Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Svchost.exe in Temp folder, regenerates itself on restart


  • This topic is locked This topic is locked
18 replies to this topic

#1 Chris5150

Chris5150

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:13 AM

Posted 20 May 2014 - 08:57 AM

Since 4-5 days I've noticed that my notebook was running too slow and was affected by overheating.
Initially I run Speccy to detect the temperatures of the hardware components and I found that the CPU was overheat, so I thought that the problem was caused by the fan.
But after a scan of all the running processes, in the task manager, I've found a strange unnamed process that was running and was overcharging the CPU, making it overheat.
So I've searched for its folder and I found that this process was named "Svchost.exe", just like the original one, but this one was in the Temp folder instead of being in the System32 folder, and I've understood immediately that it was a virus.
Then I've tried to remove it manually by deleting it, but everytime I restart my notebook it comes back again.
I tried to solve the problem using specific tools, I've used Adwcleaner, Junkware Removal Tool, Ccleaner, Combofix, but none of these has solved the problem and the virus is still there, inside my Temp folder.
Everytime I start my notebook I have to stop the process and to remove the virus from the temp folder.
How can I get rid of that virus permanently? Could you help me please?
Thanks in advance.
 
DDS log file:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.55.2
Run by Cristian at 15:37:13 on 2014-05-20
Microsoft Windows 8  6.2.9200.0.1252.39.1040.18.5602.4198 [GMT 2:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\schtasks.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\dwm.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\HP SimplePass\TouchControl.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\AMD Quick Stream\AppexAcceleratorUI.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\System32\schtasks.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.it
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [AppEx Accelerator UI] C:\Program Files\AMD Quick Stream\AppexAcceleratorUI.exe -h
uRun: [Power2GoExpress8] NA
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
StartupFolder: C:\Users\Cristian\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
TCP: Interfaces\{1E18FCAA-B900-4300-ACDD-7FF8A1B07626} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DD463B6A-14BE-42F1-9FB5-95B531C40F06} : NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
TCP: Interfaces\{E9512874-28A3-4F65-B80D-3BC1A0B13D10} : DHCPNameServer = 7.254.254.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-mPolicies-Explorer: NoDrives = dword:0
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\Drivers\amd_sata.sys [2012-9-2 79528]
R0 amd_xata;amd_xata;C:\Windows\System32\Drivers\amd_xata.sys [2012-9-2 26280]
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\System32\Drivers\amdkmpfd.sys [2012-9-14 36520]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2014-2-19 92536]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\Drivers\dtsoftbus01.sys [2013-8-22 283200]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-18 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-2-16 361984]
R2 APXACC;AppEx Networks Accelerator LWF;C:\Windows\System32\Drivers\appexDrv.sys [2014-2-19 199008]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [2013-2-7 1641768]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2014-5-13 2228048]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]
R2 HPConnectedRemote;HP Connected Remote Service;C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [2012-10-12 35744]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-9-24 31040]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-9-7 35232]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-12-11 2451456]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-4-15 377616]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2012-8-21 91648]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\Drivers\RtsP2Stor.sys [2012-12-11 269968]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-12-11 690832]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2012-12-11 57000]
R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-31 20800]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
S3 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-9-28 650808]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\Drivers\MBAMSwissArmy.sys [2014-5-18 119512]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\Drivers\tap0901t.sys [2014-1-18 31232]
S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\Drivers\tapoas.sys [2012-7-15 30720]
S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-7-25 126976]
S3 TrueService;TrueAPI Service component;C:\Program Files\Common Files\AuthenTec\TrueService.exe [2013-1-8 401856]
S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2014-1-18 758224]
S3 xusb22;Servizio driver ricevitore wireless Xbox 360 22;C:\Windows\System32\Drivers\xusb22.sys [2012-7-26 89088]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-05-20 13:29:31 10651704 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5BAE33E8-74A1-4BB6-AF7E-6510292B69E0}\mpengine.dll
2014-05-19 18:01:07 -------- d-----w- C:\Users\Cristian\AppData\Roaming\Easy2Convert
2014-05-19 18:01:04 -------- d-----w- C:\Program Files (x86)\Easy2Convert Software
2014-05-19 17:30:03 -------- d-----w- C:\Users\Cristian\AppData\Roaming\State of Fortune
2014-05-19 16:20:51 -------- d-----w- C:\Program Files\Sweet Home 3D
2014-05-19 14:22:36 10651704 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-05-18 21:30:13 -------- d-----w- C:\Program Files\Enigma Software Group
2014-05-18 21:29:45 -------- d-----w- C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-05-18 21:29:44 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2014-05-18 19:52:14 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-05-18 19:51:57 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-18 19:51:57 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-05-18 19:51:57 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-05-18 19:51:57 -------- d-----w- C:\ProgramData\Malwarebytes
2014-05-18 19:51:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-18 19:47:09 -------- d-----w- C:\Program Files\CCleaner
2014-05-18 19:43:57 -------- d-sh--w- C:\$RECYCLE.BIN
2014-05-18 19:43:52 -------- d-----w- C:\Users\Cristian\AppData\Local\temp
2014-05-18 19:05:40 98816 ----a-w- C:\Windows\sed.exe
2014-05-18 19:05:40 256000 ----a-w- C:\Windows\PEV.exe
2014-05-18 19:05:40 208896 ----a-w- C:\Windows\MBR.exe
2014-05-18 18:51:06 -------- d-----w- C:\Windows\ERUNT
2014-05-18 18:42:12 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-05-18 18:41:47 -------- d-----w- C:\AdwCleaner
2014-05-17 20:09:31 261808 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10239.bin
2014-05-14 20:26:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-14 20:26:45 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-14 20:04:18 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2014-05-14 19:54:22 621568 ----a-w- C:\Windows\System32\drivers\srv2.sys
2014-05-14 19:54:22 370688 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2014-05-14 19:54:22 247808 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2014-05-14 19:54:22 215040 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2014-05-14 19:54:22 1120768 ----a-w- C:\Windows\System32\gpedit.dll
2014-05-14 19:54:22 1075200 ----a-w- C:\Windows\SysWow64\gpedit.dll
2014-05-14 19:54:21 78336 ----a-w- C:\Windows\System32\drivers\IPMIDrv.sys
2014-05-14 19:35:40 1629832 ----a-w- C:\Windows\SysWow64\scrypt130511Turksglg2tc4032w64l4.bin
2014-05-14 19:35:16 1628856 ----a-w- C:\Windows\SysWow64\scrypt130511Scrapperglg2tc1408w64l4.bin
2014-05-13 21:52:45 -------- d-----w- C:\ProgramData\KONAMI
2014-05-13 21:46:54 -------- d--h--w- C:\Users\Cristian\AppData\Roaming\Origin
2014-05-13 21:40:04 -------- d-----w- C:\Program Files (x86)\KONAMI
2014-05-13 12:29:04 46136 ---ha-w- C:\Windows\System32\drivers\Hamdrv.sys
2014-05-09 18:07:05 -------- d-----w- C:\Program Files (x86)\Common Files\SWF Studio
2014-05-09 18:06:53 -------- d-----w- C:\Program Files (x86)\Riva
2014-05-09 18:02:04 -------- d-sh--w- C:\Windows\ftpcache
2014-05-09 17:15:58 -------- d-----w- C:\Users\Cristian\aTubeCatcher
2014-05-08 20:44:47 -------- d-----w- C:\Users\Cristian\AppData\Local\Windows Live
2014-05-06 14:09:20 628024 ----a-w- C:\Windows\System32\NotificationUI.exe
2014-05-06 14:09:18 693760 ----a-w- C:\Windows\System32\WSShared.dll
2014-05-06 14:09:18 566784 ----a-w- C:\Windows\SysWow64\WSShared.dll
2014-05-06 14:09:18 163840 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-06 14:09:18 124928 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-30 19:27:48 -------- d-----w- C:\Users\Cristian\AppData\Roaming\Blender Foundation
2014-04-30 19:25:24 -------- d-----w- C:\Users\Cristian\.thumbnails
2014-04-30 19:24:44 -------- d-----w- C:\Program Files (x86)\Blender Foundation
2014-04-24 23:03:34 -------- d-----w- C:\Users\Cristian\wurm
2014-04-24 23:02:52 -------- d-----w- C:\Users\Cristian\AppData\Local\Sun
2014-04-24 23:01:43 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-20 22:00:33 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
.
==================== Find3M  ====================
.
2014-05-01 20:37:50 78296 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-01 20:37:50 694240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-04-12 09:27:03 172888 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 09:10:31 578048 ----a-w- C:\Windows\System32\winlogon.exe
2014-04-12 09:09:43 208896 ----a-w- C:\Windows\System32\wdigest.dll
2014-04-12 09:09:39 1043968 ----a-w- C:\Windows\System32\usercpl.dll
2014-04-12 09:09:34 94720 ----a-w- C:\Windows\System32\TSpkg.dll
2014-04-12 09:09:19 588288 ----a-w- C:\Windows\System32\SHCore.dll
2014-04-12 09:08:37 318464 ----a-w- C:\Windows\System32\msv1_0.dll
2014-04-12 09:08:17 439808 ----a-w- C:\Windows\System32\lsm.dll
2014-04-12 09:08:17 1281536 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 09:08:10 827904 ----a-w- C:\Windows\System32\kerberos.dll
2014-04-12 09:07:36 20480 ----a-w- C:\Windows\System32\credssp.dll
2014-04-12 07:23:59 178688 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-04-12 07:23:52 961536 ----a-w- C:\Windows\SysWow64\usercpl.dll
2014-04-12 07:23:49 76800 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-04-12 07:23:40 452608 ----a-w- C:\Windows\SysWow64\SHCore.dll
2014-04-12 07:23:14 273920 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-04-12 07:22:58 666624 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-04-12 07:22:33 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-04-12 06:58:06 14848 ----a-w- C:\Windows\System32\workerdd.dll
2014-03-28 19:19:38 35856 ----a-w- C:\Windows\System32\drivers\WdBoot.sys
2014-03-28 08:23:00 1287168 ----a-w- C:\Windows\System32\schedsvc.dll
2014-03-23 22:11:52 269592 ----a-w- C:\Windows\System32\drivers\WdFilter.sys
2014-03-11 03:32:43 6987096 ----a-w- C:\Windows\System32\ntoskrnl.exe
2014-03-11 03:25:51 100184 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-03-11 00:41:55 323072 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-03-11 00:41:51 559104 ----a-w- C:\Windows\SysWow64\objsel.dll
2014-03-11 00:41:24 38400 ----a-w- C:\Windows\SysWow64\dimsroam.dll
2014-03-11 00:39:12 35840 ----a-w- C:\Windows\System32\lsass.exe
2014-03-11 00:38:58 27648 ----a-w- C:\Windows\System32\sspisrv.dll
2014-03-11 00:38:58 164864 ----a-w- C:\Windows\System32\sspicli.dll
2014-03-11 00:38:53 419328 ----a-w- C:\Windows\System32\schannel.dll
2014-03-11 00:38:47 684032 ----a-w- C:\Windows\System32\objsel.dll
2014-03-11 00:38:31 982016 ----a-w- C:\Windows\System32\KernelBase.dll
2014-03-11 00:38:23 45056 ----a-w- C:\Windows\System32\dimsroam.dll
2014-03-11 00:38:23 179712 ----a-w- C:\Windows\System32\dpapisrv.dll
2014-03-10 03:05:14 668160 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2014-03-10 01:27:03 99840 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-03-07 00:48:11 1766400 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-03-07 00:47:24 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-07 00:08:30 2240000 ----a-w- C:\Windows\System32\wininet.dll
2014-03-07 00:08:27 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2014-03-07 00:08:06 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-03 23:07:48 570216 ----a-w- C:\Windows\System32\drivers\cng.sys
2014-02-26 22:28:59 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2014-02-26 22:28:56 192240 ----a-w- C:\Windows\System32\SynTPCo18.dll
.
============= FINISH: 15.38.05,37 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:13 AM

Posted 20 May 2014 - 01:23 PM


Hello Chris5150

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Chris5150

Chris5150
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:13 AM

Posted 20 May 2014 - 04:56 PM

I've successfully done the tasks you asked me to do.

I've first run AdwCleaner but after the automatic reboot i had to stop the virus Svchost.exe process by using the task manager. I had to do it, unless my notebook was too slow and overheated.

AdwCleaner seems to did nothing, here's the AdwCleaner[S1].txt log file (i don't know why it is written in Italian language, you can use google translator):

 

# Sistema operativo : Windows 8  (64 bits)
# Nome utente : Cristian - HP-NOTEBOOK
# In esecuzione da : C:\Users\Cristian\Desktop\AdwCleaner.exe
# Opzione : Pulisci
 
***** [ Servizi ] *****
 
 
***** [ File / Cartelle ] *****
 
 
***** [ Collegamenti ] *****
 
 
***** [ Registro ] *****
 
 
***** [ Browser ] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
 
-\\ Google Chrome v34.0.1847.137
 
[ File : C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1038 octets] - [18/05/2014 20:41:53]
AdwCleaner[R1].txt - [885 octets] - [20/05/2014 23:31:22]
AdwCleaner[S0].txt - [1057 octets] - [18/05/2014 20:44:46]
AdwCleaner[S1].txt - [804 octets] - [20/05/2014 23:32:09]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [863 octets] ##########
 
 
 
Then i run Junkware Removal Tool, after disabling the protection, and this is the file:
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by Cristian on 20/05/2014 at 23.38.05,55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20/05/2014 at 23.43.52,28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Both AdwCleaner and JRT seems to did nothing.
My notebook was a little slow after the auto reboot of AdwCleaner, and so i stop the process of the virus (svchost.exe) and the my notebook was fine.
The problem is that everytime it is rebooted or simply shut down and then started up, the virus recreate itself.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:13 AM

Posted 21 May 2014 - 07:00 AM


Hello Chris5150

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Chris5150

Chris5150
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:13 AM

Posted 21 May 2014 - 11:07 AM

I've run combofix and this is the log:

 

ComboFix 14-05-19.01 - Cristian 21/05/2014  17.26.07.3.2 - x64
Microsoft Windows 8  6.2.9200.0.1252.39.1040.18.5602.4272 [GMT 2:00]
Eseguito da: c:\users\Cristian\Desktop\ComboFix.exe
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Creato nuovo punto di ripristino
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Cristian\AppData\Local\assembly\tmp
.
.
(((((((((((((((((((((((((   Files Creati Da 2014-04-21 al 2014-05-21  )))))))))))))))))))))))))))))))))))
.
.
2014-05-21 15:40 . 2014-05-21 15:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-21 15:40 . 2014-05-21 15:40 -------- d-----w- c:\users\Cristian\AppData\Local\temp
2014-05-20 17:52 . 2014-05-20 17:52 -------- d-----w- c:\users\Cristian\eTeks
2014-05-20 13:29 . 2014-04-16 10:22 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5BAE33E8-74A1-4BB6-AF7E-6510292B69E0}\mpengine.dll
2014-05-19 18:01 . 2014-05-19 18:01 -------- d-----w- c:\users\Cristian\AppData\Roaming\Easy2Convert
2014-05-19 18:01 . 2014-05-19 18:01 -------- d-----w- c:\program files (x86)\Easy2Convert Software
2014-05-19 17:30 . 2014-05-19 17:31 -------- d-----w- c:\users\Cristian\AppData\Roaming\State of Fortune
2014-05-19 16:20 . 2014-05-19 16:21 -------- d-----w- c:\program files\Sweet Home 3D
2014-05-19 16:10 . 2014-05-19 16:10 -------- d-----w- c:\windows\ServiceProfiles\LocalService\winhttp
2014-05-18 21:30 . 2014-05-18 21:30 -------- d-----w- c:\program files\Enigma Software Group
2014-05-18 21:29 . 2014-05-19 15:21 -------- d-----w- c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-05-18 21:29 . 2014-05-18 21:29 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2014-05-18 19:52 . 2014-05-19 14:26 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-18 19:51 . 2014-05-18 19:51 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-05-18 19:51 . 2014-05-18 19:51 -------- d-----w- c:\programdata\Malwarebytes
2014-05-18 19:51 . 2014-04-03 07:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-18 19:51 . 2014-04-03 07:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-18 19:51 . 2014-04-03 07:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-18 19:47 . 2014-05-18 19:47 -------- d-----w- c:\program files\CCleaner
2014-05-18 18:51 . 2014-05-18 18:51 -------- d-----w- c:\windows\ERUNT
2014-05-18 18:42 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-05-18 18:41 . 2014-05-20 21:32 -------- d-----w- C:\AdwCleaner
2014-05-17 20:09 . 2014-05-17 20:09 261808 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10239.bin
2014-05-14 20:27 . 2014-05-06 05:14 97280 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-14 20:27 . 2014-05-06 05:14 19274752 ----a-w- c:\windows\system32\mshtml.dll
2014-05-14 20:26 . 2014-05-06 03:37 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-14 20:26 . 2014-05-06 03:26 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-14 20:20 . 2014-03-28 08:23 19759104 ----a-w- c:\windows\system32\shell32.dll
2014-05-14 20:04 . 2014-05-14 20:04 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2014-05-14 19:54 . 2014-03-01 09:47 1258496 ----a-w- c:\windows\system32\kernel32.dll
2014-05-14 19:54 . 2014-03-01 09:47 1120768 ----a-w- c:\windows\system32\gpedit.dll
2014-05-14 19:54 . 2014-03-01 08:07 1075200 ----a-w- c:\windows\SysWow64\gpedit.dll
2014-05-14 19:54 . 2014-02-26 23:18 621568 ----a-w- c:\windows\system32\drivers\srv2.sys
2014-05-14 19:54 . 2014-02-26 23:18 370688 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2014-05-14 19:54 . 2014-02-26 23:18 247808 ----a-w- c:\windows\system32\drivers\srvnet.sys
2014-05-14 19:54 . 2014-02-26 23:18 215040 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2014-05-14 19:54 . 2014-02-15 04:15 78336 ----a-w- c:\windows\system32\drivers\IPMIDrv.sys
2014-05-14 19:35 . 2014-05-14 19:35 1629832 ----a-w- c:\windows\SysWow64\scrypt130511Turksglg2tc4032w64l4.bin
2014-05-14 19:35 . 2014-05-14 19:35 1628856 ----a-w- c:\windows\SysWow64\scrypt130511Scrapperglg2tc1408w64l4.bin
2014-05-13 21:52 . 2014-05-13 21:52 -------- d-----w- c:\programdata\KONAMI
2014-05-13 21:46 . 2014-05-13 21:46 -------- d--h--w- c:\users\Cristian\AppData\Roaming\Origin
2014-05-13 21:40 . 2014-05-13 21:40 -------- d-----w- c:\program files (x86)\KONAMI
2014-05-13 12:29 . 2014-05-13 12:29 46136 ---ha-w- c:\windows\system32\drivers\Hamdrv.sys
2014-05-09 18:07 . 2014-05-09 18:07 -------- d-----w- c:\program files (x86)\Common Files\SWF Studio
2014-05-09 18:06 . 2014-05-09 18:06 -------- d-----w- c:\program files (x86)\Riva
2014-05-09 18:02 . 2014-05-09 18:02 -------- d-sh--w- c:\windows\ftpcache
2014-05-09 17:15 . 2014-05-09 17:15 -------- d-----w- c:\users\Cristian\aTubeCatcher
2014-05-08 20:44 . 2014-05-13 20:17 -------- d-----w- c:\users\Cristian\AppData\Local\Windows Live
2014-05-06 14:09 . 2014-04-19 09:39 628024 ----a-w- c:\windows\system32\NotificationUI.exe
2014-05-06 14:09 . 2014-04-19 08:45 693760 ----a-w- c:\windows\system32\WSShared.dll
2014-05-06 14:09 . 2014-04-19 08:45 163840 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-06 14:09 . 2014-04-19 06:57 566784 ----a-w- c:\windows\SysWow64\WSShared.dll
2014-05-06 14:09 . 2014-04-19 06:57 124928 ----a-w- c:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-30 19:27 . 2014-04-30 19:27 -------- d-----w- c:\users\Cristian\AppData\Roaming\Blender Foundation
2014-04-30 19:25 . 2014-04-30 19:25 -------- d-----w- c:\users\Cristian\.thumbnails
2014-04-30 19:24 . 2014-04-30 19:24 -------- d-----w- c:\program files (x86)\Blender Foundation
2014-04-24 23:03 . 2014-04-26 13:07 -------- d-----w- c:\users\Cristian\wurm
2014-04-24 23:02 . 2014-04-24 23:02 -------- d-----w- c:\users\Cristian\AppData\Local\Sun
2014-04-24 23:01 . 2014-04-14 18:13 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-15 12:37 . 2013-08-23 16:13 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-05-14 19:35 . 2014-04-20 22:00 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2014-05-01 20:37 . 2013-11-14 15:51 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-01 20:37 . 2013-11-14 15:51 694240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-07 00:48 . 2014-04-11 20:01 1766400 ----a-w- c:\windows\SysWow64\wininet.dll
2014-03-07 00:47 . 2014-04-11 20:01 2877952 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-03-07 00:08 . 2014-04-11 20:01 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2014-03-07 00:08 . 2014-04-11 20:01 2240000 ----a-w- c:\windows\system32\wininet.dll
2014-03-07 00:08 . 2014-04-11 20:01 915968 ----a-w- c:\windows\system32\uxtheme.dll
2014-03-07 00:08 . 2014-04-11 20:01 1365504 ----a-w- c:\windows\system32\urlmon.dll
2014-03-07 00:08 . 2014-04-11 20:01 603136 ----a-w- c:\windows\system32\msfeeds.dll
2014-03-07 00:08 . 2014-04-11 20:01 3959808 ----a-w- c:\windows\system32\jscript9.dll
2014-03-07 00:08 . 2014-04-11 20:01 855552 ----a-w- c:\windows\system32\jscript.dll
2014-03-07 00:08 . 2014-04-11 20:01 15404544 ----a-w- c:\windows\system32\ieframe.dll
2014-03-07 00:08 . 2014-04-11 20:01 2648576 ----a-w- c:\windows\system32\iertutil.dll
2014-02-26 22:28 . 2014-02-26 22:29 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2014-02-26 22:28 . 2014-02-26 22:29 192240 ----a-w- c:\windows\system32\SynTPCo18.dll
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-22 09:24 220608 ----a-w- c:\users\Cristian\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-22 09:24 220608 ----a-w- c:\users\Cristian\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-22 09:24 220608 ----a-w- c:\users\Cristian\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress8"="NA" [X]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"AppEx Accelerator UI"="c:\program files\AMD Quick Stream\AppexAcceleratorUI.exe" [2012-05-22 1000288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-07-13 93296]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-09-07 581024]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-02-16 642656]
"CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2012-09-10 491632]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-05-13 3814736]
.
c:\users\Cristian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
R3 SmbDrvI;SmbDrvI;c:\windows\System32\drivers\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_Intel.sys [x]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys;c:\windows\SYSNATIVE\DRIVERS\tapoas.sys [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 TrueService;TrueAPI Service component;c:\program files\Common Files\AuthenTec\TrueService.exe;c:\program files\Common Files\AuthenTec\TrueService.exe [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 xusb22;Servizio driver ricevitore wireless Xbox 360 22;c:\windows\System32\drivers\xusb22.sys;c:\windows\SYSNATIVE\drivers\xusb22.sys [x]
S0 amd_sata;amd_sata;c:\windows\System32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\System32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\System32\drivers\amdkmpfd.sys;c:\windows\SYSNATIVE\drivers\amdkmpfd.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 APXACC;AppEx Networks Accelerator LWF;c:\windows\system32\DRIVERS\appexDrv.sys;c:\windows\SYSNATIVE\DRIVERS\appexDrv.sys [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass\TrueSuiteService.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPConnectedRemote;HP Connected Remote Service;c:\program files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe;c:\program files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\System32\drivers\point64.sys;c:\windows\SYSNATIVE\drivers\point64.sys [x]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys [x]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost REG_MULTI_SZ   apphostsvc
iissvcs REG_MULTI_SZ   w3svc was
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-16 18:35 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-19 18:51]
.
2014-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-20 15:38]
.
2014-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-20 15:38]
.
2014-05-20 c:\windows\Tasks\HPCeeScheduleForCristian.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 03:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-22 09:24 244672 ----a-w- c:\users\Cristian\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-22 09:24 244672 ----a-w- c:\users\Cristian\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-22 09:24 244672 ----a-w- c:\users\Cristian\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-08-20 1664000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-04-22 21720]
.
------- Scansione supplementare -------
.
uStart Page = https://www.google.it
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DD463B6A-14BE-42F1-9FB5-95B531C40F06}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-36499079.sys
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Ora fine scansione: 2014-05-21  17:56:05
ComboFix-quarantined-files.txt  2014-05-21 15:56
ComboFix2.txt  2014-05-18 19:43
ComboFix3.txt  2014-05-18 19:24
.
Pre-Run: 396.925.353.984 byte disponibili
Post-Run: 396.934.467.584 byte disponibili
.
- - End Of File - - 998ADE9CAC37FA6FE8E8B41AD925ACBC
5FB38429D5D77768867C76DCBDB35194
 
 
Combofix didn't restart my notebook so I don't know if the virus still regenerates itself. I should restart my notebook manually and check if Svchost.exe is still in the temp folder.
I think Combofix didn't solve the problem. Now I'm going to reactivate protection and restart my notebook.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:13 AM

Posted 22 May 2014 - 07:30 AM


Hello Chris5150

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Chris5150

Chris5150
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:13 AM

Posted 22 May 2014 - 09:42 AM

Here's the report:

 

