has done this 1 time(s).
14/04/2014 02:56:31 م, Error: Service Control Manager [7034]  - The LiveUpdate service terminated unexpectedly.  It has done this 1 time(s).
13/04/2014 07:12:33 م, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
13/04/2014 02:44:44 م, Error: Service Control Manager [7034]  - The LiveUpdate service terminated unexpectedly.  It has done this 1 time(s).
12/04/2014 11:54:39 ص, Error: Service Control Manager [7034]  - The LiveUpdate service terminated unexpectedly.  It has done this 1 time(s).
12/04/2014 11:52:57 ص, Error: EventLog [6008]  - The previous system shutdown at 11:52:01 ص on ‏12/‏04/‏2014 was unexpected.
12/04/2014 11:50:18 ص, Error: Service Control Manager [7022]  - The Windows Search service hung on starting.
12/04/2014 11:47:50 ص, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.
12/04/2014 11:47:41 ص, Error: Service Control Manager [7022]  - The خدمة تحديث Google (gupdate) service hung on starting.
11/04/2014 07:18:24 م, Error: Service Control Manager [7034]  - The LiveUpdate service terminated unexpectedly.  It has done this 1 time(s).
09/04/2014 12:43:26 ص, Error: Service Control Manager [7034]  - The LiveUpdate service terminated unexpectedly.  It has done this 1 time(s).
09/04/2014 12:42:03 ص, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.
09/04/2014 12:41:37 ص, Error: Service Control Manager [7024]  - The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error The operation completed successfully..
09/04/2014 12:36:11 ص, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {0C0A3666-30C9-11D0-8F20-00805F2CD064}  and APPID  {9209B1A6-964A-11D0-9372-00A0C9034910}  to the user PC2012080221ibq\Lord Pwnz SID (S-1-5-21-4251438179-3114221706-532651990-1002) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
09/04/2014 12:34:07 ص, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {0C0A3666-30C9-11D0-8F20-00805F2CD064}  and APPID  {9209B1A6-964A-11D0-9372-00A0C9034910}  to the user PC2012080221ibq\Lord Pwnz SID (S-1-5-21-4251438179-3114221706-532651990-1002) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
09/04/2014 12:31:28 ص, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {0C0A3666-30C9-11D0-8F20-00805F2CD064}  and APPID  {9209B1A6-964A-11D0-9372-00A0C9034910}  to the user PC2012080221ibq\Lord Pwnz SID (S-1-5-21-4251438179-3114221706-532651990-1002) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
09/04/2014 12:29:15 ص, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {0C0A3666-30C9-11D0-8F20-00805F2CD064}  and APPID  {9209B1A6-964A-11D0-9372-00A0C9034910}  to the user PC2012080221ibq\Lord Pwnz SID (S-1-5-21-4251438179-3114221706-532651990-1002) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
09/04/2014 12:26:45 ص, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {0C0A3666-30C9-11D0-8F20-00805F2CD064}  and APPID  {9209B1A6-964A-11D0-9372-00A0C9034910}  to the user PC2012080221ibq\Lord Pwnz SID (S-1-5-21-4251438179-3114221706-532651990-1002) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
09/04/2014 12:26:36 ص, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {0C0A3666-30C9-11D0-8F20-00805F2CD064}  and APPID  {9209B1A6-964A-11D0-9372-00A0C9034910}  to the user PC2012080221ibq\Lord Pwnz SID (S-1-5-21-4251438179-3114221706-532651990-1002) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
09/04/2014 12:18:09 ص, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {0C0A3666-30C9-11D0-8F20-00805F2CD064}  and APPID  {9209B1A6-964A-11D0-9372-00A0C9034910}  to the user PC2012080221ibq\Lord Pwnz SID (S-1-5-21-4251438179-3114221706-532651990-1002) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
09/04/2014 07:44:00 م, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {0C0A3666-30C9-11D0-8F20-00805F2CD064}  and APPID  {9209B1A6-964A-11D0-9372-00A0C9034910}  to the user PC2012080221ibq\Lord Pwnz SID (S-1-5-21-4251438179-3114221706-532651990-1002) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================
 attach..

i dont have windows cd and my system is 32 bit windows 7 professional



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:31 PM

Posted 18 April 2014 - 08:22 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:31 PM

Posted 18 April 2014 - 08:29 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

#8 MohRiyal

MohRiyal
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:31 AM

Posted 20 April 2014 - 07:09 AM

Adware log

 

# AdwCleaner v3.100 - Report created 20/04/2014 at 15:04:23
# Updated 20/04/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Lord Pwnz - PC2012080221ibq
# Running from : C:\Users\Lord Pwnz\Desktop\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files\Wise
Folder Deleted : C:\Users\LORDPW~1\AppData\Local\Temp\AI_RecycleBin
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49B4-9D64-90988571CECB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5C255C8A-E604-49B4-9D64-90988571CECB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Mozilla Firefox v22.0 (en-US)
 
[ File : C:\Users\T-user\AppData\Roaming\Mozilla\Firefox\Profiles\xn7lqtcx.default\prefs.js ]
 
 
[ File : C:\Users\Lord Pwnz\AppData\Roaming\Mozilla\Firefox\Profiles\c623yd8c.default\prefs.js ]
 
 
-\\ Google Chrome v26.0.1410.64
 
[ File : C:\Users\T-user\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Lord Pwnz\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [5528 octets] - [05/04/2014 14:52:09]
AdwCleaner[R1].txt - [1519 octets] - [08/04/2014 19:57:48]
AdwCleaner[R2].txt - [2946 octets] - [20/04/2014 14:43:41]
AdwCleaner[S0].txt - [5572 octets] - [05/04/2014 14:53:21]
AdwCleaner[S1].txt - [1586 octets] - [08/04/2014 20:01:15]
AdwCleaner[S2].txt - [2773 octets] - [20/04/2014 15:04:23]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2833 octets] ##########


#9 MohRiyal

MohRiyal
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:31 AM

Posted 20 April 2014 - 07:43 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-04-2014
Ran by Lord Pwnz (administrator) on PC2012080221ibq on 20-04-2014 15:40:49
Running from C:\Users\Lord Pwnz\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(IObit) C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.132.0\BBSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
() C:\Program Files\Pando Networks\Media Booster\PMB.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe
(Curse, Inc) C:\Users\Lord Pwnz\AppData\Roaming\Curse Client\Bin\Curse.exe
() C:\Program Files\IObit\Advanced SystemCare 7\RealTimeProtector.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(RealNetworks, Inc.) C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2014-01-22] (AVAST Software)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2013-07-06] (RealNetworks, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-04-20] (Realtek Semiconductor)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-07-02] (Microsoft Corporation)
HKU\S-1-5-21-4251438179-3114221706-532651990-1002\...\Run: [Pando Media Booster] => C:\Program Files\Pando Networks\Media Booster\PMB.exe [4284976 2013-04-24] ()
HKU\S-1-5-21-4251438179-3114221706-532651990-1002\...\Run: [Advanced SystemCare 7] => C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe [2288928 2014-02-11] (IObit)
Startup: C:\Users\Lord Pwnz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk
ShortcutTarget: Curse.lnk -> C:\Users\Lord Pwnz\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA858BDB1EF50CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ar-JO
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://arabic.arabia.msn.com/?ocid=iehp
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO: No Name - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -  No File
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Lord Pwnz\AppData\Roaming\Mozilla\Firefox\Profiles\c623yd8c.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @real.com/nppl3260;version=16.0.2.32 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.2.32 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Lord Pwnz\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\Lord Pwnz\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Lord Pwnz\AppData\Roaming\Mozilla\Firefox\Profiles\c623yd8c.default\Extensions\ascsurfingprotection@iobit.com [2014-03-29]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-02-17]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-07-06]
FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U17) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Extension: (Google Docs) - C:\Users\Lord Pwnz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-31]
CHR Extension: (Google Drive) - C:\Users\Lord Pwnz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-31]
CHR Extension: (YouTube) - C:\Users\Lord Pwnz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-31]
CHR Extension: (Google Search) - C:\Users\Lord Pwnz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-31]
CHR Extension: (Chrome Speak) - C:\Users\Lord Pwnz\AppData\Local\Google\Chrome\User Data\Default\Extensions\diagnfimeecdcecjpnkjgbnlelkclcpj [2013-09-14]
CHR Extension: (Parking Mania™) - C:\Users\Lord Pwnz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dliaancdkclmoacockpgpcopnfcjgmpe [2013-09-14]
CHR Extension: (RealDownloader) - C:\Users\Lord Pwnz\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-07-06]
CHR Extension: (American Racing) - C:\Users\Lord Pwnz\AppData\Local\Google\Chrome\User Data\Default\Extensions\klfneahoibjkdlonilmnkkncopeiomoc [2013-09-14]
CHR Extension: (Bump copter) - C:\Users\Lord Pwnz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmpaoegkpkcojfnopdodefgaajcjchni [2013-09-14]
CHR Extension: (FabOracle) - C:\Users\Lord Pwnz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ockfhnmchipbofjgljobjnclompckala [2013-09-14]
CHR Extension: (Gmail) - C:\Users\Lord Pwnz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-31]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
R2 AdvancedSystemCareService7; C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2014-01-22] (AVAST Software)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279024 2014-03-20] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
 
