Jump to content

najiwench

Members
  • Posts

    11
  • Joined

  • Last visited

Everything posted by najiwench

  1. [Address] EAT @explorer.exe (GdipGetPageScale) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B190BD0) [Address] EAT @explorer.exe (GdipGetPageUnit) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B190C84) [Address] EAT @explorer.exe (GdipGetPathData) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19FB68) [Address] EAT @explorer.exe (GdipGetPathFillMode) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19FC14) [Address] EAT @explorer.exe (GdipGetPathGradientBlend) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19797C) [Address] EAT @explorer.exe (GdipGetPathGradientBlendCount) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B197A4C) [Address] EAT @explorer.exe (GdipGetPathGradientCenterColor) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1984E4) [Address] EAT @explorer.exe (GdipGetPathGradientCenterPoint) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B198034) [Address] EAT @explorer.exe (GdipGetPathGradientCenterPointI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B197F98) [Address] EAT @explorer.exe (GdipGetPathGradientFocusScales) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1971BC) [Address] EAT @explorer.exe (GdipGetPathGradientGammaCorrection) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B197B00) [Address] EAT @explorer.exe (GdipGetPathGradientPath) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1980E0) [Address] EAT @explorer.exe (GdipGetPathGradientPointCount) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B197DB4) [Address] EAT @explorer.exe (GdipGetPathGradientPresetBlend) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B197764) [Address] EAT @explorer.exe (GdipGetPathGradientPresetBlendCount) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B199004) [Address] EAT @explorer.exe (GdipGetPathGradientRect) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B197C48) [Address] EAT @explorer.exe (GdipGetPathGradientRectI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B199280) [Address] EAT @explorer.exe (GdipGetPathGradientSurroundColorCount) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B197CF8) [Address] EAT @explorer.exe (GdipGetPathGradientSurroundColorsWithCount) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1982FC) [Address] EAT @explorer.exe (GdipGetPathGradientTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B199AD0) [Address] EAT @explorer.exe (GdipGetPathGradientWrapMode) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B198AA0) [Address] EAT @explorer.exe (GdipGetPathLastPoint) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19F6E0) [Address] EAT @explorer.exe (GdipGetPathPoints) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19FE14) [Address] EAT @explorer.exe (GdipGetPathPointsI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19FCC8) [Address] EAT @explorer.exe (GdipGetPathTypes) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19FF24) [Address] EAT @explorer.exe (GdipGetPathWorldBounds) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19D680) [Address] EAT @explorer.exe (GdipGetPathWorldBoundsI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19D4FC) [Address] EAT @explorer.exe (GdipGetPenBrushFill) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B195D44) [Address] EAT @explorer.exe (GdipGetPenColor) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B13F640) [Address] EAT @explorer.exe (GdipGetPenCompoundArray) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1956CC) [Address] EAT @explorer.exe (GdipGetPenCompoundCount) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19586C) [Address] EAT @explorer.exe (GdipGetPenCustomEndCap) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19674C) [Address] EAT @explorer.exe (GdipGetPenCustomStartCap) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1968FC) [Address] EAT @explorer.exe (GdipGetPenDashArray) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19591C) [Address] EAT @explorer.exe (GdipGetPenDashCap197819) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B196B5C) [Address] EAT @explorer.exe (GdipGetPenDashCount) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B195A94) [Address] EAT @explorer.exe (GdipGetPenDashOffset) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B195BE4) [Address] EAT @explorer.exe (GdipGetPenDashStyle) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B195C94) [Address] EAT @explorer.exe (GdipGetPenEndCap) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B196C10) [Address] EAT @explorer.exe (GdipGetPenFillType) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B13FB50) [Address] EAT @explorer.exe (GdipGetPenLineJoin) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B196AAC) [Address] EAT @explorer.exe (GdipGetPenMiterLimit) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1965F0) [Address] EAT @explorer.exe (GdipGetPenMode) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B196498) [Address] EAT @explorer.exe (GdipGetPenStartCap) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B196CC0) [Address] EAT @explorer.exe (GdipGetPenTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19624C) [Address] EAT @explorer.exe (GdipGetPenUnit) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B196EE4) [Address] EAT @explorer.exe (GdipGetPenWidth) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B13F6E0) [Address] EAT @explorer.exe (GdipGetPixelOffsetMode) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1913C4) [Address] EAT @explorer.exe (GdipGetPointCount) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1A0030) [Address] EAT @explorer.exe (GdipGetPropertyCount) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B193F08) [Address] EAT @explorer.exe (GdipGetPropertyIdList) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B193E6C) [Address] EAT @explorer.exe (GdipGetPropertyItem) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1457EC) [Address] EAT @explorer.exe (GdipGetPropertyItemSize) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B145760) [Address] EAT @explorer.exe (GdipGetPropertySize) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B13FEF0) [Address] EAT @explorer.exe (GdipGetRegionBounds) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19B260) [Address] EAT @explorer.exe (GdipGetRegionBoundsI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19B0C4) [Address] EAT @explorer.exe (GdipGetRegionData) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19ABA8) [Address] EAT @explorer.exe (GdipGetRegionDataSize) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19AC7C) [Address] EAT @explorer.exe (GdipGetRegionHRgn) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B14866C) [Address] EAT @explorer.exe (GdipGetRegionScans) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19A4EC) [Address] EAT @explorer.exe (GdipGetRegionScansCount) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19A60C) [Address] EAT @explorer.exe (GdipGetRegionScansI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19A3EC) [Address] EAT @explorer.exe (GdipGetRenderingOrigin) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1915D4) [Address] EAT @explorer.exe (GdipGetSmoothingMode) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B13AA70) [Address] EAT @explorer.exe (GdipGetSolidFillColor) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B199964) [Address] EAT @explorer.exe (GdipGetStringFormatAlign) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B188A30) [Address] EAT @explorer.exe (GdipGetStringFormatDigitSubstitution) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B188390) [Address] EAT @explorer.exe (GdipGetStringFormatFlags) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B188B58) [Address] EAT @explorer.exe (GdipGetStringFormatHotkeyPrefix) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1887E0) [Address] EAT @explorer.exe (GdipGetStringFormatLineAlign) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B188908) [Address] EAT @explorer.exe (GdipGetStringFormatMeasurableCharacterRangeCount) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18856C) [Address] EAT @explorer.exe (GdipGetStringFormatTabStopCount) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B188698) [Address] EAT @explorer.exe (GdipGetStringFormatTabStops) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1885DC) [Address] EAT @explorer.exe (GdipGetStringFormatTrimming) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B188260) [Address] EAT @explorer.exe (GdipGetTextContrast) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1911B0) [Address] EAT @explorer.exe (GdipGetTextRenderingHint) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B148160) [Address] EAT @explorer.exe (GdipGetTextureImage) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16DE20) [Address] EAT @explorer.exe (GdipGetTextureTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B199AD0) [Address] EAT @explorer.exe (GdipGetTextureWrapMode) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16DCCC) [Address] EAT @explorer.exe (GdipGetVisibleClipBounds) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18B7D0) [Address] EAT @explorer.exe (GdipGetVisibleClipBoundsI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18B690) [Address] EAT @explorer.exe (GdipGetWorldTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B13780C) [Address] EAT @explorer.exe (GdipGraphicsClear) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1419E8) [Address] EAT @explorer.exe (GdipGraphicsSetAbort) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1925EC) [Address] EAT @explorer.exe (GdipImageForceValidation) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B146F4C) [Address] EAT @explorer.exe (GdipImageGetFrameCount) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B170478) [Address] EAT @explorer.exe (GdipImageGetFrameDimensionsCount) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B170204) [Address] EAT @explorer.exe (GdipImageGetFrameDimensionsList) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1702A4) [Address] EAT @explorer.exe (GdipImageRotateFlip) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B173500) [Address] EAT @explorer.exe (GdipImageSelectActiveFrame) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B193F94) [Address] EAT @explorer.exe (GdipImageSetAbort) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B192690) [Address] EAT @explorer.exe (GdipInitializePalette) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B192A30) [Address] EAT @explorer.exe (GdipInvertMatrix) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19C100) [Address] EAT @explorer.exe (GdipIsClipEmpty) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18B884) [Address] EAT @explorer.exe (GdipIsEmptyRegion) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19AF40) [Address] EAT @explorer.exe (GdipIsEqualRegion) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19AD48) [Address] EAT @explorer.exe (GdipIsInfiniteRegion) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B148268) [Address] EAT @explorer.exe (GdipIsMatrixEqual) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19BCA0) [Address] EAT @explorer.exe (GdipIsMatrixIdentity) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B137760) [Address] EAT @explorer.exe (GdipIsMatrixInvertible) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19BDC4) [Address] EAT @explorer.exe (GdipIsOutlineVisiblePathPoint) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19D080) [Address] EAT @explorer.exe (GdipIsOutlineVisiblePathPointI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19CFF8) [Address] EAT @explorer.exe (GdipIsStyleAvailable) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1897B8) [Address] EAT @explorer.exe (GdipIsVisibleClipEmpty) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18B5D4) [Address] EAT @explorer.exe (GdipIsVisiblePathPoint) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19D344) [Address] EAT @explorer.exe (GdipIsVisiblePathPointI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19D2C8) [Address] EAT @explorer.exe (GdipIsVisiblePoint) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18B4F0) [Address] EAT @explorer.exe (GdipIsVisiblePointI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18B480) [Address] EAT @explorer.exe (GdipIsVisibleRect) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18B37C) [Address] EAT @explorer.exe (GdipIsVisibleRectI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18B2F0) [Address] EAT @explorer.exe (GdipIsVisibleRegionPoint) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19AA08) [Address] EAT @explorer.exe (GdipIsVisibleRegionPointI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19A98C) [Address] EAT @explorer.exe (GdipIsVisibleRegionRect) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19A7A8) [Address] EAT @explorer.exe (GdipIsVisibleRegionRectI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19A70C) [Address] EAT @explorer.exe (GdipLoadImageFromFile) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1944D4) [Address] EAT @explorer.exe (GdipLoadImageFromFileICM) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B194314) [Address] EAT @explorer.exe (GdipLoadImageFromStream) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B139F24) [Address] EAT @explorer.exe (GdipLoadImageFromStreamICM) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1943F4) [Address] EAT @explorer.exe (GdipMeasureCharacterRanges) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18DC28) [Address] EAT @explorer.exe (GdipMeasureDriverString) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18D7D0) [Address] EAT @explorer.exe (GdipMeasureString) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18DDF0) [Address] EAT @explorer.exe (GdipMultiplyLineTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B197354) [Address] EAT @explorer.exe (GdipMultiplyMatrix) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16A8BC) [Address] EAT @explorer.exe (GdipMultiplyPathGradientTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B197354) [Address] EAT @explorer.exe (GdipMultiplyPenTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B196094) [Address] EAT @explorer.exe (GdipMultiplyTextureTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B197354) [Address] EAT @explorer.exe (GdipMultiplyWorldTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B190F58) [Address] EAT @explorer.exe (GdipNewInstalledFontCollection) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1893A0) [Address] EAT @explorer.exe (GdipNewPrivateFontCollection) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1892EC) [Address] EAT @explorer.exe (GdipPathIterCopyData) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19C4A8) [Address] EAT @explorer.exe (GdipPathIterEnumerate) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19C598) [Address] EAT @explorer.exe (GdipPathIterGetCount) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19C93C) [Address] EAT @explorer.exe (GdipPathIterGetSubpathCount) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19C888) [Address] EAT @explorer.exe (GdipPathIterHasCurve) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19C728) [Address] EAT @explorer.exe (GdipPathIterIsValid) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19C7D4) [Address] EAT @explorer.exe (GdipPathIterNextMarker) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19CAB4) [Address] EAT @explorer.exe (GdipPathIterNextMarkerPath) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19C9F0) [Address] EAT @explorer.exe (GdipPathIterNextPathType) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19CB98) [Address] EAT @explorer.exe (GdipPathIterNextSubpath) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19CD5C) [Address] EAT @explorer.exe (GdipPathIterNextSubpathPath) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19CC84) [Address] EAT @explorer.exe (GdipPathIterRewind) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19C680) [Address] EAT @explorer.exe (GdipPlayMetafileRecord) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18BEF4) [Address] EAT @explorer.exe (GdipPlayTSClientRecord) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1879F8) [Address] EAT @explorer.exe (GdipPrivateAddFontFile) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B189020) [Address] EAT @explorer.exe (GdipPrivateAddMemoryFont) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B188F74) [Address] EAT @explorer.exe (GdipRecordMetafile) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B162A54) [Address] EAT @explorer.exe (GdipRecordMetafileFileName) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18A510) [Address] EAT @explorer.exe (GdipRecordMetafileFileNameI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18A40C) [Address] EAT @explorer.exe (GdipRecordMetafileI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18A66C) [Address] EAT @explorer.exe (GdipRecordMetafileStream) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18A2B0) [Address] EAT @explorer.exe (GdipRecordMetafileStreamI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18A1AC) [Address] EAT @explorer.exe (GdipReleaseDC) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B153508) [Address] EAT @explorer.exe (GdipRemovePropertyItem) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B193DE0) [Address] EAT @explorer.exe (GdipResetClip) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B152D60) [Address] EAT @explorer.exe (GdipResetImageAttributes) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B192358) [Address] EAT @explorer.exe (GdipResetLineTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B198914) [Address] EAT @explorer.exe (GdipResetPageTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B190D38) [Address] EAT @explorer.exe (GdipResetPath) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1A00E0) [Address] EAT @explorer.exe (GdipResetPathGradientTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B198914) [Address] EAT @explorer.exe (GdipResetPenTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B196198) [Address] EAT @explorer.exe (GdipResetTextureTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B198914) [Address] EAT @explorer.exe (GdipResetWorldTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19106C) [Address] EAT @explorer.exe (GdipRestoreGraphics) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1481E8) [Address] EAT @explorer.exe (GdipReversePath) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19F7A8) [Address] EAT @explorer.exe (GdipRotateLineTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B199A18) [Address] EAT @explorer.exe (GdipRotateMatrix) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16B700) [Address] EAT @explorer.exe (GdipRotatePathGradientTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B199A18) [Address] EAT @explorer.exe (GdipRotatePenTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B195E0C) [Address] EAT @explorer.exe (GdipRotateTextureTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B199A18) [Address] EAT @explorer.exe (GdipRotateWorldTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B190DE0) [Address] EAT @explorer.exe (GdipSaveAdd) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1940F8) [Address] EAT @explorer.exe (GdipSaveAddImage) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B194040) [Address] EAT @explorer.exe (GdipSaveGraphics) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B147F9C) [Address] EAT @explorer.exe (GdipSaveImageToFile) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B125FD0) [Address] EAT @explorer.exe (GdipSaveImageToStream) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B13FC80) [Address] EAT @explorer.exe (GdipScaleLineTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19728C) [Address] EAT @explorer.exe (GdipScaleMatrix) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16A738) [Address] EAT @explorer.exe (GdipScalePathGradientTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19728C) [Address] EAT @explorer.exe (GdipScalePenTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B195EDC) [Address] EAT @explorer.exe (GdipScaleTextureTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19728C) [Address] EAT @explorer.exe (GdipScaleWorldTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B190E94) [Address] EAT @explorer.exe (GdipSetAdjustableArrowCapFillState) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B194660) [Address] EAT @explorer.exe (GdipSetAdjustableArrowCapHeight) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B194AC0) [Address] EAT @explorer.exe (GdipSetAdjustableArrowCapMiddleInset) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1947D0) [Address] EAT @explorer.exe (GdipSetAdjustableArrowCapWidth) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B194948) [Address] EAT @explorer.exe (GdipSetClipGraphics) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18BDEC) [Address] EAT @explorer.exe (GdipSetClipHrgn) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18BB08) [Address] EAT @explorer.exe (GdipSetClipPath) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18BCDC) [Address] EAT @explorer.exe (GdipSetClipRect) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1369B0) [Address] EAT @explorer.exe (GdipSetClipRectI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B136910) [Address] EAT @explorer.exe (GdipSetClipRegion) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18BBD4) [Address] EAT @explorer.exe (GdipSetCompositingMode) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B143358) [Address] EAT @explorer.exe (GdipSetCompositingQuality) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19152C) [Address] EAT @explorer.exe (GdipSetCustomLineCapBaseCap) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B194FA0) [Address] EAT @explorer.exe (GdipSetCustomLineCapBaseInset) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B194E5C) [Address] EAT @explorer.exe (GdipSetCustomLineCapStrokeCaps) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B195250) [Address] EAT @explorer.exe (GdipSetCustomLineCapStrokeJoin) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B195104) [Address] EAT @explorer.exe (GdipSetCustomLineCapWidthScale) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B194D24) [Address] EAT @explorer.exe (GdipSetEffectParameters) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B192CEC) [Address] EAT @explorer.exe (GdipSetEmpty) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19B7C4) [Address] EAT @explorer.exe (GdipSetImageAttributesCachedBackground) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B191BC8) [Address] EAT @explorer.exe (GdipSetImageAttributesColorKeys) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B147460) [Address] EAT @explorer.exe (GdipSetImageAttributesColorMatrix) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B192284) [Address] EAT @explorer.exe (GdipSetImageAttributesGamma) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19205C) [Address] EAT @explorer.exe (GdipSetImageAttributesNoOp) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B191F54) [Address] EAT @explorer.exe (GdipSetImageAttributesOutputChannel) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B191E38) [Address] EAT @explorer.exe (GdipSetImageAttributesOutputChannelColorProfile) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B191D74) [Address] EAT @explorer.exe (GdipSetImageAttributesRemapTable) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B191C70) [Address] EAT @explorer.exe (GdipSetImageAttributesThreshold) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B192164) [Address] EAT @explorer.exe (GdipSetImageAttributesToIdentity) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B192448) [Address] EAT @explorer.exe (GdipSetImageAttributesWrapMode) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B191B10) [Address] EAT @explorer.exe (GdipSetImagePalette) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1938AC) [Address] EAT @explorer.exe (GdipSetInfinite) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19B860) [Address] EAT @explorer.exe (GdipSetInterpolationMode) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B171170) [Address] EAT @explorer.exe (GdipSetLineBlend) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B17273C) [Address] EAT @explorer.exe (GdipSetLineColors) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B199454) [Address] EAT @explorer.exe (GdipSetLineGammaCorrection) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B199214) [Address] EAT @explorer.exe (GdipSetLineLinearBlend) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B198C10) [Address] EAT @explorer.exe (GdipSetLinePresetBlend) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B198CD0) [Address] EAT @explorer.exe (GdipSetLineSigmaBlend) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B172A58) [Address] EAT @explorer.exe (GdipSetLineTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1989B4) [Address] EAT @explorer.exe (GdipSetLineWrapMode) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B198B50) [Address] EAT @explorer.exe (GdipSetMatrixElements) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16A7E0) [Address] EAT @explorer.exe (GdipSetMetafileDownLevelRasterizationLimit) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18A068) [Address] EAT @explorer.exe (GdipSetPageScale) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B190B1C) [Address] EAT @explorer.exe (GdipSetPageUnit) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B149E40) [Address] EAT @explorer.exe (GdipSetPathFillMode) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B13F4BC) [Address] EAT @explorer.exe (GdipSetPathGradientBlend) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1978A8) [Address] EAT @explorer.exe (GdipSetPathGradientCenterColor) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B198444) [Address] EAT @explorer.exe (GdipSetPathGradientCenterPoint) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B197EDC) [Address] EAT @explorer.exe (GdipSetPathGradientCenterPointI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B197E68) [Address] EAT @explorer.exe (GdipSetPathGradientFocusScales) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B197104) [Address] EAT @explorer.exe (GdipSetPathGradientGammaCorrection) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B197BB0) [Address] EAT @explorer.exe (GdipSetPathGradientLinearBlend) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B198C10) [Address] EAT @explorer.exe (GdipSetPathGradientPath) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1980E0) [Address] EAT @explorer.exe (GdipSetPathGradientPresetBlend) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1975C4) [Address] EAT @explorer.exe (GdipSetPathGradientSigmaBlend) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B197504) [Address] EAT @explorer.exe (GdipSetPathGradientSurroundColorsWithCount) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B198110) [Address] EAT @explorer.exe (GdipSetPathGradientTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1989B4) [Address] EAT @explorer.exe (GdipSetPathGradientWrapMode) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B197458) [Address] EAT @explorer.exe (GdipSetPathMarker) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19F8E8) [Address] EAT @explorer.exe (GdipSetPenBrushFill) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B137974) [Address] EAT @explorer.exe (GdipSetPenColor) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1508F8) [Address] EAT @explorer.exe (GdipSetPenCompoundArray) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1957B0) [Address] EAT @explorer.exe (GdipSetPenCustomEndCap) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B196814) [Address] EAT @explorer.exe (GdipSetPenCustomStartCap) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1969C4) [Address] EAT @explorer.exe (GdipSetPenDashArray) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1959D8) [Address] EAT @explorer.exe (GdipSetPenDashCap197819) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B196D70) [Address] EAT @explorer.exe (GdipSetPenDashOffset) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B195B44) [Address] EAT @explorer.exe (GdipSetPenDashStyle) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B150860) [Address] EAT @explorer.exe (GdipSetPenEndCap) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B13ABC0) [Address] EAT @explorer.exe (GdipSetPenLineCap197819) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B196E18) [Address] EAT @explorer.exe (GdipSetPenLineJoin) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B13AC50) [Address] EAT @explorer.exe (GdipSetPenMiterLimit) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1966A0) [Address] EAT @explorer.exe (GdipSetPenMode) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B196548) [Address] EAT @explorer.exe (GdipSetPenStartCap) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B13AB30) [Address] EAT @explorer.exe (GdipSetPenTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B196368) [Address] EAT @explorer.exe (GdipSetPenUnit) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B196F94) [Address] EAT @explorer.exe (GdipSetPenWidth) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B136B50) [Address] EAT @explorer.exe (GdipSetPixelOffsetMode) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B17346C) [Address] EAT @explorer.exe (GdipSetPropertyItem) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B144558) [Address] EAT @explorer.exe (GdipSetRenderingOrigin) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1916AC) [Address] EAT @explorer.exe (GdipSetSmoothingMode) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B131DB8) [Address] EAT @explorer.exe (GdipSetSolidFillColor) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B136C1C) [Address] EAT @explorer.exe (GdipSetStringFormatAlign) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B188AC0) [Address] EAT @explorer.exe (GdipSetStringFormatDigitSubstitution) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18843C) [Address] EAT @explorer.exe (GdipSetStringFormatFlags) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B188BE8) [Address] EAT @explorer.exe (GdipSetStringFormatHotkeyPrefix) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B188870) [Address] EAT @explorer.exe (GdipSetStringFormatLineAlign) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B188998) [Address] EAT @explorer.exe (GdipSetStringFormatMeasurableCharacterRanges) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1884E8) [Address] EAT @explorer.exe (GdipSetStringFormatTabStops) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B188728) [Address] EAT @explorer.exe (GdipSetStringFormatTrimming) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1882F8) [Address] EAT @explorer.exe (GdipSetTextContrast) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B191264) [Address] EAT @explorer.exe (GdipSetTextRenderingHint) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19130C) [Address] EAT @explorer.exe (GdipSetTextureTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1989B4) [Address] EAT @explorer.exe (GdipSetTextureWrapMode) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16DF10) [Address] EAT @explorer.exe (GdipSetWorldTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16D014) [Address] EAT @explorer.exe (GdipShearMatrix) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19C19C) [Address] EAT @explorer.exe (GdipStartPathFigure) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19FAC8) [Address] EAT @explorer.exe (GdipStringFormatGetGenericDefault) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B188DF8) [Address] EAT @explorer.exe (GdipStringFormatGetGenericTypographic) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B188D90) [Address] EAT @explorer.exe (GdipTestControl) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1881EC) [Address] EAT @explorer.exe (GdipTransformMatrixPoints) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16C110) [Address] EAT @explorer.exe (GdipTransformMatrixPointsI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16BFE4) [Address] EAT @explorer.exe (GdipTransformPath) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19D804) [Address] EAT @explorer.exe (GdipTransformPoints) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19098C) [Address] EAT @explorer.exe (GdipTransformPointsI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1907AC) [Address] EAT @explorer.exe (GdipTransformRegion) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19B374) [Address] EAT @explorer.exe (GdipTranslateClip) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18BA4C) [Address] EAT @explorer.exe (GdipTranslateClipI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18B9EC) [Address] EAT @explorer.exe (GdipTranslateLineTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19884C) [Address] EAT @explorer.exe (GdipTranslateMatrix) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16A68C) [Address] EAT @explorer.exe (GdipTranslatePathGradientTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19884C) [Address] EAT @explorer.exe (GdipTranslatePenTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B195FB8) [Address] EAT @explorer.exe (GdipTranslateRegion) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19B4BC) [Address] EAT @explorer.exe (GdipTranslateRegionI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19B45C) [Address] EAT @explorer.exe (GdipTranslateTextureTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19884C) [Address] EAT @explorer.exe (GdipTranslateWorldTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B147EEC) [Address] EAT @explorer.exe (GdipVectorTransformMatrixPoints) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19C038) [Address] EAT @explorer.exe (GdipVectorTransformMatrixPointsI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19BE78) [Address] EAT @explorer.exe (GdipWarpPath) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19D914) [Address] EAT @explorer.exe (GdipWidenPath) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19DA68) [Address] EAT @explorer.exe (GdipWindingModeOutline) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19DBD0) [Address] EAT @explorer.exe (GdiplusNotificationHook) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1A0510) [Address] EAT @explorer.exe (GdiplusNotificationUnhook) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1A04AC) [Address] EAT @explorer.exe (GdiplusShutdown) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1288CC) [Address] EAT @explorer.exe (GdiplusStartup) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1232B0) ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : PUP ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST1000DM 003-9YN162 SATA Disk Device +++++ --- User --- [MBR] 8f2db576be6674b10e6cd2f5fc775b9e [bSP] af9af62fb2883b0228c825713a1e8fbe : Empty MBR Code Partition table: 0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Generic- SD/MMC USB Device +++++ Error reading User MBR! ([0x15] The device is not ready. ) User = LL1 ... OK! Error reading LL2 MBR! ([0x32] The request is not supported. ) +++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) Generic- Compact Flash USB Device +++++ Error reading User MBR! ([0x15] The device is not ready. ) User = LL1 ... OK! Error reading LL2 MBR! ([0x32] The request is not supported. ) +++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) Generic- SM/xD Picture USB Device +++++ Error reading User MBR! ([0x15] The device is not ready. ) User = LL1 ... OK! Error reading LL2 MBR! ([0x32] The request is not supported. ) +++++ PhysicalDrive4: (\\.\PHYSICALDRIVE4 @ USB) Generic- MS/MS-Pro USB Device +++++ Error reading User MBR! ([0x15] The device is not ready. ) User = LL1 ... OK! Error reading LL2 MBR! ([0x32] The request is not supported. ) Finished : << RKreport[0]_S_03282014_175057.txt >>
  2. RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 8 (6.2.9200 ) 64 bits version Started in : Normal mode User : Jami [Admin rights] Mode : Scan -- Date : 03/28/2014 17:50:57 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤ [RUN][sUSP PATH] HKLM\[...]\Run : etMonitor (C:\Windows\etMon.exe [x]) -> FOUND [RUN][sUSP PATH] HKLM\[...]\RunOnce : DCERegBootClean64 (C:\Windows\RegBootClean64.exe [7]) -> FOUND [PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:44633;hxxps=127.0.0.1:44633 [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 1 ¤¤¤ [V2][sUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" - /silent $(Arg0) [x][x] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 1 ¤¤¤ [FF][PUP] at73luqo.default : AVG SafeGuard toolbar ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ [Address] EAT @explorer.exe (GdipAddPathArc) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16C868) [Address] EAT @explorer.exe (GdipAddPathArcI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16C7C8) [Address] EAT @explorer.exe (GdipAddPathBezier) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19F400) [Address] EAT @explorer.exe (GdipAddPathBezierI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19F31C) [Address] EAT @explorer.exe (GdipAddPathBeziers) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19F258) [Address] EAT @explorer.exe (GdipAddPathBeziersI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19F174) [Address] EAT @explorer.exe (GdipAddPathClosedCurve) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19EAC4) [Address] EAT @explorer.exe (GdipAddPathClosedCurve2) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19E90C) [Address] EAT @explorer.exe (GdipAddPathClosedCurve2I) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19E824) [Address] EAT @explorer.exe (GdipAddPathClosedCurveI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19E9E0) [Address] EAT @explorer.exe (GdipAddPathCurve) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19F094) [Address] EAT @explorer.exe (GdipAddPathCurve2) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19EE94) [Address] EAT @explorer.exe (GdipAddPathCurve2I) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19ED74) [Address] EAT @explorer.exe (GdipAddPathCurve3) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19EC90) [Address] EAT @explorer.exe (GdipAddPathCurve3I) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19EB90) [Address] EAT @explorer.exe (GdipAddPathCurveI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19EF78) [Address] EAT @explorer.exe (GdipAddPathEllipse) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19E3FC) [Address] EAT @explorer.exe (GdipAddPathEllipseI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19E378) [Address] EAT @explorer.exe (GdipAddPathLine) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16B964) [Address] EAT @explorer.exe (GdipAddPathLine2) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19F61C) [Address] EAT @explorer.exe (GdipAddPathLine2I) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19F538) [Address] EAT @explorer.exe (GdipAddPathLineI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16B8E0) [Address] EAT @explorer.exe (GdipAddPathPath) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19DF7C) [Address] EAT @explorer.exe (GdipAddPathPie) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19E280) [Address] EAT @explorer.exe (GdipAddPathPieI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19E1E0) [Address] EAT @explorer.exe (GdipAddPathPolygon) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19E11C) [Address] EAT @explorer.exe (GdipAddPathPolygonI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19E038) [Address] EAT @explorer.exe (GdipAddPathRectangle) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19E730) [Address] EAT @explorer.exe (GdipAddPathRectangleI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19E6AC) [Address] EAT @explorer.exe (GdipAddPathRectangles) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19E5E8) [Address] EAT @explorer.exe (GdipAddPathRectanglesI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19E4E8) [Address] EAT @explorer.exe (GdipAddPathString) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19DDBC) [Address] EAT @explorer.exe (GdipAddPathStringI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19DCD4) [Address] EAT @explorer.exe (GdipAlloc) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B129ADC) [Address] EAT @explorer.exe (GdipBeginContainer) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18B1C4) [Address] EAT @explorer.exe (GdipBeginContainer2) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18B100) [Address] EAT @explorer.exe (GdipBeginContainerI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18B000) [Address] EAT @explorer.exe (GdipBitmapApplyEffect) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B192874) [Address] EAT @explorer.exe (GdipBitmapConvertFormat) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B192B20) [Address] EAT @explorer.exe (GdipBitmapCreateApplyEffect) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19295C) [Address] EAT @explorer.exe (GdipBitmapGetHistogram) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19278C) [Address] EAT @explorer.exe (GdipBitmapGetHistogramSize) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B192740) [Address] EAT @explorer.exe (GdipBitmapGetPixel) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B192E18) [Address] EAT @explorer.exe (GdipBitmapLockBits) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B12C490) [Address] EAT @explorer.exe (GdipBitmapSetPixel) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1431E0) [Address] EAT @explorer.exe (GdipBitmapSetResolution) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B144880) [Address] EAT @explorer.exe (GdipBitmapUnlockBits) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B12C5C8) [Address] EAT @explorer.exe (GdipClearPathMarkers) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19F848) [Address] EAT @explorer.exe (GdipCloneBitmapArea) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B192F04) [Address] EAT @explorer.exe (GdipCloneBitmapAreaI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1712D8) [Address] EAT @explorer.exe (GdipCloneBrush) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19A32C) [Address] EAT @explorer.exe (GdipCloneCustomLineCap) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B195450) [Address] EAT @explorer.exe (GdipCloneFont) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18996C) [Address] EAT @explorer.exe (GdipCloneFontFamily) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B189C18) [Address] EAT @explorer.exe (GdipCloneImage) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1470D8) [Address] EAT @explorer.exe (GdipCloneImageAttributes) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B192538) [Address] EAT @explorer.exe (GdipCloneMatrix) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16B360) [Address] EAT @explorer.exe (GdipClonePath) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1A0184) [Address] EAT @explorer.exe (GdipClonePen) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B197048) [Address] EAT @explorer.exe (GdipCloneRegion) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19B8FC) [Address] EAT @explorer.exe (GdipCloneStringFormat) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B188CF0) [Address] EAT @explorer.exe (GdipClosePathFigure) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19FA28) [Address] EAT @explorer.exe (GdipClosePathFigures) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19F988) [Address] EAT @explorer.exe (GdipCombineRegionPath) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19B538) [Address] EAT @explorer.exe (GdipCombineRegionRect) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19B6F4) [Address] EAT @explorer.exe (GdipCombineRegionRectI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19B654) [Address] EAT @explorer.exe (GdipCombineRegionRegion) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1488A4) [Address] EAT @explorer.exe (GdipComment) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B189878) [Address] EAT @explorer.exe (GdipConvertToEmfPlus) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1880FC) [Address] EAT @explorer.exe (GdipConvertToEmfPlusToFile) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B187FFC) [Address] EAT @explorer.exe (GdipConvertToEmfPlusToStream) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B187EFC) [Address] EAT @explorer.exe (GdipCreateAdjustableArrowCap) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B194B88) [Address] EAT @explorer.exe (GdipCreateBitmapFromDirectDrawSurface) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1930A4) [Address] EAT @explorer.exe (GdipCreateBitmapFromFile) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1406FC) [Address] EAT @explorer.exe (GdipCreateBitmapFromFileICM) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B193330) [Address] EAT @explorer.exe (GdipCreateBitmapFromGdiDib) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B13B994) [Address] EAT @explorer.exe (GdipCreateBitmapFromGraphics) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1931D4) [Address] EAT @explorer.exe (GdipCreateBitmapFromHBITMAP) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B122F28) [Address] EAT @explorer.exe (GdipCreateBitmapFromHICON) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B147B2C) [Address] EAT @explorer.exe (GdipCreateBitmapFromResource) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19300C) [Address] EAT @explorer.exe (GdipCreateBitmapFromScan0) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1384A4) [Address] EAT @explorer.exe (GdipCreateBitmapFromStream) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16FF40) [Address] EAT @explorer.exe (GdipCreateBitmapFromStreamICM) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B193480) [Address] EAT @explorer.exe (GdipCreateCachedBitmap) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B172F6C) [Address] EAT @explorer.exe (GdipCreateCustomLineCap) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19551C) [Address] EAT @explorer.exe (GdipCreateEffect) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B192DB0) [Address] EAT @explorer.exe (GdipCreateFont) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1497BC) [Address] EAT @explorer.exe (GdipCreateFontFamilyFromName) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B148DD4) [Address] EAT @explorer.exe (GdipCreateFontFromDC) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B189520) [Address] EAT @explorer.exe (GdipCreateFontFromLogfontA) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B189408) [Address] EAT @explorer.exe (GdipCreateFontFromLogfontW) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B149380) [Address] EAT @explorer.exe (GdipCreateFromHDC) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B12D848) [Address] EAT @explorer.exe (GdipCreateFromHDC2) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19196C) [Address] EAT @explorer.exe (GdipCreateFromHWND) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1918CC) [Address] EAT @explorer.exe (GdipCreateFromHWNDICM) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19182C) [Address] EAT @explorer.exe (GdipCreateHBITMAPFromBitmap) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B133830) [Address] EAT @explorer.exe (GdipCreateHICONFromBitmap) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B14779C) [Address] EAT @explorer.exe (GdipCreateHalftonePalette) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B149ED8) [Address] EAT @explorer.exe (GdipCreateHatchBrush) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19A198) [Address] EAT @explorer.exe (GdipCreateImageAttributes) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B146D10) [Address] EAT @explorer.exe (GdipCreateLineBrush) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19984C) [Address] EAT @explorer.exe (GdipCreateLineBrushFromRect) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B172150) [Address] EAT @explorer.exe (GdipCreateLineBrushFromRectI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B172044) [Address] EAT @explorer.exe (GdipCreateLineBrushFromRectWithAngle) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19961C) [Address] EAT @explorer.exe (GdipCreateLineBrushFromRectWithAngleI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B199514) [Address] EAT @explorer.exe (GdipCreateLineBrushI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B199738) [Address] EAT @explorer.exe (GdipCreateMatrix) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1374C8) [Address] EAT @explorer.exe (GdipCreateMatrix2) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16B244) [Address] EAT @explorer.exe (GdipCreateMatrix3) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19C3C0) [Address] EAT @explorer.exe (GdipCreateMatrix3I) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19C274) [Address] EAT @explorer.exe (GdipCreateMetafileFromEmf) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18AB18) [Address] EAT @explorer.exe (GdipCreateMetafileFromFile) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18AA30) [Address] EAT @explorer.exe (GdipCreateMetafileFromStream) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18A854) [Address] EAT @explorer.exe (GdipCreateMetafileFromWmf) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18AC0C) [Address] EAT @explorer.exe (GdipCreateMetafileFromWmfFile) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18A93C) [Address] EAT @explorer.exe (GdipCreatePath) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B13F200) [Address] EAT @explorer.exe (GdipCreatePath2) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1A03C4) [Address] EAT @explorer.exe (GdipCreatePath2I) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1A023C) [Address] EAT @explorer.exe (GdipCreatePathGradient) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B198778) [Address] EAT @explorer.exe (GdipCreatePathGradientFromPath) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B198598) [Address] EAT @explorer.exe (GdipCreatePathGradientI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19864C) [Address] EAT @explorer.exe (GdipCreatePathIter) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19CEE0) [Address] EAT @explorer.exe (GdipCreatePen1) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B13A7E8) [Address] EAT @explorer.exe (GdipCreatePen2) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B137D40) [Address] EAT @explorer.exe (GdipCreateRegion) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B148040) [Address] EAT @explorer.exe (GdipCreateRegionHrgn) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19BA00) [Address] EAT @explorer.exe (GdipCreateRegionPath) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19BB94) [Address] EAT @explorer.exe (GdipCreateRegionRect) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16D9CC) [Address] EAT @explorer.exe (GdipCreateRegionRectI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16D918) [Address] EAT @explorer.exe (GdipCreateRegionRgnData) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19BAC8) [Address] EAT @explorer.exe (GdipCreateSolidFill) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B135630) [Address] EAT @explorer.exe (GdipCreateStreamOnFile) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B15AB24) [Address] EAT @explorer.exe (GdipCreateStringFormat) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B188EA0) [Address] EAT @explorer.exe (GdipCreateTexture) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B142A40) [Address] EAT @explorer.exe (GdipCreateTexture2) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B199EC4) [Address] EAT @explorer.exe (GdipCreateTexture2I) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B199C40) [Address] EAT @explorer.exe (GdipCreateTextureIA) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B199D10) [Address] EAT @explorer.exe (GdipCreateTextureIAI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B199BF0) [Address] EAT @explorer.exe (GdipDeleteBrush) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B135170) [Address] EAT @explorer.exe (GdipDeleteCachedBitmap) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B143498) [Address] EAT @explorer.exe (GdipDeleteCustomLineCap) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B195308) [Address] EAT @explorer.exe (GdipDeleteEffect) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B192D60) [Address] EAT @explorer.exe (GdipDeleteFont) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B13834C) [Address] EAT @explorer.exe (GdipDeleteFontFamily) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B189CD0) [Address] EAT @explorer.exe (GdipDeleteGraphics) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B12D378) [Address] EAT @explorer.exe (GdipDeleteMatrix) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1373FC) [Address] EAT @explorer.exe (GdipDeletePath) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B13F2E0) [Address] EAT @explorer.exe (GdipDeletePathIter) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19CE4C) [Address] EAT @explorer.exe (GdipDeletePen) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B13521C) [Address] EAT @explorer.exe (GdipDeletePrivateFontCollection) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18924C) [Address] EAT @explorer.exe (GdipDeleteRegion) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1376B8) [Address] EAT @explorer.exe (GdipDeleteStringFormat) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B188C7C) [Address] EAT @explorer.exe (GdipDisposeImage) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B121CE0) [Address] EAT @explorer.exe (GdipDisposeImageAttributes) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B146B70) [Address] EAT @explorer.exe (GdipDrawArc) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19040C) [Address] EAT @explorer.exe (GdipDrawArcI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B190360) [Address] EAT @explorer.exe (GdipDrawBezier) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B190208) [Address] EAT @explorer.exe (GdipDrawBezierI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B190114) [Address] EAT @explorer.exe (GdipDrawBeziers) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18FFF8) [Address] EAT @explorer.exe (GdipDrawBeziersI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18FEDC) [Address] EAT @explorer.exe (GdipDrawCachedBitmap) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B170EF0) [Address] EAT @explorer.exe (GdipDrawClosedCurve) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18F140) [Address] EAT @explorer.exe (GdipDrawClosedCurve2) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18EF38) [Address] EAT @explorer.exe (GdipDrawClosedCurve2I) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18EE44) [Address] EAT @explorer.exe (GdipDrawClosedCurveI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18F05C) [Address] EAT @explorer.exe (GdipDrawCurve) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18F7B4) [Address] EAT @explorer.exe (GdipDrawCurve2) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18F59C) [Address] EAT @explorer.exe (GdipDrawCurve2I) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18F4A8) [Address] EAT @explorer.exe (GdipDrawCurve3) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18F374) [Address] EAT @explorer.exe (GdipDrawCurve3I) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18F268) [Address] EAT @explorer.exe (GdipDrawCurveI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18F6D0) [Address] EAT @explorer.exe (GdipDrawDriverString) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18D9A8) [Address] EAT @explorer.exe (GdipDrawEllipse) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18FB64) [Address] EAT @explorer.exe (GdipDrawEllipseI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18FAD4) [Address] EAT @explorer.exe (GdipDrawImage) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B142DF0) [Address] EAT @explorer.exe (GdipDrawImageFX) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18D004) [Address] EAT @explorer.exe (GdipDrawImageI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B142D6C) [Address] EAT @explorer.exe (GdipDrawImagePointRect) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16D77C) [Address] EAT @explorer.exe (GdipDrawImagePointRectI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16D6B8) [Address] EAT @explorer.exe (GdipDrawImagePoints) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18D658) [Address] EAT @explorer.exe (GdipDrawImagePointsI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18D53C) [Address] EAT @explorer.exe (GdipDrawImagePointsRect) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18D2CC) [Address] EAT @explorer.exe (GdipDrawImagePointsRectI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18D134) [Address] EAT @explorer.exe (GdipDrawImageRect) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B132664) [Address] EAT @explorer.exe (GdipDrawImageRectI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1325C4) [Address] EAT @explorer.exe (GdipDrawImageRectRect) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16EFC4) [Address] EAT @explorer.exe (GdipDrawImageRectRectI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16EE90) [Address] EAT @explorer.exe (GdipDrawLine) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1905D8) [Address] EAT @explorer.exe (GdipDrawLineI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B190548) [Address] EAT @explorer.exe (GdipDrawLines) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B13CA40) [Address] EAT @explorer.exe (GdipDrawLinesI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B13C958) [Address] EAT @explorer.exe (GdipDrawPath) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16AFA0) [Address] EAT @explorer.exe (GdipDrawPie) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18F998) [Address] EAT @explorer.exe (GdipDrawPieI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18F8EC) [Address] EAT @explorer.exe (GdipDrawPolygon) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1527D0) [Address] EAT @explorer.exe (GdipDrawPolygonI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1526E0) [Address] EAT @explorer.exe (GdipDrawRectangle) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B13CD30) [Address] EAT @explorer.exe (GdipDrawRectangleI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B13CC90) [Address] EAT @explorer.exe (GdipDrawRectangles) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18FDC0) [Address] EAT @explorer.exe (GdipDrawRectanglesI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18FC88) [Address] EAT @explorer.exe (GdipDrawString) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18E018) [Address] EAT @explorer.exe (GdipEmfToWmfBits) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B156A28) [Address] EAT @explorer.exe (GdipEndContainer) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18AF58) [Address] EAT @explorer.exe (GdipEnumerateMetafileDestPoint) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18CE6C) [Address] EAT @explorer.exe (GdipEnumerateMetafileDestPointI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18CDD0) [Address] EAT @explorer.exe (GdipEnumerateMetafileDestPoints) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18C9D4) [Address] EAT @explorer.exe (GdipEnumerateMetafileDestPointsI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18C894) [Address] EAT @explorer.exe (GdipEnumerateMetafileDestRect) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18CC38) [Address] EAT @explorer.exe (GdipEnumerateMetafileDestRectI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18CB80) [Address] EAT @explorer.exe (GdipEnumerateMetafileSrcRectDestPoint) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18C6D0) [Address] EAT @explorer.exe (GdipEnumerateMetafileSrcRectDestPointI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18C5E0) [Address] EAT @explorer.exe (GdipEnumerateMetafileSrcRectDestPoints) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18C15C) [Address] EAT @explorer.exe (GdipEnumerateMetafileSrcRectDestPointsI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18BFD4) [Address] EAT @explorer.exe (GdipEnumerateMetafileSrcRectDestRect) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18C41C) [Address] EAT @explorer.exe (GdipEnumerateMetafileSrcRectDestRectI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18C328) [Address] EAT @explorer.exe (GdipFillClosedCurve) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18E524) [Address] EAT @explorer.exe (GdipFillClosedCurve2) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18E310) [Address] EAT @explorer.exe (GdipFillClosedCurve2I) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18E210) [Address] EAT @explorer.exe (GdipFillClosedCurveI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18E440) [Address] EAT @explorer.exe (GdipFillEllipse) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B13F768) [Address] EAT @explorer.exe (GdipFillEllipseI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18E990) [Address] EAT @explorer.exe (GdipFillPath) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18E654) [Address] EAT @explorer.exe (GdipFillPie) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18E850) [Address] EAT @explorer.exe (GdipFillPieI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18E79C) [Address] EAT @explorer.exe (GdipFillPolygon) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1529AC) [Address] EAT @explorer.exe (GdipFillPolygon2) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18EB04) [Address] EAT @explorer.exe (GdipFillPolygon2I) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18EA20) [Address] EAT @explorer.exe (GdipFillPolygonI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1528BC) [Address] EAT @explorer.exe (GdipFillRectangle) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B135870) [Address] EAT @explorer.exe (GdipFillRectangleI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1357DC) [Address] EAT @explorer.exe (GdipFillRectangles) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18ED28) [Address] EAT @explorer.exe (GdipFillRectanglesI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18EC28) [Address] EAT @explorer.exe (GdipFillRegion) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16D354) [Address] EAT @explorer.exe (GdipFindFirstImageItem) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B193730) [Address] EAT @explorer.exe (GdipFindNextImageItem) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B193680) [Address] EAT @explorer.exe (GdipFlattenPath) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16AEC4) [Address] EAT @explorer.exe (GdipFlush) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B191764) [Address] EAT @explorer.exe (GdipFree) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B129A74) [Address] EAT @explorer.exe (GdipGetAdjustableArrowCapFillState) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1945B0) [Address] EAT @explorer.exe (GdipGetAdjustableArrowCapHeight) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B194A10) [Address] EAT @explorer.exe (GdipGetAdjustableArrowCapMiddleInset) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B194720) [Address] EAT @explorer.exe (GdipGetAdjustableArrowCapWidth) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B194898) [Address] EAT @explorer.exe (GdipGetAllPropertyItems) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1411D8) [Address] EAT @explorer.exe (GdipGetBrushType) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19A27C) [Address] EAT @explorer.exe (GdipGetCellAscent) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B189708) [Address] EAT @explorer.exe (GdipGetCellDescent) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B189644) [Address] EAT @explorer.exe (GdipGetClip) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B148424) [Address] EAT @explorer.exe (GdipGetClipBounds) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18B938) [Address] EAT @explorer.exe (GdipGetClipBoundsI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B137B04) [Address] EAT @explorer.exe (GdipGetCompositingMode) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16D0E0) [Address] EAT @explorer.exe (GdipGetCompositingQuality) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B191478) [Address] EAT @explorer.exe (GdipGetCustomLineCapBaseCap) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B194EF4) [Address] EAT @explorer.exe (GdipGetCustomLineCapBaseInset) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B194DBC) [Address] EAT @explorer.exe (GdipGetCustomLineCapStrokeCaps) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B195198) [Address] EAT @explorer.exe (GdipGetCustomLineCapStrokeJoin) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B195058) [Address] EAT @explorer.exe (GdipGetCustomLineCapType) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19539C) [Address] EAT @explorer.exe (GdipGetCustomLineCapWidthScale) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B194C84) [Address] EAT @explorer.exe (GdipGetDC) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1535E8) [Address] EAT @explorer.exe (GdipGetDpiX) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B190A68) [Address] EAT @explorer.exe (GdipGetDpiY) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B148AD8) [Address] EAT @explorer.exe (GdipGetEffectParameterSize) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B192C8C) [Address] EAT @explorer.exe (GdipGetEffectParameters) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B192C18) [Address] EAT @explorer.exe (GdipGetEmHeight) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B149A70) [Address] EAT @explorer.exe (GdipGetEncoderParameterList) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19419C) [Address] EAT @explorer.exe (GdipGetEncoderParameterListSize) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B194260) [Address] EAT @explorer.exe (GdipGetFamily) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B148C70) [Address] EAT @explorer.exe (GdipGetFamilyName) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B149984) [Address] EAT @explorer.exe (GdipGetFontCollectionFamilyCount) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B189178) [Address] EAT @explorer.exe (GdipGetFontCollectionFamilyList) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1890BC) [Address] EAT @explorer.exe (GdipGetFontHeight) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B149660) [Address] EAT @explorer.exe (GdipGetFontHeightGivenDPI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B189A64) [Address] EAT @explorer.exe (GdipGetFontSize) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B148CF0) [Address] EAT @explorer.exe (GdipGetFontStyle) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B148B6C) [Address] EAT @explorer.exe (GdipGetFontUnit) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B148BF0) [Address] EAT @explorer.exe (GdipGetGenericFontFamilyMonospace) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B189DC4) [Address] EAT @explorer.exe (GdipGetGenericFontFamilySansSerif) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B189EAC) [Address] EAT @explorer.exe (GdipGetGenericFontFamilySerif) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B189E38) [Address] EAT @explorer.exe (GdipGetHatchBackgroundColor) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19A030) [Address] EAT @explorer.exe (GdipGetHatchForegroundColor) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1984E4) [Address] EAT @explorer.exe (GdipGetHatchStyle) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19A0E4) [Address] EAT @explorer.exe (GdipGetHemfFromMetafile) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B155A24) [Address] EAT @explorer.exe (GdipGetImageAttributesAdjustedPalette) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B191A18) [Address] EAT @explorer.exe (GdipGetImageBounds) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B193CEC) [Address] EAT @explorer.exe (GdipGetImageDecoders) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B169270) [Address] EAT @explorer.exe (GdipGetImageDecodersSize) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B169428) [Address] EAT @explorer.exe (GdipGetImageDimension) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B193C28) [Address] EAT @explorer.exe (GdipGetImageEncoders) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B126798) [Address] EAT @explorer.exe (GdipGetImageEncodersSize) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1269D8) [Address] EAT @explorer.exe (GdipGetImageFlags) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19396C) [Address] EAT @explorer.exe (GdipGetImageGraphicsContext) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B139214) [Address] EAT @explorer.exe (GdipGetImageHeight) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B12B680) [Address] EAT @explorer.exe (GdipGetImageHorizontalResolution) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B193B3C) [Address] EAT @explorer.exe (GdipGetImageItemData) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1935D0) [Address] EAT @explorer.exe (GdipGetImagePalette) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1705B4) [Address] EAT @explorer.exe (GdipGetImagePaletteSize) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B17067C) [Address] EAT @explorer.exe (GdipGetImagePixelFormat) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B12B588) [Address] EAT @explorer.exe (GdipGetImageRawFormat) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1418F4) [Address] EAT @explorer.exe (GdipGetImageThumbnail) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1937E0) [Address] EAT @explorer.exe (GdipGetImageType) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B146EA0) [Address] EAT @explorer.exe (GdipGetImageVerticalResolution) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B193A50) [Address] EAT @explorer.exe (GdipGetImageWidth) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B12C344) [Address] EAT @explorer.exe (GdipGetInterpolationMode) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B191108) [Address] EAT @explorer.exe (GdipGetLineBlend) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1990C8) [Address] EAT @explorer.exe (GdipGetLineBlendCount) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B197A4C) [Address] EAT @explorer.exe (GdipGetLineColors) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B199360) [Address] EAT @explorer.exe (GdipGetLineGammaCorrection) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B199198) [Address] EAT @explorer.exe (GdipGetLinePresetBlend) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B198E88) [Address] EAT @explorer.exe (GdipGetLinePresetBlendCount) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B199004) [Address] EAT @explorer.exe (GdipGetLineRect) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B197C48) [Address] EAT @explorer.exe (GdipGetLineRectI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B199280) [Address] EAT @explorer.exe (GdipGetLineSpacing) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B149B34) [Address] EAT @explorer.exe (GdipGetLineTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B199AD0) [Address] EAT @explorer.exe (GdipGetLineWrapMode) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B198AA0) [Address] EAT @explorer.exe (GdipGetLogFontA) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B189B0C) [Address] EAT @explorer.exe (GdipGetLogFontW) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B148EEC) [Address] EAT @explorer.exe (GdipGetMatrixElements) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1375F0) [Address] EAT @explorer.exe (GdipGetMetafileDownLevelRasterizationLimit) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B189F20) [Address] EAT @explorer.exe (GdipGetMetafileHeaderFromEmf) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18AE8C) [Address] EAT @explorer.exe (GdipGetMetafileHeaderFromFile) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18AE34) [Address] EAT @explorer.exe (GdipGetMetafileHeaderFromMetafile) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18AD14) [Address] EAT @explorer.exe (GdipGetMetafileHeaderFromStream) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18ADC4) [Address] EAT @explorer.exe (GdipGetMetafileHeaderFromWmf) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18AEE4) [Address] EAT @explorer.exe (GdipGetNearestColor) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1906F8)
  3. I think that's taken care of, but somehow my internet connection settings keep resetting to a LAN connection, so when I restart my computer, I have to go into settings and change it from trying to use a proxy server for LAN to using my regular connection. I don't know if that is related, though.