ComboFix 14-05-19.01 - Cristian 22/05/2014  15.58.14.4.2 - x64
Microsoft Windows 8  6.2.9200.0.1252.39.1040.18.5602.4194 [GMT 2:00]
Eseguito da: c:\users\Cristian\Desktop\ComboFix.exe
Opzioni usate :: c:\users\Cristian\Desktop\CFScript.txt
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Creato nuovo punto di ripristino
.
.
(((((((((((((((((((((((((   Files Creati Da 2014-04-22 al 2014-05-22  )))))))))))))))))))))))))))))))))))
.
.
2014-05-22 14:09 . 2014-05-22 14:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-22 14:09 . 2014-05-22 14:09 -------- d-----w- c:\users\Cristian\AppData\Local\temp
2014-05-22 12:18 . 2014-05-22 12:18 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD392E09-C625-4598-A436-D2BEFD3584E3}\offreg.dll
2014-05-22 11:34 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD392E09-C625-4598-A436-D2BEFD3584E3}\mpengine.dll
2014-05-20 17:52 . 2014-05-20 17:52 -------- d-----w- c:\users\Cristian\eTeks
2014-05-19 18:01 . 2014-05-19 18:01 -------- d-----w- c:\users\Cristian\AppData\Roaming\Easy2Convert
2014-05-19 18:01 . 2014-05-19 18:01 -------- d-----w- c:\program files (x86)\Easy2Convert Software
2014-05-19 17:30 . 2014-05-19 17:31 -------- d-----w- c:\users\Cristian\AppData\Roaming\State of Fortune
2014-05-19 16:20 . 2014-05-19 16:21 -------- d-----w- c:\program files\Sweet Home 3D
2014-05-19 16:10 . 2014-05-19 16:10 -------- d-----w- c:\windows\ServiceProfiles\LocalService\winhttp
2014-05-18 21:30 . 2014-05-18 21:30 -------- d-----w- c:\program files\Enigma Software Group
2014-05-18 21:29 . 2014-05-19 15:21 -------- d-----w- c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-05-18 21:29 . 2014-05-18 21:29 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2014-05-18 19:52 . 2014-05-19 14:26 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-18 19:51 . 2014-05-18 19:51 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-05-18 19:51 . 2014-05-18 19:51 -------- d-----w- c:\programdata\Malwarebytes
2014-05-18 19:51 . 2014-04-03 07:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-18 19:51 . 2014-04-03 07:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-18 19:51 . 2014-04-03 07:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-18 19:47 . 2014-05-18 19:47 -------- d-----w- c:\program files\CCleaner
2014-05-18 18:51 . 2014-05-18 18:51 -------- d-----w- c:\windows\ERUNT
2014-05-18 18:42 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-05-18 18:41 . 2014-05-20 21:32 -------- d-----w- C:\AdwCleaner
2014-05-17 20:09 . 2014-05-17 20:09 261808 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10239.bin
2014-05-14 20:27 . 2014-05-06 05:14 97280 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-14 20:27 . 2014-05-06 05:14 19274752 ----a-w- c:\windows\system32\mshtml.dll
2014-05-14 20:26 . 2014-05-06 03:37 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-14 20:26 . 2014-05-06 03:26 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-14 20:20 . 2014-03-28 08:23 19759104 ----a-w- c:\windows\system32\shell32.dll
2014-05-14 20:04 . 2014-05-14 20:04 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2014-05-14 19:54 . 2014-03-01 09:47 1258496 ----a-w- c:\windows\system32\kernel32.dll
2014-05-14 19:54 . 2014-03-01 09:47 1120768 ----a-w- c:\windows\system32\gpedit.dll
2014-05-14 19:54 . 2014-03-01 08:07 1075200 ----a-w- c:\windows\SysWow64\gpedit.dll
2014-05-14 19:54 . 2014-02-26 23:18 621568 ----a-w- c:\windows\system32\drivers\srv2.sys
2014-05-14 19:54 . 2014-02-26 23:18 370688 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2014-05-14 19:54 . 2014-02-26 23:18 247808 ----a-w- c:\windows\system32\drivers\srvnet.sys
2014-05-14 19:54 . 2014-02-26 23:18 215040 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2014-05-14 19:54 . 2014-02-15 04:15 78336 ----a-w- c:\windows\system32\drivers\IPMIDrv.sys
2014-05-14 19:35 . 2014-05-14 19:35 1629832 ----a-w- c:\windows\SysWow64\scrypt130511Turksglg2tc4032w64l4.bin
2014-05-14 19:35 . 2014-05-14 19:35 1628856 ----a-w- c:\windows\SysWow64\scrypt130511Scrapperglg2tc1408w64l4.bin
2014-05-13 21:52 . 2014-05-13 21:52 -------- d-----w- c:\programdata\KONAMI
2014-05-13 21:46 . 2014-05-13 21:46 -------- d--h--w- c:\users\Cristian\AppData\Roaming\Origin
2014-05-13 21:40 . 2014-05-13 21:40 -------- d-----w- c:\program files (x86)\KONAMI
2014-05-13 12:29 . 2014-05-13 12:29 46136 ---ha-w- c:\windows\system32\drivers\Hamdrv.sys
2014-05-09 18:07 . 2014-05-09 18:07 -------- d-----w- c:\program files (x86)\Common Files\SWF Studio
2014-05-09 18:06 . 2014-05-09 18:06 -------- d-----w- c:\program files (x86)\Riva
2014-05-09 18:02 . 2014-05-09 18:02 -------- d-sh--w- c:\windows\ftpcache
2014-05-09 17:15 . 2014-05-09 17:15 -------- d-----w- c:\users\Cristian\aTubeCatcher
2014-05-08 20:44 . 2014-05-13 20:17 -------- d-----w- c:\users\Cristian\AppData\Local\Windows Live
2014-05-06 14:09 . 2014-04-19 09:39 628024 ----a-w- c:\windows\system32\NotificationUI.exe
2014-05-06 14:09 . 2014-04-19 08:45 693760 ----a-w- c:\windows\system32\WSShared.dll
2014-05-06 14:09 . 2014-04-19 08:45 163840 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-06 14:09 . 2014-04-19 06:57 566784 ----a-w- c:\windows\SysWow64\WSShared.dll
2014-05-06 14:09 . 2014-04-19 06:57 124928 ----a-w- c:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-30 19:27 . 2014-04-30 19:27 -------- d-----w- c:\users\Cristian\AppData\Roaming\Blender Foundation
2014-04-30 19:25 . 2014-04-30 19:25 -------- d-----w- c:\users\Cristian\.thumbnails
2014-04-30 19:24 . 2014-04-30 19:24 -------- d-----w- c:\program files (x86)\Blender Foundation
2014-04-24 23:03 . 2014-04-26 13:07 -------- d-----w- c:\users\Cristian\wurm
2014-04-24 23:02 . 2014-04-24 23:02 -------- d-----w- c:\users\Cristian\AppData\Local\Sun
2014-04-24 23:01 . 2014-04-14 18:13 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-15 12:37 . 2013-08-23 16:13 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-05-14 19:35 . 2014-04-20 22:00 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2014-05-01 20:37 . 2013-11-14 15:51 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-01 20:37 . 2013-11-14 15:51 694240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-07 00:48 . 2014-04-11 20:01 1766400 ----a-w- c:\windows\SysWow64\wininet.dll
2014-03-07 00:47 . 2014-04-11 20:01 2877952 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-03-07 00:08 . 2014-04-11 20:01 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2014-03-07 00:08 . 2014-04-11 20:01 2240000 ----a-w- c:\windows\system32\wininet.dll
2014-03-07 00:08 . 2014-04-11 20:01 915968 ----a-w- c:\windows\system32\uxtheme.dll
2014-03-07 00:08 . 2014-04-11 20:01 1365504 ----a-w- c:\windows\system32\urlmon.dll
2014-03-07 00:08 . 2014-04-11 20:01 603136 ----a-w- c:\windows\system32\msfeeds.dll
2014-03-07 00:08 . 2014-04-11 20:01 3959808 ----a-w- c:\windows\system32\jscript9.dll
2014-03-07 00:08 . 2014-04-11 20:01 855552 ----a-w- c:\windows\system32\jscript.dll
2014-03-07 00:08 . 2014-04-11 20:01 15404544 ----a-w- c:\windows\system32\ieframe.dll
2014-03-07 00:08 . 2014-04-11 20:01 2648576 ----a-w- c:\windows\system32\iertutil.dll
2014-02-26 22:28 . 2014-02-26 22:29 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2014-02-26 22:28 . 2014-02-26 22:29 192240 ----a-w- c:\windows\system32\SynTPCo18.dll
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-22 09:24 220608 ----a-w- c:\users\Cristian\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-22 09:24 220608 ----a-w- c:\users\Cristian\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-22 09:24 220608 ----a-w- c:\users\Cristian\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress8"="NA" [X]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"AppEx Accelerator UI"="c:\program files\AMD Quick Stream\AppexAcceleratorUI.exe" [2012-05-22 1000288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-07-13 93296]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-09-07 581024]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-02-16 642656]
"CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2012-09-10 491632]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-05-13 3814736]
.
c:\users\Cristian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
R3 SmbDrvI;SmbDrvI;c:\windows\System32\drivers\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_Intel.sys [x]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys;c:\windows\SYSNATIVE\DRIVERS\tapoas.sys [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 TrueService;TrueAPI Service component;c:\program files\Common Files\AuthenTec\TrueService.exe;c:\program files\Common Files\AuthenTec\TrueService.exe [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 xusb22;Servizio driver ricevitore wireless Xbox 360 22;c:\windows\System32\drivers\xusb22.sys;c:\windows\SYSNATIVE\drivers\xusb22.sys [x]
S0 amd_sata;amd_sata;c:\windows\System32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\System32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\System32\drivers\amdkmpfd.sys;c:\windows\SYSNATIVE\drivers\amdkmpfd.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 APXACC;AppEx Networks Accelerator LWF;c:\windows\system32\DRIVERS\appexDrv.sys;c:\windows\SYSNATIVE\DRIVERS\appexDrv.sys [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass\TrueSuiteService.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPConnectedRemote;HP Connected Remote Service;c:\program files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe;c:\program files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\System32\drivers\point64.sys;c:\windows\SYSNATIVE\drivers\point64.sys [x]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys [x]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost REG_MULTI_SZ   apphostsvc
iissvcs REG_MULTI_SZ   w3svc was
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-16 18:35 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-05-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-19 18:51]
.
2014-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-20 15:38]
.
2014-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-20 15:38]
.
2014-05-20 c:\windows\Tasks\HPCeeScheduleForCristian.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 03:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-22 09:24 244672 ----a-w- c:\users\Cristian\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-22 09:24 244672 ----a-w- c:\users\Cristian\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-22 09:24 244672 ----a-w- c:\users\Cristian\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-08-20 1664000]
.
------- Scansione supplementare -------
.
uStart Page = https://www.google.it
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DD463B6A-14BE-42F1-9FB5-95B531C40F06}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Ora fine scansione: 2014-05-22  16:25:11
ComboFix-quarantined-files.txt  2014-05-22 14:25
ComboFix2.txt  2014-05-21 15:56
ComboFix3.txt  2014-05-18 19:43
ComboFix4.txt  2014-05-18 19:24
.
Pre-Run: 393.972.838.400 byte disponibili
Post-Run: 393.916.084.224 byte disponibili
.
- - End Of File - - 2098B7027BB633D6DC0ED3277E9EB439
5FB38429D5D77768867C76DCBDB35194
 
 
I really appreciate your help, but unfortunately the virus is still there and still regenerates itself.
Now i have another problem, my HP Support Assistant software is telling me that a previous copy of my Windows OS is taking too much space on my hard disk.
I think that this is related to the virus Svchost.
Please, help me. 


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:13 AM

Posted 23 May 2014 - 04:02 AM





Hello Chris5150

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
  • •Internet access
    •Windows Update
    •Windows Firewall
9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.


--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from MBAR and Roguekiller and also let me know how the computer is doing at this time.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Chris5150

Chris5150
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:13 AM

Posted 23 May 2014 - 07:32 AM

Malwarebytes Anti-Rootkit, after the scan, said: Congratulations, no cleanup is required! Scan Finished: no malware found.

So it hasn't produced a report file.

 

RogueKiller, instead, has produced 2 report files on the desktop, but non of them is called RKreport[2].txt.

So i'll post you both of them:

 

The fist one, called "RKreport[0]_S_05232014_141953" :

 

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
 
Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Cristian [Admin rights]
Mode : Scan -- Date : 05/23/2014 14:19:53
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 6 ¤¤¤
[DNS][PUM] HKLM\[...]\CCSet\[...]\{DD463B6A-14BE-42F1-9FB5-95B531C40F06} : NameServer (8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 [UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - PHILIPPINES (PH) - UNITED STATES (US)]) -> Trovato
[DNS][PUM] HKLM\[...]\CS001\[...]\{DD463B6A-14BE-42F1-9FB5-95B531C40F06} : NameServer (8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 [UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - UNITED STATES (US) - PHILIPPINES (PH) - UNITED STATES (US)]) -> Trovato
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> Trovato
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> Trovato
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> Trovato
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> Trovato
 
¤¤¤ Le attività pianificate : 1 ¤¤¤
[V2][SUSP PATH] Origin : C:\Users\Cristian\AppData\Roaming\Origin\update.vbe [-] -> Trovato
 