==================== Drivers (Whitelisted) ====================
 
R2 aswFsBlk; C:\Windows\system32\Drivers\aswFsBlk.sys [29816 2014-01-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2014-01-22] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2014-01-22] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49376 2014-01-22] ()
R1 aswSnx; C:\Windows\system32\Drivers\aswSnx.sys [770344 2014-01-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [369584 2014-01-22] (AVAST Software)
R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [56080 2014-01-22] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [175176 2014-01-22] ()
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30976 2014-04-09] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-04-17] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\TeeDriver.sys [86488 2014-03-20] (Intel Corporation)
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 FXDrv32; \??\E:\FXDrv32.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-20 15:40 - 2014-04-20 15:41 - 00017475 _____ () C:\Users\Lord Pwnz\Desktop\FRST.txt
2014-04-20 15:40 - 2014-04-20 15:40 - 00000000 ____D () C:\FRST
2014-04-20 15:39 - 2014-04-20 15:40 - 01043968 _____ (Farbar) C:\Users\Lord Pwnz\Desktop\FRST.exe
2014-04-20 15:24 - 2014-04-20 15:24 - 56270336 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes.dat
2014-04-20 15:24 - 2014-04-20 15:24 - 28031576 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA.dll
2014-04-20 15:24 - 2014-04-20 15:24 - 14463064 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek.dll
2014-04-20 15:24 - 2014-04-20 15:24 - 11736152 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO30.dll
2014-04-20 15:24 - 2014-04-20 15:24 - 05804772 _____ () C:\Windows\system32\Drivers\rtvienna.dat
2014-04-20 15:24 - 2014-04-20 15:24 - 03650136 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnN.dll
2014-04-20 15:24 - 2014-04-20 15:24 - 03017112 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2014-04-20 15:24 - 2014-04-20 15:24 - 02467544 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO.dll
2014-04-20 15:24 - 2014-04-20 15:24 - 02421792 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
2014-04-20 15:24 - 2014-04-20 15:24 - 01936472 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2014-04-20 15:24 - 2014-04-20 15:24 - 01823320 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
2014-04-20 15:24 - 2014-04-20 15:24 - 01687128 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek2.dll
2014-04-20 15:24 - 2014-04-20 15:24 - 01266776 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO60.dll
2014-04-20 15:24 - 2014-04-20 15:24 - 01143408 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO50.dll
2014-04-20 15:24 - 2014-04-20 15:24 - 01143408 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO40.dll
2014-04-20 15:24 - 2014-04-20 15:24 - 00948336 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO.dll
2014-04-20 15:24 - 2014-04-20 15:24 - 00915160 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
2014-04-20 15:24 - 2014-04-20 15:24 - 00874584 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell.dll
2014-04-20 15:24 - 2014-04-20 15:24 - 00785520 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO20.dll
2014-04-20 15:24 - 2014-04-20 15:24 - 00782040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2014-04-20 15:24 - 2014-04-20 15:24 - 00757301 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-04-20 15:06 - 2014-04-20 15:38 - 00000271 _____ () C:\Windows\setupact.log
2014-04-20 15:06 - 2014-04-20 15:06 - 00015192 _____ () C:\Windows\PFRO.log
2014-04-20 15:06 - 2014-04-20 15:06 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-20 14:41 - 2014-04-20 14:41 - 01308369 _____ () C:\Users\Lord Pwnz\Desktop\adwcleaner.exe
2014-04-18 13:44 - 2014-04-18 13:44 - 00001016 _____ () C:\Users\Lord Pwnz\Desktop\Curse.lnk
2014-04-18 13:44 - 2014-04-18 13:44 - 00000000 ____D () C:\Users\Lord Pwnz\AppData\Roaming\Curse Advertising
2014-04-18 13:43 - 2014-04-20 14:43 - 00000000 ____D () C:\Users\Lord Pwnz\AppData\Roaming\Curse Client
2014-04-18 13:43 - 2014-04-18 13:43 - 00001002 _____ () C:\Users\Lord Pwnz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
2014-04-18 13:43 - 2014-04-18 13:43 - 00000000 ____D () C:\Users\Lord Pwnz\AppData\Roaming\Curse
2014-04-18 13:39 - 2014-04-18 13:42 - 37398440 _____ (Curse) C:\Users\Lord Pwnz\Desktop\CurseClientSetup.exe
2014-04-16 18:01 - 2014-04-16 18:01 - 00003166 _____ () C:\Users\Lord Pwnz\Desktop\attach.zip
2014-04-16 18:01 - 2014-04-16 18:01 - 00003117 _____ () C:\Users\Lord Pwnz\Desktop\attac36h.rar
2014-04-16 18:00 - 2014-04-16 18:00 - 00003117 _____ () C:\Users\Lord Pwnz\Desktop\attach.rar
2014-04-16 01:25 - 2014-04-16 01:26 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-15 21:24 - 2014-04-15 21:24 - 02359350 _____ () C:\Users\Lord Pwnz\11.bmp
2014-04-14 23:36 - 2014-04-20 00:21 - 00001439 _____ () C:\Users\Lord Pwnz\DANAFACTS.txt
2014-04-12 21:08 - 2014-04-12 21:08 - 00252609 _____ () C:\Users\Lord Pwnz\dead_suicide_fingers_hanging_finger_desktop_1440x900_wallpaper-140926.jpeg
2014-04-11 19:40 - 2014-04-11 19:40 - 00000376 _____ () C:\Users\Lord Pwnz\pwsafe.psafe3
2014-04-11 19:39 - 2014-04-11 19:39 - 00000000 ____D () C:\Users\Lord Pwnz\Documents\My Safes
2014-04-10 12:17 - 2014-04-10 12:18 - 09942276 _____ (Voobly ) C:\Users\Lord Pwnz\Desktop\voobly-v2.1.66.28.exe
2014-04-09 19:53 - 2014-04-09 19:53 - 00003885 _____ () C:\Users\Lord Pwnz\Desktop\attach22.zip
2014-04-09 06:59 - 2014-04-09 06:59 - 00003870 _____ () C:\Users\Lord Pwnz\Desktop\attach1.zip
2014-04-09 06:55 - 2014-04-16 17:59 - 00026891 _____ () C:\Users\Lord Pwnz\dds.txt
2014-04-09 06:55 - 2014-04-16 17:59 - 00012405 _____ () C:\Users\Lord Pwnz\attach.txt
2014-04-09 06:52 - 2014-04-09 06:52 - 00688992 ____R (Swearware) C:\Users\Lord Pwnz\dds.com
2014-04-09 06:51 - 2014-04-09 06:51 - 00002853 _____ () C:\Users\Lord Pwnz\dds - Shortcut.pif
2014-04-09 06:50 - 2014-04-09 06:50 - 00688992 _____ (Swearware) C:\Users\Lord Pwnz\Downloads\dds.com
2014-04-09 00:41 - 2014-04-09 00:41 - 00030976 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-04-09 00:39 - 2014-04-09 00:39 - 00014362 _____ () C:\Users\Lord Pwnz\HitmanPro_20140409_0039.log
2014-04-09 00:39 - 2014-04-09 00:39 - 00001416 _____ () C:\Windows\system32\.crusader
2014-04-09 00:33 - 2014-04-09 00:33 - 00151135 _____ () C:\Users\Lord Pwnz\RKreport[0]_D_04092014_003350.txt
2014-04-09 00:32 - 2014-04-09 00:32 - 00151097 _____ () C:\Users\Lord Pwnz\RKreport[0]_S_04092014_003243.txt
2014-04-09 00:29 - 2014-04-09 00:29 - 03972608 _____ () C:\Users\Lord Pwnz\Downloads\RogueKiller (2).exe
2014-04-09 00:27 - 2014-04-09 00:27 - 03972608 _____ () C:\Users\Lord Pwnz\Downloads\RogueKiller (1).exe
2014-04-09 00:16 - 2014-04-09 00:39 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-09 00:15 - 2014-04-09 00:16 - 10094400 _____ (SurfRight B.V.) C:\Users\Lord Pwnz\Downloads\HitmanPro.exe
2014-04-09 00:14 - 2014-04-09 00:14 - 00141011 _____ () C:\Users\Lord Pwnz\RKreport[0]_D_04092014_001449.txt
2014-04-08 23:51 - 2014-04-08 23:51 - 00140974 _____ () C:\Users\Lord Pwnz\RKreport[0]_S_04082014_235145.txt
2014-04-08 23:28 - 2014-04-08 23:28 - 17142784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 11220992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 04240384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-08 23:28 - 2014-04-08 23:28 - 02166272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 01926656 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-08 23:28 - 2014-04-08 23:28 - 01818112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 01156608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-08 23:28 - 2014-04-08 23:28 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-04-08 23:28 - 2014-04-08 23:28 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-04-08 23:28 - 2014-04-08 23:28 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-08 23:28 - 2014-04-08 23:28 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-04-08 23:28 - 2014-04-08 23:28 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-04-08 23:28 - 2014-04-08 23:28 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-08 23:28 - 2014-04-08 23:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-08 23:28 - 2014-04-08 23:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-04-08 23:28 - 2014-04-08 23:28 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-04-08 23:28 - 2014-04-08 23:28 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-04-08 23:28 - 2014-04-08 23:28 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-04-08 23:28 - 2014-04-08 23:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-04-08 23:28 - 2014-04-08 23:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-04-08 23:22 - 2014-04-08 23:22 - 02077392 _____ (Microsoft Corporation) C:\Users\Lord Pwnz\Downloads\IE11-Windows6.1.exe
2014-04-08 23:04 - 2014-04-09 00:14 - 00000000 ____D () C:\Users\Lord Pwnz\RK_Quarantine
2014-04-08 23:04 - 2014-04-08 23:04 - 03972608 _____ () C:\Users\Lord Pwnz\Downloads\RogueKiller.exe
2014-04-08 21:55 - 2014-04-08 21:55 - 00000814 _____ () C:\Users\Lord Pwnz\Esetscan11.txt
2014-04-08 20:06 - 2014-04-08 20:06 - 00000000 ____D () C:\Program Files\ESET
2014-04-08 20:05 - 2014-04-08 20:06 - 02347384 _____ (ESET) C:\Users\Lord Pwnz\Downloads\esetsmartinstaller_enu.exe
2014-04-07 17:43 - 2014-04-07 17:43 - 00014532 _____ () C:\Users\Lord Pwnz\Desktop\Tetrix Bass Feat_ Veela - The Light (Original Mix)-[www_flvto_com] - Shortcut.lnk
2014-04-07 17:42 - 2014-04-07 17:42 - 00000085 _____ () C:\Users\Lord Pwnz\Lil Wayne - Drop The World ft_ Eminem-[www_flvto_com].m3u
2014-04-07 17:40 - 2014-04-07 17:40 - 00000077 _____ () C:\Users\Lord Pwnz\Lil Wayne - Mirror ft_ Bruno Mars-[www_flvto_com].m3u
2014-04-07 17:38 - 2014-04-07 17:38 - 00000974 _____ () C:\Users\Lord Pwnz\Desktop\VirtualDJ Home FREE.lnk
2014-04-07 17:38 - 2014-04-07 17:38 - 00000000 ____D () C:\Users\Lord Pwnz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
2014-04-07 17:37 - 2014-04-08 19:53 - 00000000 ____D () C:\Users\Lord Pwnz\Documents\VirtualDJ
2014-04-07 17:37 - 2014-04-07 17:38 - 00000000 ____D () C:\Program Files\VirtualDJ
2014-04-07 17:29 - 2014-04-07 17:32 - 39178560 _____ (Atomix Productions) C:\Users\Lord Pwnz\Downloads\install_virtualdj_home_v7.4.1.exe
2014-04-07 15:38 - 2014-04-07 17:20 - 00000000 ____D () C:\Program Files\NCH Software
2014-04-07 15:38 - 2014-04-07 15:38 - 00000000 ____D () C:\Users\Lord Pwnz\AppData\Roaming\NCH Software
2014-04-07 15:38 - 2014-04-07 15:38 - 00000000 ____D () C:\ProgramData\NCH Software
2014-04-05 22:38 - 2014-04-05 22:38 - 00000000 ____D () C:\Users\Lord Pwnz\Desktop\Programsss
2014-04-05 19:53 - 2014-04-05 19:53 - 00000000 ____D () C:\Users\Lord Pwnz\Downloads\backups
2014-04-05 19:43 - 2014-04-05 19:43 - 00388608 _____ (Trend Micro Inc.) C:\Users\Lord Pwnz\Downloads\HijackThis.exe
2014-04-05 19:43 - 2014-04-05 19:43 - 00007589 _____ () C:\Users\Lord Pwnz\Downloads\hijackthis.log