  4. Ok, here's the logs: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014Ran by Jami at 2014-03-28 15:25:18 Run:1Running from C:\Users\Jami\DesktopBoot Mode: Normal============================================== Content of fixlist:*****************StartHKU\S-1-5-21-1638031616-1474997356-39108045-1002\...\Run: [LVMaintenance] - C:\Users\Jami\AppData\Roaming\LVMaintenance\LVMaintenance.exe [76560 2014-02-14] ()C:\Users\Jami\AppData\Roaming\LVMaintenanceHKU\S-1-5-21-1638031616-1474997356-39108045-1002\...\MountPoints2: {ceb3222c-58bf-11e2-be6a-806e6f6e6963} - "E:\Autorun.exe" IFEO\bpsvc.exe: [Debugger] tasklist.exeIFEO\browsersafeguard.exe: [Debugger] tasklist.exeIFEO\dprotectsvc.exe: [Debugger] tasklist.exeIFEO\protectedsearch.exe: [Debugger] tasklist.exeIFEO\rjatydimofu.exe: [Debugger] tasklist.exeIFEO\searchprotection.exe: [Debugger] tasklist.exeIFEO\searchprotector.exe: [Debugger] tasklist.exeIFEO\snapdo.exe: [Debugger] tasklist.exeIFEO\stinst32.exe: [Debugger] tasklist.exeIFEO\stinst64.exe: [Debugger] tasklist.exeIFEO\utiljumpflip.exe: [Debugger] tasklist.exeProxyEnable: Internet Explorer proxy is enabled.ProxyServer: http=127.0.0.1:29080;https=127.0.0.1:29080CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONC:\Users\Jami\AppData\Local\Temp\13-12_win7_win8_64_dd_ccc_whql.exeC:\Users\Jami\AppData\Local\Temp\AutoRun.exeC:\Users\Jami\AppData\Local\Temp\AutoRunGUI.dllC:\Users\Jami\AppData\Local\Temp\HitmanPro.exeC:\Users\Jami\AppData\Local\Temp\Quarantine.exeC:\Users\Jami\AppData\Local\Temp\raptrpatch.exe(HKLM-x32\...\{4ACD145C-665E-40CC-89A0-A3213D761571})(HKLM-x32\...\{04DB50FA-EA80-4256-85F9-540C582E280D})Task: {2FE43FE0-CBE4-4493-9A2D-61F74FF6FCEA} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\Pogo Games\PogoDGC.exe <==== ATTENTIONAlternateDataStreams: C:\ProgramData\Temp:19C3BC3AAlternateDataStreams: C:\ProgramData\Temp:588B60C7AlternateDataStreams: C:\ProgramData\Temp:99963C1EEnd***************** HKU\S-1-5-21-1638031616-1474997356-39108045-1002\Software\Microsoft\Windows\CurrentVersion\Run\\LVMaintenance => Value deleted successfully.C:\Users\Jami\AppData\Roaming\LVMaintenance => Moved successfully.HKU\S-1-5-21-1638031616-1474997356-39108045-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ceb3222c-58bf-11e2-be6a-806e6f6e6963} => Key deleted successfully.HKCR\CLSID\{ceb3222c-58bf-11e2-be6a-806e6f6e6963} => Key not found.HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe => Key deleted successfully.HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe => Key deleted successfully.HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe => Key deleted successfully.HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe => Key deleted successfully.HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rjatydimofu.exe => Key deleted successfully.HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe => Key deleted successfully.HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe => Key deleted successfully.HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe => Key deleted successfully.HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe => Key deleted successfully.HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe => Key deleted successfully.HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe => Key deleted successfully.HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value deleted successfully.HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.HKLM\SOFTWARE\Policies\Google => Key deleted successfully.C:\Users\Jami\AppData\Local\Temp\13-12_win7_win8_64_dd_ccc_whql.exe => Moved successfully.C:\Users\Jami\AppData\Local\Temp\AutoRun.exe => Moved successfully.C:\Users\Jami\AppData\Local\Temp\AutoRunGUI.dll => Moved successfully.C:\Users\Jami\AppData\Local\Temp\HitmanPro.exe => Moved successfully.C:\Users\Jami\AppData\Local\Temp\Quarantine.exe => Moved successfully.C:\Users\Jami\AppData\Local\Temp\raptrpatch.exe => Moved successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2FE43FE0-CBE4-4493-9A2D-61F74FF6FCEA} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FE43FE0-CBE4-4493-9A2D-61F74FF6FCEA} => Key deleted successfully.C:\Windows\System32\Tasks\RunAsStdUser Task => Moved successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser Task => Key deleted successfully.C:\ProgramData\Temp => ":19C3BC3A" ADS removed successfully.C:\ProgramData\Temp => ":588B60C7" ADS removed successfully.C:\ProgramData\Temp => ":99963C1E" ADS removed successfully. ==== End of Fixlog ==== # AdwCleaner v3.022 - Report created 28/03/2014 at 15:28:33# Updated 13/03/2014 by Xplode# Operating System : Windows 8 (64 bits)# Username : Jami - JAMIPC# Running from : C:\Users\Jami\Desktop\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\heoldelcflnigdllmlopiefhkkobendjFolder Deleted : C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\heoldelcflnigdllmlopiefhkkobendjFolder Deleted : C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblofFolder Deleted : C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16843 -\\ Mozilla Firefox v28.0 (en-US) [ File : C:\Users\Jami\AppData\Roaming\Mozilla\Firefox\Profiles\at73luqo.default\prefs.js ] -\\ Google Chrome v33.0.1750.154 [ File : C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted : homepage [ File : C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\preferences ] [ File : C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [8684 octets] - [27/03/2014 19:11:16]AdwCleaner[R1].txt - [8744 octets] - [28/03/2014 12:57:39]AdwCleaner[R2].txt - [1722 octets] - [28/03/2014 15:26:59]AdwCleaner[s0].txt - [8964 octets] - [28/03/2014 13:00:17]AdwCleaner[s1].txt - [1653 octets] - [28/03/2014 15:28:33] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1713 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.3 (03.23.2014:1)OS: Windows 8 x64Ran by Jami on Fri 03/28/2014 at 15:32:48.15~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Fri 03/28/2014 at 15:37:40.76End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2014.03.28.09 Windows 8 x64 NTFSInternet Explorer 10.0.9200.16843Jami :: JAMIPC [administrator] 3/28/2014 3:39:43 PMmbam-log-2014-03-28 (15-39-43).txt Scan type: Full scan (C:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 581181Time elapsed: 1 hour(s), 18 minute(s), 11 second(s) Memory Processes Detected: 1C:\Users\Jami\AppData\Roaming\ContentExplorer\ContentExplorer.exe (PUP.Optional.ContentExplorer.A) -> 4500 -> Delete on reboot. Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 1HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ContentExplorer (PUP.Optional.ContentExplorer.A) -> Data: "C:\Users\Jami\AppData\Roaming\ContentExplorer\ContentExplorer.exe" -> Quarantined and deleted successfully. Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 1C:\Users\Jami\AppData\Roaming\ContentExplorer\ContentExplorer.exe (PUP.Optional.ContentExplorer.A) -> Delete on reboot. (end)
  5. Some content of TEMP: ==================== C:\Users\Jami\AppData\Local\Temp\13-12_win7_win8_64_dd_ccc_whql.exe C:\Users\Jami\AppData\Local\Temp\AutoRun.exe C:\Users\Jami\AppData\Local\Temp\AutoRunGUI.dll C:\Users\Jami\AppData\Local\Temp\HitmanPro.exe C:\Users\Jami\AppData\Local\Temp\Quarantine.exe C:\Users\Jami\AppData\Local\Temp\raptrpatch.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-28 03:39 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014 Ran by Jami at 2014-03-27 15:53:28 Running from C:\Users\Jami\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Trend Micro Titanium Maximum Security (Enabled - Up to date) {B7599298-8445-728A-A5C7-A26A082C8BDA} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Trend Micro Titanium Maximum Security (Enabled - Up to date) {0C38737C-A27F-7D04-9F77-991873ABC167} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== 4660_4680_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader X (10.1.8) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.8 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.) AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.00.01 - ASUSTeK Computer Inc.) AMD Accelerated Video Transcoding (Version: 2.00.0002 - Advanced Micro Devices, Inc.) Hidden AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) AMD Fuel (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ASUS Music Maker (HKLM-x32\...\MAGIX_{5E00D8DF-905B-41C7-B562-C126DE3A4167}) (Version: 18.0.3.3 - MAGIX AG) ASUS Music Maker (Version: 18.0.3.3 - MAGIX AG) Hidden ASUS MX Suite (HKLM-x32\...\MAGIX_{9204F334-2A46-49F1-89C4-65CEB7AC1974}) (Version: 1.13.0.121 - MAGIX AG) ASUS MX Suite (Version: 1.13.0.121 - MAGIX AG) Hidden ASUS Video easy (HKLM-x32\...\MAGIX_{7DB84618-76E3-4999-A9A0-D7D756E14129}) (Version: 3.0.1.42 - MAGIX AG) ASUS Video easy (Version: 3.0.1.42 - MAGIX AG) Hidden ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.) ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 17.3.2.101 - AVG Technologies) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.) bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden BPDSoftware (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.5.0 build 3621 (Oct-10-2013) - Carbonite) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden ContentExplorer (HKLM-x32\...\ContentExplorer) (Version: 4.5 - ContentExplorer.net) CopyTrans Suite Remove Only (HKCU\...\CopyTrans Suite) (Version: 2.37 - WindSolutions) Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.792 - Curse) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{6C5F8503-55D2-4398-858C-362B7A7AF51C}) (Version: 2.1.31.0 - MAGIX AG) Fitbit Connect (HKLM-x32\...\Fitbit Connect) (Version: 1.0.0.2578 - Fitbit Inc.) Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Galeria de Fotografias (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.) Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP) HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP OfficeJet J4600 All-In-One Series (HKLM\...\{6122CE5C-9DD3-402D-8413-57B681739FA7}) (Version: 14.0 - HP) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard) HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden HydraVision (x32 Version: 4.2.236.0 - Advanced Micro Devices, Inc.) Hidden iTunes (HKLM\...\{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}) (Version: 11.1.4.62 - Apple Inc.) J4680 (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden Java 7 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden LINE (HKLM-x32\...\LINE) (Version: 3.2.0.76 - NHN Japan) LK Maintenance (HKLM-x32\...\{4ACD145C-665E-40CC-89A0-A3213D761571}) (Version: 1.0 - LK Maintenance) Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Money Plus (HKLM-x32\...\Money2008b) (Version: 17 - Microsoft) Microsoft Money Shared Libraries (x32 Version: 17.0.0.3817 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP) OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation) OPERATION MANIA (HKLM-x32\...\11551673) (Version: - Oberon Media) Origin (HKLM-x32\...\Origin) (Version: 8.4.1.210 - Electronic Arts, Inc.) Overlord (HKLM-x32\...\Steam App 11450) (Version: - CodeMasters) Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden PhotoFiltre 7 (HKCU\...\PhotoFiltre 7) (Version: - ) Plants vs. Zombies: Game of the Year (HKLM-x32\...\Steam App 3590) (Version: - PopCap Games, Inc.) PrintEco Office (HKLM-x32\...\{864C0654-5C9F-4F03-85D5-47CA3062C7E2}) (Version: 1.4.70 - PrintEco) ProductContext (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden QuickShare (HKLM-x32\...\{04DB50FA-EA80-4256-85F9-540C582E280D}) (Version: 1.39.60.10936 - Linkury Inc.) <==== ATTENTION Quit Keeper (HKLM-x32\...\QuitKeeper) (Version: - ) Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Raptr (HKLM-x32\...\Raptr) (Version: - ) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek) ROBLOX Player for Jami (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation) ROBLOX Studio 2013 for Jami (HKCU\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation) Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP) Sid Meier's Civilization III: Complete (HKLM-x32\...\Steam App 3910) (Version: - Firaxis Games) Sid Meier's Civilization IV (HKLM-x32\...\Steam App 3900) (Version: - Firaxis Games) Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - Firaxis Games) SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden The Sims 2 (HKLM-x32\...\{8AB8D458-939E-403F-0097-9BA1C1F013D5}) (Version: - ) The Sims 2 Nightlife (HKLM-x32\...\{F7529650-B9DB-481B-0089-A2AC3C2821C1}) (Version: - ) The Sims 2 Open For Business (HKLM-x32\...\{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}) (Version: - ) The Sims 2 Pets (HKLM-x32\...\{4817189D-1785-4627-A33C-39FD90919300}) (Version: - ) The Sims™ 2 Seasons (HKLM-x32\...\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}) (Version: - ) The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts) Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden Trend Micro Titanium (Version: 6.00 - Trend Micro Inc.) Hidden Trend Micro Titanium Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 6.0 - Trend Micro Inc.) Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.) WD My Cloud (HKLM\...\{68E25871-B2E9-4353-9DF3-72165918F1A6}) (Version: 1.0.4.34 - Western Digital Technologies, Inc.) WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live ??? (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live ??? (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.) World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.) Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - ) Zuma's Revenge (HKLM-x32\...\Steam App 3620) (Version: - PopCap Games, Inc.) S?????? f?t???af??? (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden ???? (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden ??? (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden ==================== Restore Points ========================= ==================== Hosts content: ========================== 2012-07-25 22:26 - 2012-07-25 22:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {24D8A1B8-C80E-415C-8DF7-5D87E566630A} - System32\Tasks\Titanium BTC => C:\Program Files\Trend Micro\Titanium\plugin\TMDC\TMDC.exe [2013-03-01] (Trend Micro Inc.) Task: {28718A27-AC5D-44AC-9FF2-4195A0F6AF3E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {2E9D14F9-6116-4658-865A-68B0BB96BC0A} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe Task: {2FE43FE0-CBE4-4493-9A2D-61F74FF6FCEA} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\Pogo Games\PogoDGC.exe <==== ATTENTION Task: {54ADDC0F-8BB1-494F-97BF-AF3C7A94DFC6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated) Task: {62652242-4DCF-4F52-BDBE-B616D03894BB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-24] (Google Inc.) Task: {77584E48-9E9D-4227-A18D-A03898D6D8AF} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.) Task: {968C564A-31AB-47C9-A3CD-164C4F99340A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-24] (Google Inc.) Task: {9B99B1EF-1026-4069-9F62-327337AED9FB} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-15] (Microsoft Corporation) Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {ACAF94F8-EE80-477D-A25A-61047D46B38A} - System32\Tasks\ASUS\ASUS Smart Cooling Helper => C:\Program Files (x86)\ASUS\AI Suite II\Smart Cooling\AsSmartCoolingService.exe [2012-03-28] (ASUSTeK Computer Inc.) Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {DA353554-4C2E-4039-A187-6F2ED955365F} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\Windows\system32\NotificationUI.exe [2013-08-15] (Microsoft Corporation) Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-02-24 23:29 - 2012-05-02 12:27 - 00049664 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_49.dll 2013-02-24 23:29 - 2012-05-02 12:24 - 00731136 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll 2013-02-24 23:29 - 2012-05-02 12:24 - 00064512 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_49.dll 2013-02-24 23:29 - 2012-05-02 12:25 - 01719808 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll 2013-02-24 23:29 - 2012-05-02 12:25 - 00016896 _____ () C:\Program Files\Trend Micro\AMSP\boost_system-vc80-mt-1_49.dll 2013-02-24 23:26 - 2012-07-25 08:53 - 00289088 _____ () C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll 2013-12-06 16:06 - 2013-12-06 16:06 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2013-07-26 05:59 - 2013-07-26 05:59 - 00814592 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2013-07-26 05:59 - 2013-07-26 05:59 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll 2012-12-12 02:19 - 2012-06-01 02:42 - 00920736 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe 2014-01-10 22:59 - 2014-01-10 22:59 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe 2013-10-09 05:38 - 2014-02-03 18:12 - 02552856 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe 2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2012-12-12 02:19 - 2014-03-27 15:37 - 00035840 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll 2012-12-12 02:19 - 2010-06-28 19:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll 2013-11-01 13:11 - 2013-11-01 13:11 - 00090624 _____ () C:\Program Files (x86)\PasswordBox\libwebsocketswin32.dll 2014-01-10 22:59 - 2014-01-10 22:59 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\log4cplusU.dll 2013-10-16 14:57 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll 2010-11-22 15:56 - 2010-11-22 15:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd 2010-11-22 15:56 - 2010-11-22 15:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd 2010-11-22 15:56 - 2010-11-22 15:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd 2014-02-21 15:32 - 2014-02-21 15:32 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd 2014-02-21 15:32 - 2014-02-21 15:32 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd 2014-02-21 15:32 - 2014-02-21 15:32 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd 2014-02-21 15:32 - 2014-02-21 15:32 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd 2010-11-22 15:57 - 2010-11-22 15:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd 2010-11-22 15:56 - 2010-11-22 15:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll 2010-11-22 15:56 - 2010-11-22 15:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd 2010-11-22 15:56 - 2010-11-22 15:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd 2010-11-22 15:57 - 2010-11-22 15:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd 2010-11-22 15:57 - 2010-11-22 15:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd 2010-11-22 15:56 - 2010-11-22 15:56 - 00124928 _____ () C:\Program Files (x86)\Raptr\_elementtree.pyd 2010-11-22 15:56 - 2010-11-22 15:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd 2012-02-06 13:28 - 2012-02-06 13:28 - 00031744 _____ () C:\Program Files (x86)\Raptr\Crypto.Cipher.AES.pyd 2012-02-06 13:28 - 2012-02-06 13:28 - 00010752 _____ () C:\Program Files (x86)\Raptr\Crypto.Random.OSRNG.winrandom.pyd 2012-02-06 13:28 - 2012-02-06 13:28 - 00011264 _____ () C:\Program Files (x86)\Raptr\Crypto.Util._counter.pyd 2011-05-10 12:01 - 2011-05-10 12:01 - 00030208 _____ () C:\Program Files (x86)\Raptr\simplejson._speedups.pyd 2014-02-21 15:32 - 2014-02-21 15:32 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd 2010-11-22 15:56 - 2010-11-22 15:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd 2011-02-15 11:17 - 2011-02-15 11:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll 2010-11-22 15:56 - 2010-11-22 15:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll 2010-11-22 15:57 - 2010-11-22 15:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd 2010-11-22 15:57 - 2010-11-22 15:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd 2010-11-22 15:56 - 2010-11-22 15:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd 2010-11-22 15:56 - 2010-11-22 15:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd 2013-11-20 17:05 - 2013-11-20 17:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll 2010-11-22 15:56 - 2010-11-22 15:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd 2010-11-22 15:57 - 2010-11-22 15:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd 2010-11-22 15:57 - 2010-11-22 15:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd 2014-02-20 13:40 - 2014-02-20 13:40 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd 2011-02-15 11:17 - 2011-02-15 11:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll 2010-11-22 16:06 - 2010-11-22 16:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll 2013-05-09 16:52 - 2013-05-09 16:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll 2013-05-09 16:52 - 2013-05-09 16:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll 2013-05-09 16:52 - 2013-05-09 16:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll 2013-05-03 11:57 - 2013-05-03 11:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll 2013-05-03 11:56 - 2013-05-03 11:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll 2013-05-03 11:56 - 2013-05-03 11:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll 2013-05-03 11:57 - 2013-05-03 11:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll 2013-05-03 11:56 - 2013-05-03 11:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll 2013-05-03 11:57 - 2013-05-03 11:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll 2013-05-03 11:57 - 2013-05-03 11:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll 2013-05-03 11:57 - 2013-05-03 11:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll 2013-05-03 11:57 - 2013-05-03 11:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll 2014-03-15 12:14 - 2014-03-14 17:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll 2014-03-15 12:14 - 2014-03-14 17:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll 2014-03-15 12:14 - 2014-03-14 17:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll 2014-03-15 12:14 - 2014-03-14 17:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll 2014-03-15 12:14 - 2014-03-14 17:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll 2014-03-15 12:14 - 2014-03-14 17:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll 2013-02-24 23:26 - 2012-07-25 08:54 - 00049152 _____ () C:\Program Files\Trend Micro\Titanium\UIFramework\boost_date_time-vc80-mt-1_49.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\Temp:19C3BC3A AlternateDataStreams: C:\ProgramData\Temp:588B60C7 AlternateDataStreams: C:\ProgramData\Temp:99963C1E ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= Name: Officejet J4680 series Description: Officejet J4680 series Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (03/27/2014 02:12:23 PM) (Source: Perflib) (User: ) Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll8 Error: (03/27/2014 02:12:23 PM) (Source: Perflib) (User: ) Description: MSDTCC:\Windows\system32\msdtcuiu.DLL8 Error: (03/27/2014 02:12:23 PM) (Source: Perflib) (User: ) Description: LsaC:\Windows\System32\Secur32.dll8 Error: (03/27/2014 02:12:23 PM) (Source: Perflib) (User: ) Description: ESENTC:\Windows\system32\esentprf.dll8 Error: (03/27/2014 02:12:23 PM) (Source: Perflib) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (03/27/2014 01:10:00 PM) (Source: VSS) (User: ) Description: Volume Shadow Copy Service error: Error on creating/using the COM+ Writers publisher interface: BackupShutdown [0x80042302, A Volume Shadow Copy Service component encountered an unexpected error. Check the Application event log for more information. ]. Error: (03/27/2014 01:10:00 PM) (Source: VSS) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine IMultiInterfaceEventControl::GetSubscriptions. hr = 0x80010108, The object invoked has disconnected from its clients. . Error: (03/27/2014 10:36:46 AM) (Source: Perflib) (User: ) Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll8 Error: (03/27/2014 10:36:46 AM) (Source: Perflib) (User: ) Description: MSDTCC:\Windows\system32\msdtcuiu.DLL8 Error: (03/27/2014 10:36:46 AM) (Source: Perflib) (User: ) Description: LsaC:\Windows\System32\Secur32.dll8 System errors: ============= Error: (03/27/2014 09:28:43 AM) (Source: Service Control Manager) (User: ) Description: The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: %%50 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (03/26/2014 06:23:53 PM) (Source: Service Control Manager) (User: ) Description: The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: %%50 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (03/22/2014 01:06:14 PM) (Source: Schannel) (User: NT AUTHORITY) Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 11. Error: (03/22/2014 01:06:14 PM) (Source: Schannel) (User: NT AUTHORITY) Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 11. Error: (03/22/2014 10:54:06 AM) (Source: Schannel) (User: NT AUTHORITY) Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 11. Error: (03/22/2014 10:54:05 AM) (Source: Schannel) (User: NT AUTHORITY) Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 11. Error: (03/21/2014 05:19:03 AM) (Source: DCOM) (User: JamiPC) Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9} Error: (03/21/2014 05:19:03 AM) (Source: DCOM) (User: JamiPC) Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9} Error: (03/20/2014 10:39:48 PM) (Source: Schannel) (User: NT AUTHORITY) Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 11. Error: (03/20/2014 10:39:47 PM) (Source: Schannel) (User: NT AUTHORITY) Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 11. Microsoft Office Sessions: ========================= Error: (03/27/2014 02:12:23 PM) (Source: Perflib)(User: ) Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll8 Error: (03/27/2014 02:12:23 PM) (Source: Perflib)(User: ) Description: MSDTCC:\Windows\system32\msdtcuiu.DLL8 Error: (03/27/2014 02:12:23 PM) (Source: Perflib)(User: ) Description: LsaC:\Windows\System32\Secur32.dll8 Error: (03/27/2014 02:12:23 PM) (Source: Perflib)(User: ) Description: ESENTC:\Windows\system32\esentprf.dll8 Error: (03/27/2014 02:12:23 PM) (Source: Perflib)(User: ) Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (03/27/2014 01:10:00 PM) (Source: VSS)(User: ) Description: BackupShutdown0x80042302, A Volume Shadow Copy Service component encountered an unexpected error. Check the Application event log for more information. Error: (03/27/2014 01:10:00 PM) (Source: VSS)(User: ) Description: IMultiInterfaceEventControl::GetSubscriptions0x80010108, The object invoked has disconnected from its clients. Error: (03/27/2014 10:36:46 AM) (Source: Perflib)(User: ) Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll8 Error: (03/27/2014 10:36:46 AM) (Source: Perflib)(User: ) Description: MSDTCC:\Windows\system32\msdtcuiu.DLL8 Error: (03/27/2014 10:36:46 AM) (Source: Perflib)(User: ) Description: LsaC:\Windows\System32\Secur32.dll8 ==================== Memory info =========================== Percentage of memory in use: 27% Total physical RAM: 8112.43 MB Available physical RAM: 5877.66 MB Total Pagefile: 9328.43 MB Available Pagefile: 6973.72 MB Total Virtual: 8192 MB Available Virtual: 8191.75 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:150 GB) (Free:14.2 GB) NTFS Drive d: (Data) (Fixed) (Total:764.35 GB) (Free:764.16 GB) NTFS Drive e: (Sims3) (CDROM) (Total:5.54 GB) (Free:0 GB) UDF Drive j: (RECOVERY) (Fixed) (Total:31.99 GB) (Free:31.75 GB) FAT32 ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 932 GB) (Disk ID: CE62FBEA) Partition: GPT Partition Type. ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: B5D17918) Partition: GPT Partition Type. ==================== End Of Log ============================
  6. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Jami (administrator) on JAMIPC on 28-03-2014 13:12:55 Running from C:\Users\Jami\Desktop Windows 8 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe (Microsoft Corporation) C:\Windows\system32\dashost.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe (ContentExplorer) C:\Users\Jami\AppData\Roaming\ContentExplorer\ContentExplorer.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe () C:\Users\Jami\AppData\Roaming\LVMaintenance\LVMaintenance.exe (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6839952 2012-08-31] (Realtek Semiconductor) HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1382568 2013-09-16] (Trend Micro Inc.) HKLM\...\Run: [etMonitor] - C:\Windows\etMon.exe HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [216928 2013-08-29] (Trend Micro Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [ASUS Easy Update] - C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe [195200 2012-05-24] (ASUSTeK Computer Inc.) HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] - C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2012-08-20] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2012-12-12] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] () HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.) HKLM-x32\...\Run: [Fitbit Connect] - C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [Carbonite Backup] - C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056264 2013-10-10] (Carbonite, Inc.) HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] - [X] HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.) HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.) HKU\S-1-5-21-1638031616-1474997356-39108045-1002\...\Run: [steam] - C:\Program Files (x86)\Steam\Steam.exe [1815464 2014-01-07] (Valve Corporation) HKU\S-1-5-21-1638031616-1474997356-39108045-1002\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent HKU\S-1-5-21-1638031616-1474997356-39108045-1002\...\Run: [Fitbit Connect] - C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.) HKU\S-1-5-21-1638031616-1474997356-39108045-1002\...\Run: [Messenger (Yahoo!)] - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.) HKU\S-1-5-21-1638031616-1474997356-39108045-1002\...\Run: [ContentExplorer] - C:\Users\Jami\AppData\Roaming\ContentExplorer\ContentExplorer.exe [443152 2014-03-03] (ContentExplorer) HKU\S-1-5-21-1638031616-1474997356-39108045-1002\...\Run: [LVMaintenance] - C:\Users\Jami\AppData\Roaming\LVMaintenance\LVMaintenance.exe [76560 2014-02-14] () HKU\S-1-5-21-1638031616-1474997356-39108045-1002\...\Run: [Raptr] - C:\Program Files (x86)\Raptr\raptrstub.exe [55360 2014-03-06] (Raptr, Inc) HKU\S-1-5-21-1638031616-1474997356-39108045-1002\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2012-08-28] (AMD) HKU\S-1-5-21-1638031616-1474997356-39108045-1002\...\MountPoints2: {ceb3222c-58bf-11e2-be6a-806e6f6e6963} - "E:\Autorun.exe" IFEO\bpsvc.exe: [Debugger] tasklist.exe IFEO\browsersafeguard.exe: [Debugger] tasklist.exe IFEO\dprotectsvc.exe: [Debugger] tasklist.exe IFEO\protectedsearch.exe: [Debugger] tasklist.exe IFEO\rjatydimofu.exe: [Debugger] tasklist.exe IFEO\searchprotection.exe: [Debugger] tasklist.exe IFEO\searchprotector.exe: [Debugger] tasklist.exe IFEO\snapdo.exe: [Debugger] tasklist.exe IFEO\stinst32.exe: [Debugger] tasklist.exe IFEO\stinst64.exe: [Debugger] tasklist.exe IFEO\utiljumpflip.exe: [Debugger] tasklist.exe Startup: C:\Users\Jami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () Startup: C:\Users\Jami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:29080;https=127.0.0.1:29080 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20013\1.0.1221\1.0.1221\TmopIEPlg.dll (Trend Micro Inc.) BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll (Trend Micro Inc.) BHO: PrintEco - {BEB54677-E12F-44E7-AC7E-48241B866B5F} - C:\Program Files (x86)\PrintEco\PrintEco Office\adxloader64.dll () BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20013\1.0.1221\1.0.1221\TmopIEPlg32.dll (Trend Micro Inc.) BHO-x32: TSToolbarBHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) BHO-x32: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll (Trend Micro Inc.) BHO-x32: PrintEco - {BEB54677-E12F-44E7-AC7E-48241B866B5F} - C:\Program Files (x86)\PrintEco\PrintEco Office\adxloader.dll () BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll (Trend Micro Inc.) Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20013\1.0.1221\1.0.1221\TmopIEPlg.dll (Trend Micro Inc.) Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - No File Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - No File Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll (Trend Micro Inc.) Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20013\1.0.1221\1.0.1221\TmopIEPlg32.dll (Trend Micro Inc.) Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.) Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 FireFox: ======== FF ProfilePath: C:\Users\Jami\AppData\Roaming\Mozilla\Firefox\Profiles\at73luqo.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (Oberon-Media ) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @TrendMicro.com/FFExtension - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Program Files (x86)\Roblox\Versions\version-bd188fd437234e9b\\NPRobloxProxy.dll ( ROBLOX Corporation) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Jami\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF HKLM\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension [2014-03-07] FF HKLM-x32\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension [2014-03-07] FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2013-02-24] FF HKLM-x32\...\Firefox\Extensions: [{21541D23-FDA1-4bf3-8AF2-8F623BF70B07}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension\ FF Extension: Trend Micro Osprey Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension\ [] FF HKLM-x32\...