¤¤¤ voci di avvio : 0 ¤¤¤
 
¤¤¤ I browser Web : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
[Address] EAT @explorer.exe (Briefcase_IntroW) : twext.dll -> HOOKED (C:\Windows\system32\syncui.dll @ 0x5890042C)
[Address] EAT @explorer.exe (DllCanUnloadNow) : twext.dll -> HOOKED (C:\Windows\system32\syncui.dll @ 0x589004DC)
[Address] EAT @explorer.exe (DllGetClassObject) : twext.dll -> HOOKED (C:\Windows\system32\syncui.dll @ 0x58900438)
[Address] EAT @explorer.exe (DllCanUnloadNow) : CLVDShellExt.dll -> HOOKED (C:\Windows\System32\actxprxy.dll @ 0x5A771010)
[Address] EAT @explorer.exe (DllGetClassObject) : CLVDShellExt.dll -> HOOKED (C:\Windows\System32\actxprxy.dll @ 0x5A772B90)
[Address] EAT @explorer.exe (DllRegisterServer) : CLVDShellExt.dll -> HOOKED (C:\Windows\System32\actxprxy.dll @ 0x5A91BAC4)
[Address] EAT @explorer.exe (DllUnregisterServer) : CLVDShellExt.dll -> HOOKED (C:\Windows\System32\actxprxy.dll @ 0x5A91BAA0)
[Address] EAT @explorer.exe (GetProxyDllInfo) : CLVDShellExt.dll -> HOOKED (C:\Windows\System32\actxprxy.dll @ 0x5A91BAEC)
[Address] EAT @explorer.exe (GdipAddPathArc) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FC868)
[Address] EAT @explorer.exe (GdipAddPathArcI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FC7C8)
[Address] EAT @explorer.exe (GdipAddPathBezier) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2F400)
[Address] EAT @explorer.exe (GdipAddPathBezierI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2F31C)
[Address] EAT @explorer.exe (GdipAddPathBeziers) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2F258)
[Address] EAT @explorer.exe (GdipAddPathBeziersI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2F174)
[Address] EAT @explorer.exe (GdipAddPathClosedCurve) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2EAC4)
[Address] EAT @explorer.exe (GdipAddPathClosedCurve2) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2E90C)
[Address] EAT @explorer.exe (GdipAddPathClosedCurve2I) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2E824)
[Address] EAT @explorer.exe (GdipAddPathClosedCurveI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2E9E0)
[Address] EAT @explorer.exe (GdipAddPathCurve) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2F094)
[Address] EAT @explorer.exe (GdipAddPathCurve2) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2EE94)
[Address] EAT @explorer.exe (GdipAddPathCurve2I) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2ED74)
[Address] EAT @explorer.exe (GdipAddPathCurve3) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2EC90)
[Address] EAT @explorer.exe (GdipAddPathCurve3I) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2EB90)
[Address] EAT @explorer.exe (GdipAddPathCurveI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2EF78)
[Address] EAT @explorer.exe (GdipAddPathEllipse) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2E3FC)
[Address] EAT @explorer.exe (GdipAddPathEllipseI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2E378)
[Address] EAT @explorer.exe (GdipAddPathLine) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FB964)
[Address] EAT @explorer.exe (GdipAddPathLine2) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2F61C)
[Address] EAT @explorer.exe (GdipAddPathLine2I) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2F538)
[Address] EAT @explorer.exe (GdipAddPathLineI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FB8E0)
[Address] EAT @explorer.exe (GdipAddPathPath) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2DF7C)
[Address] EAT @explorer.exe (GdipAddPathPie) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2E280)
[Address] EAT @explorer.exe (GdipAddPathPieI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2E1E0)
[Address] EAT @explorer.exe (GdipAddPathPolygon) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2E11C)
[Address] EAT @explorer.exe (GdipAddPathPolygonI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2E038)
[Address] EAT @explorer.exe (GdipAddPathRectangle) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2E730)
[Address] EAT @explorer.exe (GdipAddPathRectangleI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2E6AC)
[Address] EAT @explorer.exe (GdipAddPathRectangles) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2E5E8)
[Address] EAT @explorer.exe (GdipAddPathRectanglesI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2E4E8)
[Address] EAT @explorer.exe (GdipAddPathString) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2DDBC)
[Address] EAT @explorer.exe (GdipAddPathStringI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2DCD4)
[Address] EAT @explorer.exe (GdipAlloc) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9B9ADC)
[Address] EAT @explorer.exe (GdipBeginContainer) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1B1C4)
[Address] EAT @explorer.exe (GdipBeginContainer2) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1B100)
[Address] EAT @explorer.exe (GdipBeginContainerI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1B000)
[Address] EAT @explorer.exe (GdipBitmapApplyEffect) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA22874)
[Address] EAT @explorer.exe (GdipBitmapConvertFormat) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA22B20)
[Address] EAT @explorer.exe (GdipBitmapCreateApplyEffect) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2295C)
[Address] EAT @explorer.exe (GdipBitmapGetHistogram) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2278C)
[Address] EAT @explorer.exe (GdipBitmapGetHistogramSize) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA22740)
[Address] EAT @explorer.exe (GdipBitmapGetPixel) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA22E18)
[Address] EAT @explorer.exe (GdipBitmapLockBits) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9BC490)
[Address] EAT @explorer.exe (GdipBitmapSetPixel) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D31E0)
[Address] EAT @explorer.exe (GdipBitmapSetResolution) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D4880)
[Address] EAT @explorer.exe (GdipBitmapUnlockBits) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9BC5C8)
[Address] EAT @explorer.exe (GdipClearPathMarkers) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2F848)
[Address] EAT @explorer.exe (GdipCloneBitmapArea) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA22F04)
[Address] EAT @explorer.exe (GdipCloneBitmapAreaI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA012D8)
[Address] EAT @explorer.exe (GdipCloneBrush) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2A32C)
[Address] EAT @explorer.exe (GdipCloneCustomLineCap) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA25450)
[Address] EAT @explorer.exe (GdipCloneFont) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1996C)
[Address] EAT @explorer.exe (GdipCloneFontFamily) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA19C18)
[Address] EAT @explorer.exe (GdipCloneImage) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D70D8)
[Address] EAT @explorer.exe (GdipCloneImageAttributes) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA22538)
[Address] EAT @explorer.exe (GdipCloneMatrix) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FB360)
[Address] EAT @explorer.exe (GdipClonePath) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA30184)
[Address] EAT @explorer.exe (GdipClonePen) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA27048)
[Address] EAT @explorer.exe (GdipCloneRegion) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2B8FC)
[Address] EAT @explorer.exe (GdipCloneStringFormat) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA18CF0)
[Address] EAT @explorer.exe (GdipClosePathFigure) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2FA28)
[Address] EAT @explorer.exe (GdipClosePathFigures) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2F988)
[Address] EAT @explorer.exe (GdipCombineRegionPath) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2B538)
[Address] EAT @explorer.exe (GdipCombineRegionRect) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2B6F4)
[Address] EAT @explorer.exe (GdipCombineRegionRectI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2B654)
[Address] EAT @explorer.exe (GdipCombineRegionRegion) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D88A4)
[Address] EAT @explorer.exe (GdipComment) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA19878)
[Address] EAT @explorer.exe (GdipConvertToEmfPlus) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA180FC)
[Address] EAT @explorer.exe (GdipConvertToEmfPlusToFile) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA17FFC)
[Address] EAT @explorer.exe (GdipConvertToEmfPlusToStream) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA17EFC)
[Address] EAT @explorer.exe (GdipCreateAdjustableArrowCap) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA24B88)
[Address] EAT @explorer.exe (GdipCreateBitmapFromDirectDrawSurface) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA230A4)
[Address] EAT @explorer.exe (GdipCreateBitmapFromFile) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D06FC)
[Address] EAT @explorer.exe (GdipCreateBitmapFromFileICM) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA23330)
[Address] EAT @explorer.exe (GdipCreateBitmapFromGdiDib) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9CB994)
[Address] EAT @explorer.exe (GdipCreateBitmapFromGraphics) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA231D4)
[Address] EAT @explorer.exe (GdipCreateBitmapFromHBITMAP) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9B2F28)
[Address] EAT @explorer.exe (GdipCreateBitmapFromHICON) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D7B2C)
[Address] EAT @explorer.exe (GdipCreateBitmapFromResource) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2300C)
[Address] EAT @explorer.exe (GdipCreateBitmapFromScan0) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C84A4)
[Address] EAT @explorer.exe (GdipCreateBitmapFromStream) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FFF40)
[Address] EAT @explorer.exe (GdipCreateBitmapFromStreamICM) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA23480)
[Address] EAT @explorer.exe (GdipCreateCachedBitmap) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA02F6C)
[Address] EAT @explorer.exe (GdipCreateCustomLineCap) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2551C)
[Address] EAT @explorer.exe (GdipCreateEffect) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA22DB0)
[Address] EAT @explorer.exe (GdipCreateFont) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D97BC)
[Address] EAT @explorer.exe (GdipCreateFontFamilyFromName) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D8DD4)
[Address] EAT @explorer.exe (GdipCreateFontFromDC) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA19520)
[Address] EAT @explorer.exe (GdipCreateFontFromLogfontA) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA19408)
[Address] EAT @explorer.exe (GdipCreateFontFromLogfontW) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D9380)
[Address] EAT @explorer.exe (GdipCreateFromHDC) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9BD848)
[Address] EAT @explorer.exe (GdipCreateFromHDC2) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2196C)
[Address] EAT @explorer.exe (GdipCreateFromHWND) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA218CC)
[Address] EAT @explorer.exe (GdipCreateFromHWNDICM) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2182C)
[Address] EAT @explorer.exe (GdipCreateHBITMAPFromBitmap) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C3830)
[Address] EAT @explorer.exe (GdipCreateHICONFromBitmap) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D779C)
[Address] EAT @explorer.exe (GdipCreateHalftonePalette) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D9ED8)
[Address] EAT @explorer.exe (GdipCreateHatchBrush) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2A198)
[Address] EAT @explorer.exe (GdipCreateImageAttributes) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D6D10)
[Address] EAT @explorer.exe (GdipCreateLineBrush) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2984C)
[Address] EAT @explorer.exe (GdipCreateLineBrushFromRect) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA02150)
[Address] EAT @explorer.exe (GdipCreateLineBrushFromRectI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA02044)
[Address] EAT @explorer.exe (GdipCreateLineBrushFromRectWithAngle) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2961C)
[Address] EAT @explorer.exe (GdipCreateLineBrushFromRectWithAngleI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA29514)
[Address] EAT @explorer.exe (GdipCreateLineBrushI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA29738)
[Address] EAT @explorer.exe (GdipCreateMatrix) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C74C8)
[Address] EAT @explorer.exe (GdipCreateMatrix2) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FB244)
[Address] EAT @explorer.exe (GdipCreateMatrix3) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2C3C0)
[Address] EAT @explorer.exe (GdipCreateMatrix3I) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2C274)
[Address] EAT @explorer.exe (GdipCreateMetafileFromEmf) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1AB18)
[Address] EAT @explorer.exe (GdipCreateMetafileFromFile) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1AA30)
[Address] EAT @explorer.exe (GdipCreateMetafileFromStream) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1A854)
[Address] EAT @explorer.exe (GdipCreateMetafileFromWmf) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1AC0C)
[Address] EAT @explorer.exe (GdipCreateMetafileFromWmfFile) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1A93C)
[Address] EAT @explorer.exe (GdipCreatePath) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9CF200)
[Address] EAT @explorer.exe (GdipCreatePath2) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA303C4)
[Address] EAT @explorer.exe (GdipCreatePath2I) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA3023C)
[Address] EAT @explorer.exe (GdipCreatePathGradient) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA28778)
[Address] EAT @explorer.exe (GdipCreatePathGradientFromPath) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA28598)
[Address] EAT @explorer.exe (GdipCreatePathGradientI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2864C)
[Address] EAT @explorer.exe (GdipCreatePathIter) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2CEE0)
[Address] EAT @explorer.exe (GdipCreatePen1) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9CA7E8)
[Address] EAT @explorer.exe (GdipCreatePen2) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C7D40)
[Address] EAT @explorer.exe (GdipCreateRegion) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D8040)
[Address] EAT @explorer.exe (GdipCreateRegionHrgn) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2BA00)
[Address] EAT @explorer.exe (GdipCreateRegionPath) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2BB94)
[Address] EAT @explorer.exe (GdipCreateRegionRect) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FD9CC)
[Address] EAT @explorer.exe (GdipCreateRegionRectI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FD918)
[Address] EAT @explorer.exe (GdipCreateRegionRgnData) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2BAC8)
[Address] EAT @explorer.exe (GdipCreateSolidFill) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C5630)
[Address] EAT @explorer.exe (GdipCreateStreamOnFile) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9EAB24)
[Address] EAT @explorer.exe (GdipCreateStringFormat) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA18EA0)
[Address] EAT @explorer.exe (GdipCreateTexture) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D2A40)
[Address] EAT @explorer.exe (GdipCreateTexture2) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA29EC4)
[Address] EAT @explorer.exe (GdipCreateTexture2I) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA29C40)
[Address] EAT @explorer.exe (GdipCreateTextureIA) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA29D10)
[Address] EAT @explorer.exe (GdipCreateTextureIAI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA29BF0)
[Address] EAT @explorer.exe (GdipDeleteBrush) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C5170)
[Address] EAT @explorer.exe (GdipDeleteCachedBitmap) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D3498)
[Address] EAT @explorer.exe (GdipDeleteCustomLineCap) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA25308)
[Address] EAT @explorer.exe (GdipDeleteEffect) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA22D60)
[Address] EAT @explorer.exe (GdipDeleteFont) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C834C)
[Address] EAT @explorer.exe (GdipDeleteFontFamily) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA19CD0)
[Address] EAT @explorer.exe (GdipDeleteGraphics) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9BD378)
[Address] EAT @explorer.exe (GdipDeleteMatrix) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C73FC)
[Address] EAT @explorer.exe (GdipDeletePath) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9CF2E0)
[Address] EAT @explorer.exe (GdipDeletePathIter) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2CE4C)
[Address] EAT @explorer.exe (GdipDeletePen) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C521C)
[Address] EAT @explorer.exe (GdipDeletePrivateFontCollection) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1924C)
[Address] EAT @explorer.exe (GdipDeleteRegion) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C76B8)
[Address] EAT @explorer.exe (GdipDeleteStringFormat) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA18C7C)
[Address] EAT @explorer.exe (GdipDisposeImage) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9B1CE0)
[Address] EAT @explorer.exe (GdipDisposeImageAttributes) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D6B70)
[Address] EAT @explorer.exe (GdipDrawArc) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2040C)
[Address] EAT @explorer.exe (GdipDrawArcI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA20360)
[Address] EAT @explorer.exe (GdipDrawBezier) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA20208)
[Address] EAT @explorer.exe (GdipDrawBezierI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA20114)
[Address] EAT @explorer.exe (GdipDrawBeziers) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1FFF8)
[Address] EAT @explorer.exe (GdipDrawBeziersI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1FEDC)
[Address] EAT @explorer.exe (GdipDrawCachedBitmap) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA00EF0)
[Address] EAT @explorer.exe (GdipDrawClosedCurve) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1F140)
[Address] EAT @explorer.exe (GdipDrawClosedCurve2) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1EF38)
[Address] EAT @explorer.exe (GdipDrawClosedCurve2I) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1EE44)
[Address] EAT @explorer.exe (GdipDrawClosedCurveI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1F05C)
[Address] EAT @explorer.exe (GdipDrawCurve) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1F7B4)
[Address] EAT @explorer.exe (GdipDrawCurve2) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1F59C)
[Address] EAT @explorer.exe (GdipDrawCurve2I) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1F4A8)
[Address] EAT @explorer.exe (GdipDrawCurve3) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1F374)
[Address] EAT @explorer.exe (GdipDrawCurve3I) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1F268)
[Address] EAT @explorer.exe (GdipDrawCurveI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1F6D0)
[Address] EAT @explorer.exe (GdipDrawDriverString) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1D9A8)
[Address] EAT @explorer.exe (GdipDrawEllipse) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1FB64)
[Address] EAT @explorer.exe (GdipDrawEllipseI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1FAD4)
[Address] EAT @explorer.exe (GdipDrawImage) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D2DF0)
[Address] EAT @explorer.exe (GdipDrawImageFX) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1D004)
[Address] EAT @explorer.exe (GdipDrawImageI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D2D6C)
[Address] EAT @explorer.exe (GdipDrawImagePointRect) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FD77C)
[Address] EAT @explorer.exe (GdipDrawImagePointRectI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FD6B8)
[Address] EAT @explorer.exe (GdipDrawImagePoints) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1D658)
[Address] EAT @explorer.exe (GdipDrawImagePointsI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1D53C)
[Address] EAT @explorer.exe (GdipDrawImagePointsRect) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1D2CC)
[Address] EAT @explorer.exe (GdipDrawImagePointsRectI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1D134)
[Address] EAT @explorer.exe (GdipDrawImageRect) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C2664)
[Address] EAT @explorer.exe (GdipDrawImageRectI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C25C4)
[Address] EAT @explorer.exe (GdipDrawImageRectRect) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FEFC4)
[Address] EAT @explorer.exe (GdipDrawImageRectRectI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FEE90)
[Address] EAT @explorer.exe (GdipDrawLine) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA205D8)
[Address] EAT @explorer.exe (GdipDrawLineI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA20548)
[Address] EAT @explorer.exe (GdipDrawLines) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9CCA40)
[Address] EAT @explorer.exe (GdipDrawLinesI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9CC958)
[Address] EAT @explorer.exe (GdipDrawPath) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FAFA0)
[Address] EAT @explorer.exe (GdipDrawPie) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1F998)
[Address] EAT @explorer.exe (GdipDrawPieI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1F8EC)
[Address] EAT @explorer.exe (GdipDrawPolygon) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9E27D0)
[Address] EAT @explorer.exe (GdipDrawPolygonI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9E26E0)
[Address] EAT @explorer.exe (GdipDrawRectangle) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9CCD30)
[Address] EAT @explorer.exe (GdipDrawRectangleI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9CCC90)
[Address] EAT @explorer.exe (GdipDrawRectangles) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1FDC0)
[Address] EAT @explorer.exe (GdipDrawRectanglesI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1FC88)
[Address] EAT @explorer.exe (GdipDrawString) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1E018)
[Address] EAT @explorer.exe (GdipEmfToWmfBits) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9E6A28)
[Address] EAT @explorer.exe (GdipEndContainer) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1AF58)
[Address] EAT @explorer.exe (GdipEnumerateMetafileDestPoint) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1CE6C)
[Address] EAT @explorer.exe (GdipEnumerateMetafileDestPointI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1CDD0)
[Address] EAT @explorer.exe (GdipEnumerateMetafileDestPoints) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1C9D4)
[Address] EAT @explorer.exe (GdipEnumerateMetafileDestPointsI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1C894)
[Address] EAT @explorer.exe (GdipEnumerateMetafileDestRect) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1CC38)
[Address] EAT @explorer.exe (GdipEnumerateMetafileDestRectI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1CB80)
[Address] EAT @explorer.exe (GdipEnumerateMetafileSrcRectDestPoint) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1C6D0)
[Address] EAT @explorer.exe (GdipEnumerateMetafileSrcRectDestPointI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1C5E0)
[Address] EAT @explorer.exe (GdipEnumerateMetafileSrcRectDestPoints) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1C15C)
[Address] EAT @explorer.exe (GdipEnumerateMetafileSrcRectDestPointsI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1BFD4)
[Address] EAT @explorer.exe (GdipEnumerateMetafileSrcRectDestRect) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1C41C)
[Address] EAT @explorer.exe (GdipEnumerateMetafileSrcRectDestRectI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1C328)
[Address] EAT @explorer.exe (GdipFillClosedCurve) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1E524)
[Address] EAT @explorer.exe (GdipFillClosedCurve2) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1E310)
[Address] EAT @explorer.exe (GdipFillClosedCurve2I) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1E210)
[Address] EAT @explorer.exe (GdipFillClosedCurveI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1E440)
[Address] EAT @explorer.exe (GdipFillEllipse) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9CF768)
[Address] EAT @explorer.exe (GdipFillEllipseI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1E990)
[Address] EAT @explorer.exe (GdipFillPath) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1E654)
[Address] EAT @explorer.exe (GdipFillPie) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1E850)
[Address] EAT @explorer.exe (GdipFillPieI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1E79C)
[Address] EAT @explorer.exe (GdipFillPolygon) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9E29AC)
[Address] EAT @explorer.exe (GdipFillPolygon2) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1EB04)
[Address] EAT @explorer.exe (GdipFillPolygon2I) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1EA20)
[Address] EAT @explorer.exe (GdipFillPolygonI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9E28BC)
[Address] EAT @explorer.exe (GdipFillRectangle) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C5870)
[Address] EAT @explorer.exe (GdipFillRectangleI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C57DC)
[Address] EAT @explorer.exe (GdipFillRectangles) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1ED28)
[Address] EAT @explorer.exe (GdipFillRectanglesI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1EC28)
[Address] EAT @explorer.exe (GdipFillRegion) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FD354)
[Address] EAT @explorer.exe (GdipFindFirstImageItem) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA23730)
[Address] EAT @explorer.exe (GdipFindNextImageItem) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA23680)
[Address] EAT @explorer.exe (GdipFlattenPath) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FAEC4)
[Address] EAT @explorer.exe (GdipFlush) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA21764)
[Address] EAT @explorer.exe (GdipFree) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9B9A74)
[Address] EAT @explorer.exe (GdipGetAdjustableArrowCapFillState) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA245B0)
[Address] EAT @explorer.exe (GdipGetAdjustableArrowCapHeight) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA24A10)
[Address] EAT @explorer.exe (GdipGetAdjustableArrowCapMiddleInset) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA24720)
[Address] EAT @explorer.exe (GdipGetAdjustableArrowCapWidth) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA24898)
[Address] EAT @explorer.exe (GdipGetAllPropertyItems) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D11D8)
[Address] EAT @explorer.exe (GdipGetBrushType) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2A27C)
[Address] EAT @explorer.exe (GdipGetCellAscent) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA19708)
[Address] EAT @explorer.exe (GdipGetCellDescent) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA19644)
[Address] EAT @explorer.exe (GdipGetClip) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D8424)
[Address] EAT @explorer.exe (GdipGetClipBounds) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1B938)
[Address] EAT @explorer.exe (GdipGetClipBoundsI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C7B04)
[Address] EAT @explorer.exe (GdipGetCompositingMode) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FD0E0)
[Address] EAT @explorer.exe (GdipGetCompositingQuality) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA21478)
[Address] EAT @explorer.exe (GdipGetCustomLineCapBaseCap) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA24EF4)
[Address] EAT @explorer.exe (GdipGetCustomLineCapBaseInset) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA24DBC)
[Address] EAT @explorer.exe (GdipGetCustomLineCapStrokeCaps) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA25198)
[Address] EAT @explorer.exe (GdipGetCustomLineCapStrokeJoin) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA25058)
[Address] EAT @explorer.exe (GdipGetCustomLineCapType) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2539C)
[Address] EAT @explorer.exe (GdipGetCustomLineCapWidthScale) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA24C84)
[Address] EAT @explorer.exe (GdipGetDC) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9E35E8)
[Address] EAT @explorer.exe (GdipGetDpiX) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA20A68)
[Address] EAT @explorer.exe (GdipGetDpiY) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D8AD8)
[Address] EAT @explorer.exe (GdipGetEffectParameterSize) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA22C8C)
[Address] EAT @explorer.exe (GdipGetEffectParameters) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA22C18)
[Address] EAT @explorer.exe (GdipGetEmHeight) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D9A70)
[Address] EAT @explorer.exe (GdipGetEncoderParameterList) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2419C)
[Address] EAT @explorer.exe (GdipGetEncoderParameterListSize) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA24260)
[Address] EAT @explorer.exe (GdipGetFamily) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D8C70)
[Address] EAT @explorer.exe (GdipGetFamilyName) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D9984)
[Address] EAT @explorer.exe (GdipGetFontCollectionFamilyCount) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA19178)
[Address] EAT @explorer.exe (GdipGetFontCollectionFamilyList) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA190BC)
[Address] EAT @explorer.exe (GdipGetFontHeight) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D9660)
[Address] EAT @explorer.exe (GdipGetFontHeightGivenDPI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA19A64)
[Address] EAT @explorer.exe (GdipGetFontSize) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D8CF0)
[Address] EAT @explorer.exe (GdipGetFontStyle) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D8B6C)
[Address] EAT @explorer.exe (GdipGetFontUnit) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D8BF0)
[Address] EAT @explorer.exe (GdipGetGenericFontFamilyMonospace) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA19DC4)
[Address] EAT @explorer.exe (GdipGetGenericFontFamilySansSerif) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA19EAC)
[Address] EAT @explorer.exe (GdipGetGenericFontFamilySerif) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA19E38)
[Address] EAT @explorer.exe (GdipGetHatchBackgroundColor) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2A030)
[Address] EAT @explorer.exe (GdipGetHatchForegroundColor) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA284E4)
[Address] EAT @explorer.exe (GdipGetHatchStyle) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2A0E4)
[Address] EAT @explorer.exe (GdipGetHemfFromMetafile) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9E5A24)
[Address] EAT @explorer.exe (GdipGetImageAttributesAdjustedPalette) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA21A18)
[Address] EAT @explorer.exe (GdipGetImageBounds) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA23CEC)
[Address] EAT @explorer.exe (GdipGetImageDecoders) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9F9270)
[Address] EAT @explorer.exe (GdipGetImageDecodersSize) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9F9428)
[Address] EAT @explorer.exe (GdipGetImageDimension) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA23C28)
[Address] EAT @explorer.exe (GdipGetImageEncoders) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9B6798)
[Address] EAT @explorer.exe (GdipGetImageEncodersSize) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9B69D8)
[Address] EAT @explorer.exe (GdipGetImageFlags) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2396C)
[Address] EAT @explorer.exe (GdipGetImageGraphicsContext) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C9214)
[Address] EAT @explorer.exe (GdipGetImageHeight) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9BB680)
[Address] EAT @explorer.exe (GdipGetImageHorizontalResolution) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA23B3C)
[Address] EAT @explorer.exe (GdipGetImageItemData) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA235D0)
[Address] EAT @explorer.exe (GdipGetImagePalette) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA005B4)
[Address] EAT @explorer.exe (GdipGetImagePaletteSize) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA0067C)
[Address] EAT @explorer.exe (GdipGetImagePixelFormat) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9BB588)
[Address] EAT @explorer.exe (GdipGetImageRawFormat) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D18F4)
[Address] EAT @explorer.exe (GdipGetImageThumbnail) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA237E0)
[Address] EAT @explorer.exe (GdipGetImageType) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D6EA0)
[Address] EAT @explorer.exe (GdipGetImageVerticalResolution) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA23A50)
[Address] EAT @explorer.exe (GdipGetImageWidth) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9BC344)
[Address] EAT @explorer.exe (GdipGetInterpolationMode) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA21108)
[Address] EAT @explorer.exe (GdipGetLineBlend) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA290C8)
[Address] EAT @explorer.exe (GdipGetLineBlendCount) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA27A4C)
[Address] EAT @explorer.exe (GdipGetLineColors) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA29360)
[Address] EAT @explorer.exe (GdipGetLineGammaCorrection) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA29198)
[Address] EAT @explorer.exe (GdipGetLinePresetBlend) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA28E88)
[Address] EAT @explorer.exe (GdipGetLinePresetBlendCount) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA29004)
[Address] EAT @explorer.exe (GdipGetLineRect) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA27C48)
[Address] EAT @explorer.exe (GdipGetLineRectI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA29280)
[Address] EAT @explorer.exe (GdipGetLineSpacing) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D9B34)
[Address] EAT @explorer.exe (GdipGetLineTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA29AD0)
[Address] EAT @explorer.exe (GdipGetLineWrapMode) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA28AA0)
[Address] EAT @explorer.exe (GdipGetLogFontA) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA19B0C)
[Address] EAT @explorer.exe (GdipGetLogFontW) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D8EEC)
[Address] EAT @explorer.exe (GdipGetMatrixElements) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C75F0)
[Address] EAT @explorer.exe (GdipGetMetafileDownLevelRasterizationLimit) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA19F20)
[Address] EAT @explorer.exe (GdipGetMetafileHeaderFromEmf) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1AE8C)
[Address] EAT @explorer.exe (GdipGetMetafileHeaderFromFile) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1AE34)
[Address] EAT @explorer.exe (GdipGetMetafileHeaderFromMetafile) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1AD14)
[Address] EAT @explorer.exe (GdipGetMetafileHeaderFromStream) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1ADC4)
[Address] EAT @explorer.exe (GdipGetMetafileHeaderFromWmf) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1AEE4)
[Address] EAT @explorer.exe (GdipGetNearestColor) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA206F8)
[Address] EAT @explorer.exe (GdipGetPageScale) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA20BD0)
[Address] EAT @explorer.exe (GdipGetPageUnit) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA20C84)
[Address] EAT @explorer.exe (GdipGetPathData) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2FB68)
[Address] EAT @explorer.exe (GdipGetPathFillMode) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2FC14)
[Address] EAT @explorer.exe (GdipGetPathGradientBlend) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2797C)
[Address] EAT @explorer.exe (GdipGetPathGradientBlendCount) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA27A4C)
[Address] EAT @explorer.exe (GdipGetPathGradientCenterColor) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA284E4)
[Address] EAT @explorer.exe (GdipGetPathGradientCenterPoint) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA28034)
[Address] EAT @explorer.exe (GdipGetPathGradientCenterPointI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA27F98)
[Address] EAT @explorer.exe (GdipGetPathGradientFocusScales) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA271BC)
[Address] EAT @explorer.exe (GdipGetPathGradientGammaCorrection) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA27B00)
[Address] EAT @explorer.exe (GdipGetPathGradientPath) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA280E0)
[Address] EAT @explorer.exe (GdipGetPathGradientPointCount) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA27DB4)
[Address] EAT @explorer.exe (GdipGetPathGradientPresetBlend) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA27764)
[Address] EAT @explorer.exe (GdipGetPathGradientPresetBlendCount) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA29004)
[Address] EAT @explorer.exe (GdipGetPathGradientRect) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA27C48)
[Address] EAT @explorer.exe (GdipGetPathGradientRectI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA29280)
[Address] EAT @explorer.exe (GdipGetPathGradientSurroundColorCount) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA27CF8)
[Address] EAT @explorer.exe (GdipGetPathGradientSurroundColorsWithCount) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA282FC)
[Address] EAT @explorer.exe (GdipGetPathGradientTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA29AD0)
[Address] EAT @explorer.exe (GdipGetPathGradientWrapMode) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA28AA0)
[Address] EAT @explorer.exe (GdipGetPathLastPoint) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2F6E0)
[Address] EAT @explorer.exe (GdipGetPathPoints) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2FE14)
[Address] EAT @explorer.exe (GdipGetPathPointsI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2FCC8)
[Address] EAT @explorer.exe (GdipGetPathTypes) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2FF24)
[Address] EAT @explorer.exe (GdipGetPathWorldBounds) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2D680)
[Address] EAT @explorer.exe (GdipGetPathWorldBoundsI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2D4FC)
[Address] EAT @explorer.exe (GdipGetPenBrushFill) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA25D44)
[Address] EAT @explorer.exe (GdipGetPenColor) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9CF640)
[Address] EAT @explorer.exe (GdipGetPenCompoundArray) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA256CC)
[Address] EAT @explorer.exe (GdipGetPenCompoundCount) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2586C)
[Address] EAT @explorer.exe (GdipGetPenCustomEndCap) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2674C)
[Address] EAT @explorer.exe (GdipGetPenCustomStartCap) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA268FC)
[Address] EAT @explorer.exe (GdipGetPenDashArray) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2591C)
[Address] EAT @explorer.exe (GdipGetPenDashCap197819) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA26B5C)
[Address] EAT @explorer.exe (GdipGetPenDashCount) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA25A94)
[Address] EAT @explorer.exe (GdipGetPenDashOffset) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA25BE4)
[Address] EAT @explorer.exe (GdipGetPenDashStyle) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA25C94)
[Address] EAT @explorer.exe (GdipGetPenEndCap) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA26C10)
[Address] EAT @explorer.exe (GdipGetPenFillType) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9CFB50)
[Address] EAT @explorer.exe (GdipGetPenLineJoin) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA26AAC)
[Address] EAT @explorer.exe (GdipGetPenMiterLimit) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA265F0)
[Address] EAT @explorer.exe (GdipGetPenMode) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA26498)
[Address] EAT @explorer.exe (GdipGetPenStartCap) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA26CC0)
[Address] EAT @explorer.exe (GdipGetPenTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2624C)
[Address] EAT @explorer.exe (GdipGetPenUnit) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA26EE4)
[Address] EAT @explorer.exe (GdipGetPenWidth) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9CF6E0)
[Address] EAT @explorer.exe (GdipGetPixelOffsetMode) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA213C4)
[Address] EAT @explorer.exe (GdipGetPointCount) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA30030)
[Address] EAT @explorer.exe (GdipGetPropertyCount) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA23F08)
[Address] EAT @explorer.exe (GdipGetPropertyIdList) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA23E6C)
[Address] EAT @explorer.exe (GdipGetPropertyItem) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D57EC)
[Address] EAT @explorer.exe (GdipGetPropertyItemSize) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D5760)
[Address] EAT @explorer.exe (GdipGetPropertySize) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9CFEF0)
[Address] EAT @explorer.exe (GdipGetRegionBounds) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2B260)
[Address] EAT @explorer.exe (GdipGetRegionBoundsI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2B0C4)
[Address] EAT @explorer.exe (GdipGetRegionData) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2ABA8)
[Address] EAT @explorer.exe (GdipGetRegionDataSize) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2AC7C)
[Address] EAT @explorer.exe (GdipGetRegionHRgn) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D866C)
[Address] EAT @explorer.exe (GdipGetRegionScans) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2A4EC)
[Address] EAT @explorer.exe (GdipGetRegionScansCount) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2A60C)
[Address] EAT @explorer.exe (GdipGetRegionScansI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2A3EC)
[Address] EAT @explorer.exe (GdipGetRenderingOrigin) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA215D4)
[Address] EAT @explorer.exe (GdipGetSmoothingMode) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9CAA70)
[Address] EAT @explorer.exe (GdipGetSolidFillColor) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA29964)
[Address] EAT @explorer.exe (GdipGetStringFormatAlign) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA18A30)
[Address] EAT @explorer.exe (GdipGetStringFormatDigitSubstitution) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA18390)
[Address] EAT @explorer.exe (GdipGetStringFormatFlags) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA18B58)
[Address] EAT @explorer.exe (GdipGetStringFormatHotkeyPrefix) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA187E0)
[Address] EAT @explorer.exe (GdipGetStringFormatLineAlign) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA18908)
[Address] EAT @explorer.exe (GdipGetStringFormatMeasurableCharacterRangeCount) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1856C)
[Address] EAT @explorer.exe (GdipGetStringFormatTabStopCount) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA18698)
[Address] EAT @explorer.exe (GdipGetStringFormatTabStops) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA185DC)
[Address] EAT @explorer.exe (GdipGetStringFormatTrimming) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA18260)
[Address] EAT @explorer.exe (GdipGetTextContrast) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA211B0)
[Address] EAT @explorer.exe (GdipGetTextRenderingHint) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D8160)
[Address] EAT @explorer.exe (GdipGetTextureImage) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FDE20)
[Address] EAT @explorer.exe (GdipGetTextureTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA29AD0)
[Address] EAT @explorer.exe (GdipGetTextureWrapMode) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FDCCC)
[Address] EAT @explorer.exe (GdipGetVisibleClipBounds) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1B7D0)
[Address] EAT @explorer.exe (GdipGetVisibleClipBoundsI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1B690)
[Address] EAT @explorer.exe (GdipGetWorldTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C780C)
[Address] EAT @explorer.exe (GdipGraphicsClear) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D19E8)
[Address] EAT @explorer.exe (GdipGraphicsSetAbort) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA225EC)
[Address] EAT @explorer.exe (GdipImageForceValidation) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D6F4C)
[Address] EAT @explorer.exe (GdipImageGetFrameCount) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA00478)
[Address] EAT @explorer.exe (GdipImageGetFrameDimensionsCount) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA00204)
[Address] EAT @explorer.exe (GdipImageGetFrameDimensionsList) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA002A4)
[Address] EAT @explorer.exe (GdipImageRotateFlip) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA03500)
[Address] EAT @explorer.exe (GdipImageSelectActiveFrame) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA23F94)
[Address] EAT @explorer.exe (GdipImageSetAbort) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA22690)
[Address] EAT @explorer.exe (GdipInitializePalette) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA22A30)
[Address] EAT @explorer.exe (GdipInvertMatrix) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2C100)
[Address] EAT @explorer.exe (GdipIsClipEmpty) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1B884)
[Address] EAT @explorer.exe (GdipIsEmptyRegion) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2AF40)
[Address] EAT @explorer.exe (GdipIsEqualRegion) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2AD48)
[Address] EAT @explorer.exe (GdipIsInfiniteRegion) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D8268)
[Address] EAT @explorer.exe (GdipIsMatrixEqual) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2BCA0)
[Address] EAT @explorer.exe (GdipIsMatrixIdentity) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C7760)
[Address] EAT @explorer.exe (GdipIsMatrixInvertible) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2BDC4)
[Address] EAT @explorer.exe (GdipIsOutlineVisiblePathPoint) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2D080)
[Address] EAT @explorer.exe (GdipIsOutlineVisiblePathPointI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2CFF8)
[Address] EAT @explorer.exe (GdipIsStyleAvailable) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA197B8)
[Address] EAT @explorer.exe (GdipIsVisibleClipEmpty) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1B5D4)
[Address] EAT @explorer.exe (GdipIsVisiblePathPoint) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2D344)
[Address] EAT @explorer.exe (GdipIsVisiblePathPointI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2D2C8)
[Address] EAT @explorer.exe (GdipIsVisiblePoint) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1B4F0)
[Address] EAT @explorer.exe (GdipIsVisiblePointI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1B480)
[Address] EAT @explorer.exe (GdipIsVisibleRect) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1B37C)
[Address] EAT @explorer.exe (GdipIsVisibleRectI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1B2F0)
[Address] EAT @explorer.exe (GdipIsVisibleRegionPoint) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2AA08)
[Address] EAT @explorer.exe (GdipIsVisibleRegionPointI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2A98C)
[Address] EAT @explorer.exe (GdipIsVisibleRegionRect) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2A7A8)
[Address] EAT @explorer.exe (GdipIsVisibleRegionRectI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2A70C)
[Address] EAT @explorer.exe (GdipLoadImageFromFile) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA244D4)
[Address] EAT @explorer.exe (GdipLoadImageFromFileICM) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA24314)
[Address] EAT @explorer.exe (GdipLoadImageFromStream) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C9F24)
[Address] EAT @explorer.exe (GdipLoadImageFromStreamICM) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA243F4)
[Address] EAT @explorer.exe (GdipMeasureCharacterRanges) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1DC28)
[Address] EAT @explorer.exe (GdipMeasureDriverString) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1D7D0)
[Address] EAT @explorer.exe (GdipMeasureString) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1DDF0)
[Address] EAT @explorer.exe (GdipMultiplyLineTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA27354)
[Address] EAT @explorer.exe (GdipMultiplyMatrix) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FA8BC)
[Address] EAT @explorer.exe (GdipMultiplyPathGradientTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA27354)
[Address] EAT @explorer.exe (GdipMultiplyPenTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA26094)
[Address] EAT @explorer.exe (GdipMultiplyTextureTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA27354)
[Address] EAT @explorer.exe (GdipMultiplyWorldTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA20F58)
[Address] EAT @explorer.exe (GdipNewInstalledFontCollection) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA193A0)
[Address] EAT @explorer.exe (GdipNewPrivateFontCollection) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA192EC)
[Address] EAT @explorer.exe (GdipPathIterCopyData) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2C4A8)
[Address] EAT @explorer.exe (GdipPathIterEnumerate) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2C598)
[Address] EAT @explorer.exe (GdipPathIterGetCount) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2C93C)
[Address] EAT @explorer.exe (GdipPathIterGetSubpathCount) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2C888)
[Address] EAT @explorer.exe (GdipPathIterHasCurve) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2C728)
[Address] EAT @explorer.exe (GdipPathIterIsValid) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2C7D4)
[Address] EAT @explorer.exe (GdipPathIterNextMarker) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2CAB4)
[Address] EAT @explorer.exe (GdipPathIterNextMarkerPath) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2C9F0)
[Address] EAT @explorer.exe (GdipPathIterNextPathType) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2CB98)
[Address] EAT @explorer.exe (GdipPathIterNextSubpath) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2CD5C)
[Address] EAT @explorer.exe (GdipPathIterNextSubpathPath) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2CC84)
[Address] EAT @explorer.exe (GdipPathIterRewind) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2C680)
[Address] EAT @explorer.exe (GdipPlayMetafileRecord) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1BEF4)
[Address] EAT @explorer.exe (GdipPlayTSClientRecord) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA179F8)
[Address] EAT @explorer.exe (GdipPrivateAddFontFile) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA19020)
[Address] EAT @explorer.exe (GdipPrivateAddMemoryFont) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA18F74)
[Address] EAT @explorer.exe (GdipRecordMetafile) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9F2A54)
[Address] EAT @explorer.exe (GdipRecordMetafileFileName) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1A510)
[Address] EAT @explorer.exe (GdipRecordMetafileFileNameI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1A40C)
[Address] EAT @explorer.exe (GdipRecordMetafileI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1A66C)
[Address] EAT @explorer.exe (GdipRecordMetafileStream) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1A2B0)
[Address] EAT @explorer.exe (GdipRecordMetafileStreamI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1A1AC)
[Address] EAT @explorer.exe (GdipReleaseDC) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9E3508)
[Address] EAT @explorer.exe (GdipRemovePropertyItem) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA23DE0)
[Address] EAT @explorer.exe (GdipResetClip) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9E2D60)
[Address] EAT @explorer.exe (GdipResetImageAttributes) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA22358)
[Address] EAT @explorer.exe (GdipResetLineTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA28914)
[Address] EAT @explorer.exe (GdipResetPageTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA20D38)
[Address] EAT @explorer.exe (GdipResetPath) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA300E0)
[Address] EAT @explorer.exe (GdipResetPathGradientTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA28914)
[Address] EAT @explorer.exe (GdipResetPenTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA26198)
[Address] EAT @explorer.exe (GdipResetTextureTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA28914)
[Address] EAT @explorer.exe (GdipResetWorldTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2106C)
[Address] EAT @explorer.exe (GdipRestoreGraphics) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D81E8)
[Address] EAT @explorer.exe (GdipReversePath) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2F7A8)
[Address] EAT @explorer.exe (GdipRotateLineTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA29A18)
[Address] EAT @explorer.exe (GdipRotateMatrix) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FB700)
[Address] EAT @explorer.exe (GdipRotatePathGradientTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA29A18)
[Address] EAT @explorer.exe (GdipRotatePenTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA25E0C)