2014-04-05 19:39 - 2014-04-20 15:10 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-05 16:19 - 2014-04-05 16:19 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-05 16:12 - 2014-04-05 16:12 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Lord Pwnz\Downloads\revosetup.exe
2014-04-05 16:12 - 2014-04-05 16:12 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-04-05 15:03 - 2014-04-05 22:16 - 00000000 ____D () C:\Windows\erdnt
2014-04-05 14:51 - 2014-04-05 14:51 - 00001296 _____ () C:\Users\Lord Pwnz\pcfex1.txt
2014-04-05 14:50 - 2014-04-20 15:04 - 00000000 ____D () C:\AdwCleaner
2014-04-05 14:49 - 2014-04-05 14:50 - 01426178 _____ () C:\Users\Lord Pwnz\Downloads\adwcleaner.exe
2014-04-05 11:23 - 2014-04-05 11:23 - 00002329 _____ () C:\Users\Lord Pwnz\ferkreyyy.txt
2014-04-05 11:18 - 2014-04-05 11:18 - 00000092 _____ () C:\Users\Lord Pwnz\fexx.txt
2014-04-05 07:32 - 2014-04-08 20:03 - 00418664 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-05 07:31 - 2014-04-05 07:31 - 50339840 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2014-04-05 07:31 - 2014-04-05 07:31 - 00339968 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak
2014-04-05 07:31 - 2014-04-05 07:31 - 00102400 _____ () C:\Windows\system32\config\SAM.iodefrag.bak
2014-04-05 07:31 - 2014-04-05 07:31 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak
2014-04-05 07:31 - 2014-04-05 07:31 - 00000000 _____ () C:\asc_rdflag
2014-04-04 23:26 - 2014-04-04 23:26 - 02616320 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-04-04 23:25 - 2014-04-04 23:25 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2014-04-03 16:14 - 2014-04-08 15:19 - 00111616 _____ () C:\Users\Lord Pwnz\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-03 16:13 - 2014-04-05 22:03 - 00000000 ____D () C:\Users\Lord Pwnz\AppData\Roaming\rmi
2014-04-03 16:13 - 2014-04-05 10:21 - 00000000 ____D () C:\Users\Lord Pwnz\AppData\Local\rmi
2014-04-03 16:13 - 2014-04-03 16:13 - 00092128 _____ () C:\Users\Lord Pwnz\Downloads\ccleaner.exe
2014-04-03 16:04 - 2014-04-03 16:04 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\IObit
2014-04-03 15:34 - 2014-04-03 16:12 - 00000000 ____D () C:\Users\Lord Pwnz\AppData\Roaming\Wise Disk Cleaner
2014-04-03 15:34 - 2014-04-03 15:34 - 00001132 _____ () C:\Users\Public\Desktop\Wise Disk Cleaner.lnk
2014-04-03 15:24 - 2014-04-03 15:24 - 00000959 _____ () C:\Users\T-user\Desktop\WinDirStat.lnk
2014-04-03 15:24 - 2014-04-03 15:24 - 00000959 _____ () C:\Users\Administrator\Desktop\WinDirStat.lnk
2014-04-03 15:24 - 2014-04-03 15:24 - 00000000 ____D () C:\Program Files\WinDirStat
2014-04-03 15:23 - 2014-04-03 15:23 - 00645729 _____ (WDS Team) C:\Users\Lord Pwnz\Downloads\windirstat1_1_2_setup.exe
2014-04-03 14:41 - 2014-04-03 14:41 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-04-03 14:40 - 2014-04-03 14:40 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-04-03 14:39 - 2014-04-03 14:39 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-04-03 14:38 - 2014-04-03 14:38 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-04-03 14:38 - 2014-04-03 14:38 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2014-04-03 14:30 - 2014-04-03 14:30 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-04-03 14:30 - 2014-04-03 14:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-04-03 14:10 - 2014-04-03 14:10 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-04-03 14:09 - 2014-04-03 14:09 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-04-03 14:09 - 2014-04-03 14:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-04-03 14:09 - 2014-04-03 14:09 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-04-03 14:09 - 2014-04-03 14:09 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-04-03 14:09 - 2014-04-03 14:09 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-04-03 14:09 - 2014-04-03 14:09 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-04-03 14:09 - 2014-04-03 14:09 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-04-03 14:09 - 2014-04-03 14:09 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-04-03 14:09 - 2014-04-03 14:09 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-04-03 14:07 - 2014-04-03 14:07 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-04-03 14:06 - 2014-04-03 14:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-04-03 14:06 - 2014-04-03 14:06 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-04-03 14:06 - 2014-04-03 14:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-04-03 14:06 - 2014-04-03 14:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-04-03 14:06 - 2014-04-03 14:06 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-04-03 14:06 - 2014-04-03 14:06 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-04-03 14:06 - 2014-04-03 14:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-04-03 14:04 - 2014-04-03 14:04 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-04-03 14:02 - 2014-04-03 14:02 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-04-03 14:02 - 2014-04-03 14:02 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-04-03 14:01 - 2014-04-03 14:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-04-03 14:00 - 2014-04-03 14:00 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-04-03 14:00 - 2014-04-03 14:00 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-04-03 14:00 - 2014-04-03 14:00 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-04-03 14:00 - 2014-04-03 14:00 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-04-03 13:59 - 2014-04-03 13:59 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-04-03 13:59 - 2014-04-03 13:59 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-04-03 13:58 - 2014-04-03 13:58 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-04-03 13:57 - 2014-04-03 13:57 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-04-03 13:57 - 2014-04-03 13:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-04-03 13:57 - 2014-04-03 13:57 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-04-03 13:56 - 2014-04-03 13:56 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-04-03 13:55 - 2014-04-03 13:55 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-04-03 13:54 - 2014-04-03 13:54 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-04-03 13:54 - 2014-04-03 13:54 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-04-03 13:54 - 2014-04-03 13:54 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-04-03 13:54 - 2014-04-03 13:54 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-04-03 13:54 - 2014-04-03 13:54 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-04-03 13:54 - 2014-04-03 13:54 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-04-03 13:54 - 2014-04-03 13:54 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-04-03 13:54 - 2014-04-03 13:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-04-03 13:54 - 2014-04-03 13:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-04-03 13:54 - 2014-04-03 13:54 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-04-03 13:51 - 2014-04-03 13:51 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-04-03 13:51 - 2014-04-03 13:51 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-04-03 13:51 - 2014-04-03 13:51 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-04-03 13:51 - 2014-04-03 13:51 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-04-03 13:50 - 2014-04-03 13:50 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2014-04-03 13:49 - 2014-04-03 13:49 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-04-03 13:49 - 2014-04-03 13:49 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-04-03 13:49 - 2014-04-03 13:49 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-04-03 13:48 - 2014-04-03 13:48 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-04-03 13:48 - 2014-04-03 13:48 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-04-03 13:48 - 2014-04-03 13:48 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-04-03 13:48 - 2014-04-03 13:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-04-03 13:48 - 2014-04-03 13:48 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-04-03 13:48 - 2014-04-03 13:48 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2014-04-03 13:46 - 2014-04-03 13:46 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-04-03 13:46 - 2014-04-03 13:46 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2014-04-03 13:46 - 2014-04-03 13:46 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2014-04-03 13:45 - 2014-04-03 13:45 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-04-03 13:45 - 2014-04-03 13:45 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-04-03 13:44 - 2014-04-03 13:44 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-04-03 13:44 - 2014-04-03 13:44 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-04-03 13:44 - 2014-04-03 13:44 - 00218984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-04-03 13:44 - 2014-04-03 13:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-04-03 13:44 - 2014-04-03 13:44 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-04-03 13:44 - 2014-04-03 13:44 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2014-04-03 13:44 - 2014-04-03 13:44 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-04-03 13:32 - 2014-04-03 13:32 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-04-03 13:32 - 2014-04-03 13:32 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-04-03 13:30 - 2014-04-03 13:30 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-04-03 13:30 - 2014-04-03 13:30 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-04-03 13:30 - 2014-04-03 13:30 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 04916224 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 02739712 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 01048064 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-04-03 13:29 - 2014-04-03 13:29 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-04-03 13:29 - 2014-04-03 13:29 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-04-03 13:29 - 2014-04-03 13:29 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-04-03 13:29 - 2014-04-03 13:29 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-04-03 13:29 - 2014-04-03 13:29 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-04-03 13:29 - 2014-04-03 13:29 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-04-03 13:29 - 2014-04-03 13:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-04-03 13:26 - 2014-04-03 13:26 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-04-03 13:26 - 2014-04-03 13:26 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-04-03 13:25 - 2014-04-03 13:25 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-04-03 13:25 - 2014-04-03 13:25 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2014-04-03 13:17 - 2014-04-03 13:17 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-04-03 13:16 - 2014-04-03 13:16 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-04-03 13:15 - 2014-04-03 13:15 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-04-03 13:15 - 2014-04-03 13:15 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-04-03 13:15 - 2014-04-03 13:15 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-04-03 13:01 - 2014-04-03 13:01 - 00492544 