\Firefox\Extensions: [firefox@printecosoftware.com] - C:\Program Files (x86)\PrintEco\PrintEco Office\firefox@printecosoftware.com.xpi FF Extension: PrintEco - C:\Program Files (x86)\PrintEco\PrintEco Office\firefox@printecosoftware.com.xpi [2014-03-04] Chrome: ======= CHR Extension: (Theme Creator) - C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc [2013-10-20] CHR Extension: (Fotor Photo Editor) - C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbckhhmjfnmedpakkaaflpnmkamdppf [2013-10-20] CHR Extension: (Games) - C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgeknbdakknlclbcpnigjcijckeddmde [2013-10-20] CHR Extension: (Gravity Guy) - C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjlgidnccmkehcefagofppjbnhogbjmm [2013-10-20] CHR Extension: (TrendMicro BEP Extension) - C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee [2013-08-07] CHR Extension: (Classic Games) - C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpckajjkmjncafjlkielcgheibdlnfgc [2013-11-20] CHR Extension: (Gun Bros) - C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciamkmigckbgfajcieiflmkedohjjohh [2013-11-20] CHR Extension: (Where’s My Water?) - C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\dppkanhlnhknbjopeodjbhgmnjppdijc [2013-10-20] CHR Extension: (Rush Team) - C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecdnoeebfjlplfkljdedokbcmebojbpb [2013-11-20] CHR Extension: (UNO HD) - C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbiocfeggkcomnebamodmbngedojipdp [2013-10-20] CHR Extension: (Gangnam Style Game) - C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdbdhcafljkcahgefanhpdahdnpfkaok [2013-11-20] CHR Extension: (Star Stable Online) - C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnlmdkpemkkigkgelegknllpmfclakkk [2013-11-01] CHR Extension: (Sniper Team) - C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgbbaloijjnkpigapgmocdpoblnlec [2014-03-05] CHR Extension: (Marvel Comics) - C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfaknohpjconjoefidanhihokmkice [2013-10-20] CHR Extension: (HD Parking) - C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkdooliglceibodeofbaodappohpdop [2013-10-20] CHR Extension: (Blocks) - C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdnglanfhhkanekkdmakmbegnojgpmnm [2013-10-20] CHR Extension: (Where Is My Water) - C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgklcgpnkamlodmgnponcegackdgfkhd [2013-10-20] CHR Extension: (Plants vs Zombies) - C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2013-12-30] CHR Extension: (Need for Speed World) - C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnnelgnkomjdakpkjpkfehdipjifjmbk [2014-03-05] CHR Extension: (Where’s My Water) - C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfdakejncginkgjhklbahbangbmohobn [2013-10-20] CHR Extension: (Google Wallet) - C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR Extension: (Adblock Pro) - C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2013-12-11] CHR Extension: (Canvas Rider) - C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk [2014-03-05] CHR HKLM\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\chrome_tmbep.crx [2013-10-08] CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\chrome_tmbep.crx [2013-10-08] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] () R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.) R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-08-21] (ASUSTeK Computer Inc.) R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1239584 2013-02-25] (Fitbit, Inc.) R2 HPSLPSVC; C:\Users\Jami\AppData\Local\Temp\7zS4A63\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2013-11-01] (PasswordBox, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation) R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [X] ==================== Drivers (Whitelisted) ==================== R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.) R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] () R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-02] () R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [215040 2013-09-24] (Advanced Micro Devices) R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek ) S3 DCamUSBET; C:\Windows\system32\DRIVERS\etDevice64.sys [527744 2007-07-23] (eMPIA Technology, Inc.) S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider) S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider) S3 FiltUSBET; C:\Windows\system32\DRIVERS\etFilter64.sys [281088 2007-06-14] (eMPIA Technology Inc.) S3 ScanUSBET; C:\Windows\system32\DRIVERS\etScan64.sys [9216 2007-07-23] (eMPIA Technology, Inc.) R1 tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [109072 2013-09-04] (Trend Micro Inc.) R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [175528 2013-09-04] (Trend Micro Inc.) R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [46392 2012-08-24] (Trend Micro Inc.) R3 tmeevw; C:\Windows\system32\DRIVERS\tmeevw.sys [94520 2012-12-07] (Trend Micro Inc.) S0 tmel; C:\Windows\System32\DRIVERS\tmel.sys [34224 2012-07-26] (Trend Micro Inc.) R1 tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [77184 2013-09-04] (Trend Micro Inc.) R3 tmnciesc; C:\Windows\system32\DRIVERS\tmnciesc.sys [210232 2012-07-05] (Trend Micro Inc.) R2 tmusa; C:\Windows\system32\DRIVERS\tmusa.sys [92456 2012-12-26] (Trend Micro Inc.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-28 13:12 - 2014-03-28 13:12 - 00022754 _____ () C:\Users\Jami\Desktop\FRST.txt 2014-03-28 13:00 - 2014-03-28 13:00 - 00002823 _____ () C:\Users\Jami\Desktop\instructions.txt 2014-03-28 12:59 - 2014-03-28 12:59 - 00007311 _____ () C:\Users\Jami\Desktop\reports.txt 2014-03-28 10:07 - 2014-03-28 10:07 - 00633712 _____ (ROBLOX Corporation) C:\Users\Jami\Downloads\RobloxPlayerLauncher (19).exe 2014-03-28 10:07 - 2014-03-28 10:07 - 00001322 _____ () C:\Users\Jami\Desktop\ROBLOX Player.lnk 2014-03-28 10:07 - 2014-03-28 10:07 - 00001141 _____ () C:\Users\Jami\Desktop\ROBLOX Studio 2013.lnk 2014-03-28 10:07 - 2014-03-28 10:07 - 00000000 ____D () C:\ProgramData\Roblox 2014-03-28 10:07 - 2014-03-28 10:07 - 00000000 ____D () C:\Program Files (x86)\Roblox 2014-03-28 09:36 - 2014-03-28 09:36 - 00633712 _____ (ROBLOX Corporation) C:\Users\Jami\Downloads\RobloxPlayerLauncher (18).exe 2014-03-28 09:36 - 2014-03-28 09:36 - 00633712 _____ (ROBLOX Corporation) C:\Users\Jami\Downloads\RobloxPlayerLauncher (17).exe 2014-03-28 09:35 - 2014-03-28 09:35 - 00633712 _____ (ROBLOX Corporation) C:\Users\Jami\Downloads\RobloxPlayerLauncher (16).exe 2014-03-28 09:35 - 2014-03-28 09:35 - 00633712 _____ (ROBLOX Corporation) C:\Users\Jami\Downloads\RobloxPlayerLauncher (15).exe 2014-03-28 09:33 - 2014-03-28 09:33 - 00633712 _____ (ROBLOX Corporation) C:\Users\Jami\Downloads\RobloxPlayerLauncher (14).exe 2014-03-28 09:30 - 2014-03-28 09:30 - 00633712 _____ (ROBLOX Corporation) C:\Users\Jami\Downloads\RobloxPlayerLauncher (13).exe 2014-03-27 21:18 - 2014-03-27 21:18 - 00633712 _____ (ROBLOX Corporation) C:\Users\Jami\Downloads\RobloxPlayerLauncher (12).exe 2014-03-27 19:09 - 2014-03-28 13:01 - 00000000 ____D () C:\AdwCleaner 2014-03-27 19:06 - 2014-03-27 19:06 - 01950720 _____ () C:\Users\Jami\Desktop\AdwCleaner.exe 2014-03-27 19:05 - 2014-03-27 19:05 - 00006393 _____ () C:\Users\Jami\Desktop\JRT.txt 2014-03-27 18:56 - 2014-03-27 18:56 - 01038974 _____ (Thisisu) C:\Users\Jami\Desktop\JRT.exe 2014-03-27 16:04 - 2014-03-27 16:06 - 00008283 _____ () C:\Users\Jami\Desktop\attach.txt 2014-03-27 16:04 - 2014-03-27 16:05 - 00020805 _____ () C:\Users\Jami\Desktop\dds.txt 2014-03-27 16:03 - 2014-03-27 16:03 - 00688992 ____R (Swearware) C:\Users\Jami\Downloads\dds.scr 2014-03-27 15:53 - 2014-03-27 15:54 - 00036665 _____ () C:\Users\Jami\Downloads\Addition.txt 2014-03-27 15:52 - 2014-03-28 13:12 - 00000000 ____D () C:\FRST 2014-03-27 15:52 - 2014-03-27 15:54 - 00055109 _____ () C:\Users\Jami\Downloads\FRST.txt 2014-03-27 15:52 - 2014-03-27 15:52 - 02157056 _____ (Farbar) C:\Users\Jami\Desktop\FRST64.exe 2014-03-27 15:51 - 2014-03-27 15:52 - 01145856 _____ (Farbar) C:\Users\Jami\Downloads\FRST.exe 2014-03-27 15:41 - 2014-03-27 15:41 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Jami\Downloads\rkill64.exe 2014-03-27 15:41 - 2014-03-27 15:41 - 00001904 _____ () C:\Users\Jami\Desktop\Rkill.txt 2014-03-27 15:40 - 2014-03-27 15:40 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Jami\Downloads\rkill.exe 2014-03-27 13:02 - 2014-03-27 13:02 - 00000000 ____D () C:\Users\Jami\AppData\Local\Macromedia 2014-03-27 13:01 - 2014-03-27 13:01 - 00001154 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-03-27 13:01 - 2014-03-27 13:01 - 00000000 ____D () C:\Users\Jami\AppData\Local\Mozilla 2014-03-27 13:00 - 2014-03-27 13:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-27 13:00 - 2014-03-27 13:00 - 00282880 _____ (Mozilla) C:\Users\Jami\Downloads\Firefox Setup Stub 28.0.exe 2014-03-26 17:41 - 2014-03-26 17:41 - 00633712 _____ (ROBLOX Corporation) C:\Users\Jami\Downloads\RobloxPlayerLauncher (11).exe 2014-03-26 17:40 - 2014-03-26 17:40 - 00633712 _____ (ROBLOX Corporation) C:\Users\Jami\Downloads\RobloxPlayerLauncher (10).exe 2014-03-25 17:00 - 2014-03-25 17:00 - 00591616 ____R () C:\Users\Jami\Money Backup_2014-03-25_170039.mbf 2014-03-25 10:15 - 2014-03-25 10:15 - 00000073 _____ () C:\Users\Jami\Desktop\AFNI.txt 2014-03-25 10:12 - 2014-03-25 10:12 - 00576268 ____R () C:\Users\Jami\Money Backup_2014-03-25_101159.mbf 2014-03-24 11:13 - 2014-03-24 11:13 - 00611054 ____R () C:\Users\Jami\Money Backup_2014-03-24_111319.mbf 2014-03-23 16:02 - 2014-03-23 16:02 - 00000318 _____ () C:\Users\Jami\Desktop\Curse Client.appref-ms 2014-03-23 16:02 - 2014-03-23 16:02 - 00000000 ____D () C:\Users\Jami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse 2014-03-23 14:54 - 2014-03-23 14:54 - 00402696 _____ () C:\Users\Jami\Downloads\setup (1).exe 2014-03-23 14:26 - 2014-03-23 14:26 - 00060777 _____ () C:\Windows\SysWOW64\CCCInstall_201403231426475854.log 2014-03-23 14:26 - 2014-03-23 14:26 - 00000000 ____D () C:\ProgramData\ATI 2014-03-23 14:26 - 2014-03-23 14:26 - 00000000 ____D () C:\Program Files\ATI Technologies 2014-03-23 14:25 - 2014-03-23 14:25 - 00000103 _____ () C:\Windows\setupact.log 2014-03-23 14:25 - 2014-03-23 14:25 - 00000000 ____D () C:\Windows\LastGood.Tmp 2014-03-23 14:25 - 2014-03-23 14:25 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-23 14:24 - 2014-03-23 14:24 - 00000000 ____D () C:\ProgramData\Package Cache 2014-03-23 14:21 - 2014-03-23 14:21 - 00000000 ____D () C:\AMD 2014-03-23 14:18 - 2014-03-23 14:18 - 00000000 ____D () C:\Users\Jami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved 2014-03-23 14:17 - 2014-03-28 13:04 - 00000000 ____D () C:\Users\Jami\AppData\Roaming\Raptr 2014-03-23 14:17 - 2014-03-23 14:18 - 00000000 ____D () C:\Program Files (x86)\Raptr 2014-03-23 14:17 - 2014-03-23 14:17 - 01007930 _____ () C:\Users\Jami\Downloads\amddriverdownload_installer.exe 2014-03-23 14:17 - 2014-03-23 14:17 - 00000000 ____D () C:\Users\Jami\AppData\Roaming\library_dir 2014-03-22 23:50 - 2014-03-22 23:51 - 40893773 _____ () C:\Users\Jami\Downloads\DefaultDan.zip 2014-03-22 10:46 - 2014-03-22 10:46 - 00633712 _____ (ROBLOX Corporation) C:\Users\Linda\Downloads\RobloxPlayerLauncher (8).exe 2014-03-22 10:45 - 2014-03-22 10:46 - 00633712 _____ (ROBLOX Corporation) C:\Users\Linda\Downloads\RobloxPlayerLauncher (7).exe 2014-03-22 03:19 - 2014-03-22 03:19 - 00633712 _____ (ROBLOX Corporation) C:\Users\Linda\Downloads\RobloxPlayerLauncher (6).exe 2014-03-22 02:41 - 2014-03-22 03:16 - 00000000 ____D () C:\Users\Linda\Documents\kids 2014-03-21 01:42 - 2014-03-21 01:42 - 01070496 _____ (Unity Technologies ApS) C:\Users\Linda\Downloads\UnityWebPlayer (3).exe 2014-03-21 01:42 - 2014-03-21 01:42 - 00000000 ____D () C:\Users\Linda\AppData\Local\Unity 2014-03-21 01:41 - 2014-03-21 01:41 - 01070496 _____ (Unity Technologies ApS) C:\Users\Linda\Downloads\UnityWebPlayer (2).exe 2014-03-20 22:39 - 2014-03-20 22:39 - 00000000 ____D () C:\Users\Kids\AppData\Roaming\HpUpdate 2014-03-20 09:37 - 2014-03-20 09:37 - 00002354 _____ () C:\Users\Jami\Downloads\invite.ics 2014-03-19 04:16 - 2014-03-19 04:16 - 01070496 _____ (Unity Technologies ApS) C:\Users\Linda\Downloads\UnityWebPlayer (1).exe 2014-03-17 17:22 - 2014-03-18 15:00 - 00000000 ____D () C:\Users\Jami\Desktop\Schedules 2014-03-15 06:42 - 2014-03-15 06:43 - 00000000 ____D () C:\Users\Jami\Desktop\serra band boosters 2014-03-15 03:19 - 2014-03-15 03:19 - 01070496 _____ (Unity Technologies ApS) C:\Users\Linda\Downloads\UnityWebPlayer.exe 2014-03-14 17:48 - 2014-03-14 17:48 - 00381488 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-11 17:51 - 2014-02-23 01:13 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-11 17:51 - 2014-02-23 01:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-11 17:51 - 2014-02-23 01:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll 2014-03-11 17:51 - 2014-02-23 01:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll 2014-03-11 17:51 - 2014-02-23 01:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-11 17:51 - 2014-02-23 01:12 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-11 17:51 - 2014-02-23 01:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-11 17:51 - 2014-02-23 01:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-11 17:51 - 2014-02-23 01:11 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-11 17:51 - 2014-02-23 01:11 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-11 17:51 - 2014-02-23 01:11 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-11 17:51 - 2014-02-23 01:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-03-11 17:51 - 2014-02-23 01:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-03-11 17:51 - 2014-02-23 01:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-11 17:51 - 2014-02-23 01:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-11 17:51 - 2014-02-23 01:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-11 17:51 - 2014-02-22 23:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-11 17:51 - 2014-02-22 23:54 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-11 17:51 - 2014-02-22 23:54 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll 2014-03-11 17:51 - 2014-02-22 23:53 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-11 17:51 - 2014-02-22 23:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-11 17:51 - 2014-02-22 23:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-11 17:51 - 2014-02-22 23:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-11 17:51 - 2014-02-22 23:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-03-11 17:51 - 2014-02-22 23:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-11 17:51 - 2014-02-22 23:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-11 17:51 - 2014-02-22 23:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-03-11 17:51 - 2014-02-22 23:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-11 17:51 - 2014-02-22 23:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-11 17:51 - 2014-02-22 23:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-11 17:51 - 2014-02-22 23:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-11 17:51 - 2014-02-22 23:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-11 17:51 - 2014-02-22 21:06 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll 2014-03-11 17:51 - 2014-02-07 21:34 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-11 17:51 - 2014-02-05 16:41 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-11 17:51 - 2014-02-05 16:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-03-11 17:51 - 2014-01-30 17:48 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-11 17:51 - 2014-01-30 17:06 - 01628160 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-11 17:51 - 2013-12-06 23:36 - 19751936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-03-11 17:51 - 2013-12-06 22:15 - 17560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-03-11 17:51 - 2013-10-25 00:34 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2014-03-11 17:51 - 2013-10-24 15:34 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2014-03-11 07:25 - 2014-03-11 07:25 - 00000000 ____D () C:\Users\Jami\AppData\Roaming\LVMaintenance 2014-03-09 18:41 - 2014-03-09 18:41 - 00000000 ____D () C:\Users\Jami\AppData\Roaming\Pogo Games 2014-03-08 21:07 - 2014-03-08 21:07 - 00402696 _____ () C:\Users\Jami\Downloads\setup.exe 2014-03-08 07:37 - 2014-03-08 07:37 - 00000000 ____D () C:\Users\Jami\Documents\Add-in Express 2014-03-08 07:37 - 2014-03-08 07:37 - 00000000 ____D () C:\Program Files (x86)\PrintEco 2014-03-08 07:36 - 2014-03-08 07:37 - 00000000 ____D () C:\Users\Jami\AppData\Roaming\ContentExplorer 2014-03-08 07:34 - 2014-03-08 07:36 - 00000000 ____D () C:\Users\Jami\AppData\Roaming\FlvtoConverter 2014-03-08 07:34 - 2014-03-08 07:34 - 00000000 ____D () C:\Users\Jami\AppData\Local\FlvtoYoutubeDownloader 2014-03-08 07:33 - 2014-03-12 17:48 - 00000000 ____D () C:\Users\Jami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flvto Youtube Downloader 2014-03-08 07:32 - 2014-03-12 17:48 - 00000000 ____D () C:\Users\Jami\AppData\Local\Flvto Youtube Downloader 2014-03-08 07:31 - 2014-03-08 07:31 - 00678032 _____ (Hotger) C:\Users\Jami\Downloads\FYDMystart.exe 2014-03-08 07:31 - 2014-03-08 07:31 - 00622736 _____ (Hotger) C:\Users\Jami\Downloads\FYDLoad.exe 2014-03-07 20:32 - 2014-03-27 15:38 - 00000000 ____D () C:\Users\Jami\Desktop\World of Warcraft 2014-03-07 20:32 - 2014-03-07 20:32 - 00000913 _____ () C:\Users\Public\Desktop\World of Warcraft.lnk 2014-03-06 11:47 - 2014-03-06 11:48 - 00010240 ___SH () C:\Users\Public\Thumbs.db 2014-03-06 11:03 - 2014-03-06 11:03 - 00001079 _____ () C:\Users\Public\Desktop\WD My Cloud.lnk 2014-03-06 11:03 - 2014-03-06 11:03 - 00000000 ____D () C:\Program Files (x86)\Western Digital 2014-03-06 11:02 - 2014-03-06 11:02 - 00000000 ____D () C:\Users\Jami\AppData\Roaming\com.wd.WDMyCloud 2014-03-06 10:57 - 2014-03-06 10:57 - 64458736 _____ () C:\Users\Jami\Downloads\WDMyCloud_win (1).exe 2014-03-06 10:11 - 2014-03-06 10:12 - 83293072 _____ (Blizzard Entertainment) C:\Users\Jami\Downloads\World-of-Warcraft-Setup-enUS.exe 2014-02-27 21:37 - 2014-03-24 21:52 - 00000000 ____D () C:\Users\Jami\Documents\andrea folder 2014-02-27 08:27 - 2014-02-27 08:27 - 00543088 _____ (ROBLOX Corporation) C:\Users\Jami\Downloads\RobloxPlayerLauncher (9).exe ==================== One Month Modified Files and Folders ======= 2014-03-28 13:13 - 2014-03-28 13:12 - 00022754 _____ () C:\Users\Jami\Desktop\FRST.txt 2014-03-28 13:12 - 2014-03-27 15:52 - 00000000 ____D () C:\FRST 2014-03-28 13:08 - 2013-02-24 22:28 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1638031616-1474997356-39108045-1002 2014-03-28 13:05 - 2012-07-25 22:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2014-03-28 13:04 - 2014-03-23 14:17 - 00000000 ____D () C:\Users\Jami\AppData\Roaming\Raptr 2014-03-28 13:03 - 2013-02-24 22:30 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-28 13:03 - 2013-01-07 04:52 - 01759139 _____ () C:\Windows\WindowsUpdate.log 2014-03-28 13:03 - 2012-07-26 00:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-28 13:01 - 2014-03-27 19:09 - 00000000 ____D () C:\AdwCleaner 2014-03-28 13:00 - 2014-03-28 13:00 - 00002823 _____ () C:\Users\Jami\Desktop\instructions.txt 2014-03-28 13:00 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\sru 2014-03-28 12:59 - 2014-03-28 12:59 - 00007311 _____ () C:\Users\Jami\Desktop\reports.txt 2014-03-28 12:48 - 2013-05-29 09:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-28 12:17 - 2013-02-24 22:30 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-28 10:50 - 2012-07-25 22:26 - 00000154 _____ () C:\Windows\win.ini 2014-03-28 10:07 - 2014-03-28 10:07 - 00633712 _____ (ROBLOX Corporation) C:\Users\Jami\Downloads\RobloxPlayerLauncher (19).exe 2014-03-28 10:07 - 2014-03-28 10:07 - 00001322 _____ () C:\Users\Jami\Desktop\ROBLOX Player.lnk 2014-03-28 10:07 - 2014-03-28 10:07 - 00001141 _____ () C:\Users\Jami\Desktop\ROBLOX Studio 2013.lnk 2014-03-28 10:07 - 2014-03-28 10:07 - 00000000 ____D () C:\ProgramData\Roblox 2014-03-28 10:07 - 2014-03-28 10:07 - 00000000 ____D () C:\Program Files (x86)\Roblox 2014-03-28 09:36 - 2014-03-28 09:36 - 00633712 _____ (ROBLOX Corporation) C:\Users\Jami\Downloads\RobloxPlayerLauncher (18).exe 2014-03-28 09:36 - 2014-03-28 09:36 - 00633712 _____ (ROBLOX Corporation) C:\Users\Jami\Downloads\RobloxPlayerLauncher (17).exe 2014-03-28 09:35 - 2014-03-28 09:35 - 00633712 _____ (ROBLOX Corporation) C:\Users\Jami\Downloads\RobloxPlayerLauncher (16).exe 2014-03-28 09:35 - 2014-03-28 09:35 - 00633712 _____ (ROBLOX Corporation) C:\Users\Jami\Downloads\RobloxPlayerLauncher (15).exe 2014-03-28 09:33 - 2014-03-28 09:33 - 00633712 _____ (ROBLOX Corporation) C:\Users\Jami\Downloads\RobloxPlayerLauncher (14).exe 2014-03-28 09:30 - 2014-03-28 09:30 - 00633712 _____ (ROBLOX Corporation) C:\Users\Jami\Downloads\RobloxPlayerLauncher (13).exe 2014-03-27 21:18 - 2014-03-27 21:18 - 00633712 _____ (ROBLOX Corporation) C:\Users\Jami\Downloads\RobloxPlayerLauncher (12).exe 2014-03-27 20:40 - 2014-02-18 14:21 - 00000000 ____D () C:\Users\Jami\Desktop\Equine Ranch 2014-03-27 19:57 - 2012-07-26 00:28 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-27 19:06 - 2014-03-27 19:06 - 01950720 _____ () C:\Users\Jami\Desktop\AdwCleaner.exe 2014-03-27 19:05 - 2014-03-27 19:05 - 00006393 _____ () C:\Users\Jami\Desktop\JRT.txt 2014-03-27 18:56 - 2014-03-27 18:56 - 01038974 _____ (Thisisu) C:\Users\Jami\Desktop\JRT.exe 2014-03-27 16:06 - 2014-03-27 16:04 - 00008283 _____ () C:\Users\Jami\Desktop\attach.txt 2014-03-27 16:05 - 2014-03-27 16:04 - 00020805 _____ () C:\Users\Jami\Desktop\dds.txt 2014-03-27 16:03 - 2014-03-27 16:03 - 00688992 ____R (Swearware) C:\Users\Jami\Downloads\dds.scr 2014-03-27 15:54 - 2014-03-27 15:53 - 00036665 _____ () C:\Users\Jami\Downloads\Addition.txt 2014-03-27 15:54 - 2014-03-27 15:52 - 00055109 _____ () C:\Users\Jami\Downloads\FRST.txt 2014-03-27 15:52 - 2014-03-27 15:52 - 02157056 _____ (Farbar) C:\Users\Jami\Desktop\FRST64.exe 2014-03-27 15:52 - 2014-03-27 15:51 - 01145856 _____ (Farbar) C:\Users\Jami\Downloads\FRST.exe 2014-03-27 15:41 - 2014-03-27 15:41 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Jami\Downloads\rkill64.exe 2014-03-27 15:41 - 2014-03-27 15:41 - 00001904 _____ () C:\Users\Jami\Desktop\Rkill.txt 2014-03-27 15:40 - 2014-03-27 15:40 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Jami\Downloads\rkill.exe 2014-03-27 15:38 - 2014-03-07 20:32 - 00000000 ____D () C:\Users\Jami\Desktop\World of Warcraft 2014-03-27 15:38 - 2013-02-24 22:30 - 00000000 ____D () C:\Users\Jami\AppData\Local\Deployment 2014-03-27 13:10 - 2013-08-31 16:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-27 13:02 - 2014-03-27 13:02 - 00000000 ____D () C:\Users\Jami\AppData\Local\Macromedia 2014-03-27 13:01 - 2014-03-27 13:01 - 00001154 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-03-27 13:01 - 2014-03-27 13:01 - 00000000 ____D () C:\Users\Jami\AppData\Local\Mozilla 2014-03-27 13:01 - 2014-03-27 13:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-27 13:01 - 2013-02-25 12:43 - 00000000 ____D () C:\Users\Jami\AppData\Roaming\Mozilla 2014-03-27 13:00 - 2014-03-27 13:00 - 00282880 _____ (Mozilla) C:\Users\Jami\Downloads\Firefox Setup Stub 28.0.exe 2014-03-27 12:54 - 2014-02-03 20:07 - 00634880 ___SH () C:\Users\Jami\Desktop\Thumbs.db 2014-03-26 20:15 - 2012-12-12 02:04 - 01524838 _____ () C:\Windows\PFRO.log 2014-03-26 17:41 - 2014-03-26 17:41 - 00633712 _____ (ROBLOX Corporation) C:\Users\Jami\Downloads\RobloxPlayerLauncher (11).exe 2014-03-26 17:40 - 2014-03-26 17:40 - 00633712 _____ (ROBLOX Corporation) C:\Users\Jami\Downloads\RobloxPlayerLauncher (10).exe 2014-03-26 16:12 - 2013-02-24 22:30 - 00003880 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-03-26 16:12 - 2013-02-24 22:30 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-03-25 17:00 - 2014-03-25 17:00 - 00591616 ____R () C:\Users\Jami\Money Backup_2014-03-25_170039.mbf 2014-03-25 17:00 - 2014-02-13 20:12 - 03768320 _____ () C:\Users\Jami\Money.mny 2014-03-25 17:00 - 2013-02-24 22:21 - 00000000 ____D () C:\Users\Jami 2014-03-25 10:15 - 2014-03-25 10:15 - 00000073 _____ () C:\Users\Jami\Desktop\AFNI.txt 2014-03-25 10:12 - 2014-03-25 10:12 - 00576268 ____R () C:\Users\Jami\Money Backup_2014-03-25_101159.mbf 2014-03-24 21:52 - 2014-02-27 21:37 - 00000000 ____D () C:\Users\Jami\Documents\andrea folder 2014-03-24 11:13 - 2014-03-24 11:13 - 00611054 ____R () C:\Users\Jami\Money Backup_2014-03-24_111319.mbf 2014-03-24 03:15 - 2012-07-25 22:26 - 00524288 ___SH () C:\Windows\system32\config\BBI 2014-03-23 16:03 - 2013-03-18 15:36 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft 2014-03-23 16:02 - 2014-03-23 16:02 - 00000318 _____ () C:\Users\Jami\Desktop\Curse Client.appref-ms 2014-03-23 16:02 - 2014-03-23 16:02 - 00000000 ____D () C:\Users\Jami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse 2014-03-23 14:54 - 2014-03-23 14:54 - 00402696 _____ () C:\Users\Jami\Downloads\setup (1).exe 2014-03-23 14:26 - 2014-03-23 14:26 - 00060777 _____ () C:\Windows\SysWOW64\CCCInstall_201403231426475854.log 2014-03-23 14:26 - 2014-03-23 14:26 - 00000000 ____D () C:\ProgramData\ATI 2014-03-23 14:26 - 2014-03-23 14:26 - 00000000 ____D () C:\Program Files\ATI Technologies 2014-03-23 14:26 - 2013-01-07 04:50 - 00000000 ____D () C:\ProgramData\AMD 2014-03-23 14:25 - 2014-03-23 14:25 - 00000103 _____ () C:\Windows\setupact.log 2014-03-23 14:25 - 2014-03-23 14:25 - 00000000 ____D () C:\Windows\LastGood.Tmp 2014-03-23 14:25 - 2014-03-23 14:25 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-23 14:25 - 2013-01-07 04:50 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies 2014-03-23 14:24 - 2014-03-23 14:24 - 00000000 ____D () C:\ProgramData\Package Cache 2014-03-23 14:21 - 2014-03-23 14:21 - 00000000 ____D () C:\AMD 2014-03-23 14:18 - 2014-03-23 14:18 - 00000000 ____D () C:\Users\Jami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved 2014-03-23 14:18 - 2014-03-23 14:17 - 00000000 ____D () C:\Program Files (x86)\Raptr 2014-03-23 14:17 - 2014-03-23 14:17 - 01007930 _____ () C:\Users\Jami\Downloads\amddriverdownload_installer.exe 2014-03-23 14:17 - 2014-03-23 14:17 - 00000000 ____D () C:\Users\Jami\AppData\Roaming\library_dir 2014-03-22 23:51 - 2014-03-22 23:50 - 40893773 _____ () C:\Users\Jami\Downloads\DefaultDan.zip 2014-03-22 22:41 - 2014-02-11 20:49 - 00000000 ____D () C:\Users\Jami\Desktop\alyssa homework #2 2014-03-22 10:49 - 2013-10-16 05:06 - 00001353 _____ () C:\Users\Kids\Desktop\ROBLOX Player.lnk 2014-03-22 10:49 - 2013-10-16 05:06 - 00000000 ____D () C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox 2014-03-22 10:46 - 2014-03-22 10:46 - 00633712 _____ (ROBLOX Corporation) C:\Users\Linda\Downloads\RobloxPlayerLauncher (8).exe 2014-03-22 10:46 - 2014-03-22 10:45 - 00633712 _____ (ROBLOX Corporation) C:\Users\Linda\Downloads\RobloxPlayerLauncher (7).exe 2014-03-22 03:20 - 2014-02-08 12:49 - 00001354 _____ () C:\Users\Linda\Desktop\ROBLOX Player.lnk 2014-03-22 03:20 - 2014-02-08 12:48 - 00001173 _____ () C:\Users\Linda\Desktop\ROBLOX Studio 2013.lnk 2014-03-22 03:20 - 2014-02-08 12:48 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox 2014-03-22 03:19 - 2014-03-22 03:19 - 00633712 _____ (ROBLOX Corporation) C:\Users\Linda\Downloads\RobloxPlayerLauncher (6).exe 2014-03-22 03:16 - 2014-03-22 02:41 - 00000000 ____D () C:\Users\Linda\Documents\kids 2014-03-22 02:54 - 2013-10-24 20:11 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1638031616-1474997356-39108045-1007 2014-03-21 01:42 - 2014-03-21 01:42 - 01070496 _____ (Unity Technologies ApS) C:\Users\Linda\Downloads\UnityWebPlayer (3).exe 2014-03-21 01:42 - 2014-03-21 01:42 - 00000000 ____D () C:\Users\Linda\AppData\Local\Unity 2014-03-21 01:41 - 2014-03-21 01:41 - 01070496 _____ (Unity Technologies ApS) C:\Users\Linda\Downloads\UnityWebPlayer (2).exe 2014-03-20 22:39 - 2014-03-20 22:39 - 00000000 ____D () C:\Users\Kids\AppData\Roaming\HpUpdate 2014-03-20 13:54 - 2013-04-01 07:59 - 00000000 ____D () C:\Users\Jami\AppData\Local\Roblox 2014-03-20 09:37 - 2014-03-20 09:37 - 00002354 _____ () C:\Users\Jami\Downloads\invite.ics 2014-03-19 04:34 - 2013-08-14 13:13 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-19 04:32 - 2013-02-25 09:37 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-03-19 04:16 - 2014-03-19 04:16 - 01070496 _____ (Unity Technologies ApS) C:\Users\Linda\Downloads\UnityWebPlayer (1).exe 2014-03-18 15:00 - 2014-03-17 17:22 - 00000000 ____D () C:\Users\Jami\Desktop\Schedules 2014-03-18 09:13 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\AUInstallAgent 2014-03-16 17:34 - 2013-09-04 05:30 - 00000000 ____D () C:\Users\Kids\Documents\alyssa's homework 2014-03-15 07:22 - 2013-09-02 23:00 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1638031616-1474997356-39108045-1006 2014-03-15 06:48 - 2013-10-13 06:34 - 00000000 ___RD () C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-15 06:48 - 2013-10-13 06:34 - 00000000 ___RD () C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-03-15 06:43 - 2014-03-15 06:42 - 00000000 ____D () C:\Users\Jami\Desktop\serra band boosters 2014-03-15 06:40 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\NDF 2014-03-15 03:19 - 2014-03-15 03:19 - 01070496 _____ (Unity Technologies ApS) C:\Users\Linda\Downloads\UnityWebPlayer.exe 2014-03-15 02:17 - 2013-10-24 18:54 - 00000000 ___RD () C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-15 02:17 - 2013-10-24 18:54 - 00000000 ___RD () C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-03-14 17:48 - 2014-03-14 17:48 - 00381488 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-14 03:22 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\rescache 2014-03-13 17:00 - 2013-02-24 22:23 - 00000000 ___RD () C:\Users\Jami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-13 17:00 - 2013-02-24 22:23 - 00000000 ___RD () C:\Users\Jami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-03-13 16:58 - 2013-07-11 00:52 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-13 16:58 - 2013-07-11 00:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-03-13 16:56 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-03-13 16:56 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-03-13 16:55 - 2012-07-26 01:12 - 00000000 ___RD () C:\Windows\ToastData 2014-03-13 16:55 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files\Windows Defender 2014-03-13 16:55 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-03-12 18:53 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-03-12 17:48 - 2014-03-08 07:33 - 00000000 ____D () C:\Users\Jami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flvto Youtube Downloader 2014-03-12 17:48 - 2014-03-08 07:32 - 00000000 ____D () C:\Users\Jami\AppData\Local\Flvto Youtube Downloader 2014-03-11 10:48 - 2013-05-29 09:01 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-11 07:25 - 2014-03-11 07:25 - 00000000 ____D () C:\Users\Jami\AppData\Roaming\LVMaintenance 2014-03-09 18:41 - 2014-03-09 18:41 - 00000000 ____D () C:\Users\Jami\AppData\Roaming\Pogo Games 2014-03-09 18:27 - 2013-12-26 02:43 - 00000000 ____D () C:\Users\Jami\Documents\andrea 2014-03-08 21:07 - 2014-03-08 21:07 - 00402696 _____ () C:\Users\Jami\Downloads\setup.exe 2014-03-08 07:51 - 2013-03-14 11:26 - 00823808 ___SH () C:\Users\Jami\Downloads\Thumbs.db 2014-03-08 07:37 - 2014-03-08 07:37 - 00000000 ____D () C:\Users\Jami\Documents\Add-in Express 2014-03-08 07:37 - 2014-03-08 07:37 - 00000000 ____D () C:\Program Files (x86)\PrintEco 2014-03-08 07:37 - 2014-03-08 07:36 - 00000000 ____D () C:\Users\Jami\AppData\Roaming\ContentExplorer 2014-03-08 07:37 - 2013-02-25 00:28 - 00238128 _____ () C:\Windows\RegBootClean64.exe 2014-03-08 07:36 - 2014-03-08 07:34 - 00000000 ____D () C:\Users\Jami\AppData\Roaming\FlvtoConverter 2014-03-08 07:34 - 2014-03-08 07:34 - 00000000 ____D () C:\Users\Jami\AppData\Local\FlvtoYoutubeDownloader 2014-03-08 07:31 - 2014-03-08 07:31 - 00678032 _____ (Hotger) C:\Users\Jami\Downloads\FYDMystart.exe 2014-03-08 07:31 - 2014-03-08 07:31 - 00622736 _____ (Hotger) C:\Users\Jami\Downloads\FYDLoad.exe 2014-03-07 20:32 - 2014-03-07 20:32 - 00000913 _____ () C:\Users\Public\Desktop\World of Warcraft.lnk 2014-03-06 11:57 - 2013-10-16 14:55 - 00000000 ____D () C:\Program Files (x86)\Yahoo! 2014-03-06 11:48 - 2014-03-06 11:47 - 00010240 ___SH () C:\Users\Public\Thumbs.db 2014-03-06 11:03 - 2014-03-06 11:03 - 00001079 _____ () C:\Users\Public\Desktop\WD My Cloud.lnk 2014-03-06 11:03 - 2014-03-06 11:03 - 00000000 ____D () C:\Program Files (x86)\Western Digital 2014-03-06 11:02 - 2014-03-06 11:02 - 00000000 ____D () C:\Users\Jami\AppData\Roaming\com.wd.WDMyCloud 2014-03-06 11:02 - 2014-02-14 21:18 - 00000000 ____D () C:\Users\Jami\AppData\Local\Western Digital 2014-03-06 10:57 - 2014-03-06 10:57 - 64458736 _____ () C:\Users\Jami\Downloads\WDMyCloud_win (1).exe 2014-03-06 10:17 - 2013-08-31 16:15 - 00000000 ____D () C:\Users\Jami\AppData\Local\Thunderbird 2014-03-06 10:12 - 2014-03-06 10:11 - 83293072 _____ (Blizzard Entertainment) C:\Users\Jami\Downloads\World-of-Warcraft-Setup-enUS.exe 2014-03-04 15:52 - 2013-07-11 03:43 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-04 15:52 - 2013-07-11 03:43 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-02-27 08:27 - 2014-02-27 08:27 - 00543088 _____ (ROBLOX Corporation) C:\Users\Jami\Downloads\RobloxPlayerLauncher (9).exe