[Address] EAT @explorer.exe (GdipRotateTextureTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA29A18)
[Address] EAT @explorer.exe (GdipRotateWorldTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA20DE0)
[Address] EAT @explorer.exe (GdipSaveAdd) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA240F8)
[Address] EAT @explorer.exe (GdipSaveAddImage) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA24040)
[Address] EAT @explorer.exe (GdipSaveGraphics) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D7F9C)
[Address] EAT @explorer.exe (GdipSaveImageToFile) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9B5FD0)
[Address] EAT @explorer.exe (GdipSaveImageToStream) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9CFC80)
[Address] EAT @explorer.exe (GdipScaleLineTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2728C)
[Address] EAT @explorer.exe (GdipScaleMatrix) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FA738)
[Address] EAT @explorer.exe (GdipScalePathGradientTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2728C)
[Address] EAT @explorer.exe (GdipScalePenTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA25EDC)
[Address] EAT @explorer.exe (GdipScaleTextureTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2728C)
[Address] EAT @explorer.exe (GdipScaleWorldTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA20E94)
[Address] EAT @explorer.exe (GdipSetAdjustableArrowCapFillState) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA24660)
[Address] EAT @explorer.exe (GdipSetAdjustableArrowCapHeight) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA24AC0)
[Address] EAT @explorer.exe (GdipSetAdjustableArrowCapMiddleInset) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA247D0)
[Address] EAT @explorer.exe (GdipSetAdjustableArrowCapWidth) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA24948)
[Address] EAT @explorer.exe (GdipSetClipGraphics) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1BDEC)
[Address] EAT @explorer.exe (GdipSetClipHrgn) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1BB08)
[Address] EAT @explorer.exe (GdipSetClipPath) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1BCDC)
[Address] EAT @explorer.exe (GdipSetClipRect) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C69B0)
[Address] EAT @explorer.exe (GdipSetClipRectI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C6910)
[Address] EAT @explorer.exe (GdipSetClipRegion) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1BBD4)
[Address] EAT @explorer.exe (GdipSetCompositingMode) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D3358)
[Address] EAT @explorer.exe (GdipSetCompositingQuality) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2152C)
[Address] EAT @explorer.exe (GdipSetCustomLineCapBaseCap) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA24FA0)
[Address] EAT @explorer.exe (GdipSetCustomLineCapBaseInset) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA24E5C)
[Address] EAT @explorer.exe (GdipSetCustomLineCapStrokeCaps) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA25250)
[Address] EAT @explorer.exe (GdipSetCustomLineCapStrokeJoin) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA25104)
[Address] EAT @explorer.exe (GdipSetCustomLineCapWidthScale) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA24D24)
[Address] EAT @explorer.exe (GdipSetEffectParameters) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA22CEC)
[Address] EAT @explorer.exe (GdipSetEmpty) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2B7C4)
[Address] EAT @explorer.exe (GdipSetImageAttributesCachedBackground) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA21BC8)
[Address] EAT @explorer.exe (GdipSetImageAttributesColorKeys) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D7460)
[Address] EAT @explorer.exe (GdipSetImageAttributesColorMatrix) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA22284)
[Address] EAT @explorer.exe (GdipSetImageAttributesGamma) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2205C)
[Address] EAT @explorer.exe (GdipSetImageAttributesNoOp) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA21F54)
[Address] EAT @explorer.exe (GdipSetImageAttributesOutputChannel) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA21E38)
[Address] EAT @explorer.exe (GdipSetImageAttributesOutputChannelColorProfile) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA21D74)
[Address] EAT @explorer.exe (GdipSetImageAttributesRemapTable) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA21C70)
[Address] EAT @explorer.exe (GdipSetImageAttributesThreshold) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA22164)
[Address] EAT @explorer.exe (GdipSetImageAttributesToIdentity) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA22448)
[Address] EAT @explorer.exe (GdipSetImageAttributesWrapMode) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA21B10)
[Address] EAT @explorer.exe (GdipSetImagePalette) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA238AC)
[Address] EAT @explorer.exe (GdipSetInfinite) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2B860)
[Address] EAT @explorer.exe (GdipSetInterpolationMode) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA01170)
[Address] EAT @explorer.exe (GdipSetLineBlend) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA0273C)
[Address] EAT @explorer.exe (GdipSetLineColors) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA29454)
[Address] EAT @explorer.exe (GdipSetLineGammaCorrection) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA29214)
[Address] EAT @explorer.exe (GdipSetLineLinearBlend) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA28C10)
[Address] EAT @explorer.exe (GdipSetLinePresetBlend) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA28CD0)
[Address] EAT @explorer.exe (GdipSetLineSigmaBlend) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA02A58)
[Address] EAT @explorer.exe (GdipSetLineTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA289B4)
[Address] EAT @explorer.exe (GdipSetLineWrapMode) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA28B50)
[Address] EAT @explorer.exe (GdipSetMatrixElements) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FA7E0)
[Address] EAT @explorer.exe (GdipSetMetafileDownLevelRasterizationLimit) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1A068)
[Address] EAT @explorer.exe (GdipSetPageScale) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA20B1C)
[Address] EAT @explorer.exe (GdipSetPageUnit) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D9E40)
[Address] EAT @explorer.exe (GdipSetPathFillMode) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9CF4BC)
[Address] EAT @explorer.exe (GdipSetPathGradientBlend) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA278A8)
[Address] EAT @explorer.exe (GdipSetPathGradientCenterColor) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA28444)
[Address] EAT @explorer.exe (GdipSetPathGradientCenterPoint) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA27EDC)
[Address] EAT @explorer.exe (GdipSetPathGradientCenterPointI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA27E68)
[Address] EAT @explorer.exe (GdipSetPathGradientFocusScales) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA27104)
[Address] EAT @explorer.exe (GdipSetPathGradientGammaCorrection) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA27BB0)
[Address] EAT @explorer.exe (GdipSetPathGradientLinearBlend) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA28C10)
[Address] EAT @explorer.exe (GdipSetPathGradientPath) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA280E0)
[Address] EAT @explorer.exe (GdipSetPathGradientPresetBlend) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA275C4)
[Address] EAT @explorer.exe (GdipSetPathGradientSigmaBlend) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA27504)
[Address] EAT @explorer.exe (GdipSetPathGradientSurroundColorsWithCount) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA28110)
[Address] EAT @explorer.exe (GdipSetPathGradientTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA289B4)
[Address] EAT @explorer.exe (GdipSetPathGradientWrapMode) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA27458)
[Address] EAT @explorer.exe (GdipSetPathMarker) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2F8E8)
[Address] EAT @explorer.exe (GdipSetPenBrushFill) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C7974)
[Address] EAT @explorer.exe (GdipSetPenColor) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9E08F8)
[Address] EAT @explorer.exe (GdipSetPenCompoundArray) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA257B0)
[Address] EAT @explorer.exe (GdipSetPenCustomEndCap) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA26814)
[Address] EAT @explorer.exe (GdipSetPenCustomStartCap) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA269C4)
[Address] EAT @explorer.exe (GdipSetPenDashArray) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA259D8)
[Address] EAT @explorer.exe (GdipSetPenDashCap197819) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA26D70)
[Address] EAT @explorer.exe (GdipSetPenDashOffset) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA25B44)
[Address] EAT @explorer.exe (GdipSetPenDashStyle) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9E0860)
[Address] EAT @explorer.exe (GdipSetPenEndCap) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9CABC0)
[Address] EAT @explorer.exe (GdipSetPenLineCap197819) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA26E18)
[Address] EAT @explorer.exe (GdipSetPenLineJoin) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9CAC50)
[Address] EAT @explorer.exe (GdipSetPenMiterLimit) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA266A0)
[Address] EAT @explorer.exe (GdipSetPenMode) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA26548)
[Address] EAT @explorer.exe (GdipSetPenStartCap) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9CAB30)
[Address] EAT @explorer.exe (GdipSetPenTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA26368)
[Address] EAT @explorer.exe (GdipSetPenUnit) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA26F94)
[Address] EAT @explorer.exe (GdipSetPenWidth) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C6B50)
[Address] EAT @explorer.exe (GdipSetPixelOffsetMode) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA0346C)
[Address] EAT @explorer.exe (GdipSetPropertyItem) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D4558)
[Address] EAT @explorer.exe (GdipSetRenderingOrigin) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA216AC)
[Address] EAT @explorer.exe (GdipSetSmoothingMode) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C1DB8)
[Address] EAT @explorer.exe (GdipSetSolidFillColor) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C6C1C)
[Address] EAT @explorer.exe (GdipSetStringFormatAlign) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA18AC0)
[Address] EAT @explorer.exe (GdipSetStringFormatDigitSubstitution) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1843C)
[Address] EAT @explorer.exe (GdipSetStringFormatFlags) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA18BE8)
[Address] EAT @explorer.exe (GdipSetStringFormatHotkeyPrefix) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA18870)
[Address] EAT @explorer.exe (GdipSetStringFormatLineAlign) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA18998)
[Address] EAT @explorer.exe (GdipSetStringFormatMeasurableCharacterRanges) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA184E8)
[Address] EAT @explorer.exe (GdipSetStringFormatTabStops) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA18728)
[Address] EAT @explorer.exe (GdipSetStringFormatTrimming) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA182F8)
[Address] EAT @explorer.exe (GdipSetTextContrast) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA21264)
[Address] EAT @explorer.exe (GdipSetTextRenderingHint) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2130C)
[Address] EAT @explorer.exe (GdipSetTextureTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA289B4)
[Address] EAT @explorer.exe (GdipSetTextureWrapMode) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FDF10)
[Address] EAT @explorer.exe (GdipSetWorldTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FD014)
[Address] EAT @explorer.exe (GdipShearMatrix) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2C19C)
[Address] EAT @explorer.exe (GdipStartPathFigure) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2FAC8)
[Address] EAT @explorer.exe (GdipStringFormatGetGenericDefault) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA18DF8)
[Address] EAT @explorer.exe (GdipStringFormatGetGenericTypographic) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA18D90)
[Address] EAT @explorer.exe (GdipTestControl) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA181EC)
[Address] EAT @explorer.exe (GdipTransformMatrixPoints) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FC110)
[Address] EAT @explorer.exe (GdipTransformMatrixPointsI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FBFE4)
[Address] EAT @explorer.exe (GdipTransformPath) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2D804)
[Address] EAT @explorer.exe (GdipTransformPoints) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2098C)
[Address] EAT @explorer.exe (GdipTransformPointsI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA207AC)
[Address] EAT @explorer.exe (GdipTransformRegion) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2B374)
[Address] EAT @explorer.exe (GdipTranslateClip) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1BA4C)
[Address] EAT @explorer.exe (GdipTranslateClipI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1B9EC)
[Address] EAT @explorer.exe (GdipTranslateLineTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2884C)
[Address] EAT @explorer.exe (GdipTranslateMatrix) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FA68C)
[Address] EAT @explorer.exe (GdipTranslatePathGradientTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2884C)
[Address] EAT @explorer.exe (GdipTranslatePenTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA25FB8)
[Address] EAT @explorer.exe (GdipTranslateRegion) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2B4BC)
[Address] EAT @explorer.exe (GdipTranslateRegionI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2B45C)
[Address] EAT @explorer.exe (GdipTranslateTextureTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2884C)
[Address] EAT @explorer.exe (GdipTranslateWorldTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D7EEC)
[Address] EAT @explorer.exe (GdipVectorTransformMatrixPoints) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2C038)
[Address] EAT @explorer.exe (GdipVectorTransformMatrixPointsI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2BE78)
[Address] EAT @explorer.exe (GdipWarpPath) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2D914)
[Address] EAT @explorer.exe (GdipWidenPath) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2DA68)
[Address] EAT @explorer.exe (GdipWindingModeOutline) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2DBD0)
[Address] EAT @explorer.exe (GdiplusNotificationHook) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA30510)
[Address] EAT @explorer.exe (GdiplusNotificationUnhook) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA304AC)
[Address] EAT @explorer.exe (GdiplusShutdown) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9B88CC)
[Address] EAT @explorer.exe (GdiplusStartup) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9B32B0)
[Address] EAT @explorer.exe (AssocCreate) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63473B20)
[Address] EAT @explorer.exe (AssocGetPerceivedType) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63474940)
[Address] EAT @explorer.exe (AssocIsDangerous) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348CFBC)
[Address] EAT @explorer.exe (AssocQueryKeyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6347A870)
[Address] EAT @explorer.exe (AssocQueryKeyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63473A20)
[Address] EAT @explorer.exe (AssocQueryStringA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348E60C)
[Address] EAT @explorer.exe (AssocQueryStringByKeyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348E440)
[Address] EAT @explorer.exe (AssocQueryStringByKeyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634741A0)
[Address] EAT @explorer.exe (AssocQueryStringW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63479CC0)
[Address] EAT @explorer.exe (ChrCmpIA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A03C)
[Address] EAT @explorer.exe (ChrCmpIW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A02C)
[Address] EAT @explorer.exe (ColorAdjustLuma) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348F7A8)
[Address] EAT @explorer.exe (ColorHLSToRGB) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6347BFF0)
[Address] EAT @explorer.exe (ColorRGBToHLS) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6347BF30)
[Address] EAT @explorer.exe (ConnectToConnectionPoint) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634742B0)
[Address] EAT @explorer.exe (DelayLoadFailureHook) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348F8F0)
[Address] EAT @explorer.exe (DllGetClassObject) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6349D448)
[Address] EAT @explorer.exe (DllGetVersion) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63485AE0)
[Address] EAT @explorer.exe (GUIDFromStringW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6347F786)
[Address] EAT @explorer.exe (GetAcceptLanguagesA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634897D0)
[Address] EAT @explorer.exe (GetAcceptLanguagesW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63475A40)
[Address] EAT @explorer.exe (GetMenuPosFromID) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63475A60)
[Address] EAT @explorer.exe (HashData) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634897C0)
[Address] EAT @explorer.exe (IStream_Copy) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6347A1A0)
[Address] EAT @explorer.exe (IStream_Read) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63472B80)
[Address] EAT @explorer.exe (IStream_ReadPidl) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63479980)
[Address] EAT @explorer.exe (IStream_ReadStr) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63471120)
[Address] EAT @explorer.exe (IStream_Reset) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63476340)
[Address] EAT @explorer.exe (IStream_Size) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6347A180)
[Address] EAT @explorer.exe (IStream_Write) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63476320)
[Address] EAT @explorer.exe (IStream_WritePidl) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6349F194)
[Address] EAT @explorer.exe (IStream_WriteStr) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63476350)
[Address] EAT @explorer.exe (IUnknown_AtomicRelease) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A09C)
[Address] EAT @explorer.exe (IUnknown_Exec) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63475B80)
[Address] EAT @explorer.exe (IUnknown_GetSite) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634760B0)
[Address] EAT @explorer.exe (IUnknown_GetWindow) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63472D20)
[Address] EAT @explorer.exe (IUnknown_QueryService) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63473300)
[Address] EAT @explorer.exe (IUnknown_QueryStatus) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6349BBA8)
[Address] EAT @explorer.exe (IUnknown_Set) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63471130)
[Address] EAT @explorer.exe (IUnknown_SetSite) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63473310)
[Address] EAT @explorer.exe (IntlStrEqWorkerA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489E3C)
[Address] EAT @explorer.exe (IntlStrEqWorkerW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489E2C)
[Address] EAT @explorer.exe (IsCharSpaceA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489A80)
[Address] EAT @explorer.exe (IsCharSpaceW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63471140)
[Address] EAT @explorer.exe (IsInternetESCEnabled) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634897B0)
[Address] EAT @explorer.exe (IsOS) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63472B60)
[Address] EAT @explorer.exe (MLFreeLibrary) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63499EF4)
[Address] EAT @explorer.exe (MLLoadLibraryA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63499F48)
[Address] EAT @explorer.exe (MLLoadLibraryW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63499FA8)
[Address] EAT @explorer.exe (ParseURLA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634897A0)
[Address] EAT @explorer.exe (ParseURLW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6347C250)
[Address] EAT @explorer.exe (PathAddBackslashA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489B2C)
[Address] EAT @explorer.exe (PathAddBackslashW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63473C00)
[Address] EAT @explorer.exe (PathAddExtensionA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489CCC)
[Address] EAT @explorer.exe (PathAddExtensionW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489CBC)
[Address] EAT @explorer.exe (PathAppendA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489CAC)
[Address] EAT @explorer.exe (PathAppendW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63475A10)
[Address] EAT @explorer.exe (PathBuildRootA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A05C)
[Address] EAT @explorer.exe (PathBuildRootW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A06C)
[Address] EAT @explorer.exe (PathCanonicalizeA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489C9C)
[Address] EAT @explorer.exe (PathCanonicalizeW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63472CF0)
[Address] EAT @explorer.exe (PathCombineA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489B5C)
[Address] EAT @explorer.exe (PathCombineW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63473C10)
[Address] EAT @explorer.exe (PathCommonPrefixA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489DAC)
[Address] EAT @explorer.exe (PathCommonPrefixW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489D9C)
[Address] EAT @explorer.exe (PathCompactPathA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348AF90)
[Address] EAT @explorer.exe (PathCompactPathExA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348AD80)
[Address] EAT @explorer.exe (PathCompactPathExW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63476530)
[Address] EAT @explorer.exe (PathCompactPathW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348EB08)
[Address] EAT @explorer.exe (PathCreateFromUrlA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489790)
[Address] EAT @explorer.exe (PathCreateFromUrlAlloc) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489780)
[Address] EAT @explorer.exe (PathCreateFromUrlW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634736E0)
[Address] EAT @explorer.exe (PathFileExistsA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489C0C)
[Address] EAT @explorer.exe (PathFileExistsAndAttributesW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63475930)
[Address] EAT @explorer.exe (PathFileExistsW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63473690)
[Address] EAT @explorer.exe (PathFindExtensionA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489C3C)
[Address] EAT @explorer.exe (PathFindExtensionW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634710C0)
[Address] EAT @explorer.exe (PathFindFileNameA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489BFC)
[Address] EAT @explorer.exe (PathFindFileNameW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63471090)
[Address] EAT @explorer.exe (PathFindNextComponentA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489AE0)
[Address] EAT @explorer.exe (PathFindNextComponentW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6347A210)
[Address] EAT @explorer.exe (PathFindOnPathA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348B610)
[Address] EAT @explorer.exe (PathFindOnPathW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63479170)
[Address] EAT @explorer.exe (PathFindSuffixArrayA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348B534)
[Address] EAT @explorer.exe (PathFindSuffixArrayW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634753D0)
[Address] EAT @explorer.exe (PathGetArgsA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348962C)
[Address] EAT @explorer.exe (PathGetArgsW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6347C880)
[Address] EAT @explorer.exe (PathGetCharTypeA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489648)
[Address] EAT @explorer.exe (PathGetCharTypeW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63476480)
[Address] EAT @explorer.exe (PathGetDriveNumberA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489D5C)
[Address] EAT @explorer.exe (PathGetDriveNumberW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63471050)
[Address] EAT @explorer.exe (PathIsContentTypeA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348ABAC)
[Address] EAT @explorer.exe (PathIsContentTypeW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6347A2C0)
[Address] EAT @explorer.exe (PathIsDirectoryA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348B404)
[Address] EAT @explorer.exe (PathIsDirectoryEmptyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348B334)
[Address] EAT @explorer.exe (PathIsDirectoryEmptyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348EE78)
[Address] EAT @explorer.exe (PathIsDirectoryW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634754D0)
[Address] EAT @explorer.exe (PathIsFileSpecA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489D6C)
[Address] EAT @explorer.exe (PathIsFileSpecW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63476200)
[Address] EAT @explorer.exe (PathIsLFNFileSpecA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489CFC)
[Address] EAT @explorer.exe (PathIsLFNFileSpecW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489CEC)
[Address] EAT @explorer.exe (PathIsNetworkPathA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A07C)
[Address] EAT @explorer.exe (PathIsNetworkPathW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634729A0)
[Address] EAT @explorer.exe (PathIsPrefixA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489D8C)
[Address] EAT @explorer.exe (PathIsPrefixW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489D7C)
[Address] EAT @explorer.exe (PathIsRelativeA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489D4C)
[Address] EAT @explorer.exe (PathIsRelativeW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63473680)
[Address] EAT @explorer.exe (PathIsRootA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489C8C)
[Address] EAT @explorer.exe (PathIsRootW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63472CE0)
[Address] EAT @explorer.exe (PathIsSameRootA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489D1C)
[Address] EAT @explorer.exe (PathIsSameRootW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489D0C)
[Address] EAT @explorer.exe (PathIsSystemFolderA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A834)
[Address] EAT @explorer.exe (PathIsSystemFolderW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348E948)
[Address] EAT @explorer.exe (PathIsUNCA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489B3C)
[Address] EAT @explorer.exe (PathIsUNCServerA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489C1C)
[Address] EAT @explorer.exe (PathIsUNCServerShareA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489C2C)
[Address] EAT @explorer.exe (PathIsUNCServerShareW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63475E60)
[Address] EAT @explorer.exe (PathIsUNCServerW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63475E70)
[Address] EAT @explorer.exe (PathIsUNCW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63471040)
[Address] EAT @explorer.exe (PathIsURLA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489770)
[Address] EAT @explorer.exe (PathIsURLW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634736C0)
[Address] EAT @explorer.exe (PathMakePrettyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348BCB0)
[Address] EAT @explorer.exe (PathMakePrettyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63479FC0)
[Address] EAT @explorer.exe (PathMakeSystemFolderA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A8C0)
[Address] EAT @explorer.exe (PathMakeSystemFolderW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63471270)
[Address] EAT @explorer.exe (PathMatchSpecA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489BAC)
[Address] EAT @explorer.exe (PathMatchSpecExA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489B8C)
[Address] EAT @explorer.exe (PathMatchSpecExW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489B7C)
[Address] EAT @explorer.exe (PathMatchSpecW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489B9C)
[Address] EAT @explorer.exe (PathParseIconLocationA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489BEC)
[Address] EAT @explorer.exe (PathParseIconLocationW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63475E20)
[Address] EAT @explorer.exe (PathQuoteSpacesA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489BCC)
[Address] EAT @explorer.exe (PathQuoteSpacesW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63472D00)
[Address] EAT @explorer.exe (PathRelativePathToA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489B14)
[Address] EAT @explorer.exe (PathRelativePathToW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489AF4)
[Address] EAT @explorer.exe (PathRemoveArgsA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348BC74)
[Address] EAT @explorer.exe (PathRemoveArgsW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63476450)
[Address] EAT @explorer.exe (PathRemoveBackslashA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489CDC)
[Address] EAT @explorer.exe (PathRemoveBackslashW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63473730)
[Address] EAT @explorer.exe (PathRemoveBlanksA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489BBC)
[Address] EAT @explorer.exe (PathRemoveBlanksW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63473BD0)
[Address] EAT @explorer.exe (PathRemoveExtensionA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489C7C)
[Address] EAT @explorer.exe (PathRemoveExtensionW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63475E30)
[Address] EAT @explorer.exe (PathRemoveFileSpecA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489B4C)
[Address] EAT @explorer.exe (PathRemoveFileSpecW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63474040)
[Address] EAT @explorer.exe (PathRenameExtensionA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489C6C)
[Address] EAT @explorer.exe (PathRenameExtensionW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489C5C)
[Address] EAT @explorer.exe (PathSearchAndQualifyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348961C)
[Address] EAT @explorer.exe (PathSearchAndQualifyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63472E00)
[Address] EAT @explorer.exe (PathSetDlgItemPathA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348AC50)
[Address] EAT @explorer.exe (PathSetDlgItemPathW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348E9D0)
[Address] EAT @explorer.exe (PathSkipRootA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489D2C)
[Address] EAT @explorer.exe (PathSkipRootW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63475A20)
[Address] EAT @explorer.exe (PathStripPathA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489D3C)
[Address] EAT @explorer.exe (PathStripPathW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63476220)
[Address] EAT @explorer.exe (PathStripToRootA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489C4C)
[Address] EAT @explorer.exe (PathStripToRootW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63475E50)
[Address] EAT @explorer.exe (PathUnExpandEnvStringsA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489B6C)
[Address] EAT @explorer.exe (PathUnExpandEnvStringsW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63472DF0)
[Address] EAT @explorer.exe (PathUndecorateA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A75C)
[Address] EAT @explorer.exe (PathUndecorateW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634764D0)
[Address] EAT @explorer.exe (PathUnmakeSystemFolderA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A86C)
[Address] EAT @explorer.exe (PathUnmakeSystemFolderW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348E984)
[Address] EAT @explorer.exe (PathUnquoteSpacesA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489BDC)
[Address] EAT @explorer.exe (PathUnquoteSpacesW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63473BE0)
[Address] EAT @explorer.exe (QISearch) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63471010)
[Address] EAT @explorer.exe (SHAllocShared) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634729D0)
[Address] EAT @explorer.exe (SHAnsiToAnsi) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A310)
[Address] EAT @explorer.exe (SHAnsiToUnicode) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A320)
[Address] EAT @explorer.exe (SHAutoComplete) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6347BE10)
[Address] EAT @explorer.exe (SHCopyKeyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A2F0)
[Address] EAT @explorer.exe (SHCopyKeyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6347A070)
[Address] EAT @explorer.exe (SHCreateMemStream) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634732B0)
[Address] EAT @explorer.exe (SHCreateShellPalette) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63472890)
[Address] EAT @explorer.exe (SHCreateStreamOnFileA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A0DC)
[Address] EAT @explorer.exe (SHCreateStreamOnFileEx) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63476070)
[Address] EAT @explorer.exe (SHCreateStreamOnFileW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634764A0)
[Address] EAT @explorer.exe (SHCreateStreamWrapper) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6347F792)
[Address] EAT @explorer.exe (SHCreateThread) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63475E80)
[Address] EAT @explorer.exe (SHCreateThreadRef) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63475B30)
[Address] EAT @explorer.exe (SHCreateThreadWithHandle) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63476400)
[Address] EAT @explorer.exe (SHDeleteEmptyKeyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A0FC)
[Address] EAT @explorer.exe (SHDeleteEmptyKeyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A0EC)
[Address] EAT @explorer.exe (SHDeleteKeyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A2E0)
[Address] EAT @explorer.exe (SHDeleteKeyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63472C60)
[Address] EAT @explorer.exe (SHDeleteOrphanKeyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6349EFB8)
[Address] EAT @explorer.exe (SHDeleteOrphanKeyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6349EF48)
[Address] EAT @explorer.exe (SHDeleteValueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A10C)
[Address] EAT @explorer.exe (SHDeleteValueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63472CA0)
[Address] EAT @explorer.exe (SHEnumKeyExA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A290)
[Address] EAT @explorer.exe (SHEnumKeyExW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A280)
[Address] EAT @explorer.exe (SHEnumValueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A250)
[Address] EAT @explorer.exe (SHEnumValueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6347A1D0)
[Address] EAT @explorer.exe (SHFormatDateTimeA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348F004)
[Address] EAT @explorer.exe (SHFormatDateTimeW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348F070)
[Address] EAT @explorer.exe (SHFreeShared) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634729E0)
[Address] EAT @explorer.exe (SHGetInverseCMAP) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63490830)
[Address] EAT @explorer.exe (SHGetThreadRef) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63479140)
[Address] EAT @explorer.exe (SHGetValueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634743C0)
[Address] EAT @explorer.exe (SHGetValueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63472B20)
[Address] EAT @explorer.exe (SHGetViewStatePropertyBag) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63476FA0)
[Address] EAT @explorer.exe (SHIsChildOrSelf) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63473510)
[Address] EAT @explorer.exe (SHIsLowMemoryMachine) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6349BC3C)
[Address] EAT @explorer.exe (SHLoadIndirectString) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63473340)
[Address] EAT @explorer.exe (SHLockShared) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6349F838)
[Address] EAT @explorer.exe (SHMessageBoxCheckA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6349ADD4)
[Address] EAT @explorer.exe (SHMessageBoxCheckW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6349AF00)
[Address] EAT @explorer.exe (SHOpenRegStream2A) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A0AC)
[Address] EAT @explorer.exe (SHOpenRegStream2W) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634743F0)
[Address] EAT @explorer.exe (SHOpenRegStreamA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A0CC)
[Address] EAT @explorer.exe (SHOpenRegStreamW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A0BC)
[Address] EAT @explorer.exe (SHPackDispParamsV) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63477DB0)
[Address] EAT @explorer.exe (SHPropertyBag_ReadStrAlloc) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634A1598)
[Address] EAT @explorer.exe (SHPropertyBag_WriteBSTR) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634A1498)
[Address] EAT @explorer.exe (SHQueryInfoKeyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A230)
[Address] EAT @explorer.exe (SHQueryInfoKeyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A210)
[Address] EAT @explorer.exe (SHQueryValueExA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A120)
[Address] EAT @explorer.exe (SHQueryValueExW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634763A0)
[Address] EAT @explorer.exe (SHRegCloseUSKey) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489A70)
[Address] EAT @explorer.exe (SHRegCreateUSKeyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489A58)
[Address] EAT @explorer.exe (SHRegCreateUSKeyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63472640)
[Address] EAT @explorer.exe (SHRegDeleteEmptyUSKeyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489A44)
[Address] EAT @explorer.exe (SHRegDeleteEmptyUSKeyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489A34)
[Address] EAT @explorer.exe (SHRegDeleteUSValueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489A24)
[Address] EAT @explorer.exe (SHRegDeleteUSValueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489A14)
[Address] EAT @explorer.exe (SHRegDuplicateHKey) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A1F0)
[Address] EAT @explorer.exe (SHRegEnumUSKeyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634899FC)
[Address] EAT @explorer.exe (SHRegEnumUSKeyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634899DC)
[Address] EAT @explorer.exe (SHRegEnumUSValueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489998)
[Address] EAT @explorer.exe (SHRegEnumUSValueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63472590)
[Address] EAT @explorer.exe (SHRegGetBoolUSValueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489984)
[Address] EAT @explorer.exe (SHRegGetBoolUSValueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6347C220)
[Address] EAT @explorer.exe (SHRegGetBoolValueFromHKCUHKLM) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63476330)
[Address] EAT @explorer.exe (SHRegGetIntW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A1E0)
[Address] EAT @explorer.exe (SHRegGetPathA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A1C0)
[Address] EAT @explorer.exe (SHRegGetPathW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6347A240)
[Address] EAT @explorer.exe (SHRegGetUSValueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489948)
[Address] EAT @explorer.exe (SHRegGetUSValueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6347A280)
[Address] EAT @explorer.exe (SHRegGetValueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A2A4)
[Address] EAT @explorer.exe (SHRegGetValueFromHKCUHKLM) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63476EBC)
[Address] EAT @explorer.exe (SHRegGetValueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634721B0)
[Address] EAT @explorer.exe (SHRegOpenUSKeyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489928)
[Address] EAT @explorer.exe (SHRegOpenUSKeyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489908)
[Address] EAT @explorer.exe (SHRegQueryInfoUSKeyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634898E0)
[Address] EAT @explorer.exe (SHRegQueryInfoUSKeyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63472610)
[Address] EAT @explorer.exe (SHRegQueryUSValueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634898A0)
[Address] EAT @explorer.exe (SHRegQueryUSValueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489860)
[Address] EAT @explorer.exe (SHRegSetPathA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A1A0)
[Address] EAT @explorer.exe (SHRegSetPathW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A180)
[Address] EAT @explorer.exe (SHRegSetUSValueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489838)
[Address] EAT @explorer.exe (SHRegSetUSValueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489810)
[Address] EAT @explorer.exe (SHRegWriteUSValueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634897E4)
[Address] EAT @explorer.exe (SHRegWriteUSValueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634725E0)
[Address] EAT @explorer.exe (SHRegisterValidateTemplate) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634A58E0)
[Address] EAT @explorer.exe (SHReleaseThreadRef) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A08C)
[Address] EAT @explorer.exe (SHRunIndirectRegClientCommand) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348C95C)
[Address] EAT @explorer.exe (SHSendMessageBroadcastA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6349A27C)
[Address] EAT @explorer.exe (SHSendMessageBroadcastW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63472CC0)
[Address] EAT @explorer.exe (SHSetThreadRef) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63475B10)
[Address] EAT @explorer.exe (SHSetValueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A14C)
[Address] EAT @explorer.exe (SHSetValueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634763D0)
[Address] EAT @explorer.exe (SHSkipJunction) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63472E20)
[Address] EAT @explorer.exe (SHStrDupA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6347A260)
[Address] EAT @explorer.exe (SHStrDupW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63471070)
[Address] EAT @explorer.exe (SHStripMneumonicA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6349A900)
[Address] EAT @explorer.exe (SHStripMneumonicW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63472DB0)
[Address] EAT @explorer.exe (SHUnicodeToAnsi) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634732E0)
[Address] EAT @explorer.exe (SHUnicodeToAnsiCP) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6347F7B9)
[Address] EAT @explorer.exe (SHUnicodeToUnicode) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A300)
[Address] EAT @explorer.exe (SHUnlockShared) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6349F818)
[Address] EAT @explorer.exe (ShellMessageBoxA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348C604)
[Address] EAT @explorer.exe (ShellMessageBoxW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348F54C)
[Address] EAT @explorer.exe (StrCSpnA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489EEC)
[Address] EAT @explorer.exe (StrCSpnIA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489EDC)
[Address] EAT @explorer.exe (StrCSpnIW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489ECC)
[Address] EAT @explorer.exe (StrCSpnW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63475A30)
[Address] EAT @explorer.exe (StrCatBuffA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489FDC)
[Address] EAT @explorer.exe (StrCatBuffW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489FEC)
[Address] EAT @explorer.exe (StrCatChainW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489DCC)
[Address] EAT @explorer.exe (StrCatW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348FCF8)
[Address] EAT @explorer.exe (StrChrA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489FCC)
[Address] EAT @explorer.exe (StrChrIA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489F9C)
[Address] EAT @explorer.exe (StrChrIW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634710E0)
[Address] EAT @explorer.exe (StrChrNIW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489F8C)
[Address] EAT @explorer.exe (StrChrNW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489FBC)
[Address] EAT @explorer.exe (StrChrW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63471080)
[Address] EAT @explorer.exe (StrCmpCA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489DEC)
[Address] EAT @explorer.exe (StrCmpCW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63472C90)
[Address] EAT @explorer.exe (StrCmpICA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63471100)
[Address] EAT @explorer.exe (StrCmpICW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634710F0)
[Address] EAT @explorer.exe (StrCmpIW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63473650)
[Address] EAT @explorer.exe (StrCmpLogicalW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489DDC)
[Address] EAT @explorer.exe (StrCmpNA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489EBC)
[Address] EAT @explorer.exe (StrCmpNCA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489E0C)
[Address] EAT @explorer.exe (StrCmpNCW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489DFC)
[Address] EAT @explorer.exe (StrCmpNIA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489EAC)
[Address] EAT @explorer.exe (StrCmpNICA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634760A0)
[Address] EAT @explorer.exe (StrCmpNICW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63472B70)
[Address] EAT @explorer.exe (StrCmpNIW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63473670)
[Address] EAT @explorer.exe (StrCmpNW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63473770)
[Address] EAT @explorer.exe (StrCmpW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634710B0)
[Address] EAT @explorer.exe (StrCpyNW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489FFC)
[Address] EAT @explorer.exe (StrCpyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348FD38)
[Address] EAT @explorer.exe (StrDupA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489E4C)
[Address] EAT @explorer.exe (StrDupW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63472B50)
[Address] EAT @explorer.exe (StrFormatByteSize64A) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348FC00)
[Address] EAT @explorer.exe (StrFormatByteSizeA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348FBF4)
[Address] EAT @explorer.exe (StrFormatByteSizeEx) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634732D0)
[Address] EAT @explorer.exe (StrFormatByteSizeW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348FC60)
[Address] EAT @explorer.exe (StrFormatKBSizeA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348FB74)
[Address] EAT @explorer.exe (StrFormatKBSizeW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348FBE0)
[Address] EAT @explorer.exe (StrFromTimeIntervalA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63498AC8)
[Address] EAT @explorer.exe (StrFromTimeIntervalW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63498A44)
[Address] EAT @explorer.exe (StrIsIntlEqualA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489E3C)
[Address] EAT @explorer.exe (StrIsIntlEqualW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489E2C)
[Address] EAT @explorer.exe (StrNCatA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348FCB8)
[Address] EAT @explorer.exe (StrNCatW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348FC74)
[Address] EAT @explorer.exe (StrPBrkA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489F5C)
[Address] EAT @explorer.exe (StrPBrkW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634761E0)
[Address] EAT @explorer.exe (StrRChrA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489FAC)
[Address] EAT @explorer.exe (StrRChrIA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489F7C)
[Address] EAT @explorer.exe (StrRChrIW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489F6C)
[Address] EAT @explorer.exe (StrRChrW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63476210)
[Address] EAT @explorer.exe (StrRStrIA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489E9C)
[Address] EAT @explorer.exe (StrRStrIW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489E8C)
[Address] EAT @explorer.exe (StrRetToBSTR) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634760D0)
[Address] EAT @explorer.exe (StrRetToBufA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348F9E8)
[Address] EAT @explorer.exe (StrRetToBufW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63471110)
[Address] EAT @explorer.exe (StrRetToStrA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348FA98)
[Address] EAT @explorer.exe (StrRetToStrW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63473330)
[Address] EAT @explorer.exe (StrSpnA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489F0C)
[Address] EAT @explorer.exe (StrSpnW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489EFC)
[Address] EAT @explorer.exe (StrStrA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489E7C)
[Address] EAT @explorer.exe (StrStrIA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63476490)
[Address] EAT @explorer.exe (StrStrIW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634710D0)
[Address] EAT @explorer.exe (StrStrNIW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489E5C)
[Address] EAT @explorer.exe (StrStrNW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489E6C)
[Address] EAT @explorer.exe (StrStrW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63473660)
[Address] EAT @explorer.exe (StrToInt64ExA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489F2C)
[Address] EAT @explorer.exe (StrToInt64ExW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489F3C)
[Address] EAT @explorer.exe (StrToIntA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489F4C)
[Address] EAT @explorer.exe (StrToIntExA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489F1C)
[Address] EAT @explorer.exe (StrToIntExW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634761F0)
[Address] EAT @explorer.exe (StrToIntW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634710A0)
[Address] EAT @explorer.exe (StrTrimA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489E1C)
[Address] EAT @explorer.exe (StrTrimW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63473320)
[Address] EAT @explorer.exe (UrlApplySchemeA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489760)
[Address] EAT @explorer.exe (UrlApplySchemeW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489750)
[Address] EAT @explorer.exe (UrlCanonicalizeA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489740)
[Address] EAT @explorer.exe (UrlCanonicalizeW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634736B0)
[Address] EAT @explorer.exe (UrlCombineA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489728)
[Address] EAT @explorer.exe (UrlCombineW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63473750)
[Address] EAT @explorer.exe (UrlCompareA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489714)
[Address] EAT @explorer.exe (UrlCompareW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489704)
[Address] EAT @explorer.exe (UrlCreateFromPathA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634896F4)
[Address] EAT @explorer.exe (UrlCreateFromPathW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63473BF0)
[Address] EAT @explorer.exe (UrlEscapeA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634896E4)
[Address] EAT @explorer.exe (UrlEscapeW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63473720)
[Address] EAT @explorer.exe (UrlFixupW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634896D4)
[Address] EAT @explorer.exe (UrlGetLocationA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634896C4)
[Address] EAT @explorer.exe (UrlGetLocationW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634896B4)
[Address] EAT @explorer.exe (UrlGetPartA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348969C)
[Address] EAT @explorer.exe (UrlGetPartW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63473700)
[Address] EAT @explorer.exe (UrlHashA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489688)
[Address] EAT @explorer.exe (UrlHashW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489678)
[Address] EAT @explorer.exe (UrlIsA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489668)
[Address] EAT @explorer.exe (UrlIsNoHistoryA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634895EC)
[Address] EAT @explorer.exe (UrlIsNoHistoryW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63471150)
[Address] EAT @explorer.exe (UrlIsOpaqueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348960C)
[Address] EAT @explorer.exe (UrlIsOpaqueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634895FC)
[Address] EAT @explorer.exe (UrlIsW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634736A0)
[Address] EAT @explorer.exe (UrlUnescapeA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489658)
[Address] EAT @explorer.exe (UrlUnescapeW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634736D0)
[Address] EAT @explorer.exe (WhichPlatform) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6349A6D0)
[Address] EAT @explorer.exe (wnsprintfA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634993AC)
[Address] EAT @explorer.exe (wnsprintfW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63499318)
[Address] EAT @explorer.exe (wvnsprintfA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634993F8)
[Address] EAT @explorer.exe (wvnsprintfW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63499368)
 