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-04-03 13:00 - 2014-04-03 13:00 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2014-04-03 13:00 - 2014-04-03 13:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2014-04-03 12:59 - 2014-04-03 12:59 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-04-03 12:59 - 2014-04-03 12:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-04-03 12:57 - 2014-04-03 12:57 - 00196328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2014-04-03 12:49 - 2014-04-03 12:49 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-04-03 12:49 - 2014-04-03 12:49 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2014-04-03 12:48 - 2014-04-03 12:48 - 02576384 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2014-04-03 12:48 - 2014-04-03 12:48 - 00308736 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2014-04-03 12:48 - 2014-04-03 12:48 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2014-04-03 12:48 - 2014-04-03 12:48 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2014-04-03 12:48 - 2014-04-03 12:48 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2014-04-03 12:48 - 2014-04-03 12:48 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2014-04-03 12:48 - 2014-04-03 12:48 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2014-04-03 12:48 - 2014-04-03 12:48 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2014-04-03 12:48 - 2014-04-03 12:48 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2014-04-03 12:48 - 2014-04-03 12:48 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2014-04-03 12:48 - 2014-04-03 12:48 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2014-04-03 12:48 - 2014-04-03 12:48 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2014-04-03 12:48 - 2014-04-03 12:48 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2014-04-03 12:48 - 2014-04-03 12:48 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2014-04-03 12:48 - 2014-04-03 12:48 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2014-04-03 12:48 - 2014-04-03 12:48 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2014-04-03 12:27 - 2014-04-03 12:27 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2014-04-03 12:27 - 2014-04-03 12:27 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-04-03 12:27 - 2014-04-03 12:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-04-03 12:27 - 2014-04-03 12:27 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-04-03 12:27 - 2014-04-03 12:27 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-04-03 12:27 - 2014-04-03 12:27 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-04-03 12:27 - 2014-04-03 12:27 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2014-04-03 12:27 - 2014-04-03 12:27 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2014-04-03 12:13 - 2014-04-03 12:13 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2014-04-03 12:13 - 2014-04-03 12:13 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2014-04-03 12:12 - 2014-04-03 12:12 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-04-03 12:12 - 2014-04-03 12:12 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2014-04-03 12:12 - 2014-04-03 12:12 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2014-04-03 12:12 - 2014-04-03 12:12 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2014-04-03 12:12 - 2014-04-03 12:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2014-04-03 12:12 - 2014-04-03 12:12 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2014-04-03 12:12 - 2014-04-03 12:12 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2014-04-03 12:11 - 2014-04-03 12:11 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-04-03 12:10 - 2014-04-03 12:10 - 00712048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2014-04-03 12:10 - 2014-04-03 12:10 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2014-04-03 12:10 - 2014-04-03 12:10 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2014-04-03 12:09 - 2014-04-03 12:09 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-04-03 12:09 - 2014-04-03 12:09 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-04-03 12:08 - 2014-04-03 12:08 - 02342400 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-04-03 11:53 - 2014-04-03 11:53 - 00478720 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2014-04-03 11:53 - 2014-04-03 11:53 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2014-04-03 11:42 - 2014-04-03 11:42 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
2014-04-03 11:41 - 2014-04-03 11:41 - 01699328 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2014-04-03 11:41 - 2014-04-03 11:41 - 00332160 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2014-04-03 11:41 - 2014-04-03 11:41 - 00148864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-03 11:41 - 2014-04-03 11:41 - 00143744 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2014-04-03 11:41 - 2014-04-03 11:41 - 00117120 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2014-04-03 11:41 - 2014-04-03 11:41 - 00080256 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2014-04-03 11:41 - 2014-04-03 11:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-04-03 11:41 - 2014-04-03 11:41 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2014-04-03 11:41 - 2014-04-03 11:41 - 00022400 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2014-04-03 11:40 - 2014-04-03 11:40 - 01549312 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2014-04-03 11:40 - 2014-04-03 11:40 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2014-04-03 11:40 - 2014-04-03 11:40 - 00666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2014-04-03 11:40 - 2014-04-03 11:40 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2014-04-03 11:40 - 2014-04-03 11:40 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2014-04-03 11:40 - 2014-04-03 11:40 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2014-04-03 11:40 - 2014-04-03 11:40 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2014-04-03 11:40 - 2014-04-03 11:40 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2014-04-03 11:40 - 2014-04-03 11:40 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2014-04-03 11:39 - 2014-04-03 11:39 - 00027008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-03 11:38 - 2014-04-03 11:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe
2014-04-03 11:37 - 2014-02-17 13:41 - 00024384 _____ (IObit) C:\Windows\system32\RegistryDefragBootTime.exe
2014-04-03 11:34 - 2014-04-04 23:21 - 51851264 _____ () C:\Windows\system32\config\SOFTWARE.iobit
2014-04-03 11:34 - 2014-04-04 23:21 - 00339968 _____ () C:\Windows\system32\config\DEFAULT.iobit
2014-04-03 11:34 - 2014-04-04 23:21 - 00102400 _____ () C:\Windows\system32\config\SAM.iobit
2014-04-03 11:34 - 2014-04-04 23:21 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iobit
2014-04-03 00:38 - 2014-04-03 00:39 - 01440846 _____ () C:\Users\Lord Pwnz\Downloads\mbam-chameleon-1.62.1.1000.zip
2014-04-02 23:28 - 2014-04-17 18:16 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-02 23:27 - 2014-04-05 07:40 - 00001030 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-02 23:27 - 2014-04-05 07:40 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-02 23:27 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-02 23:27 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-02 23:27 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 23:27 - 2014-04-02 23:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-02 23:25 - 2014-04-02 23:27 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Lord Pwnz\Downloads\mb3-setup-1878.1878-3.5.1.2522.exe
2014-04-02 21:40 - 2014-04-02 21:40 - 00000000 ____D () C:\Users\Lord Pwnz\AppData\Local\PunkBuster
2014-04-02 07:27 - 2014-04-02 09:09 - 00000000 ____D () C:\Users\Lord Pwnz\Downloads\Far Cry 3 PC full game EN-FR-DE-ES-IT ^^nosTEAM^^
2014-04-02 07:19 - 2014-04-02 07:23 - 55113868 _____ () C:\Program Files\FarCry3.zip
2014-04-02 06:39 - 2014-04-02 21:26 - 00000000 ____D () C:\Users\Lord Pwnz\AppData\Roaming\Bioshock
2014-04-02 06:39 - 2014-04-02 07:00 - 00000000 ____D () C:\Users\Lord Pwnz\Documents\Bioshock
2014-04-01 20:38 - 2014-04-02 01:07 - 00000000 ____D () C:\Users\Lord Pwnz\Downloads\BioShock PC full game ^^nosTEAM^^
2014-04-01 20:32 - 2014-04-01 20:32 - 00021226 _____ () C:\Users\Lord Pwnz\Downloads\[kickass.to]bioshock.2007.v1.1.repack.full.english.spanish.torrent
2014-04-01 17:44 - 2014-04-01 17:44 - 00022372 _____ () C:\Users\Lord Pwnz\Downloads\a-walk-to-remember-arabic-yify-10369 (1).zip
2014-04-01 17:07 - 2014-04-01 17:07 - 00022372 _____ () C:\Users\Lord Pwnz\Downloads\a-walk-to-remember-arabic-yify-10369.zip
2014-04-01 14:47 - 2014-04-01 14:54 - 00000000 ____D () C:\Users\Lord Pwnz\Downloads\A Walk to Remember (2002)
2014-04-01 14:47 - 2014-04-01 14:47 - 00008759 _____ () C:\Users\Lord Pwnz\Downloads\A_Walk_to_Remember_2002_720p_BluRay_x264_YIFY_mp4.torrent
2014-03-31 23:20 - 2014-04-19 21:09 - 00000000 ____D () C:\Users\Lord Pwnz\Desktop\Dorios the hand of noxus
2014-03-31 19:00 - 2014-04-20 15:37 - 00000392 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Lord Pwnz.job
2014-03-31 19:00 - 2014-04-20 15:06 - 00000386 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Lord Pwnz.job
2014-03-31 19:00 - 2014-04-19 19:17 - 00000382 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Lord Pwnz.job
2014-03-30 14:27 - 2014-03-30 14:27 - 00000000 ____D () C:\IObit
2014-03-30 00:42 - 2014-03-30 00:42 - 00026644 _____ () C:\Users\Lord Pwnz\Downloads\macros.zip
2014-03-29 19:51 - 2014-03-29 19:51 - 00000000 ____D () C:\Users\Lord Pwnz\AppData\Roaming\Apple Computer
2014-03-29 19:51 - 2014-03-29 19:51 - 00000000 ____D () C:\ProgramData\ProductData
2014-03-29 19:50 - 2014-04-12 16:20 - 00002121 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2014-03-29 19:50 - 2014-03-29 19:50 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-03-29 16:48 - 2014-03-29 16:48 - 00070214 _____ () C:\Users\Lord Pwnz\Downloads\the-wolf-of-wall-street_arabic-844892.zip
2014-03-29 16:27 - 2014-04-01 19:59 - 00000000 ____D () C:\Users\Lord Pwnz\AppData\Roaming\vlc
2014-03-29 16:26 - 2014-03-29 16:26 - 00000000 ____D () C:\Program Files\VideoLAN
2014-03-29 16:21 - 2014-03-29 16:25 - 24677393 _____ () C:\Users\Lord Pwnz\Downloads\vlc-2.1.3-win32.exe
2014-03-29 16:12 - 2014-03-29 16:12 - 00000014 _____ () C:\Users\Lord Pwnz\rassedeedd.txt
2014-03-29 04:04 - 2014-03-29 04:04 - 00000142 _____ () C:\Users\Lord Pwnz\Loz weit k.txt
2014-03-26 20:37 - 2014-03-26 20:37 - 00017642 _____ () C:\Users\Lord Pwnz\Downloads\Voobly.rar
2014-03-24 21:20 - 2014-03-24 21:20 - 00000084 _____ () C:\Users\Lord Pwnz\GRAPHIC PROBLEM.txt
2014-03-24 20:01 - 2008-10-06 15:11 - 00202752 _____ () C:\Users\Lord Pwnz\GTASAsf1.b
2014-03-24 19:58 - 2014-03-24 19:58 - 00053577 _____ () C:\Users\Lord Pwnz\Downloads\GTASA.SaveGame.By.EHABISAAC.rar
2014-03-23 15:33 - 2014-03-23 16:15 - 00000000 ____D () C:\Users\Lord Pwnz\Documents\GTA San Andreas User Files
2014-03-23 00:56 - 2014-03-23 08:23 - 00000000 ____D () C:\Users\Lord Pwnz\Downloads\GTA San Andreas
2014-03-22 19:46 - 2014-03-22 19:46 - 00012728 _____ () C:\Users\Lord Pwnz\badmon plz.txt
 
==================== One Month Modified Files and Folders =======
 
2014-04-20 15:42 - 2013-04-24 20:19 - 00000000 ____D () C:\Users\Lord Pwnz\AppData\Local\PMB Files
2014-04-20 15:41 - 2014-04-20 15:40 - 00017475 _____ () C:\Users\Lord Pwnz\Desktop\FRST.txt
2014-04-20 15:40 - 2014-04-20 15:40 - 00000000 ____D () C:\FRST
2014-04-20 15:40 - 2014-04-20 15:39 - 01043968 _____ (Farbar) C:\Users\Lord Pwnz\Desktop\FRST.exe
2014-04-20 15:38 - 2014-04-20 15:06 - 00000271 _____ () C:\Windows\setupact.log
2014-04-20 15:37 - 2014-03-31 19:00 - 00000392 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Lord Pwnz.job
2014-04-20 15:37 - 2010-09-21 15:36 - 00000826 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-20 15:28 - 2009-07-14 07:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-20 15:26 - 2012-08-02 21:42 - 01934233 _____ () C:\Windows\WindowsUpdate.log
2014-04-20 15:26 - 2009-07-14 07:34 - 00009824 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-20 15:26 - 2009-07-14 07:34 - 00009824 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-20 15:25 - 2014-03-20 13:53 - 00000000 ____D () C:\Windows\system32\RTCOM
2014-04-20 15:24 - 2014-04-20 15:24 - 56270336 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes.dat
2014-04-20 15:24 - 2014-04-20 15:24 - 28031576 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA.dll
2014-04-20 15:24 - 2014-04-20 15:24 - 14463064 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek.dll
2014-04-20 15:24 - 2014-04-20 15:24 - 11736152 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO30.dll
2014-04-20 15:24 - 2014-04-20 15:24 - 05804772 _____ () C:\Windows\system32\Drivers\rtvienna.dat
2014-04-20 15:24 - 2014-04-20 15:24 - 03650136 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnN.dll
2014-04-20 15:24 - 2014-04-20 15:24 - 03017112 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2014-04-20 15:24 - 2014-04-20 15:24 - 02467544 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO.dll
2014-04-20 15:24 - 2014-04-20 15:24 - 02421792 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
2014-04-20 15:24 - 2014-04-20 15:24 - 01936472 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2014-04-20 15:24 - 2014-04-20 15:24 - 01823320 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
2014-04-20 15:24 - 2014-04-20 15:24 - 01687128 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek2.dll
2014-04-20 15:24 - 2014-04-20 15:24 - 01266776 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO60.dll
2014-04-20 15:24 - 2014-04-20 15:24 - 01143408 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO50.dll
2014-04-20 15:24 - 2014-04-20 15:24 - 01143408 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO40.dll
2014-04-20 15:24 - 2014-04-20 15:24 - 00948336 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO.dll
2014-04-20 15:24 - 2014-04-20 15:24 - 00915160 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
2014-04-20 15:24 - 2014-04-20 15:24 - 00874584 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell.dll
2014-04-20 15:24 - 2014-04-20 15:24 - 00785520 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO20.dll
2014-04-20 15:24 - 2014-04-20 15:24 - 00782040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2014-04-20 15:24 - 2014-04-20 15:24 - 00757301 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-04-20 15:10 - 2014-04-05 19:39 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-20 15:09 - 2012-08-20 22:44 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-20 15:06 - 2014-04-20 15:06 - 00015192 _____ () C:\Windows\PFRO.log
2014-04-20 15:06 - 2014-04-20 15:06 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-20 15:06 - 2014-03-31 19:00 - 00000386 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Lord Pwnz.job
2014-04-20 15:06 - 2013-03-20 15:25 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-20 15:06 - 2010-09-22 06:39 - 00000000 ____D () C:\Windows\Panther
2014-04-20 15:04 - 2014-04-05 14:50 - 00000000 ____D () C:\AdwCleaner
2014-04-20 14:45 - 2010-09-21 15:36 - 00000830 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-20 14:43 - 2014-04-18 13:43 - 00000000 ____D () C:\Users\Lord Pwnz\AppData\Roaming\Curse Client
2014-04-20 14:41 - 2014-04-20 14:41 - 01308369 _____ () C:\Users\Lord Pwnz\Desktop\adwcleaner.exe
2014-04-20 13:31 - 2013-09-02 01:26 - 00000944 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4251438179-3114221706-532651990-1002UA.job
2014-04-20 01:31 - 2013-09-02 01:26 - 00000922 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4251438179-3114221706-532651990-1002Core.job
2014-04-20 00:21 - 2014-04-14 23:36 - 00001439 _____ () C:\Users\Lord Pwnz\DANAFACTS.txt
2014-04-19 23:15 - 2014-03-04 17:41 - 00000000 ____D () C:\Users\Lord Pwnz\Desktop\You touch my tralala
2014-04-19 22:30 - 2012-08-03 05:53 - 00000000 ____D () C:\Program Files\Voobly
2014-04-19 21:09 - 2014-03-31 23:20 - 00000000 ____D () C:\Users\Lord Pwnz\Desktop\Dorios the hand of noxus
2014-04-19 21:04 - 2013-03-31 15:15 - 00000000 ____D () C:\Users\Lord Pwnz
2014-04-19 19:24 - 2013-04-10 14:47 - 00000000 ____D () C:\Users\Lord Pwnz\AppData\Roaming\Skype
2014-04-19 19:22 - 2013-12-15 16:52 - 00000000 ____D () C:\Users\Lord Pwnz\AppData\Local\CrashDumps
2014-04-19 19:17 - 2014-03-31 19:00 - 00000382 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Lord Pwnz.job
2014-04-18 16:00 - 2013-04-24 20:18 - 00000000 ____D () C:\ProgramData\PMB Files
2014-04-18 13:44 - 2014-04-18 13:44 - 00001016 _____ () C:\Users\Lord Pwnz\Desktop\Curse.lnk
2014-04-18 13:44 - 2014-04-18 13:44 - 00000000 ____D () C:\Users\Lord Pwnz\AppData\Roaming\Curse Advertising
2014-04-18 13:43 - 2014-04-18 13:43 - 00001002 _____ () C:\Users\Lord Pwnz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
2014-04-18 13:43 - 2014-04-18 13:43 - 00000000 ____D () C:\Users\Lord Pwnz\AppData\Roaming\Curse
2014-04-18 13:42 - 2014-04-18 13:39 - 37398440 _____ (Curse) C:\Users\Lord Pwnz\Desktop\CurseClientSetup.exe
2014-04-17 18:16 - 2014-04-02 23:28 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-17 18:12 - 2014-02-04 01:31 - 00000173 _____ () C:\Users\Lord Pwnz\brazzzz.txt
2014-04-16 18:01 - 2014-04-16 18:01 - 00003166 _____ () C:\Users\Lord Pwnz\Desktop\attach.zip
2014-04-16 18:01 - 2014-04-16 18:01 - 00003117 _____ () C:\Users\Lord Pwnz\Desktop\attac36h.rar
2014-04-16 18:00 - 2014-04-16 18:00 - 00003117 _____ () C:\Users\Lord Pwnz\Desktop\attach.rar
2014-04-16 17:59 - 2014-04-09 06:55 - 00026891 _____ () C:\Users\Lord Pwnz\dds.txt
2014-04-16 17:59 - 2014-04-09 06:55 - 00012405 _____ () C:\Users\Lord Pwnz\attach.txt
2014-04-16 07:15 - 2013-07-31 11:42 - 00000000 ____D () C:\Users\Lord Pwnz\AppData\Local\Mozilla
2014-04-16 02:27 - 2013-08-28 22:55 - 00000000 ____D () C:\Program Files\Steam
2014-04-16 01:26 - 2014-04-16 01:25 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-15 21:24 - 2014-04-15 21:24 - 02359350 _____ () C:\Users\Lord Pwnz\11.bmp
2014-04-12 21:08 - 2014-04-12 21:08 - 00252609 _____ () C:\Users\Lord Pwnz\dead_suicide_fingers_hanging_finger_desktop_1440x900_wallpaper-140926.jpeg
2014-04-12 16:20 - 2014-03-29 19:50 - 00002121 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2014-04-11 21:12 - 2014-01-17 21:57 - 00000000 ____D () C:\Users\Lord Pwnz\AppData\Local\PasswordSafe
2014-04-11 19:40 - 2014-04-11 19:40 - 00000376 _____ () C:\Users\Lord Pwnz\pwsafe.psafe3
2014-04-11 19:39 - 2014-04-11 19:39 - 00000000 ____D () C:\Users\Lord Pwnz\Documents\My Safes
2014-04-10 12:19 - 2014-01-16 20:31 - 00000907 _____ () C:\Users\Lord Pwnz\Desktop\Voobly.lnk
2014-04-10 12:18 - 2014-04-10 12:17 - 09942276 _____ (Voobly ) C:\Users\Lord Pwnz\Desktop\voobly-v2.1.66.28.exe
2014-04-09 19:53 - 2014-04-09 19:53 - 00003885 _____ () C:\Users\Lord Pwnz\Desktop\attach22.zip
2014-04-09 07:56 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\rescache
2014-04-09 06:59 - 2014-04-09 06:59 - 00003870 _____ () C:\Users\Lord Pwnz\Desktop\attach1.zip
2014-04-09 06:52 - 2014-04-09 06:52 - 00688992 ____R (Swearware) C:\Users\Lord Pwnz\dds.com
2014-04-09 06:51 - 2014-04-09 06:51 - 00002853 _____ () C:\Users\Lord Pwnz\dds - Shortcut.pif
2014-04-09 06:50 - 2014-04-09 06:50 - 00688992 _____ (Swearware) C:\Users\Lord Pwnz\Downloads\dds.com
2014-04-09 00:41 - 2014-04-09 00:41 - 00030976 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-04-09 00:39 - 2014-04-09 00:39 - 00014362 _____ () C:\Users\Lord Pwnz\HitmanPro_20140409_0039.log
2014-04-09 00:39 - 2014-04-09 00:39 - 00001416 _____ () C:\Windows\system32\.crusader
2014-04-09 00:39 - 2014-04-09 00:16 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-09 00:33 - 2014-04-09 00:33 - 00151135 _____ () C:\Users\Lord Pwnz\RKreport[0]_D_04092014_003350.txt
2014-04-09 00:32 - 2014-04-09 00:32 - 00151097 _____ () C:\Users\Lord Pwnz\RKreport[0]_S_04092014_003243.txt
2014-04-09 00:29 - 2014-04-09 00:29 - 03972608 _____ () C:\Users\Lord Pwnz\Downloads\RogueKiller (2).exe
2014-04-09 00:27 - 2014-04-09 00:27 - 03972608 _____ () C:\Users\Lord Pwnz\Downloads\RogueKiller (1).exe
2014-04-09 00:16 - 2014-04-09 00:15 - 10094400 _____ (SurfRight B.V.) C:\Users\Lord Pwnz\Downloads\HitmanPro.exe
2014-04-09 00:14 - 2014-04-09 00:14 - 00141011 _____ () C:\Users\Lord Pwnz\RKreport[0]_D_04092014_001449.txt
2014-04-09 00:14 - 2014-04-08 23:04 - 00000000 ____D () C:\Users\Lord Pwnz\RK_Quarantine
2014-04-08 23:51 - 2014-04-08 23:51 - 00140974 _____ () C:\Users\Lord Pwnz\RKreport[0]_S_04082014_235145.txt
2014-04-08 23:30 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\zh-TW
2014-04-08 23:30 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-04-08 23:30 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\zh-CN
2014-04-08 23:30 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-04-08 23:30 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\sv-SE
2014-04-08 23:30 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\ru-RU
2014-04-08 23:30 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\pt-PT
2014-04-08 23:30 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\pt-BR
2014-04-08 23:30 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\pl-PL
2014-04-08 23:30 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\nl-NL
2014-04-08 23:30 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\nb-NO
2014-04-08 23:30 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\ko-KR
2014-04-08 23:30 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\ja-JP
2014-04-08 23:30 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\it-IT
2014-04-08 23:30 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\hu-HU
2014-04-08 23:30 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\fr-FR
2014-04-08 23:30 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\fi-FI
2014-04-08 23:30 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\el-GR
2014-04-08 23:30 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-04-08 23:28 - 2014-04-08 23:28 - 17142784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 11220992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 04240384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-08 23:28 - 2014-04-08 23:28 - 02166272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 01926656 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-08 23:28 - 2014-04-08 23:28 - 01818112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 01156608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-08 23:28 - 2014-04-08 23:28 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-04-08 23:28 - 2014-04-08 23:28 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-04-08 23:28 - 2014-04-08 23:28 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-08 23:28 - 2014-04-08 23:28 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-04-08 23:28 - 2014-04-08 23:28 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-04-08 23:28 - 2014-04-08 23:28 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-08 23:28 - 2014-04-08 23:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-08 23:28 - 2014-04-08 23:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-04-08 23:28 - 2014-04-08 23:28 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-04-08 23:28 - 2014-04-08 23:28 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-04-08 23:28 - 2014-04-08 23:28 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-04-08 23:28 - 2014-04-08 23:28 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-04-08 23:28 - 2014-04-08 23:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-04-08 23:28 - 2014-04-08 23:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-04-08 23:27 - 2014-04-08 23:27 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-04-08 23:22 - 2014-04-08 23:22 - 02077392 _____ (Microsoft Corporation) C:\Users\Lord Pwnz\Downloads\IE11-Windows6.1.exe
2014-04-08 23:04 - 2014-04-08 23:04 - 03972608 _____ () C:\Users\Lord Pwnz\Downloads\RogueKiller.exe
2014-04-08 21:55 - 2014-04-08 21:55 - 00000814 _____ () C:\Users\Lord Pwnz\Esetscan11.txt
2014-04-08 20:06 - 2014-04-08 20:06 - 00000000 ____D () C:\Program Files\ESET
2014-04-08 20:06 - 2014-04-08 20:05 - 02347384 _____ (ESET) C:\Users\Lord Pwnz\Downloads\esetsmartinstaller_enu.exe
2014-04-08 20:03 - 2014-04-05 07:32 - 00418664 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-08 19:53 - 2014-04-07 17:37 - 00000000 ____D () C:\Users\Lord Pwnz\Documents\VirtualDJ
2014-04-08 15:19 - 2014-04-03 16:14 - 00111616 _____ () C:\Users\Lord Pwnz\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-07 17:43 - 2014-04-07 17:43 - 00014532 _____ () C:\Users\Lord Pwnz\Desktop\Tetrix Bass Feat_ Veela - The Light (Original Mix)-[www_flvto_com] - Shortcut.lnk
2014-04-07 17:42 - 2014-04-07 17:42 - 00000085 _____ () C:\Users\Lord Pwnz\Lil Wayne - Drop The World ft_ Eminem-[www_flvto_com].m3u