¤¤¤ Extern Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS547564A9E384 SATA Disk Device +++++
--- User ---
[MBR] 8fe3dfc016d736be46d6a4916dae777c
[BSP] b4e11829e5dd3525678b8259cfc0ad57 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 610480 MB
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_05232014_141953.txt >>


#10 Chris5150

Chris5150
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:13 AM

Posted 23 May 2014 - 07:36 AM

And the second one, called "RKreport[0]_D_05232014_142135" :

 

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
 
Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Cristian [Admin rights]
Mode : Remove -- Date : 05/23/2014 14:21:35
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> Cancellato
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] Impossibile trovare il file specificato. 
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> Sostituito (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> Sostituito (0)
 
¤¤¤ Le attività pianificate : 1 ¤¤¤
[V2][SUSP PATH] Origin : C:\Users\Cristian\AppData\Roaming\Origin\update.vbe [-] -> Cancellato
 
¤¤¤ voci di avvio : 0 ¤¤¤
 
¤¤¤ I browser Web : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
[Address] EAT @explorer.exe (Briefcase_IntroW) : twext.dll -> HOOKED (C:\Windows\system32\syncui.dll @ 0x5890042C)
[Address] EAT @explorer.exe (DllCanUnloadNow) : twext.dll -> HOOKED (C:\Windows\system32\syncui.dll @ 0x589004DC)
[Address] EAT @explorer.exe (DllGetClassObject) : twext.dll -> HOOKED (C:\Windows\system32\syncui.dll @ 0x58900438)
[Address] EAT @explorer.exe (DllCanUnloadNow) : CLVDShellExt.dll -> HOOKED (C:\Windows\System32\actxprxy.dll @ 0x5A771010)
[Address] EAT @explorer.exe (DllGetClassObject) : CLVDShellExt.dll -> HOOKED (C:\Windows\System32\actxprxy.dll @ 0x5A772B90)
[Address] EAT @explorer.exe (DllRegisterServer) : CLVDShellExt.dll -> HOOKED (C:\Windows\System32\actxprxy.dll @ 0x5A91BAC4)
[Address] EAT @explorer.exe (DllUnregisterServer) : CLVDShellExt.dll -> HOOKED (C:\Windows\System32\actxprxy.dll @ 0x5A91BAA0)
[Address] EAT @explorer.exe (GetProxyDllInfo) : CLVDShellExt.dll -> HOOKED (C:\Windows\System32\actxprxy.dll @ 0x5A91BAEC)
[Address] EAT @explorer.exe (GdipAddPathArc) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FC868)
[Address] EAT @explorer.exe (GdipAddPathArcI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FC7C8)
[Address] EAT @explorer.exe (GdipAddPathBezier) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2F400)
[Address] EAT @explorer.exe (GdipAddPathBezierI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2F31C)
[Address] EAT @explorer.exe (GdipAddPathBeziers) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2F258)
[Address] EAT @explorer.exe (GdipAddPathBeziersI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2F174)
[Address] EAT @explorer.exe (GdipAddPathClosedCurve) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2EAC4)
[Address] EAT @explorer.exe (GdipAddPathClosedCurve2) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2E90C)
[Address] EAT @explorer.exe (GdipAddPathClosedCurve2I) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2E824)
[Address] EAT @explorer.exe (GdipAddPathClosedCurveI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2E9E0)
[Address] EAT @explorer.exe (GdipAddPathCurve) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2F094)
[Address] EAT @explorer.exe (GdipAddPathCurve2) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2EE94)
[Address] EAT @explorer.exe (GdipAddPathCurve2I) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2ED74)
[Address] EAT @explorer.exe (GdipAddPathCurve3) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2EC90)
[Address] EAT @explorer.exe (GdipAddPathCurve3I) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2EB90)
[Address] EAT @explorer.exe (GdipAddPathCurveI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2EF78)
[Address] EAT @explorer.exe (GdipAddPathEllipse) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2E3FC)
[Address] EAT @explorer.exe (GdipAddPathEllipseI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2E378)
[Address] EAT @explorer.exe (GdipAddPathLine) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FB964)
[Address] EAT @explorer.exe (GdipAddPathLine2) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2F61C)
[Address] EAT @explorer.exe (GdipAddPathLine2I) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2F538)
[Address] EAT @explorer.exe (GdipAddPathLineI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FB8E0)
[Address] EAT @explorer.exe (GdipAddPathPath) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2DF7C)
[Address] EAT @explorer.exe (GdipAddPathPie) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2E280)
[Address] EAT @explorer.exe (GdipAddPathPieI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2E1E0)
[Address] EAT @explorer.exe (GdipAddPathPolygon) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2E11C)
[Address] EAT @explorer.exe (GdipAddPathPolygonI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2E038)
[Address] EAT @explorer.exe (GdipAddPathRectangle) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2E730)
[Address] EAT @explorer.exe (GdipAddPathRectangleI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2E6AC)
[Address] EAT @explorer.exe (GdipAddPathRectangles) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2E5E8)
[Address] EAT @explorer.exe (GdipAddPathRectanglesI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2E4E8)
[Address] EAT @explorer.exe (GdipAddPathString) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2DDBC)
[Address] EAT @explorer.exe (GdipAddPathStringI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2DCD4)
[Address] EAT @explorer.exe (GdipAlloc) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9B9ADC)
[Address] EAT @explorer.exe (GdipBeginContainer) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1B1C4)
[Address] EAT @explorer.exe (GdipBeginContainer2) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1B100)
[Address] EAT @explorer.exe (GdipBeginContainerI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1B000)
[Address] EAT @explorer.exe (GdipBitmapApplyEffect) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA22874)
[Address] EAT @explorer.exe (GdipBitmapConvertFormat) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA22B20)
[Address] EAT @explorer.exe (GdipBitmapCreateApplyEffect) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2295C)
[Address] EAT @explorer.exe (GdipBitmapGetHistogram) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2278C)
[Address] EAT @explorer.exe (GdipBitmapGetHistogramSize) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA22740)
[Address] EAT @explorer.exe (GdipBitmapGetPixel) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA22E18)
[Address] EAT @explorer.exe (GdipBitmapLockBits) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9BC490)
[Address] EAT @explorer.exe (GdipBitmapSetPixel) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D31E0)
[Address] EAT @explorer.exe (GdipBitmapSetResolution) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D4880)
[Address] EAT @explorer.exe (GdipBitmapUnlockBits) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9BC5C8)
[Address] EAT @explorer.exe (GdipClearPathMarkers) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2F848)
[Address] EAT @explorer.exe (GdipCloneBitmapArea) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA22F04)
[Address] EAT @explorer.exe (GdipCloneBitmapAreaI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA012D8)
[Address] EAT @explorer.exe (GdipCloneBrush) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2A32C)
[Address] EAT @explorer.exe (GdipCloneCustomLineCap) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA25450)
[Address] EAT @explorer.exe (GdipCloneFont) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1996C)
[Address] EAT @explorer.exe (GdipCloneFontFamily) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA19C18)
[Address] EAT @explorer.exe (GdipCloneImage) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D70D8)
[Address] EAT @explorer.exe (GdipCloneImageAttributes) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA22538)
[Address] EAT @explorer.exe (GdipCloneMatrix) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FB360)
[Address] EAT @explorer.exe (GdipClonePath) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA30184)
[Address] EAT @explorer.exe (GdipClonePen) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA27048)
[Address] EAT @explorer.exe (GdipCloneRegion) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2B8FC)
[Address] EAT @explorer.exe (GdipCloneStringFormat) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA18CF0)
[Address] EAT @explorer.exe (GdipClosePathFigure) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2FA28)
[Address] EAT @explorer.exe (GdipClosePathFigures) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2F988)
[Address] EAT @explorer.exe (GdipCombineRegionPath) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2B538)
[Address] EAT @explorer.exe (GdipCombineRegionRect) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2B6F4)
[Address] EAT @explorer.exe (GdipCombineRegionRectI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2B654)
[Address] EAT @explorer.exe (GdipCombineRegionRegion) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D88A4)
[Address] EAT @explorer.exe (GdipComment) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA19878)
[Address] EAT @explorer.exe (GdipConvertToEmfPlus) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA180FC)
[Address] EAT @explorer.exe (GdipConvertToEmfPlusToFile) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA17FFC)
[Address] EAT @explorer.exe (GdipConvertToEmfPlusToStream) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA17EFC)
[Address] EAT @explorer.exe (GdipCreateAdjustableArrowCap) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA24B88)
[Address] EAT @explorer.exe (GdipCreateBitmapFromDirectDrawSurface) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA230A4)
[Address] EAT @explorer.exe (GdipCreateBitmapFromFile) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D06FC)
[Address] EAT @explorer.exe (GdipCreateBitmapFromFileICM) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA23330)
[Address] EAT @explorer.exe (GdipCreateBitmapFromGdiDib) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9CB994)
[Address] EAT @explorer.exe (GdipCreateBitmapFromGraphics) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA231D4)
[Address] EAT @explorer.exe (GdipCreateBitmapFromHBITMAP) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9B2F28)
[Address] EAT @explorer.exe (GdipCreateBitmapFromHICON) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D7B2C)
[Address] EAT @explorer.exe (GdipCreateBitmapFromResource) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2300C)
[Address] EAT @explorer.exe (GdipCreateBitmapFromScan0) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C84A4)
[Address] EAT @explorer.exe (GdipCreateBitmapFromStream) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FFF40)
[Address] EAT @explorer.exe (GdipCreateBitmapFromStreamICM) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA23480)
[Address] EAT @explorer.exe (GdipCreateCachedBitmap) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA02F6C)
[Address] EAT @explorer.exe (GdipCreateCustomLineCap) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2551C)
[Address] EAT @explorer.exe (GdipCreateEffect) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA22DB0)
[Address] EAT @explorer.exe (GdipCreateFont) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D97BC)
[Address] EAT @explorer.exe (GdipCreateFontFamilyFromName) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D8DD4)
[Address] EAT @explorer.exe (GdipCreateFontFromDC) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA19520)
[Address] EAT @explorer.exe (GdipCreateFontFromLogfontA) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA19408)
[Address] EAT @explorer.exe (GdipCreateFontFromLogfontW) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D9380)
[Address] EAT @explorer.exe (GdipCreateFromHDC) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9BD848)
[Address] EAT @explorer.exe (GdipCreateFromHDC2) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2196C)
[Address] EAT @explorer.exe (GdipCreateFromHWND) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA218CC)
[Address] EAT @explorer.exe (GdipCreateFromHWNDICM) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2182C)
[Address] EAT @explorer.exe (GdipCreateHBITMAPFromBitmap) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C3830)
[Address] EAT @explorer.exe (GdipCreateHICONFromBitmap) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D779C)
[Address] EAT @explorer.exe (GdipCreateHalftonePalette) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D9ED8)
[Address] EAT @explorer.exe (GdipCreateHatchBrush) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2A198)
[Address] EAT @explorer.exe (GdipCreateImageAttributes) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D6D10)
[Address] EAT @explorer.exe (GdipCreateLineBrush) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2984C)
[Address] EAT @explorer.exe (GdipCreateLineBrushFromRect) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA02150)
[Address] EAT @explorer.exe (GdipCreateLineBrushFromRectI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA02044)
[Address] EAT @explorer.exe (GdipCreateLineBrushFromRectWithAngle) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2961C)
[Address] EAT @explorer.exe (GdipCreateLineBrushFromRectWithAngleI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA29514)
[Address] EAT @explorer.exe (GdipCreateLineBrushI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA29738)
[Address] EAT @explorer.exe (GdipCreateMatrix) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C74C8)
[Address] EAT @explorer.exe (GdipCreateMatrix2) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FB244)
[Address] EAT @explorer.exe (GdipCreateMatrix3) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2C3C0)
[Address] EAT @explorer.exe (GdipCreateMatrix3I) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2C274)
[Address] EAT @explorer.exe (GdipCreateMetafileFromEmf) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1AB18)
[Address] EAT @explorer.exe (GdipCreateMetafileFromFile) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1AA30)
[Address] EAT @explorer.exe (GdipCreateMetafileFromStream) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1A854)
[Address] EAT @explorer.exe (GdipCreateMetafileFromWmf) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1AC0C)
[Address] EAT @explorer.exe (GdipCreateMetafileFromWmfFile) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1A93C)
[Address] EAT @explorer.exe (GdipCreatePath) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9CF200)
[Address] EAT @explorer.exe (GdipCreatePath2) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA303C4)
[Address] EAT @explorer.exe (GdipCreatePath2I) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA3023C)
[Address] EAT @explorer.exe (GdipCreatePathGradient) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA28778)
[Address] EAT @explorer.exe (GdipCreatePathGradientFromPath) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA28598)
[Address] EAT @explorer.exe (GdipCreatePathGradientI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2864C)
[Address] EAT @explorer.exe (GdipCreatePathIter) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2CEE0)
[Address] EAT @explorer.exe (GdipCreatePen1) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9CA7E8)
[Address] EAT @explorer.exe (GdipCreatePen2) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C7D40)
[Address] EAT @explorer.exe (GdipCreateRegion) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D8040)
[Address] EAT @explorer.exe (GdipCreateRegionHrgn) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2BA00)
[Address] EAT @explorer.exe (GdipCreateRegionPath) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2BB94)
[Address] EAT @explorer.exe (GdipCreateRegionRect) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FD9CC)
[Address] EAT @explorer.exe (GdipCreateRegionRectI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FD918)
[Address] EAT @explorer.exe (GdipCreateRegionRgnData) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2BAC8)
[Address] EAT @explorer.exe (GdipCreateSolidFill) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C5630)
[Address] EAT @explorer.exe (GdipCreateStreamOnFile) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9EAB24)
[Address] EAT @explorer.exe (GdipCreateStringFormat) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA18EA0)
[Address] EAT @explorer.exe (GdipCreateTexture) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D2A40)
[Address] EAT @explorer.exe (GdipCreateTexture2) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA29EC4)
[Address] EAT @explorer.exe (GdipCreateTexture2I) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA29C40)
[Address] EAT @explorer.exe (GdipCreateTextureIA) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA29D10)
[Address] EAT @explorer.exe (GdipCreateTextureIAI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA29BF0)
[Address] EAT @explorer.exe (GdipDeleteBrush) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C5170)
[Address] EAT @explorer.exe (GdipDeleteCachedBitmap) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D3498)
[Address] EAT @explorer.exe (GdipDeleteCustomLineCap) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA25308)
[Address] EAT @explorer.exe (GdipDeleteEffect) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA22D60)
[Address] EAT @explorer.exe (GdipDeleteFont) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C834C)
[Address] EAT @explorer.exe (GdipDeleteFontFamily) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA19CD0)
[Address] EAT @explorer.exe (GdipDeleteGraphics) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9BD378)
[Address] EAT @explorer.exe (GdipDeleteMatrix) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C73FC)
[Address] EAT @explorer.exe (GdipDeletePath) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9CF2E0)
[Address] EAT @explorer.exe (GdipDeletePathIter) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2CE4C)
[Address] EAT @explorer.exe (GdipDeletePen) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C521C)
[Address] EAT @explorer.exe (GdipDeletePrivateFontCollection) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1924C)
[Address] EAT @explorer.exe (GdipDeleteRegion) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C76B8)
[Address] EAT @explorer.exe (GdipDeleteStringFormat) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA18C7C)
[Address] EAT @explorer.exe (GdipDisposeImage) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9B1CE0)
[Address] EAT @explorer.exe (GdipDisposeImageAttributes) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D6B70)
[Address] EAT @explorer.exe (GdipDrawArc) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2040C)
[Address] EAT @explorer.exe (GdipDrawArcI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA20360)
[Address] EAT @explorer.exe (GdipDrawBezier) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA20208)
[Address] EAT @explorer.exe (GdipDrawBezierI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA20114)
[Address] EAT @explorer.exe (GdipDrawBeziers) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1FFF8)
[Address] EAT @explorer.exe (GdipDrawBeziersI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1FEDC)
[Address] EAT @explorer.exe (GdipDrawCachedBitmap) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA00EF0)
[Address] EAT @explorer.exe (GdipDrawClosedCurve) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1F140)
[Address] EAT @explorer.exe (GdipDrawClosedCurve2) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1EF38)
[Address] EAT @explorer.exe (GdipDrawClosedCurve2I) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1EE44)
[Address] EAT @explorer.exe (GdipDrawClosedCurveI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1F05C)
[Address] EAT @explorer.exe (GdipDrawCurve) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1F7B4)
[Address] EAT @explorer.exe (GdipDrawCurve2) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1F59C)
[Address] EAT @explorer.exe (GdipDrawCurve2I) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1F4A8)
[Address] EAT @explorer.exe (GdipDrawCurve3) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1F374)
[Address] EAT @explorer.exe (GdipDrawCurve3I) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1F268)
[Address] EAT @explorer.exe (GdipDrawCurveI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1F6D0)
[Address] EAT @explorer.exe (GdipDrawDriverString) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1D9A8)
[Address] EAT @explorer.exe (GdipDrawEllipse) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1FB64)
[Address] EAT @explorer.exe (GdipDrawEllipseI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1FAD4)
[Address] EAT @explorer.exe (GdipDrawImage) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D2DF0)
[Address] EAT @explorer.exe (GdipDrawImageFX) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1D004)
[Address] EAT @explorer.exe (GdipDrawImageI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D2D6C)
[Address] EAT @explorer.exe (GdipDrawImagePointRect) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FD77C)
[Address] EAT @explorer.exe (GdipDrawImagePointRectI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FD6B8)
[Address] EAT @explorer.exe (GdipDrawImagePoints) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1D658)
[Address] EAT @explorer.exe (GdipDrawImagePointsI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1D53C)
[Address] EAT @explorer.exe (GdipDrawImagePointsRect) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1D2CC)
[Address] EAT @explorer.exe (GdipDrawImagePointsRectI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1D134)
[Address] EAT @explorer.exe (GdipDrawImageRect) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C2664)
[Address] EAT @explorer.exe (GdipDrawImageRectI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C25C4)
[Address] EAT @explorer.exe (GdipDrawImageRectRect) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FEFC4)
[Address] EAT @explorer.exe (GdipDrawImageRectRectI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FEE90)
[Address] EAT @explorer.exe (GdipDrawLine) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA205D8)
[Address] EAT @explorer.exe (GdipDrawLineI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA20548)
[Address] EAT @explorer.exe (GdipDrawLines) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9CCA40)
[Address] EAT @explorer.exe (GdipDrawLinesI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9CC958)
[Address] EAT @explorer.exe (GdipDrawPath) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FAFA0)
[Address] EAT @explorer.exe (GdipDrawPie) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1F998)
[Address] EAT @explorer.exe (GdipDrawPieI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1F8EC)
[Address] EAT @explorer.exe (GdipDrawPolygon) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9E27D0)
[Address] EAT @explorer.exe (GdipDrawPolygonI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9E26E0)
[Address] EAT @explorer.exe (GdipDrawRectangle) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9CCD30)
[Address] EAT @explorer.exe (GdipDrawRectangleI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9CCC90)
[Address] EAT @explorer.exe (GdipDrawRectangles) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1FDC0)
[Address] EAT @explorer.exe (GdipDrawRectanglesI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1FC88)
[Address] EAT @explorer.exe (GdipDrawString) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1E018)
[Address] EAT @explorer.exe (GdipEmfToWmfBits) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9E6A28)
[Address] EAT @explorer.exe (GdipEndContainer) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1AF58)
[Address] EAT @explorer.exe (GdipEnumerateMetafileDestPoint) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1CE6C)
[Address] EAT @explorer.exe (GdipEnumerateMetafileDestPointI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1CDD0)
[Address] EAT @explorer.exe (GdipEnumerateMetafileDestPoints) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1C9D4)
[Address] EAT @explorer.exe (GdipEnumerateMetafileDestPointsI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1C894)
[Address] EAT @explorer.exe (GdipEnumerateMetafileDestRect) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1CC38)
[Address] EAT @explorer.exe (GdipEnumerateMetafileDestRectI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1CB80)
[Address] EAT @explorer.exe (GdipEnumerateMetafileSrcRectDestPoint) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1C6D0)
[Address] EAT @explorer.exe (GdipEnumerateMetafileSrcRectDestPointI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1C5E0)
[Address] EAT @explorer.exe (GdipEnumerateMetafileSrcRectDestPoints) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1C15C)
[Address] EAT @explorer.exe (GdipEnumerateMetafileSrcRectDestPointsI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1BFD4)
[Address] EAT @explorer.exe (GdipEnumerateMetafileSrcRectDestRect) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1C41C)
[Address] EAT @explorer.exe (GdipEnumerateMetafileSrcRectDestRectI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1C328)
[Address] EAT @explorer.exe (GdipFillClosedCurve) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1E524)
[Address] EAT @explorer.exe (GdipFillClosedCurve2) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1E310)
[Address] EAT @explorer.exe (GdipFillClosedCurve2I) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1E210)
[Address] EAT @explorer.exe (GdipFillClosedCurveI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1E440)
[Address] EAT @explorer.exe (GdipFillEllipse) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9CF768)
[Address] EAT @explorer.exe (GdipFillEllipseI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1E990)
[Address] EAT @explorer.exe (GdipFillPath) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1E654)
[Address] EAT @explorer.exe (GdipFillPie) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1E850)
[Address] EAT @explorer.exe (GdipFillPieI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1E79C)
[Address] EAT @explorer.exe (GdipFillPolygon) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9E29AC)
[Address] EAT @explorer.exe (GdipFillPolygon2) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1EB04)
[Address] EAT @explorer.exe (GdipFillPolygon2I) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1EA20)
[Address] EAT @explorer.exe (GdipFillPolygonI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9E28BC)
[Address] EAT @explorer.exe (GdipFillRectangle) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C5870)
[Address] EAT @explorer.exe (GdipFillRectangleI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C57DC)
[Address] EAT @explorer.exe (GdipFillRectangles) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1ED28)
[Address] EAT @explorer.exe (GdipFillRectanglesI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1EC28)
[Address] EAT @explorer.exe (GdipFillRegion) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FD354)
[Address] EAT @explorer.exe (GdipFindFirstImageItem) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA23730)
[Address] EAT @explorer.exe (GdipFindNextImageItem) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA23680)
[Address] EAT @explorer.exe (GdipFlattenPath) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FAEC4)
[Address] EAT @explorer.exe (GdipFlush) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA21764)
[Address] EAT @explorer.exe (GdipFree) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9B9A74)
[Address] EAT @explorer.exe (GdipGetAdjustableArrowCapFillState) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA245B0)
[Address] EAT @explorer.exe (GdipGetAdjustableArrowCapHeight) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA24A10)
[Address] EAT @explorer.exe (GdipGetAdjustableArrowCapMiddleInset) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA24720)
[Address] EAT @explorer.exe (GdipGetAdjustableArrowCapWidth) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA24898)
[Address] EAT @explorer.exe (GdipGetAllPropertyItems) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D11D8)
[Address] EAT @explorer.exe (GdipGetBrushType) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2A27C)
[Address] EAT @explorer.exe (GdipGetCellAscent) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA19708)
[Address] EAT @explorer.exe (GdipGetCellDescent) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA19644)
[Address] EAT @explorer.exe (GdipGetClip) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D8424)
[Address] EAT @explorer.exe (GdipGetClipBounds) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1B938)
[Address] EAT @explorer.exe (GdipGetClipBoundsI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C7B04)
[Address] EAT @explorer.exe (GdipGetCompositingMode) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FD0E0)
[Address] EAT @explorer.exe (GdipGetCompositingQuality) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA21478)
[Address] EAT @explorer.exe (GdipGetCustomLineCapBaseCap) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA24EF4)
[Address] EAT @explorer.exe (GdipGetCustomLineCapBaseInset) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA24DBC)
[Address] EAT @explorer.exe (GdipGetCustomLineCapStrokeCaps) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA25198)
[Address] EAT @explorer.exe (GdipGetCustomLineCapStrokeJoin) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA25058)
[Address] EAT @explorer.exe (GdipGetCustomLineCapType) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2539C)
[Address] EAT @explorer.exe (GdipGetCustomLineCapWidthScale) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA24C84)
[Address] EAT @explorer.exe (GdipGetDC) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9E35E8)
[Address] EAT @explorer.exe (GdipGetDpiX) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA20A68)
[Address] EAT @explorer.exe (GdipGetDpiY) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D8AD8)
[Address] EAT @explorer.exe (GdipGetEffectParameterSize) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA22C8C)
[Address] EAT @explorer.exe (GdipGetEffectParameters) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA22C18)
[Address] EAT @explorer.exe (GdipGetEmHeight) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D9A70)
[Address] EAT @explorer.exe (GdipGetEncoderParameterList) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2419C)
[Address] EAT @explorer.exe (GdipGetEncoderParameterListSize) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA24260)
[Address] EAT @explorer.exe (GdipGetFamily) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D8C70)
[Address] EAT @explorer.exe (GdipGetFamilyName) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D9984)
[Address] EAT @explorer.exe (GdipGetFontCollectionFamilyCount) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA19178)
[Address] EAT @explorer.exe (GdipGetFontCollectionFamilyList) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA190BC)
[Address] EAT @explorer.exe (GdipGetFontHeight) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D9660)
[Address] EAT @explorer.exe (GdipGetFontHeightGivenDPI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA19A64)
[Address] EAT @explorer.exe (GdipGetFontSize) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D8CF0)
[Address] EAT @explorer.exe (GdipGetFontStyle) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D8B6C)
[Address] EAT @explorer.exe (GdipGetFontUnit) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D8BF0)
[Address] EAT @explorer.exe (GdipGetGenericFontFamilyMonospace) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA19DC4)
[Address] EAT @explorer.exe (GdipGetGenericFontFamilySansSerif) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA19EAC)
[Address] EAT @explorer.exe (GdipGetGenericFontFamilySerif) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA19E38)
[Address] EAT @explorer.exe (GdipGetHatchBackgroundColor) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2A030)
[Address] EAT @explorer.exe (GdipGetHatchForegroundColor) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA284E4)
[Address] EAT @explorer.exe (GdipGetHatchStyle) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2A0E4)
[Address] EAT @explorer.exe (GdipGetHemfFromMetafile) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9E5A24)
[Address] EAT @explorer.exe (GdipGetImageAttributesAdjustedPalette) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA21A18)
[Address] EAT @explorer.exe (GdipGetImageBounds) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA23CEC)
[Address] EAT @explorer.exe (GdipGetImageDecoders) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9F9270)
[Address] EAT @explorer.exe (GdipGetImageDecodersSize) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9F9428)
[Address] EAT @explorer.exe (GdipGetImageDimension) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA23C28)
[Address] EAT @explorer.exe (GdipGetImageEncoders) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9B6798)
[Address] EAT @explorer.exe (GdipGetImageEncodersSize) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9B69D8)
[Address] EAT @explorer.exe (GdipGetImageFlags) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2396C)
[Address] EAT @explorer.exe (GdipGetImageGraphicsContext) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C9214)
[Address] EAT @explorer.exe (GdipGetImageHeight) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9BB680)
[Address] EAT @explorer.exe (GdipGetImageHorizontalResolution) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA23B3C)
[Address] EAT @explorer.exe (GdipGetImageItemData) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA235D0)
[Address] EAT @explorer.exe (GdipGetImagePalette) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA005B4)
[Address] EAT @explorer.exe (GdipGetImagePaletteSize) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA0067C)
[Address] EAT @explorer.exe (GdipGetImagePixelFormat) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9BB588)
[Address] EAT @explorer.exe (GdipGetImageRawFormat) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D18F4)
[Address] EAT @explorer.exe (GdipGetImageThumbnail) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA237E0)
[Address] EAT @explorer.exe (GdipGetImageType) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D6EA0)
[Address] EAT @explorer.exe (GdipGetImageVerticalResolution) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA23A50)
[Address] EAT @explorer.exe (GdipGetImageWidth) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9BC344)
[Address] EAT @explorer.exe (GdipGetInterpolationMode) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA21108)
[Address] EAT @explorer.exe (GdipGetLineBlend) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA290C8)
[Address] EAT @explorer.exe (GdipGetLineBlendCount) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA27A4C)
[Address] EAT @explorer.exe (GdipGetLineColors) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA29360)
[Address] EAT @explorer.exe (GdipGetLineGammaCorrection) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA29198)
[Address] EAT @explorer.exe (GdipGetLinePresetBlend) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA28E88)
[Address] EAT @explorer.exe (GdipGetLinePresetBlendCount) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA29004)
[Address] EAT @explorer.exe (GdipGetLineRect) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA27C48)
[Address] EAT @explorer.exe (GdipGetLineRectI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA29280)
[Address] EAT @explorer.exe (GdipGetLineSpacing) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D9B34)
[Address] EAT @explorer.exe (GdipGetLineTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA29AD0)
[Address] EAT @explorer.exe (GdipGetLineWrapMode) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA28AA0)
[Address] EAT @explorer.exe (GdipGetLogFontA) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA19B0C)
[Address] EAT @explorer.exe (GdipGetLogFontW) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D8EEC)
[Address] EAT @explorer.exe (GdipGetMatrixElements) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C75F0)
[Address] EAT @explorer.exe (GdipGetMetafileDownLevelRasterizationLimit) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA19F20)
[Address] EAT @explorer.exe (GdipGetMetafileHeaderFromEmf) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1AE8C)
[Address] EAT @explorer.exe (GdipGetMetafileHeaderFromFile) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1AE34)
[Address] EAT @explorer.exe (GdipGetMetafileHeaderFromMetafile) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1AD14)
[Address] EAT @explorer.exe (GdipGetMetafileHeaderFromStream) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1ADC4)
[Address] EAT @explorer.exe (GdipGetMetafileHeaderFromWmf) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1AEE4)
[Address] EAT @explorer.exe (GdipGetNearestColor) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA206F8)
[Address] EAT @explorer.exe (GdipGetPageScale) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA20BD0)
[Address] EAT @explorer.exe (GdipGetPageUnit) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA20C84)
[Address] EAT @explorer.exe (GdipGetPathData) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2FB68)
[Address] EAT @explorer.exe (GdipGetPathFillMode) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2FC14)
[Address] EAT @explorer.exe (GdipGetPathGradientBlend) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2797C)
[Address] EAT @explorer.exe (GdipGetPathGradientBlendCount) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA27A4C)
[Address] EAT @explorer.exe (GdipGetPathGradientCenterColor) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA284E4)
[Address] EAT @explorer.exe (GdipGetPathGradientCenterPoint) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA28034)
[Address] EAT @explorer.exe (GdipGetPathGradientCenterPointI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA27F98)
[Address] EAT @explorer.exe (GdipGetPathGradientFocusScales) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA271BC)
[Address] EAT @explorer.exe (GdipGetPathGradientGammaCorrection) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA27B00)
[Address] EAT @explorer.exe (GdipGetPathGradientPath) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA280E0)
[Address] EAT @explorer.exe (GdipGetPathGradientPointCount) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA27DB4)
[Address] EAT @explorer.exe (GdipGetPathGradientPresetBlend) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA27764)
[Address] EAT @explorer.exe (GdipGetPathGradientPresetBlendCount) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA29004)
[Address] EAT @explorer.exe (GdipGetPathGradientRect) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA27C48)
[Address] EAT @explorer.exe (GdipGetPathGradientRectI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA29280)
[Address] EAT @explorer.exe (GdipGetPathGradientSurroundColorCount) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA27CF8)
[Address] EAT @explorer.exe (GdipGetPathGradientSurroundColorsWithCount) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA282FC)
[Address] EAT @explorer.exe (GdipGetPathGradientTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA29AD0)
[Address] EAT @explorer.exe (GdipGetPathGradientWrapMode) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA28AA0)
[Address] EAT @explorer.exe (GdipGetPathLastPoint) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2F6E0)
[Address] EAT @explorer.exe (GdipGetPathPoints) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2FE14)
[Address] EAT @explorer.exe (GdipGetPathPointsI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2FCC8)
[Address] EAT @explorer.exe (GdipGetPathTypes) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2FF24)
[Address] EAT @explorer.exe (GdipGetPathWorldBounds) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2D680)
[Address] EAT @explorer.exe (GdipGetPathWorldBoundsI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2D4FC)
[Address] EAT @explorer.exe (GdipGetPenBrushFill) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA25D44)
[Address] EAT @explorer.exe (GdipGetPenColor) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9CF640)
[Address] EAT @explorer.exe (GdipGetPenCompoundArray) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA256CC)
[Address] EAT @explorer.exe (GdipGetPenCompoundCount) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2586C)
[Address] EAT @explorer.exe (GdipGetPenCustomEndCap) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2674C)
[Address] EAT @explorer.exe (GdipGetPenCustomStartCap) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA268FC)
[Address] EAT @explorer.exe (GdipGetPenDashArray) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2591C)
[Address] EAT @explorer.exe (GdipGetPenDashCap197819) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA26B5C)
[Address] EAT @explorer.exe (GdipGetPenDashCount) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA25A94)
[Address] EAT @explorer.exe (GdipGetPenDashOffset) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA25BE4)
[Address] EAT @explorer.exe (GdipGetPenDashStyle) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA25C94)
[Address] EAT @explorer.exe (GdipGetPenEndCap) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA26C10)
[Address] EAT @explorer.exe (GdipGetPenFillType) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9CFB50)
[Address] EAT @explorer.exe (GdipGetPenLineJoin) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA26AAC)
[Address] EAT @explorer.exe (GdipGetPenMiterLimit) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA265F0)
[Address] EAT @explorer.exe (GdipGetPenMode) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA26498)
[Address] EAT @explorer.exe (GdipGetPenStartCap) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA26CC0)
[Address] EAT @explorer.exe (GdipGetPenTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2624C)
[Address] EAT @explorer.exe (GdipGetPenUnit) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA26EE4)
[Address] EAT @explorer.exe (GdipGetPenWidth) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9CF6E0)
[Address] EAT @explorer.exe (GdipGetPixelOffsetMode) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA213C4)
[Address] EAT @explorer.exe (GdipGetPointCount) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA30030)
[Address] EAT @explorer.exe (GdipGetPropertyCount) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA23F08)
[Address] EAT @explorer.exe (GdipGetPropertyIdList) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA23E6C)
[Address] EAT @explorer.exe (GdipGetPropertyItem) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D57EC)
[Address] EAT @explorer.exe (GdipGetPropertyItemSize) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D5760)
[Address] EAT @explorer.exe (GdipGetPropertySize) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9CFEF0)
[Address] EAT @explorer.exe (GdipGetRegionBounds) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2B260)
[Address] EAT @explorer.exe (GdipGetRegionBoundsI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2B0C4)
[Address] EAT @explorer.exe (GdipGetRegionData) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2ABA8)
[Address] EAT @explorer.exe (GdipGetRegionDataSize) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2AC7C)
[Address] EAT @explorer.exe (GdipGetRegionHRgn) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D866C)
[Address] EAT @explorer.exe (GdipGetRegionScans) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2A4EC)
[Address] EAT @explorer.exe (GdipGetRegionScansCount) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2A60C)
[Address] EAT @explorer.exe (GdipGetRegionScansI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2A3EC)
[Address] EAT @explorer.exe (GdipGetRenderingOrigin) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA215D4)
[Address] EAT @explorer.exe (GdipGetSmoothingMode) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9CAA70)
[Address] EAT @explorer.exe (GdipGetSolidFillColor) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA29964)
[Address] EAT @explorer.exe (GdipGetStringFormatAlign) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA18A30)
[Address] EAT @explorer.exe (GdipGetStringFormatDigitSubstitution) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA18390)
[Address] EAT @explorer.exe (GdipGetStringFormatFlags) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA18B58)
[Address] EAT @explorer.exe (GdipGetStringFormatHotkeyPrefix) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA187E0)
[Address] EAT @explorer.exe (GdipGetStringFormatLineAlign) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA18908)
[Address] EAT @explorer.exe (GdipGetStringFormatMeasurableCharacterRangeCount) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1856C)
[Address] EAT @explorer.exe (GdipGetStringFormatTabStopCount) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA18698)
[Address] EAT @explorer.exe (GdipGetStringFormatTabStops) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA185DC)
[Address] EAT @explorer.exe (GdipGetStringFormatTrimming) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA18260)
[Address] EAT @explorer.exe (GdipGetTextContrast) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA211B0)
[Address] EAT @explorer.exe (GdipGetTextRenderingHint) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D8160)
[Address] EAT @explorer.exe (GdipGetTextureImage) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FDE20)
[Address] EAT @explorer.exe (GdipGetTextureTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA29AD0)
[Address] EAT @explorer.exe (GdipGetTextureWrapMode) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FDCCC)
[Address] EAT @explorer.exe (GdipGetVisibleClipBounds) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1B7D0)
[Address] EAT @explorer.exe (GdipGetVisibleClipBoundsI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1B690)
[Address] EAT @explorer.exe (GdipGetWorldTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C780C)
[Address] EAT @explorer.exe (GdipGraphicsClear) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D19E8)
[Address] EAT @explorer.exe (GdipGraphicsSetAbort) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA225EC)
[Address] EAT @explorer.exe (GdipImageForceValidation) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D6F4C)
[Address] EAT @explorer.exe (GdipImageGetFrameCount) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA00478)
[Address] EAT @explorer.exe (GdipImageGetFrameDimensionsCount) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA00204)
[Address] EAT @explorer.exe (GdipImageGetFrameDimensionsList) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA002A4)
[Address] EAT @explorer.exe (GdipImageRotateFlip) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA03500)
[Address] EAT @explorer.exe (GdipImageSelectActiveFrame) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA23F94)
[Address] EAT @explorer.exe (GdipImageSetAbort) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA22690)
[Address] EAT @explorer.exe (GdipInitializePalette) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA22A30)
[Address] EAT @explorer.exe (GdipInvertMatrix) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2C100)
[Address] EAT @explorer.exe (GdipIsClipEmpty) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1B884)
[Address] EAT @explorer.exe (GdipIsEmptyRegion) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2AF40)
[Address] EAT @explorer.exe (GdipIsEqualRegion) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2AD48)
[Address] EAT @explorer.exe (GdipIsInfiniteRegion) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D8268)
[Address] EAT @explorer.exe (GdipIsMatrixEqual) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2BCA0)
[Address] EAT @explorer.exe (GdipIsMatrixIdentity) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C7760)
[Address] EAT @explorer.exe (GdipIsMatrixInvertible) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2BDC4)
[Address] EAT @explorer.exe (GdipIsOutlineVisiblePathPoint) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2D080)
[Address] EAT @explorer.exe (GdipIsOutlineVisiblePathPointI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2CFF8)
[Address] EAT @explorer.exe (GdipIsStyleAvailable) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA197B8)
[Address] EAT @explorer.exe (GdipIsVisibleClipEmpty) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1B5D4)
[Address] EAT @explorer.exe (GdipIsVisiblePathPoint) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2D344)
[Address] EAT @explorer.exe (GdipIsVisiblePathPointI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2D2C8)
[Address] EAT @explorer.exe (GdipIsVisiblePoint) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1B4F0)
[Address] EAT @explorer.exe (GdipIsVisiblePointI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1B480)
[Address] EAT @explorer.exe (GdipIsVisibleRect) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1B37C)
[Address] EAT @explorer.exe (GdipIsVisibleRectI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1B2F0)
[Address] EAT @explorer.exe (GdipIsVisibleRegionPoint) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2AA08)
[Address] EAT @explorer.exe (GdipIsVisibleRegionPointI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2A98C)
[Address] EAT @explorer.exe (GdipIsVisibleRegionRect) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2A7A8)
[Address] EAT @explorer.exe (GdipIsVisibleRegionRectI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2A70C)
[Address] EAT @explorer.exe (GdipLoadImageFromFile) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA244D4)
[Address] EAT @explorer.exe (GdipLoadImageFromFileICM) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA24314)
[Address] EAT @explorer.exe (GdipLoadImageFromStream) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C9F24)
[Address] EAT @explorer.exe (GdipLoadImageFromStreamICM) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA243F4)
[Address] EAT @explorer.exe (GdipMeasureCharacterRanges) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1DC28)
[Address] EAT @explorer.exe (GdipMeasureDriverString) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1D7D0)
[Address] EAT @explorer.exe (GdipMeasureString) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1DDF0)
[Address] EAT @explorer.exe (GdipMultiplyLineTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA27354)
[Address] EAT @explorer.exe (GdipMultiplyMatrix) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FA8BC)
[Address] EAT @explorer.exe (GdipMultiplyPathGradientTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA27354)
[Address] EAT @explorer.exe (GdipMultiplyPenTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA26094)
[Address] EAT @explorer.exe (GdipMultiplyTextureTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA27354)
[Address] EAT @explorer.exe (GdipMultiplyWorldTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA20F58)
[Address] EAT @explorer.exe (GdipNewInstalledFontCollection) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA193A0)
[Address] EAT @explorer.exe (GdipNewPrivateFontCollection) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA192EC)
[Address] EAT @explorer.exe (GdipPathIterCopyData) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2C4A8)
[Address] EAT @explorer.exe (GdipPathIterEnumerate) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2C598)
[Address] EAT @explorer.exe (GdipPathIterGetCount) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2C93C)
[Address] EAT @explorer.exe (GdipPathIterGetSubpathCount) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2C888)
[Address] EAT @explorer.exe (GdipPathIterHasCurve) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2C728)
[Address] EAT @explorer.exe (GdipPathIterIsValid) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2C7D4)
[Address] EAT @explorer.exe (GdipPathIterNextMarker) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2CAB4)
[Address] EAT @explorer.exe (GdipPathIterNextMarkerPath) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2C9F0)
[Address] EAT @explorer.exe (GdipPathIterNextPathType) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2CB98)
[Address] EAT @explorer.exe (GdipPathIterNextSubpath) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2CD5C)
[Address] EAT @explorer.exe (GdipPathIterNextSubpathPath) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2CC84)
[Address] EAT @explorer.exe (GdipPathIterRewind) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2C680)
[Address] EAT @explorer.exe (GdipPlayMetafileRecord) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1BEF4)
[Address] EAT @explorer.exe (GdipPlayTSClientRecord) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA179F8)
[Address] EAT @explorer.exe (GdipPrivateAddFontFile) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA19020)
[Address] EAT @explorer.exe (GdipPrivateAddMemoryFont) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA18F74)
[Address] EAT @explorer.exe (GdipRecordMetafile) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9F2A54)
[Address] EAT @explorer.exe (GdipRecordMetafileFileName) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1A510)
[Address] EAT @explorer.exe (GdipRecordMetafileFileNameI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1A40C)
[Address] EAT @explorer.exe (GdipRecordMetafileI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1A66C)
[Address] EAT @explorer.exe (GdipRecordMetafileStream) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1A2B0)
[Address] EAT @explorer.exe (GdipRecordMetafileStreamI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1A1AC)
[Address] EAT @explorer.exe (GdipReleaseDC) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9E3508)
[Address] EAT @explorer.exe (GdipRemovePropertyItem) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA23DE0)
[Address] EAT @explorer.exe (GdipResetClip) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9E2D60)
[Address] EAT @explorer.exe (GdipResetImageAttributes) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA22358)
[Address] EAT @explorer.exe (GdipResetLineTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA28914)
[Address] EAT @explorer.exe (GdipResetPageTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA20D38)
[Address] EAT @explorer.exe (GdipResetPath) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA300E0)
[Address] EAT @explorer.exe (GdipResetPathGradientTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA28914)
[Address] EAT @explorer.exe (GdipResetPenTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA26198)
[Address] EAT @explorer.exe (GdipResetTextureTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA28914)
[Address] EAT @explorer.exe (GdipResetWorldTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2106C)
[Address] EAT @explorer.exe (GdipRestoreGraphics) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D81E8)
[Address] EAT @explorer.exe (GdipReversePath) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2F7A8)
[Address] EAT @explorer.exe (GdipRotateLineTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA29A18)
[Address] EAT @explorer.exe (GdipRotateMatrix) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FB700)
[Address] EAT @explorer.exe (GdipRotatePathGradientTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA29A18)
[Address] EAT @explorer.exe (GdipRotatePenTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA25E0C)
[Address] EAT @explorer.exe (GdipRotateTextureTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA29A18)
[Address] EAT @explorer.exe (GdipRotateWorldTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA20DE0)
[Address] EAT @explorer.exe (GdipSaveAdd) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA240F8)
[Address] EAT @explorer.exe (GdipSaveAddImage) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA24040)
[Address] EAT @explorer.exe (GdipSaveGraphics) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D7F9C)
[Address] EAT @explorer.exe (GdipSaveImageToFile) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9B5FD0)
[Address] EAT @explorer.exe (GdipSaveImageToStream) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9CFC80)
[Address] EAT @explorer.exe (GdipScaleLineTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2728C)
[Address] EAT @explorer.exe (GdipScaleMatrix) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FA738)
[Address] EAT @explorer.exe (GdipScalePathGradientTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2728C)
[Address] EAT @explorer.exe (GdipScalePenTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA25EDC)
[Address] EAT @explorer.exe (GdipScaleTextureTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2728C)
[Address] EAT @explorer.exe (GdipScaleWorldTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA20E94)
[Address] EAT @explorer.exe (GdipSetAdjustableArrowCapFillState) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA24660)
[Address] EAT @explorer.exe (GdipSetAdjustableArrowCapHeight) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA24AC0)
[Address] EAT @explorer.exe (GdipSetAdjustableArrowCapMiddleInset) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA247D0)
[Address] EAT @explorer.exe (GdipSetAdjustableArrowCapWidth) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA24948)
[Address] EAT @explorer.exe (GdipSetClipGraphics) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1BDEC)
[Address] EAT @explorer.exe (GdipSetClipHrgn) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1BB08)
[Address] EAT @explorer.exe (GdipSetClipPath) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1BCDC)
[Address] EAT @explorer.exe (GdipSetClipRect) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C69B0)
[Address] EAT @explorer.exe (GdipSetClipRectI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C6910)
[Address] EAT @explorer.exe (GdipSetClipRegion) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1BBD4)
[Address] EAT @explorer.exe (GdipSetCompositingMode) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D3358)
[Address] EAT @explorer.exe (GdipSetCompositingQuality) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2152C)
[Address] EAT @explorer.exe (GdipSetCustomLineCapBaseCap) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA24FA0)
[Address] EAT @explorer.exe (GdipSetCustomLineCapBaseInset) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA24E5C)
[Address] EAT @explorer.exe (GdipSetCustomLineCapStrokeCaps) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA25250)
[Address] EAT @explorer.exe (GdipSetCustomLineCapStrokeJoin) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA25104)
[Address] EAT @explorer.exe (GdipSetCustomLineCapWidthScale) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA24D24)
[Address] EAT @explorer.exe (GdipSetEffectParameters) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA22CEC)
[Address] EAT @explorer.exe (GdipSetEmpty) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2B7C4)
[Address] EAT @explorer.exe (GdipSetImageAttributesCachedBackground) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA21BC8)
[Address] EAT @explorer.exe (GdipSetImageAttributesColorKeys) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D7460)
[Address] EAT @explorer.exe (GdipSetImageAttributesColorMatrix) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA22284)
[Address] EAT @explorer.exe (GdipSetImageAttributesGamma) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2205C)
[Address] EAT @explorer.exe (GdipSetImageAttributesNoOp) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA21F54)
[Address] EAT @explorer.exe (GdipSetImageAttributesOutputChannel) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA21E38)
[Address] EAT @explorer.exe (GdipSetImageAttributesOutputChannelColorProfile) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA21D74)
[Address] EAT @explorer.exe (GdipSetImageAttributesRemapTable) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA21C70)
[Address] EAT @explorer.exe (GdipSetImageAttributesThreshold) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA22164)
[Address] EAT @explorer.exe (GdipSetImageAttributesToIdentity) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA22448)
[Address] EAT @explorer.exe (GdipSetImageAttributesWrapMode) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA21B10)
[Address] EAT @explorer.exe (GdipSetImagePalette) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA238AC)
[Address] EAT @explorer.exe (GdipSetInfinite) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2B860)
[Address] EAT @explorer.exe (GdipSetInterpolationMode) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA01170)
[Address] EAT @explorer.exe (GdipSetLineBlend) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA0273C)
[Address] EAT @explorer.exe (GdipSetLineColors) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA29454)
[Address] EAT @explorer.exe (GdipSetLineGammaCorrection) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA29214)
[Address] EAT @explorer.exe (GdipSetLineLinearBlend) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA28C10)
[Address] EAT @explorer.exe (GdipSetLinePresetBlend) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA28CD0)
[Address] EAT @explorer.exe (GdipSetLineSigmaBlend) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA02A58)
[Address] EAT @explorer.exe (GdipSetLineTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA289B4)
[Address] EAT @explorer.exe (GdipSetLineWrapMode) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA28B50)
[Address] EAT @explorer.exe (GdipSetMatrixElements) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FA7E0)
[Address] EAT @explorer.exe (GdipSetMetafileDownLevelRasterizationLimit) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1A068)
[Address] EAT @explorer.exe (GdipSetPageScale) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA20B1C)
[Address] EAT @explorer.exe (GdipSetPageUnit) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D9E40)
[Address] EAT @explorer.exe (GdipSetPathFillMode) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9CF4BC)
[Address] EAT @explorer.exe (GdipSetPathGradientBlend) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA278A8)
[Address] EAT @explorer.exe (GdipSetPathGradientCenterColor) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA28444)
[Address] EAT @explorer.exe (GdipSetPathGradientCenterPoint) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA27EDC)
[Address] EAT @explorer.exe (GdipSetPathGradientCenterPointI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA27E68)
[Address] EAT @explorer.exe (GdipSetPathGradientFocusScales) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA27104)
[Address] EAT @explorer.exe (GdipSetPathGradientGammaCorrection) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA27BB0)
[Address] EAT @explorer.exe (GdipSetPathGradientLinearBlend) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA28C10)
[Address] EAT @explorer.exe (GdipSetPathGradientPath) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA280E0)
[Address] EAT @explorer.exe (GdipSetPathGradientPresetBlend) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA275C4)
[Address] EAT @explorer.exe (GdipSetPathGradientSigmaBlend) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA27504)
[Address] EAT @explorer.exe (GdipSetPathGradientSurroundColorsWithCount) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA28110)
[Address] EAT @explorer.exe (GdipSetPathGradientTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA289B4)
[Address] EAT @explorer.exe (GdipSetPathGradientWrapMode) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA27458)
[Address] EAT @explorer.exe (GdipSetPathMarker) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2F8E8)
[Address] EAT @explorer.exe (GdipSetPenBrushFill) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C7974)
[Address] EAT @explorer.exe (GdipSetPenColor) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9E08F8)
[Address] EAT @explorer.exe (GdipSetPenCompoundArray) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA257B0)
[Address] EAT @explorer.exe (GdipSetPenCustomEndCap) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA26814)
[Address] EAT @explorer.exe (GdipSetPenCustomStartCap) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA269C4)
[Address] EAT @explorer.exe (GdipSetPenDashArray) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA259D8)
[Address] EAT @explorer.exe (GdipSetPenDashCap197819) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA26D70)
[Address] EAT @explorer.exe (GdipSetPenDashOffset) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA25B44)
[Address] EAT @explorer.exe (GdipSetPenDashStyle) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9E0860)
[Address] EAT @explorer.exe (GdipSetPenEndCap) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9CABC0)
[Address] EAT @explorer.exe (GdipSetPenLineCap197819) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA26E18)
[Address] EAT @explorer.exe (GdipSetPenLineJoin) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9CAC50)
[Address] EAT @explorer.exe (GdipSetPenMiterLimit) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA266A0)
[Address] EAT @explorer.exe (GdipSetPenMode) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA26548)
[Address] EAT @explorer.exe (GdipSetPenStartCap) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9CAB30)
[Address] EAT @explorer.exe (GdipSetPenTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA26368)
[Address] EAT @explorer.exe (GdipSetPenUnit) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA26F94)
[Address] EAT @explorer.exe (GdipSetPenWidth) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C6B50)
[Address] EAT @explorer.exe (GdipSetPixelOffsetMode) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA0346C)
[Address] EAT @explorer.exe (GdipSetPropertyItem) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D4558)
[Address] EAT @explorer.exe (GdipSetRenderingOrigin) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA216AC)
[Address] EAT @explorer.exe (GdipSetSmoothingMode) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C1DB8)
[Address] EAT @explorer.exe (GdipSetSolidFillColor) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9C6C1C)
[Address] EAT @explorer.exe (GdipSetStringFormatAlign) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA18AC0)
[Address] EAT @explorer.exe (GdipSetStringFormatDigitSubstitution) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1843C)
[Address] EAT @explorer.exe (GdipSetStringFormatFlags) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA18BE8)
[Address] EAT @explorer.exe (GdipSetStringFormatHotkeyPrefix) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA18870)
[Address] EAT @explorer.exe (GdipSetStringFormatLineAlign) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA18998)
[Address] EAT @explorer.exe (GdipSetStringFormatMeasurableCharacterRanges) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA184E8)
[Address] EAT @explorer.exe (GdipSetStringFormatTabStops) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA18728)
[Address] EAT @explorer.exe (GdipSetStringFormatTrimming) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA182F8)
[Address] EAT @explorer.exe (GdipSetTextContrast) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA21264)
[Address] EAT @explorer.exe (GdipSetTextRenderingHint) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2130C)
[Address] EAT @explorer.exe (GdipSetTextureTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA289B4)
[Address] EAT @explorer.exe (GdipSetTextureWrapMode) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FDF10)
[Address] EAT @explorer.exe (GdipSetWorldTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FD014)
[Address] EAT @explorer.exe (GdipShearMatrix) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2C19C)
[Address] EAT @explorer.exe (GdipStartPathFigure) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2FAC8)
[Address] EAT @explorer.exe (GdipStringFormatGetGenericDefault) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA18DF8)
[Address] EAT @explorer.exe (GdipStringFormatGetGenericTypographic) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA18D90)
[Address] EAT @explorer.exe (GdipTestControl) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA181EC)
[Address] EAT @explorer.exe (GdipTransformMatrixPoints) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FC110)
[Address] EAT @explorer.exe (GdipTransformMatrixPointsI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FBFE4)
[Address] EAT @explorer.exe (GdipTransformPath) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2D804)
[Address] EAT @explorer.exe (GdipTransformPoints) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2098C)
[Address] EAT @explorer.exe (GdipTransformPointsI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA207AC)
[Address] EAT @explorer.exe (GdipTransformRegion) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2B374)
[Address] EAT @explorer.exe (GdipTranslateClip) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1BA4C)
[Address] EAT @explorer.exe (GdipTranslateClipI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA1B9EC)
[Address] EAT @explorer.exe (GdipTranslateLineTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2884C)
[Address] EAT @explorer.exe (GdipTranslateMatrix) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9FA68C)
[Address] EAT @explorer.exe (GdipTranslatePathGradientTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2884C)
[Address] EAT @explorer.exe (GdipTranslatePenTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA25FB8)
[Address] EAT @explorer.exe (GdipTranslateRegion) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2B4BC)
[Address] EAT @explorer.exe (GdipTranslateRegionI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2B45C)
[Address] EAT @explorer.exe (GdipTranslateTextureTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2884C)
[Address] EAT @explorer.exe (GdipTranslateWorldTransform) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9D7EEC)
[Address] EAT @explorer.exe (GdipVectorTransformMatrixPoints) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2C038)
[Address] EAT @explorer.exe (GdipVectorTransformMatrixPointsI) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2BE78)
[Address] EAT @explorer.exe (GdipWarpPath) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2D914)
[Address] EAT @explorer.exe (GdipWidenPath) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2DA68)
[Address] EAT @explorer.exe (GdipWindingModeOutline) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA2DBD0)
[Address] EAT @explorer.exe (GdiplusNotificationHook) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA30510)
[Address] EAT @explorer.exe (GdiplusNotificationUnhook) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5BA304AC)
[Address] EAT @explorer.exe (GdiplusShutdown) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9B88CC)
[Address] EAT @explorer.exe (GdiplusStartup) : acppage.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x5B9B32B0)
[Address] EAT @explorer.exe (AssocCreate) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63473B20)
[Address] EAT @explorer.exe (AssocGetPerceivedType) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63474940)
[Address] EAT @explorer.exe (AssocIsDangerous) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348CFBC)
[Address] EAT @explorer.exe (AssocQueryKeyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6347A870)
[Address] EAT @explorer.exe (AssocQueryKeyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63473A20)
[Address] EAT @explorer.exe (AssocQueryStringA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348E60C)
[Address] EAT @explorer.exe (AssocQueryStringByKeyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348E440)
[Address] EAT @explorer.exe (AssocQueryStringByKeyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634741A0)
[Address] EAT @explorer.exe (AssocQueryStringW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63479CC0)
[Address] EAT @explorer.exe (ChrCmpIA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A03C)
[Address] EAT @explorer.exe (ChrCmpIW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A02C)
[Address] EAT @explorer.exe (ColorAdjustLuma) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348F7A8)
[Address] EAT @explorer.exe (ColorHLSToRGB) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6347BFF0)
[Address] EAT @explorer.exe (ColorRGBToHLS) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6347BF30)
[Address] EAT @explorer.exe (ConnectToConnectionPoint) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634742B0)
[Address] EAT @explorer.exe (DelayLoadFailureHook) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348F8F0)
[Address] EAT @explorer.exe (DllGetClassObject) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6349D448)
[Address] EAT @explorer.exe (DllGetVersion) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63485AE0)
[Address] EAT @explorer.exe (GUIDFromStringW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6347F786)
[Address] EAT @explorer.exe (GetAcceptLanguagesA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634897D0)
[Address] EAT @explorer.exe (GetAcceptLanguagesW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63475A40)
[Address] EAT @explorer.exe (GetMenuPosFromID) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63475A60)
[Address] EAT @explorer.exe (HashData) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634897C0)