2014-04-07 17:40 - 2014-04-07 17:40 - 00000077 _____ () C:\Users\Lord Pwnz\Lil Wayne - Mirror ft_ Bruno Mars-[www_flvto_com].m3u
2014-04-07 17:38 - 2014-04-07 17:38 - 00000974 _____ () C:\Users\Lord Pwnz\Desktop\VirtualDJ Home FREE.lnk
2014-04-07 17:38 - 2014-04-07 17:38 - 00000000 ____D () C:\Users\Lord Pwnz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
2014-04-07 17:38 - 2014-04-07 17:37 - 00000000 ____D () C:\Program Files\VirtualDJ
2014-04-07 17:32 - 2014-04-07 17:29 - 39178560 _____ (Atomix Productions) C:\Users\Lord Pwnz\Downloads\install_virtualdj_home_v7.4.1.exe
2014-04-07 17:20 - 2014-04-07 15:38 - 00000000 ____D () C:\Program Files\NCH Software
2014-04-07 15:38 - 2014-04-07 15:38 - 00000000 ____D () C:\Users\Lord Pwnz\AppData\Roaming\NCH Software
2014-04-07 15:38 - 2014-04-07 15:38 - 00000000 ____D () C:\ProgramData\NCH Software
2014-04-06 19:18 - 2014-03-10 15:19 - 00000000 ____D () C:\Users\Lord Pwnz\Desktop\Games
2014-04-06 19:18 - 2010-09-21 15:19 - 00000000 ____D () C:\Windows\Minidump
2014-04-06 00:02 - 2013-08-28 23:57 - 00000000 ____D () C:\Users\Lord Pwnz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-04-05 23:36 - 2013-04-18 22:48 - 00000000 ____D () C:\Users\Lord Pwnz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-04-05 22:38 - 2014-04-05 22:38 - 00000000 ____D () C:\Users\Lord Pwnz\Desktop\Programsss
2014-04-05 22:38 - 2014-02-22 20:04 - 00000000 ____D () C:\Users\Lord Pwnz\Desktop\Voobly
2014-04-05 22:16 - 2014-04-05 15:03 - 00000000 ____D () C:\Windows\erdnt
2014-04-05 22:03 - 2014-04-03 16:13 - 00000000 ____D () C:\Users\Lord Pwnz\AppData\Roaming\rmi
2014-04-05 19:53 - 2014-04-05 19:53 - 00000000 ____D () C:\Users\Lord Pwnz\Downloads\backups
2014-04-05 19:43 - 2014-04-05 19:43 - 00388608 _____ (Trend Micro Inc.) C:\Users\Lord Pwnz\Downloads\HijackThis.exe
2014-04-05 19:43 - 2014-04-05 19:43 - 00007589 _____ () C:\Users\Lord Pwnz\Downloads\hijackthis.log
2014-04-05 16:20 - 2013-03-31 15:15 - 00000000 ____D () C:\Users\Lord Pwnz\AppData\Local\Adobe
2014-04-05 16:19 - 2014-04-05 16:19 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-05 16:19 - 2010-09-21 15:31 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-05 16:19 - 2010-09-21 15:30 - 00000000 ____D () C:\Program Files\Adobe
2014-04-05 16:12 - 2014-04-05 16:12 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Lord Pwnz\Downloads\revosetup.exe
2014-04-05 16:12 - 2014-04-05 16:12 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-04-05 16:06 - 2009-07-14 05:04 - 00000215 _____ () C:\Windows\system.ini
2014-04-05 15:21 - 2009-07-14 05:37 - 00000000 __RHD () C:\Users\Default
2014-04-05 15:21 - 2009-07-14 05:37 - 00000000 ___RD () C:\Users\Public
2014-04-05 14:51 - 2014-04-05 14:51 - 00001296 _____ () C:\Users\Lord Pwnz\pcfex1.txt
2014-04-05 14:50 - 2014-04-05 14:49 - 01426178 _____ () C:\Users\Lord Pwnz\Downloads\adwcleaner.exe
2014-04-05 11:23 - 2014-04-05 11:23 - 00002329 _____ () C:\Users\Lord Pwnz\ferkreyyy.txt
2014-04-05 11:18 - 2014-04-05 11:18 - 00000092 _____ () C:\Users\Lord Pwnz\fexx.txt
2014-04-05 10:30 - 2010-09-21 14:51 - 00782838 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-05 10:22 - 2009-07-14 10:50 - 00000000 ____D () C:\Windows\ShellNew
2014-04-05 10:21 - 2014-04-03 16:13 - 00000000 ____D () C:\Users\Lord Pwnz\AppData\Local\rmi
2014-04-05 07:40 - 2014-04-02 23:27 - 00001030 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-05 07:40 - 2014-04-02 23:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-05 07:31 - 2014-04-05 07:31 - 50339840 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2014-04-05 07:31 - 2014-04-05 07:31 - 00339968 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak
2014-04-05 07:31 - 2014-04-05 07:31 - 00102400 _____ () C:\Windows\system32\config\SAM.iodefrag.bak
2014-04-05 07:31 - 2014-04-05 07:31 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak
2014-04-05 07:31 - 2014-04-05 07:31 - 00000000 _____ () C:\asc_rdflag
2014-04-05 07:31 - 2014-01-11 18:18 - 00000000 ____D () C:\Users\Administrator
2014-04-04 23:26 - 2014-04-04 23:26 - 02616320 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-04-04 23:25 - 2014-04-04 23:25 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2014-04-04 23:21 - 2014-04-03 11:34 - 51851264 _____ () C:\Windows\system32\config\SOFTWARE.iobit
2014-04-04 23:21 - 2014-04-03 11:34 - 00339968 _____ () C:\Windows\system32\config\DEFAULT.iobit
2014-04-04 23:21 - 2014-04-03 11:34 - 00102400 _____ () C:\Windows\system32\config\SAM.iobit
2014-04-04 23:21 - 2014-04-03 11:34 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iobit
2014-04-03 17:57 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-04-03 16:21 - 2014-01-11 18:18 - 00000000 ____D () C:\Users\Administrator\Tracing
2014-04-03 16:13 - 2014-04-03 16:13 - 00092128 _____ () C:\Users\Lord Pwnz\Downloads\ccleaner.exe
2014-04-03 16:12 - 2014-04-03 15:34 - 00000000 ____D () C:\Users\Lord Pwnz\AppData\Roaming\Wise Disk Cleaner
2014-04-03 16:04 - 2014-04-03 16:04 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\IObit
2014-04-03 15:57 - 2014-01-16 21:36 - 00000000 ____D () C:\Program Files\Password Safe
2014-04-03 15:57 - 2014-01-11 16:12 - 00000000 ____D () C:\Users\T-user\AppData\Local\CrashDumps
2014-04-03 15:57 - 2013-09-02 20:14 - 00000000 ____D () C:\ProgramData\log
2014-04-03 15:57 - 2013-05-26 21:03 - 00000000 ____D () C:\Users\Lord Pwnz\AppData\Roaming\.mineshaftersquared
2014-04-03 15:57 - 2013-05-26 21:03 - 00000000 ____D () C:\Users\Lord Pwnz\AppData\Roaming\.minecraft
2014-04-03 15:57 - 2013-05-14 15:04 - 00000000 ____D () C:\Users\Lord Pwnz\AppData\Roaming\TeamViewer
2014-04-03 15:57 - 2013-05-05 12:35 - 00000000 ____D () C:\Program Files\LOLReplay
2014-04-03 15:57 - 2013-03-31 15:24 - 00000000 ____D () C:\Users\Lord Pwnz\Downloads\voobly2
2014-04-03 15:57 - 2013-03-31 15:23 - 00000000 ____D () C:\Users\Lord Pwnz\Downloads\Lights Theme v2
2014-04-03 15:57 - 2013-03-31 15:23 - 00000000 ____D () C:\Users\Lord Pwnz\Downloads\Lights Theme
2014-04-03 15:57 - 2013-03-31 15:23 - 00000000 ____D () C:\Users\Lord Pwnz\Downloads\arprzip
2014-04-03 15:57 - 2013-03-31 15:15 - 00000000 ____D () C:\Users\Lord Pwnz\Documents\LOLReplay
2014-04-03 15:57 - 2013-03-31 15:15 - 00000000 ____D () C:\Users\Lord Pwnz\AppData\Local\VirtualStore
2014-04-03 15:57 - 2012-12-29 00:33 - 00000000 ____D () C:\Fraps
2014-04-03 15:57 - 2012-12-16 10:06 - 00000000 ____D () C:\Users\T-user\Documents\LOLReplay
2014-04-03 15:57 - 2012-11-01 18:07 - 00000000 ____D () C:\Users\T-user\Downloads\arprzip
2014-04-03 15:57 - 2012-09-23 20:50 - 00000000 ____D () C:\Users\T-user\Downloads\voobly2
2014-04-03 15:57 - 2012-08-24 11:58 - 00000000 ____D () C:\Users\T-user\Downloads\Lights Theme v2
2014-04-03 15:57 - 2012-08-16 20:11 - 00000000 ____D () C:\Users\T-user\Downloads\Lights Theme
2014-04-03 15:57 - 2012-08-15 07:22 - 00000000 ____D () C:\Users\T-user\AppData\Roaming\uTorrent
2014-04-03 15:57 - 2010-09-21 15:39 - 00000000 ____D () C:\Program Files\Golden Al-Wafi Translator
2014-04-03 15:57 - 2010-09-21 14:56 - 00000000 ____D () C:\Program Files\WinRAR
2014-04-03 15:57 - 2010-09-21 14:47 - 00000000 ____D () C:\Users\T-user\AppData\Local\VirtualStore
2014-04-03 15:57 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-04-03 15:34 - 2014-04-03 15:34 - 00001132 _____ () C:\Users\Public\Desktop\Wise Disk Cleaner.lnk
2014-04-03 15:24 - 2014-04-03 15:24 - 00000959 _____ () C:\Users\T-user\Desktop\WinDirStat.lnk
2014-04-03 15:24 - 2014-04-03 15:24 - 00000959 _____ () C:\Users\Administrator\Desktop\WinDirStat.lnk
2014-04-03 15:24 - 2014-04-03 15:24 - 00000000 ____D () C:\Program Files\WinDirStat
2014-04-03 15:23 - 2014-04-03 15:23 - 00645729 _____ (WDS Team) C:\Users\Lord Pwnz\Downloads\windirstat1_1_2_setup.exe
2014-04-03 15:04 - 2009-07-14 10:50 - 00000000 ____D () C:\Program Files\Windows Journal
2014-04-03 15:04 - 2009-07-14 07:52 - 00000000 ____D () C:\Program Files\Windows Defender
2014-04-03 14:41 - 2014-04-03 14:41 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-04-03 14:40 - 2014-04-03 14:40 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-04-03 14:39 - 2014-04-03 14:39 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-04-03 14:38 - 2014-04-03 14:38 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-04-03 14:38 - 2014-04-03 14:38 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2014-04-03 14:30 - 2014-04-03 14:30 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-04-03 14:30 - 2014-04-03 14:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-04-03 14:10 - 2014-04-03 14:10 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-04-03 14:09 - 2014-04-03 14:09 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-04-03 14:09 - 2014-04-03 14:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-04-03 14:09 - 2014-04-03 14:09 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-04-03 14:09 - 2014-04-03 14:09 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-04-03 14:09 - 2014-04-03 14:09 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-04-03 14:09 - 2014-04-03 14:09 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-04-03 14:09 - 2014-04-03 14:09 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-04-03 14:09 - 2014-04-03 14:09 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-04-03 14:09 - 2014-04-03 14:09 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-04-03 14:07 - 2014-04-03 14:07 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-04-03 14:06 - 2014-04-03 14:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-04-03 14:06 - 2014-04-03 14:06 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-04-03 14:06 - 2014-04-03 14:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-04-03 14:06 - 2014-04-03 14:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-04-03 14:06 - 2014-04-03 14:06 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-04-03 14:06 - 2014-04-03 14:06 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-04-03 14:06 - 2014-04-03 14:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-04-03 14:04 - 2014-04-03 14:04 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-04-03 14:02 - 2014-04-03 14:02 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-04-03 14:02 - 2014-04-03 14:02 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-04-03 14:01 - 2014-04-03 14:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-04-03 14:00 - 2014-04-03 14:00 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-04-03 14:00 - 2014-04-03 14:00 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-04-03 14:00 - 2014-04-03 14:00 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-04-03 14:00 - 2014-04-03 14:00 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-04-03 13:59 - 2014-04-03 13:59 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-04-03 13:59 - 2014-04-03 13:59 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-04-03 13:58 - 2014-04-03 13:58 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-04-03 13:57 - 2014-04-03 13:57 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-04-03 13:57 - 2014-04-03 13:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-04-03 13:57 - 2014-04-03 13:57 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-04-03 13:56 - 2014-04-03 13:56 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-04-03 13:55 - 2014-04-03 13:55 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-04-03 13:54 - 2014-04-03 13:54 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-04-03 13:54 - 2014-04-03 13:54 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-04-03 13:54 - 2014-04-03 13:54 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-04-03 13:54 - 2014-04-03 13:54 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-04-03 13:54 - 2014-04-03 13:54 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-04-03 13:54 - 2014-04-03 13:54 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-04-03 13:54 - 2014-04-03 13:54 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-04-03 13:54 - 2014-04-03 13:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-04-03 13:54 - 2014-04-03 13:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-04-03 13:54 - 2014-04-03 13:54 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-04-03 13:51 - 2014-04-03 13:51 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-04-03 13:51 - 2014-04-03 13:51 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-04-03 13:51 - 2014-04-03 13:51 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-04-03 13:51 - 2014-04-03 13:51 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-04-03 13:50 - 2014-04-03 13:50 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2014-04-03 13:49 - 2014-04-03 13:49 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-04-03 13:49 - 2014-04-03 13:49 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-04-03 13:49 - 2014-04-03 13:49 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-04-03 13:48 - 2014-04-03 13:48 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-04-03 13:48 - 2014-04-03 13:48 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-04-03 13:48 - 2014-04-03 13:48 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-04-03 13:48 - 2014-04-03 13:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-04-03 13:48 - 2014-04-03 13:48 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-04-03 13:48 - 2014-04-03 13:48 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2014-04-03 13:46 - 2014-04-03 13:46 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-04-03 13:46 - 2014-04-03 13:46 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2014-04-03 13:46 - 2014-04-03 13:46 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2014-04-03 13:45 - 2014-04-03 