[Address] EAT @explorer.exe (IStream_Copy) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6347A1A0)
[Address] EAT @explorer.exe (IStream_Read) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63472B80)
[Address] EAT @explorer.exe (IStream_ReadPidl) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63479980)
[Address] EAT @explorer.exe (IStream_ReadStr) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63471120)
[Address] EAT @explorer.exe (IStream_Reset) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63476340)
[Address] EAT @explorer.exe (IStream_Size) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6347A180)
[Address] EAT @explorer.exe (IStream_Write) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63476320)
[Address] EAT @explorer.exe (IStream_WritePidl) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6349F194)
[Address] EAT @explorer.exe (IStream_WriteStr) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63476350)
[Address] EAT @explorer.exe (IUnknown_AtomicRelease) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A09C)
[Address] EAT @explorer.exe (IUnknown_Exec) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63475B80)
[Address] EAT @explorer.exe (IUnknown_GetSite) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634760B0)
[Address] EAT @explorer.exe (IUnknown_GetWindow) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63472D20)
[Address] EAT @explorer.exe (IUnknown_QueryService) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63473300)
[Address] EAT @explorer.exe (IUnknown_QueryStatus) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6349BBA8)
[Address] EAT @explorer.exe (IUnknown_Set) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63471130)
[Address] EAT @explorer.exe (IUnknown_SetSite) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63473310)
[Address] EAT @explorer.exe (IntlStrEqWorkerA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489E3C)
[Address] EAT @explorer.exe (IntlStrEqWorkerW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489E2C)
[Address] EAT @explorer.exe (IsCharSpaceA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489A80)
[Address] EAT @explorer.exe (IsCharSpaceW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63471140)
[Address] EAT @explorer.exe (IsInternetESCEnabled) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634897B0)
[Address] EAT @explorer.exe (IsOS) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63472B60)
[Address] EAT @explorer.exe (MLFreeLibrary) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63499EF4)
[Address] EAT @explorer.exe (MLLoadLibraryA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63499F48)
[Address] EAT @explorer.exe (MLLoadLibraryW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63499FA8)
[Address] EAT @explorer.exe (ParseURLA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634897A0)
[Address] EAT @explorer.exe (ParseURLW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6347C250)
[Address] EAT @explorer.exe (PathAddBackslashA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489B2C)
[Address] EAT @explorer.exe (PathAddBackslashW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63473C00)
[Address] EAT @explorer.exe (PathAddExtensionA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489CCC)
[Address] EAT @explorer.exe (PathAddExtensionW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489CBC)
[Address] EAT @explorer.exe (PathAppendA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489CAC)
[Address] EAT @explorer.exe (PathAppendW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63475A10)
[Address] EAT @explorer.exe (PathBuildRootA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A05C)
[Address] EAT @explorer.exe (PathBuildRootW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A06C)
[Address] EAT @explorer.exe (PathCanonicalizeA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489C9C)
[Address] EAT @explorer.exe (PathCanonicalizeW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63472CF0)
[Address] EAT @explorer.exe (PathCombineA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489B5C)
[Address] EAT @explorer.exe (PathCombineW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63473C10)
[Address] EAT @explorer.exe (PathCommonPrefixA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489DAC)
[Address] EAT @explorer.exe (PathCommonPrefixW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489D9C)
[Address] EAT @explorer.exe (PathCompactPathA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348AF90)
[Address] EAT @explorer.exe (PathCompactPathExA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348AD80)
[Address] EAT @explorer.exe (PathCompactPathExW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63476530)
[Address] EAT @explorer.exe (PathCompactPathW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348EB08)
[Address] EAT @explorer.exe (PathCreateFromUrlA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489790)
[Address] EAT @explorer.exe (PathCreateFromUrlAlloc) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489780)
[Address] EAT @explorer.exe (PathCreateFromUrlW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634736E0)
[Address] EAT @explorer.exe (PathFileExistsA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489C0C)
[Address] EAT @explorer.exe (PathFileExistsAndAttributesW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63475930)
[Address] EAT @explorer.exe (PathFileExistsW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63473690)
[Address] EAT @explorer.exe (PathFindExtensionA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489C3C)
[Address] EAT @explorer.exe (PathFindExtensionW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634710C0)
[Address] EAT @explorer.exe (PathFindFileNameA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489BFC)
[Address] EAT @explorer.exe (PathFindFileNameW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63471090)
[Address] EAT @explorer.exe (PathFindNextComponentA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489AE0)
[Address] EAT @explorer.exe (PathFindNextComponentW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6347A210)
[Address] EAT @explorer.exe (PathFindOnPathA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348B610)
[Address] EAT @explorer.exe (PathFindOnPathW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63479170)
[Address] EAT @explorer.exe (PathFindSuffixArrayA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348B534)
[Address] EAT @explorer.exe (PathFindSuffixArrayW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634753D0)
[Address] EAT @explorer.exe (PathGetArgsA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348962C)
[Address] EAT @explorer.exe (PathGetArgsW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6347C880)
[Address] EAT @explorer.exe (PathGetCharTypeA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489648)
[Address] EAT @explorer.exe (PathGetCharTypeW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63476480)
[Address] EAT @explorer.exe (PathGetDriveNumberA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489D5C)
[Address] EAT @explorer.exe (PathGetDriveNumberW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63471050)
[Address] EAT @explorer.exe (PathIsContentTypeA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348ABAC)
[Address] EAT @explorer.exe (PathIsContentTypeW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6347A2C0)
[Address] EAT @explorer.exe (PathIsDirectoryA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348B404)
[Address] EAT @explorer.exe (PathIsDirectoryEmptyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348B334)
[Address] EAT @explorer.exe (PathIsDirectoryEmptyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348EE78)
[Address] EAT @explorer.exe (PathIsDirectoryW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634754D0)
[Address] EAT @explorer.exe (PathIsFileSpecA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489D6C)
[Address] EAT @explorer.exe (PathIsFileSpecW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63476200)
[Address] EAT @explorer.exe (PathIsLFNFileSpecA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489CFC)
[Address] EAT @explorer.exe (PathIsLFNFileSpecW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489CEC)
[Address] EAT @explorer.exe (PathIsNetworkPathA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A07C)
[Address] EAT @explorer.exe (PathIsNetworkPathW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634729A0)
[Address] EAT @explorer.exe (PathIsPrefixA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489D8C)
[Address] EAT @explorer.exe (PathIsPrefixW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489D7C)
[Address] EAT @explorer.exe (PathIsRelativeA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489D4C)
[Address] EAT @explorer.exe (PathIsRelativeW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63473680)
[Address] EAT @explorer.exe (PathIsRootA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489C8C)
[Address] EAT @explorer.exe (PathIsRootW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63472CE0)
[Address] EAT @explorer.exe (PathIsSameRootA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489D1C)
[Address] EAT @explorer.exe (PathIsSameRootW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489D0C)
[Address] EAT @explorer.exe (PathIsSystemFolderA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A834)
[Address] EAT @explorer.exe (PathIsSystemFolderW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348E948)
[Address] EAT @explorer.exe (PathIsUNCA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489B3C)
[Address] EAT @explorer.exe (PathIsUNCServerA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489C1C)
[Address] EAT @explorer.exe (PathIsUNCServerShareA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489C2C)
[Address] EAT @explorer.exe (PathIsUNCServerShareW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63475E60)
[Address] EAT @explorer.exe (PathIsUNCServerW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63475E70)
[Address] EAT @explorer.exe (PathIsUNCW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63471040)
[Address] EAT @explorer.exe (PathIsURLA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489770)
[Address] EAT @explorer.exe (PathIsURLW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634736C0)
[Address] EAT @explorer.exe (PathMakePrettyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348BCB0)
[Address] EAT @explorer.exe (PathMakePrettyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63479FC0)
[Address] EAT @explorer.exe (PathMakeSystemFolderA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A8C0)
[Address] EAT @explorer.exe (PathMakeSystemFolderW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63471270)
[Address] EAT @explorer.exe (PathMatchSpecA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489BAC)
[Address] EAT @explorer.exe (PathMatchSpecExA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489B8C)
[Address] EAT @explorer.exe (PathMatchSpecExW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489B7C)
[Address] EAT @explorer.exe (PathMatchSpecW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489B9C)
[Address] EAT @explorer.exe (PathParseIconLocationA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489BEC)
[Address] EAT @explorer.exe (PathParseIconLocationW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63475E20)
[Address] EAT @explorer.exe (PathQuoteSpacesA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489BCC)
[Address] EAT @explorer.exe (PathQuoteSpacesW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63472D00)
[Address] EAT @explorer.exe (PathRelativePathToA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489B14)
[Address] EAT @explorer.exe (PathRelativePathToW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489AF4)
[Address] EAT @explorer.exe (PathRemoveArgsA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348BC74)
[Address] EAT @explorer.exe (PathRemoveArgsW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63476450)
[Address] EAT @explorer.exe (PathRemoveBackslashA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489CDC)
[Address] EAT @explorer.exe (PathRemoveBackslashW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63473730)
[Address] EAT @explorer.exe (PathRemoveBlanksA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489BBC)
[Address] EAT @explorer.exe (PathRemoveBlanksW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63473BD0)
[Address] EAT @explorer.exe (PathRemoveExtensionA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489C7C)
[Address] EAT @explorer.exe (PathRemoveExtensionW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63475E30)
[Address] EAT @explorer.exe (PathRemoveFileSpecA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489B4C)
[Address] EAT @explorer.exe (PathRemoveFileSpecW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63474040)
[Address] EAT @explorer.exe (PathRenameExtensionA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489C6C)
[Address] EAT @explorer.exe (PathRenameExtensionW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489C5C)
[Address] EAT @explorer.exe (PathSearchAndQualifyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348961C)
[Address] EAT @explorer.exe (PathSearchAndQualifyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63472E00)
[Address] EAT @explorer.exe (PathSetDlgItemPathA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348AC50)
[Address] EAT @explorer.exe (PathSetDlgItemPathW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348E9D0)
[Address] EAT @explorer.exe (PathSkipRootA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489D2C)
[Address] EAT @explorer.exe (PathSkipRootW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63475A20)
[Address] EAT @explorer.exe (PathStripPathA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489D3C)
[Address] EAT @explorer.exe (PathStripPathW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63476220)
[Address] EAT @explorer.exe (PathStripToRootA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489C4C)
[Address] EAT @explorer.exe (PathStripToRootW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63475E50)
[Address] EAT @explorer.exe (PathUnExpandEnvStringsA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489B6C)
[Address] EAT @explorer.exe (PathUnExpandEnvStringsW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63472DF0)
[Address] EAT @explorer.exe (PathUndecorateA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A75C)
[Address] EAT @explorer.exe (PathUndecorateW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634764D0)
[Address] EAT @explorer.exe (PathUnmakeSystemFolderA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A86C)
[Address] EAT @explorer.exe (PathUnmakeSystemFolderW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348E984)
[Address] EAT @explorer.exe (PathUnquoteSpacesA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489BDC)
[Address] EAT @explorer.exe (PathUnquoteSpacesW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63473BE0)
[Address] EAT @explorer.exe (QISearch) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63471010)
[Address] EAT @explorer.exe (SHAllocShared) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634729D0)
[Address] EAT @explorer.exe (SHAnsiToAnsi) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A310)
[Address] EAT @explorer.exe (SHAnsiToUnicode) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A320)
[Address] EAT @explorer.exe (SHAutoComplete) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6347BE10)
[Address] EAT @explorer.exe (SHCopyKeyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A2F0)
[Address] EAT @explorer.exe (SHCopyKeyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6347A070)
[Address] EAT @explorer.exe (SHCreateMemStream) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634732B0)
[Address] EAT @explorer.exe (SHCreateShellPalette) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63472890)
[Address] EAT @explorer.exe (SHCreateStreamOnFileA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A0DC)
[Address] EAT @explorer.exe (SHCreateStreamOnFileEx) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63476070)
[Address] EAT @explorer.exe (SHCreateStreamOnFileW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634764A0)
[Address] EAT @explorer.exe (SHCreateStreamWrapper) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6347F792)
[Address] EAT @explorer.exe (SHCreateThread) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63475E80)
[Address] EAT @explorer.exe (SHCreateThreadRef) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63475B30)
[Address] EAT @explorer.exe (SHCreateThreadWithHandle) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63476400)
[Address] EAT @explorer.exe (SHDeleteEmptyKeyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A0FC)
[Address] EAT @explorer.exe (SHDeleteEmptyKeyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A0EC)
[Address] EAT @explorer.exe (SHDeleteKeyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A2E0)
[Address] EAT @explorer.exe (SHDeleteKeyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63472C60)
[Address] EAT @explorer.exe (SHDeleteOrphanKeyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6349EFB8)
[Address] EAT @explorer.exe (SHDeleteOrphanKeyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6349EF48)
[Address] EAT @explorer.exe (SHDeleteValueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A10C)
[Address] EAT @explorer.exe (SHDeleteValueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63472CA0)
[Address] EAT @explorer.exe (SHEnumKeyExA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A290)
[Address] EAT @explorer.exe (SHEnumKeyExW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A280)
[Address] EAT @explorer.exe (SHEnumValueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A250)
[Address] EAT @explorer.exe (SHEnumValueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6347A1D0)
[Address] EAT @explorer.exe (SHFormatDateTimeA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348F004)
[Address] EAT @explorer.exe (SHFormatDateTimeW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348F070)
[Address] EAT @explorer.exe (SHFreeShared) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634729E0)
[Address] EAT @explorer.exe (SHGetInverseCMAP) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63490830)
[Address] EAT @explorer.exe (SHGetThreadRef) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63479140)
[Address] EAT @explorer.exe (SHGetValueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634743C0)
[Address] EAT @explorer.exe (SHGetValueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63472B20)
[Address] EAT @explorer.exe (SHGetViewStatePropertyBag) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63476FA0)
[Address] EAT @explorer.exe (SHIsChildOrSelf) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63473510)
[Address] EAT @explorer.exe (SHIsLowMemoryMachine) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6349BC3C)
[Address] EAT @explorer.exe (SHLoadIndirectString) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63473340)
[Address] EAT @explorer.exe (SHLockShared) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6349F838)
[Address] EAT @explorer.exe (SHMessageBoxCheckA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6349ADD4)
[Address] EAT @explorer.exe (SHMessageBoxCheckW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6349AF00)
[Address] EAT @explorer.exe (SHOpenRegStream2A) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A0AC)
[Address] EAT @explorer.exe (SHOpenRegStream2W) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634743F0)
[Address] EAT @explorer.exe (SHOpenRegStreamA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A0CC)
[Address] EAT @explorer.exe (SHOpenRegStreamW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A0BC)
[Address] EAT @explorer.exe (SHPackDispParamsV) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63477DB0)
[Address] EAT @explorer.exe (SHPropertyBag_ReadStrAlloc) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634A1598)
[Address] EAT @explorer.exe (SHPropertyBag_WriteBSTR) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634A1498)
[Address] EAT @explorer.exe (SHQueryInfoKeyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A230)
[Address] EAT @explorer.exe (SHQueryInfoKeyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A210)
[Address] EAT @explorer.exe (SHQueryValueExA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A120)
[Address] EAT @explorer.exe (SHQueryValueExW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634763A0)
[Address] EAT @explorer.exe (SHRegCloseUSKey) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489A70)
[Address] EAT @explorer.exe (SHRegCreateUSKeyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489A58)
[Address] EAT @explorer.exe (SHRegCreateUSKeyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63472640)
[Address] EAT @explorer.exe (SHRegDeleteEmptyUSKeyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489A44)
[Address] EAT @explorer.exe (SHRegDeleteEmptyUSKeyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489A34)
[Address] EAT @explorer.exe (SHRegDeleteUSValueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489A24)
[Address] EAT @explorer.exe (SHRegDeleteUSValueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489A14)
[Address] EAT @explorer.exe (SHRegDuplicateHKey) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A1F0)
[Address] EAT @explorer.exe (SHRegEnumUSKeyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634899FC)
[Address] EAT @explorer.exe (SHRegEnumUSKeyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634899DC)
[Address] EAT @explorer.exe (SHRegEnumUSValueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489998)
[Address] EAT @explorer.exe (SHRegEnumUSValueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63472590)
[Address] EAT @explorer.exe (SHRegGetBoolUSValueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489984)
[Address] EAT @explorer.exe (SHRegGetBoolUSValueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6347C220)
[Address] EAT @explorer.exe (SHRegGetBoolValueFromHKCUHKLM) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63476330)
[Address] EAT @explorer.exe (SHRegGetIntW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A1E0)
[Address] EAT @explorer.exe (SHRegGetPathA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A1C0)
[Address] EAT @explorer.exe (SHRegGetPathW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6347A240)
[Address] EAT @explorer.exe (SHRegGetUSValueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489948)
[Address] EAT @explorer.exe (SHRegGetUSValueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6347A280)
[Address] EAT @explorer.exe (SHRegGetValueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A2A4)
[Address] EAT @explorer.exe (SHRegGetValueFromHKCUHKLM) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63476EBC)
[Address] EAT @explorer.exe (SHRegGetValueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634721B0)
[Address] EAT @explorer.exe (SHRegOpenUSKeyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489928)
[Address] EAT @explorer.exe (SHRegOpenUSKeyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489908)
[Address] EAT @explorer.exe (SHRegQueryInfoUSKeyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634898E0)
[Address] EAT @explorer.exe (SHRegQueryInfoUSKeyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63472610)
[Address] EAT @explorer.exe (SHRegQueryUSValueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634898A0)
[Address] EAT @explorer.exe (SHRegQueryUSValueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489860)
[Address] EAT @explorer.exe (SHRegSetPathA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A1A0)
[Address] EAT @explorer.exe (SHRegSetPathW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A180)
[Address] EAT @explorer.exe (SHRegSetUSValueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489838)
[Address] EAT @explorer.exe (SHRegSetUSValueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489810)
[Address] EAT @explorer.exe (SHRegWriteUSValueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634897E4)
[Address] EAT @explorer.exe (SHRegWriteUSValueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634725E0)
[Address] EAT @explorer.exe (SHRegisterValidateTemplate) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634A58E0)
[Address] EAT @explorer.exe (SHReleaseThreadRef) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A08C)
[Address] EAT @explorer.exe (SHRunIndirectRegClientCommand) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348C95C)
[Address] EAT @explorer.exe (SHSendMessageBroadcastA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6349A27C)
[Address] EAT @explorer.exe (SHSendMessageBroadcastW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63472CC0)
[Address] EAT @explorer.exe (SHSetThreadRef) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63475B10)
[Address] EAT @explorer.exe (SHSetValueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A14C)
[Address] EAT @explorer.exe (SHSetValueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634763D0)
[Address] EAT @explorer.exe (SHSkipJunction) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63472E20)
[Address] EAT @explorer.exe (SHStrDupA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6347A260)
[Address] EAT @explorer.exe (SHStrDupW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63471070)
[Address] EAT @explorer.exe (SHStripMneumonicA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6349A900)
[Address] EAT @explorer.exe (SHStripMneumonicW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63472DB0)
[Address] EAT @explorer.exe (SHUnicodeToAnsi) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634732E0)
[Address] EAT @explorer.exe (SHUnicodeToAnsiCP) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6347F7B9)
[Address] EAT @explorer.exe (SHUnicodeToUnicode) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348A300)
[Address] EAT @explorer.exe (SHUnlockShared) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6349F818)
[Address] EAT @explorer.exe (ShellMessageBoxA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348C604)
[Address] EAT @explorer.exe (ShellMessageBoxW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348F54C)
[Address] EAT @explorer.exe (StrCSpnA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489EEC)
[Address] EAT @explorer.exe (StrCSpnIA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489EDC)
[Address] EAT @explorer.exe (StrCSpnIW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489ECC)
[Address] EAT @explorer.exe (StrCSpnW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63475A30)
[Address] EAT @explorer.exe (StrCatBuffA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489FDC)
[Address] EAT @explorer.exe (StrCatBuffW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489FEC)
[Address] EAT @explorer.exe (StrCatChainW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489DCC)
[Address] EAT @explorer.exe (StrCatW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348FCF8)
[Address] EAT @explorer.exe (StrChrA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489FCC)
[Address] EAT @explorer.exe (StrChrIA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489F9C)
[Address] EAT @explorer.exe (StrChrIW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634710E0)
[Address] EAT @explorer.exe (StrChrNIW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489F8C)
[Address] EAT @explorer.exe (StrChrNW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489FBC)
[Address] EAT @explorer.exe (StrChrW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63471080)
[Address] EAT @explorer.exe (StrCmpCA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489DEC)
[Address] EAT @explorer.exe (StrCmpCW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63472C90)
[Address] EAT @explorer.exe (StrCmpICA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63471100)
[Address] EAT @explorer.exe (StrCmpICW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634710F0)
[Address] EAT @explorer.exe (StrCmpIW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63473650)
[Address] EAT @explorer.exe (StrCmpLogicalW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489DDC)
[Address] EAT @explorer.exe (StrCmpNA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489EBC)
[Address] EAT @explorer.exe (StrCmpNCA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489E0C)
[Address] EAT @explorer.exe (StrCmpNCW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489DFC)
[Address] EAT @explorer.exe (StrCmpNIA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489EAC)
[Address] EAT @explorer.exe (StrCmpNICA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634760A0)
[Address] EAT @explorer.exe (StrCmpNICW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63472B70)
[Address] EAT @explorer.exe (StrCmpNIW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63473670)
[Address] EAT @explorer.exe (StrCmpNW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63473770)
[Address] EAT @explorer.exe (StrCmpW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634710B0)
[Address] EAT @explorer.exe (StrCpyNW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489FFC)
[Address] EAT @explorer.exe (StrCpyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348FD38)
[Address] EAT @explorer.exe (StrDupA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489E4C)
[Address] EAT @explorer.exe (StrDupW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63472B50)
[Address] EAT @explorer.exe (StrFormatByteSize64A) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348FC00)
[Address] EAT @explorer.exe (StrFormatByteSizeA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348FBF4)
[Address] EAT @explorer.exe (StrFormatByteSizeEx) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634732D0)
[Address] EAT @explorer.exe (StrFormatByteSizeW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348FC60)
[Address] EAT @explorer.exe (StrFormatKBSizeA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348FB74)
[Address] EAT @explorer.exe (StrFormatKBSizeW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348FBE0)
[Address] EAT @explorer.exe (StrFromTimeIntervalA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63498AC8)
[Address] EAT @explorer.exe (StrFromTimeIntervalW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63498A44)
[Address] EAT @explorer.exe (StrIsIntlEqualA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489E3C)
[Address] EAT @explorer.exe (StrIsIntlEqualW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489E2C)
[Address] EAT @explorer.exe (StrNCatA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348FCB8)
[Address] EAT @explorer.exe (StrNCatW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348FC74)
[Address] EAT @explorer.exe (StrPBrkA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489F5C)
[Address] EAT @explorer.exe (StrPBrkW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634761E0)
[Address] EAT @explorer.exe (StrRChrA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489FAC)
[Address] EAT @explorer.exe (StrRChrIA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489F7C)
[Address] EAT @explorer.exe (StrRChrIW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489F6C)
[Address] EAT @explorer.exe (StrRChrW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63476210)
[Address] EAT @explorer.exe (StrRStrIA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489E9C)
[Address] EAT @explorer.exe (StrRStrIW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489E8C)
[Address] EAT @explorer.exe (StrRetToBSTR) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634760D0)
[Address] EAT @explorer.exe (StrRetToBufA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348F9E8)
[Address] EAT @explorer.exe (StrRetToBufW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63471110)
[Address] EAT @explorer.exe (StrRetToStrA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348FA98)
[Address] EAT @explorer.exe (StrRetToStrW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63473330)
[Address] EAT @explorer.exe (StrSpnA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489F0C)
[Address] EAT @explorer.exe (StrSpnW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489EFC)
[Address] EAT @explorer.exe (StrStrA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489E7C)
[Address] EAT @explorer.exe (StrStrIA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63476490)
[Address] EAT @explorer.exe (StrStrIW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634710D0)
[Address] EAT @explorer.exe (StrStrNIW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489E5C)
[Address] EAT @explorer.exe (StrStrNW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489E6C)
[Address] EAT @explorer.exe (StrStrW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63473660)
[Address] EAT @explorer.exe (StrToInt64ExA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489F2C)
[Address] EAT @explorer.exe (StrToInt64ExW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489F3C)
[Address] EAT @explorer.exe (StrToIntA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489F4C)
[Address] EAT @explorer.exe (StrToIntExA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489F1C)
[Address] EAT @explorer.exe (StrToIntExW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634761F0)
[Address] EAT @explorer.exe (StrToIntW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634710A0)
[Address] EAT @explorer.exe (StrTrimA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489E1C)
[Address] EAT @explorer.exe (StrTrimW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63473320)
[Address] EAT @explorer.exe (UrlApplySchemeA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489760)
[Address] EAT @explorer.exe (UrlApplySchemeW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489750)
[Address] EAT @explorer.exe (UrlCanonicalizeA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489740)
[Address] EAT @explorer.exe (UrlCanonicalizeW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634736B0)
[Address] EAT @explorer.exe (UrlCombineA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489728)
[Address] EAT @explorer.exe (UrlCombineW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63473750)
[Address] EAT @explorer.exe (UrlCompareA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489714)
[Address] EAT @explorer.exe (UrlCompareW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489704)
[Address] EAT @explorer.exe (UrlCreateFromPathA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634896F4)
[Address] EAT @explorer.exe (UrlCreateFromPathW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63473BF0)
[Address] EAT @explorer.exe (UrlEscapeA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634896E4)
[Address] EAT @explorer.exe (UrlEscapeW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63473720)
[Address] EAT @explorer.exe (UrlFixupW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634896D4)
[Address] EAT @explorer.exe (UrlGetLocationA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634896C4)
[Address] EAT @explorer.exe (UrlGetLocationW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634896B4)
[Address] EAT @explorer.exe (UrlGetPartA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348969C)
[Address] EAT @explorer.exe (UrlGetPartW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63473700)
[Address] EAT @explorer.exe (UrlHashA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489688)
[Address] EAT @explorer.exe (UrlHashW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489678)
[Address] EAT @explorer.exe (UrlIsA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489668)
[Address] EAT @explorer.exe (UrlIsNoHistoryA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634895EC)
[Address] EAT @explorer.exe (UrlIsNoHistoryW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63471150)
[Address] EAT @explorer.exe (UrlIsOpaqueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6348960C)
[Address] EAT @explorer.exe (UrlIsOpaqueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634895FC)
[Address] EAT @explorer.exe (UrlIsW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634736A0)
[Address] EAT @explorer.exe (UrlUnescapeA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63489658)
[Address] EAT @explorer.exe (UrlUnescapeW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634736D0)
[Address] EAT @explorer.exe (WhichPlatform) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x6349A6D0)
[Address] EAT @explorer.exe (wnsprintfA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634993AC)
[Address] EAT @explorer.exe (wnsprintfW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63499318)
[Address] EAT @explorer.exe (wvnsprintfA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x634993F8)
[Address] EAT @explorer.exe (wvnsprintfW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0x63499368)
 
¤¤¤ Extern Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS547564A9E384 SATA Disk Device +++++
--- User ---
[MBR] 8fe3dfc016d736be46d6a4916dae777c
[BSP] b4e11829e5dd3525678b8259cfc0ad57 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 610480 MB
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_D_05232014_142135.txt >>
RKreport[0]_S_05232014_141953.txt


#11 Chris5150

Chris5150
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:13 AM

Posted 23 May 2014 - 12:42 PM

Sorry for all these posts, but i want to refer you that i'm pretty sure that the virus has been deleted permanently.

I've restarted my notebook 3 times and the virus seems to be disappeared.

Is the procedure ended or should i run other tools to confirmate that the virus has been really removed?

Thanks for all your help.



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:13 AM

Posted 23 May 2014 - 04:36 PM


Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

Clean Out Temp Files
  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. default settings are fine
    • Click Run Cleaner.
    • Close CCleaner.
: Malwarebytes' Anti-Malware :

I see that you have MBAM installed - That is great!! and at this time I would like you to update it and run me a quick scan
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



Download HijackThis
  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic
"information and logs"
  • In your next post I need the following
    • Log From MBAM
    • report from Hijackthis
    • let me know of any problems you may have had
    • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Chris5150

Chris5150
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:13 AM

Posted 24 May 2014 - 02:33 PM

Ok, CCleaner has deleted some files correctly.

 

This is the Malwarebytes' log:

 

<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2014/05/24 20:34:53 +0200</date>
<log>mbam-log-2014-05-24 (20-10-06).xml</log>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.1.1004</version>
<rules-database>v2014.05.24.05</rules-database>
<swissarmy-database>v2014.05.21.01</swissarmy-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 8</osversion>
<arch>x64</arch>
<username>Cristian</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>309579</objects>
<time>1483</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>1</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<shuriken>enabled</shuriken>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<file><path>C:\Users\Cristian\Downloads\installer_world_of_warships_wallpapers_Italian.exe</path><vendor>PUP.Optional.Vittalia</vendor><action>success</action><hash>c66f84d18eedae88d53855cf649da55b</hash></file>
</items>
</mbam-log>
 
---------------------------------------------------------

 

And this is the log from HijackThis:

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21.21.11, on 24/05/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\HP SimplePass\TouchControl.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Cristian\Desktop\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON13/6
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON13/6
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [AppEx Accelerator UI] C:\Program Files\AMD Quick Stream\AppexAcceleratorUI.exe -h
O4 - HKCU\..\Run: [Power2GoExpress8] NA
O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD463B6A-14BE-42F1-9FB5-95B531C40F06}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service:  Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Connected Remote Service (HPConnectedRemote) - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @oem18.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: TrueAPI Service component (TrueService) - AuthenTec, Inc. - C:\Program Files\Common Files\AuthenTec\TrueService.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 9401 bytes
 
 
I think it's all right at this time. Thank you a lot! You have been very helpful. Thanks again.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:13 AM

Posted 25 May 2014 - 12:32 PM


Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.
  • Run HijackThis (rightclick and run as admin)
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
      O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
      O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
      O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe


  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.
    • NOTE**You can research each of those lines >here< and see if you want to keep them or not
      just copy the name between the brackets and paste into the search space
      O4 - HKLM\..\Run: [IntelliPoint]


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish
When the scan is complete
  • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found
  • If threats were found
    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    • close program
    • copy and paste the report here
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Chris5150

Chris5150
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:13 AM

Posted 26 May 2014 - 09:17 AM

The unneeded start up entries have been successfully removed with HijackThis.

Eset Online Scanner has found some theats, this is the report:

 

C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2014\rld.dll a variant of Win32/Packed.VMProtect.AAH trojan
C:\Users\Cristian\AppData\Local\Google\Chrome\User Data\Default\File System\003\t\00\00000000 Win32/Adware.1ClickDownload.AJ application
C:\Users\Cristian\AppData\Roaming\Origin\update.vbe VBS/CoinMiner.AD trojan
C:\Users\Cristian\Desktop\ccsetup404.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Cristian\Documents\My Games\FlightGear.exe a variant of Win32/FirseriaInstaller.C potentially unwanted application
C:\Users\Cristian\Documents\My Games\Flying Guns.exe a variant of Win32/FirseriaInstaller.C potentially unwanted application
C:\Users\Cristian\Documents\My Games\Flying Mode Simulator.exe a variant of Win32/FirseriaInstaller.C potentially unwanted application
C:\Users\Cristian\Documents\My Games\Micro Flight.exe a variant of Win32/FirseriaInstaller.C potentially unwanted application
C:\Users\Cristian\Documents\My Games\Orbiter.exe a variant of Win32/FirseriaInstaller.C potentially unwanted application
C:\Users\Cristian\Documents\My Games\X-Plane.exe a variant of Win32/FirseriaInstaller.C potentially unwanted application
C:\Users\Cristian\Documents\Setup Programmi\DTLite4471-0333.exe Win32/DownWare.L potentially unwanted application
C:\Users\Cristian\Documents\Setup Programmi\SoftonicDownloader_per_visual-basic-2008.exe a variant of Win32/SoftonicDownloader.F potentially unwanted application
C:\Users\Cristian\Downloads\SweetHome3D-4.3-windows-oc.exe Win32/OpenCandy potentially unsafe application





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users