13:45 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-04-03 13:45 - 2014-04-03 13:45 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-04-03 13:44 - 2014-04-03 13:44 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-04-03 13:44 - 2014-04-03 13:44 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-04-03 13:44 - 2014-04-03 13:44 - 00218984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-04-03 13:44 - 2014-04-03 13:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-04-03 13:44 - 2014-04-03 13:44 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-04-03 13:44 - 2014-04-03 13:44 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2014-04-03 13:44 - 2014-04-03 13:44 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-04-03 13:32 - 2014-04-03 13:32 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-04-03 13:32 - 2014-04-03 13:32 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-04-03 13:30 - 2014-04-03 13:30 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-04-03 13:30 - 2014-04-03 13:30 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-04-03 13:30 - 2014-04-03 13:30 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 04916224 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 02739712 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 01048064 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-04-03 13:29 - 2014-04-03 13:29 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-04-03 13:29 - 2014-04-03 13:29 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-04-03 13:29 - 2014-04-03 13:29 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-04-03 13:29 - 2014-04-03 13:29 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-04-03 13:29 - 2014-04-03 13:29 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-04-03 13:29 - 2014-04-03 13:29 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-04-03 13:29 - 2014-04-03 13:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-04-03 13:29 - 2014-04-03 13:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-04-03 13:26 - 2014-04-03 13:26 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-04-03 13:26 - 2014-04-03 13:26 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-04-03 13:25 - 2014-04-03 13:25 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-04-03 13:25 - 2014-04-03 13:25 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2014-04-03 13:17 - 2014-04-03 13:17 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-04-03 13:16 - 2014-04-03 13:16 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-04-03 13:15 - 2014-04-03 13:15 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-04-03 13:15 - 2014-04-03 13:15 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-04-03 13:15 - 2014-04-03 13:15 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-04-03 13:01 - 2014-04-03 13:01 - 00492544 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-04-03 13:00 - 2014-04-03 13:00 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2014-04-03 13:00 - 2014-04-03 13:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2014-04-03 12:59 - 2014-04-03 12:59 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-04-03 12:59 - 2014-04-03 12:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-04-03 12:57 - 2014-04-03 12:57 - 00196328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2014-04-03 12:49 - 2014-04-03 12:49 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-04-03 12:49 - 2014-04-03 12:49 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2014-04-03 12:48 - 2014-04-03 12:48 - 02576384 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2014-04-03 12:48 - 2014-04-03 12:48 - 00308736 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2014-04-03 12:48 - 2014-04-03 12:48 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2014-04-03 12:48 - 2014-04-03 12:48 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2014-04-03 12:48 - 2014-04-03 12:48 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2014-04-03 12:48 - 2014-04-03 12:48 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2014-04-03 12:48 - 2014-04-03 12:48 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2014-04-03 12:48 - 2014-04-03 12:48 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2014-04-03 12:48 - 2014-04-03 12:48 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2014-04-03 12:48 - 2014-04-03 12:48 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2014-04-03 12:48 - 2014-04-03 12:48 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2014-04-03 12:48 - 2014-04-03 12:48 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2014-04-03 12:48 - 2014-04-03 12:48 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2014-04-03 12:48 - 2014-04-03 12:48 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2014-04-03 12:48 - 2014-04-03 12:48 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2014-04-03 12:48 - 2014-04-03 12:48 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2014-04-03 12:27 - 2014-04-03 12:27 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2014-04-03 12:27 - 2014-04-03 12:27 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-04-03 12:27 - 2014-04-03 12:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-04-03 12:27 - 2014-04-03 12:27 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-04-03 12:27 - 2014-04-03 12:27 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-04-03 12:27 - 2014-04-03 12:27 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-04-03 12:27 - 2014-04-03 12:27 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2014-04-03 12:27 - 2014-04-03 12:27 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2014-04-03 12:13 - 2014-04-03 12:13 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2014-04-03 12:13 - 2014-04-03 12:13 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2014-04-03 12:12 - 2014-04-03 12:12 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-04-03 12:12 - 2014-04-03 12:12 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2014-04-03 12:12 - 2014-04-03 12:12 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2014-04-03 12:12 - 2014-04-03 12:12 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2014-04-03 12:12 - 2014-04-03 12:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2014-04-03 12:12 - 2014-04-03 12:12 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2014-04-03 12:12 - 2014-04-03 12:12 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2014-04-03 12:11 - 2014-04-03 12:11 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-04-03 12:10 - 2014-04-03 12:10 - 00712048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2014-04-03 12:10 - 2014-04-03 12:10 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2014-04-03 12:10 - 2014-04-03 12:10 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2014-04-03 12:09 - 2014-04-03 12:09 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-04-03 12:09 - 2014-04-03 12:09 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-04-03 12:08 - 2014-04-03 12:08 - 02342400 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-04-03 11:53 - 2014-04-03 11:53 - 00478720 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2014-04-03 11:53 - 2014-04-03 11:53 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2014-04-03 11:42 - 2014-04-03 11:42 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
2014-04-03 11:41 - 2014-04-03 11:41 - 01699328 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2014-04-03 11:41 - 2014-04-03 11:41 - 00332160 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2014-04-03 11:41 - 2014-04-03 11:41 - 00148864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-03 11:41 - 2014-04-03 11:41 - 00143744 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2014-04-03 11:41 - 2014-04-03 11:41 - 00117120 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2014-04-03 11:41 - 2014-04-03 11:41 - 00080256 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2014-04-03 11:41 - 2014-04-03 11:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-04-03 11:41 - 2014-04-03 11:41 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2014-04-03 11:41 - 2014-04-03 11:41 - 00022400 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2014-04-03 11:40 - 2014-04-03 11:40 - 01549312 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2014-04-03 11:40 - 2014-04-03 11:40 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2014-04-03 11:40 - 2014-04-03 11:40 - 00666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2014-04-03 11:40 - 2014-04-03 11:40 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2014-04-03 11:40 - 2014-04-03 11:40 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2014-04-03 11:40 - 2014-04-03 11:40 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2014-04-03 11:40 - 2014-04-03 11:40 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2014-04-03 11:40 - 2014-04-03 11:40 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2014-04-03 11:40 - 2014-04-03 11:40 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2014-04-03 11:39 - 2014-04-03 11:39 - 00027008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-03 11:38 - 2014-04-03 11:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe
2014-04-03 09:51 - 2014-04-02 23:27 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-02 23:27 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-02 23:27 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-03 00:39 - 2014-04-03 00:38 - 01440846 _____ () C:\Users\Lord Pwnz\Downloads\mbam-chameleon-1.62.1.1000.zip
2014-04-02 23:55 - 2013-09-23 21:31 - 00000000 ____D () C:\Users\Lord Pwnz\AppData\Roaming\uTorrent
2014-04-02 23:52 - 2010-09-21 15:33 - 00000000 ____D () C:\Program Files\JetAudio
2014-04-02 23:52 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\Resources
2014-04-02 23:27 - 2014-04-02 23:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-02 23:27 - 2014-04-02 23:25 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Lord Pwnz\Downloads\mb3-setup-1878.1878-3.5.1.2522.exe
2014-04-02 21:40 - 2014-04-02 21:40 - 00000000 ____D () C:\Users\Lord Pwnz\AppData\Local\PunkBuster
2014-04-02 21:26 - 2014-04-02 06:39 - 00000000 ____D () C:\Users\Lord Pwnz\AppData\Roaming\Bioshock
2014-04-02 09:09 - 2014-04-02 07:27 - 00000000 ____D () C:\Users\Lord Pwnz\Downloads\Far Cry 3 PC full game EN-FR-DE-ES-IT ^^nosTEAM^^
2014-04-02 07:23 - 2014-04-02 07:19 - 55113868 _____ () C:\Program Files\FarCry3.zip
2014-04-02 07:00 - 2014-04-02 06:39 - 00000000 ____D () C:\Users\Lord Pwnz\Documents\Bioshock
2014-04-02 01:07 - 2014-04-01 20:38 - 00000000 ____D () C:\Users\Lord Pwnz\Downloads\BioShock PC full game ^^nosTEAM^^
2014-04-01 23:11 - 2013-03-31 15:15 - 00000000 ____D () C:\Users\Lord Pwnz\AppData\Roaming\Media Player Classic
2014-04-01 20:32 - 2014-04-01 20:32 - 00021226 _____ () C:\Users\Lord Pwnz\Downloads\[kickass.to]bioshock.2007.v1.1.repack.full.english.spanish.torrent
2014-04-01 19:59 - 2014-03-29 16:27 - 00000000 ____D () C:\Users\Lord Pwnz\AppData\Roaming\vlc
2014-04-01 17:44 - 2014-04-01 17:44 - 00022372 _____ () C:\Users\Lord Pwnz\Downloads\a-walk-to-remember-arabic-yify-10369 (1).zip
2014-04-01 17:24 - 2013-03-31 15:15 - 00000000 ____D () C:\Users\Lord Pwnz\AppData\Roaming\COWON
2014-04-01 17:07 - 2014-04-01 17:07 - 00022372 _____ () C:\Users\Lord Pwnz\Downloads\a-walk-to-remember-arabic-yify-10369.zip
2014-04-01 14:54 - 2014-04-01 14:47 - 00000000 ____D () C:\Users\Lord Pwnz\Downloads\A Walk to Remember (2002)
2014-04-01 14:47 - 2014-04-01 14:47 - 00008759 _____ () C:\Users\Lord Pwnz\Downloads\A_Walk_to_Remember_2002_720p_BluRay_x264_YIFY_mp4.torrent
2014-03-30 14:27 - 2014-03-30 14:27 - 00000000 ____D () C:\IObit
2014-03-30 00:42 - 2014-03-30 00:42 - 00026644 _____ () C:\Users\Lord Pwnz\Downloads\macros.zip
2014-03-29 20:05 - 2013-03-31 15:15 - 00000000 ____D () C:\Users\Lord Pwnz\Tracing
2014-03-29 19:51 - 2014-03-29 19:51 - 00000000 ____D () C:\Users\Lord Pwnz\AppData\Roaming\Apple Computer
2014-03-29 19:51 - 2014-03-29 19:51 - 00000000 ____D () C:\ProgramData\ProductData
2014-03-29 19:51 - 2014-03-20 13:29 - 00000000 ____D () C:\Users\Lord Pwnz\AppData\Roaming\IObit
2014-03-29 19:51 - 2014-03-20 13:29 - 00000000 ____D () C:\Program Files\IObit
2014-03-29 19:50 - 2014-03-29 19:50 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-03-29 19:50 - 2014-03-20 13:29 - 00000000 ____D () C:\ProgramData\IObit
2014-03-29 16:48 - 2014-03-29 16:48 - 00070214 _____ () C:\Users\Lord Pwnz\Downloads\the-wolf-of-wall-street_arabic-844892.zip
2014-03-29 16:26 - 2014-03-29 16:26 - 00000000 ____D () C:\Program Files\VideoLAN
2014-03-29 16:25 - 2014-03-29 16:21 - 24677393 _____ () C:\Users\Lord Pwnz\Downloads\vlc-2.1.3-win32.exe
2014-03-29 16:12 - 2014-03-29 16:12 - 00000014 _____ () C:\Users\Lord Pwnz\rassedeedd.txt
2014-03-29 04:04 - 2014-03-29 04:04 - 00000142 _____ () C:\Users\Lord Pwnz\Loz weit k.txt
2014-03-26 20:37 - 2014-03-26 20:37 - 00017642 _____ () C:\Users\Lord Pwnz\Downloads\Voobly.rar
2014-03-25 19:58 - 2014-02-27 20:52 - 00000000 ____D () C:\Users\Lord Pwnz\Desktop\Tupac
2014-03-24 21:20 - 2014-03-24 21:20 - 00000084 _____ () C:\Users\Lord Pwnz\GRAPHIC PROBLEM.txt
2014-03-24 19:58 - 2014-03-24 19:58 - 00053577 _____ () C:\Users\Lord Pwnz\Downloads\GTASA.SaveGame.By.EHABISAAC.rar
2014-03-23 18:38 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-23 16:15 - 2014-03-23 15:33 - 00000000 ____D () C:\Users\Lord Pwnz\Documents\GTA San Andreas User Files
2014-03-23 08:23 - 2014-03-23 00:56 - 00000000 ____D () C:\Users\Lord Pwnz\Downloads\GTA San Andreas
2014-03-22 19:46 - 2014-03-22 19:46 - 00012728 _____ () C:\Users\Lord Pwnz\badmon plz.txt
2014-03-22 13:14 - 2013-05-08 22:43 - 00000000 ___HD () C:\Users\Lord Pwnz\AppData\Roaming\RPPrivate
 
Files to move or delete:
====================
C:\Users\T-user\AppData\Roaming\desktop.ini
C:\Users\T-user\jagex_cl_runescape_LIVE.dat
C:\Users\T-user\random.dat
 
 
Some content of TEMP:
====================
C:\Users\Lord Pwnz\AppData\Local\temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-04-19 00:55
 
==================== End Of Log ============================
 
FRST NOTEPAD


#10 MohRiyal

MohRiyal
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:31 AM

Posted 20 April 2014 - 07:45 AM

heres the attachment 

Attached Files



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:31 PM

Posted 20 April 2014 - 09:04 AM


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
BHO: No Name - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U17) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\system32\npDeployJava1.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 FXDrv32; \??\E:\FXDrv32.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
C:\Users\T-user\random.dat

End

Save the files as fixlist.txt in to the same folder as FRST

Run FRST and click Fix only once and wait

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Let me know what issues persists.

#12 MohRiyal

MohRiyal
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:31 AM

Posted 20 April 2014 - 01:20 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-04-2014
Ran by Lord Pwnz at 2014-04-20 21:17:40 Run:1
Running from C:\Users\Lord Pwnz\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
BHO: No Name - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U17) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\system32\npDeployJava1.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 FXDrv32; \??\E:\FXDrv32.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
C:\Users\T-user\random.dat
 
End
*****************
 
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} => Key deleted successfully.
HKCR\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key deleted successfully.
C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll not found.
C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll not found.
C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll not found.
C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll not found.
C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll not found.
C:\Windows\system32\npDeployJava1.dll not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
ewusbmbb => Service deleted successfully.
ew_hwusbdev => Service deleted successfully.
FXDrv32 => Service deleted successfully.
GGSAFERDriver => Service deleted successfully.
huawei_enumerator => Service deleted successfully.
hwdatacard => Service deleted successfully.
C:\Users\T-user\random.dat => Moved successfully.
 
==== End of Fixlog ====
The FRST fixlist log
 
 
SecurityCheck  checkup
 

 Results of screen317's Security Check version 0.99.82  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 CCleaner     
 Wise Disk Cleaner 8.06  
 JavaFX 2.1.1    
 Java version out of Date! 
  Adobe Flash Player 12.0.0.77 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox 22.0 Firefox out of Date!  
 Google Chrome 26.0.1410.43  
 Google Chrome 26.0.1410.64  
````````Process Check: objlist.exe by Laurent````````  
 Google Chrome Application AvastSvc.exe -?- 
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 
 


#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:31 PM

Posted 21 April 2014 - 07:05 AM

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Latest version is Java JRE 7u55.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

===

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Flash test site:
http://www.adobe.com/software/flash/about/
Install the new version or if you have the latest close the windows.

Flash Player Help / Find version
http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine

===

Please let me know if any issues with this computer.

#14 MohRiyal

MohRiyal
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:31 AM

Posted 21 April 2014 - 11:53 AM

Ok got java



#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:31 PM

Posted 21 April 2014 - 01:48 PM

If all is well:

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below.In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)
The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.
A tutorial on using MBAM can be found here.
Please Note: Only the paid for version has real time capabilities.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful add-ons that can protect you from possible risks:
  • WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
  • Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.
  • NoScript is a popular Firefox addon,
  • ScriptNo a popular Google Chrome addon.
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users