  7. # AdwCleaner v3.022 - Report created 28/03/2014 at 13:00:17 # Updated 13/03/2014 by Xplode # Operating System : Windows 8 (64 bits) # Username : Jami - JAMIPC # Running from : C:\Users\Jami\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** Service Deleted : vToolbarUpdater17.3.0 ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar [#] Folder Deleted : C:\ProgramData\BitGuard [#] Folder Deleted : C:\ProgramData\Browser Manager [#] Folder Deleted : C:\ProgramData\BrowserProtect Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search Folder Deleted : C:\Users\Jami\AppData\Local\AVG SafeGuard toolbar Folder Deleted : C:\Users\Jami\AppData\LocalLow\AVG SafeGuard toolbar Folder Deleted : C:\Users\Kids\AppData\Local\AVG SafeGuard toolbar Folder Deleted : C:\Users\Kids\AppData\LocalLow\AVG SafeGuard toolbar Folder Deleted : C:\Users\Linda\AppData\Local\AVG SafeGuard toolbar Folder Deleted : C:\Users\Linda\AppData\LocalLow\AVG SafeGuard toolbar Folder Deleted : C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\heoldelcflnigdllmlopiefhkkobendj Folder Deleted : C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\heoldelcflnigdllmlopiefhkkobendj Folder Deleted : C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\heoldelcflnigdllmlopiefhkkobendj Folder Deleted : C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Folder Deleted : C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\heoldelcflnigdllmlopiefhkkobendj Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Key Deleted : HKCU\Software\Classes\iLivid.torrent Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [iLivid] Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1 Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\AVG SafeGuard toolbar Key Deleted : HKLM\Software\AVG SafeGuard toolbar Key Deleted : HKLM\Software\AVG Security Toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16843 -\\ Mozilla Firefox v28.0 (en-US) [ File : C:\Users\Jami\AppData\Roaming\Mozilla\Firefox\Profiles\at73luqo.default\prefs.js ] -\\ Google Chrome v33.0.1750.154 [ File : C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted : homepage [ File : C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted : homepage [ File : C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted : homepage Deleted : search_url Deleted : keyword ************************* AdwCleaner[R0].txt - [8684 octets] - [27/03/2014 19:11:16] AdwCleaner[R1].txt - [8744 octets] - [28/03/2014 12:57:39] AdwCleaner[s0].txt - [8760 octets] - [28/03/2014 13:00:17] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [8820 octets] ##########
  8. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.3 (03.23.2014:1) OS: Windows 8 x64 Ran by Jami on Thu 03/27/2014 at 18:58:02.32 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ilivid Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyricspal Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.bandobjectattribute Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.dockingpanel Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.iesmartbar Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.iesmartbarbandobject Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.smartbardisplaystate Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.smartbarmenuform Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\quickshare_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\quickshare_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\Jami\appdata\local\ilivid" Successfully deleted: [Folder] "C:\Users\Jami\appdata\locallow\datamngr" Successfully deleted: [Folder] "C:\Users\Jami\appdata\locallow\smartbar" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Thu 03/27/2014 at 19:05:01.20 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  9. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.03.27.07 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16843 Jami :: JAMIPC [administrator] 3/27/2014 6:38:00 PM mbam-log-2014-03-27 (18-38-00).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 293256 Time elapsed: 6 minute(s), 46 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  10. Ok, working on everything but first here is the AdwCleaner report, not sure what to remove from this one: # AdwCleaner v3.022 - Report created 27/03/2014 at 19:11:16# Updated 13/03/2014 by Xplode# Operating System : Windows 8 (64 bits)# Username : Jami - JAMIPC# Running from : C:\Users\Jami\Desktop\AdwCleaner.exe# Option : Scan ***** [ Services ] ***** Service Found : vToolbarUpdater17.3.0 ***** [ Files / Folders ] ***** Folder Found : C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\heoldelcflnigdllmlopiefhkkobendjFolder Found : C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\heoldelcflnigdllmlopiefhkkobendjFolder Found : C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblofFolder Found : C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\heoldelcflnigdllmlopiefhkkobendjFolder Found : C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblofFolder Found C:\Program Files (x86)\AVG SafeGuard toolbarFolder Found C:\Program Files (x86)\Common Files\AVG Secure SearchFolder Found C:\ProgramData\AVG SafeGuard toolbarFolder Found C:\ProgramData\BitGuardFolder Found C:\ProgramData\Browser ManagerFolder Found C:\ProgramData\BrowserProtectFolder Found C:\Users\Jami\AppData\Local\AVG SafeGuard toolbarFolder Found C:\Users\Jami\AppData\LocalLow\AVG SafeGuard toolbarFolder Found C:\Users\Kids\AppData\Local\AVG SafeGuard toolbarFolder Found C:\Users\Kids\AppData\LocalLow\AVG SafeGuard toolbarFolder Found C:\Users\Linda\AppData\Local\AVG SafeGuard toolbarFolder Found C:\Users\Linda\AppData\LocalLow\AVG SafeGuard toolbar ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\AVG SafeGuard toolbarKey Found : HKCU\Software\Classes\iLivid.torrentKey Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}Key Found : [x64] HKCU\Software\AVG SafeGuard toolbarKey Found : HKLM\Software\AVG SafeGuard toolbarKey Found : HKLM\Software\AVG Security ToolbarKey Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPIKey Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObjKey Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}Key Found : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}Key Found : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}Key Found : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}Key Found : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}Key Found : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\heoldelcflnigdllmlopiefhkkobendjKey Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblofKey Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exeKey Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exeKey Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exeKey Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exeKey Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exeKey Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exeKey Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exeKey Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exeKey Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exeKey Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exeKey Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exeKey Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exeKey Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exeKey Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exeKey Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exeKey Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exeKey Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exeKey Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exeKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbarKey Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-pluginKey Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdaterKey Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [iLivid]Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16843 -\\ Mozilla Firefox v28.0 (en-US) [ File : C:\Users\Jami\AppData\Roaming\Mozilla\Firefox\Profiles\at73luqo.default\prefs.js ] -\\ Google Chrome v33.0.1750.154 [ File : C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\preferences ] Found : homepage [ File : C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\preferences ] Found : homepage [ File : C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\preferences ] Found : homepageFound : search_urlFound : keyword ************************* AdwCleaner[R0].txt - [8476 octets] - [27/03/2014 19:11:16] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8536 octets] ##########
  11. Hi there, seems I have contracted this virus. Here are the files: dds.txt: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16843 BrowserJavaVersion: 10.40.2Run by Jami at 16:04:20 on 2014-03-27Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.8112.5891 [GMT -7:00].AV: Trend Micro Titanium Maximum Security *Enabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Trend Micro Titanium Maximum Security *Enabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\dwm.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\atieclxx.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\Trend Micro\AMSP\coreServiceShell.exeC:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exeC:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exeC:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exeC:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exeC:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exeC:\Windows\system32\dashost.exeC:\Windows\SysWOW64\svchost.exe -k hpdevmgmtC:\Windows\System32\svchost.exe -k HPZ12C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\PasswordBox\pbbtnService.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\system32\svchost.exe -k imgsvcC:\Windows\system32\taskhostex.exeC:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exeC:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exeC:\Windows\system32\svchost.exe -k HPServiceC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Windows\System32\WUDFHost.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exeC:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exeC:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exeC:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exeC:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exeC:\PROGRA~2\Raptr\raptr.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exeC:\PROGRA~2\Raptr\raptr_im.exeC:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exeC:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exeC:\Program Files (x86)\Raptr\raptr_ep64.exeC:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeC:\Windows\system32\vssvc.exeC:\Windows\system32\taskhost.exeC:\Windows\System32\svchost.exe -k swprvC:\Windows\SYSTEM32\notepad.exeC:\Windows\SYSTEM32\notepad.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mStart Page = about:blankuProxyServer = hxxp=127.0.0.1:47145;https=127.0.0.1:47145uProxyOverride = <-loopback>mWinlogon: Userinit = userinit.exe,BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20013\1.0.1221\1.0.1221\TmopIEPlg32.dllBHO: TSToolbarBHO: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dllBHO: PasswordBox Helper: {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.2.101\AVG SafeGuard toolbar_toolbar.dllBHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1137\7.5.1137\TmBpIe32.dllBHO: PrintEco: {BEB54677-E12F-44E7-AC7E-48241B866B5F} - C:\Program Files (x86)\PrintEco\PrintEco Office\adxloader.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllTB: Trend Micro Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dllTB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.2.101\AVG SafeGuard toolbar_toolbar.dllTB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} - uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silentuRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silentuRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorunuRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quietuRun: [iLivid] "C:\Users\Jami\AppData\Local\iLivid\iLivid.exe" -autorunuRun: [ContentExplorer] "C:\Users\Jami\AppData\Roaming\ContentExplorer\ContentExplorer.exe"uRun: [LVMaintenance] C:\Users\Jami\AppData\Roaming\LVMaintenance\LVMaintenance.exeuRun: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startupuRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [ASUS Easy Update] C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exemRun: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exemRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" amlmRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorunmRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exemRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exemRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRunStartupFolder: C:\Users\Jami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccipStartupFolder: C:\Users\Jami\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exeTrusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: soe.comTrusted Zone: sony.comTCP: NameServer = 209.18.47.61 209.18.47.62TCP: Interfaces\{5816852B-5C92-4444-B820-A2B886E88934} : DHCPNameServer = 209.18.47.61 209.18.47.62Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1137\7.5.1137\TmBpIe32.dllHandler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20013\1.0.1221\1.0.1221\TmopIEPlg32.dllHandler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dllHandler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dllHandler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromeIFEO: bitguard.exe - tasklist.exeIFEO: bprotect.exe - tasklist.exeIFEO: bpsvc.exe - tasklist.exeIFEO: browsemngr.exe - tasklist.exeIFEO: browserdefender.exe - tasklist.exex64-mStart Page = about:blankx64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20013\1.0.1221\1.0.1221\TmopIEPlg.dllx64-BHO: QuickShare WidgetEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} - x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1137\7.5.1137\TmBpIe64.dllx64-BHO: PrintEco: {BEB54677-E12F-44E7-AC7E-48241B866B5F} - C:\Program Files (x86)\PrintEco\PrintEco Office\adxloader64.dllx64-TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} - x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -sx64-Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""x64-Run: [etMonitor] C:\Windows\etMon.exex64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1137\7.5.1137\TmBpIe64.dllx64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20013\1.0.1221\1.0.1221\TmopIEPlg.dllx64-Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - <orphaned>x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned>x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-SSODL: WebCheck - <orphaned>x64-IFEO: bitguard.exe - tasklist.exex64-IFEO: bprotect.exe - tasklist.exex64-IFEO: bpsvc.exe - tasklist.exex64-IFEO: browsemngr.exe - tasklist.exex64-IFEO: browserdefender.exe - tasklist.exe.Note: multiple IFEO entries found. Please refer to Attach.txt.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Jami\AppData\Roaming\Mozilla\Firefox\Profiles\at73luqo.default\FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\npsitesafety.dllFF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dllFF - plugin: C:\Users\Jami\AppData\Local\Roblox\Versions\version-a70065f9195a4a76\NPRobloxProxy.dllFF - plugin: C:\Users\Jami\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dllFF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dllFF - plugin: C:\Windows\SysWOW64\npDeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dll.============= SERVICES / DRIVERS ===============.R0 amd_sata;amd_sata;C:\Windows\System32\Drivers\amd_sata.sys [2013-1-7 79016]R0 amd_xata;amd_xata;C:\Windows\System32\Drivers\amd_xata.sys [2013-1-7 26280]R0 TMEBC;TMEBC;C:\Windows\System32\Drivers\TMEBC64.sys [2013-2-24 46392]R1 tmevtmgr;tmevtmgr;C:\Windows\System32\Drivers\tmevtmgr.sys [2013-2-24 77184]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-10-17 239616]R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-12-6 344064]R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2013-2-24 310952]R2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2013-9-19 59648]R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [2012-12-12 920736]R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-12-12 951936]R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2012-12-12 149120]R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-5-24 1840128]R2 Fitbit Connect;Fitbit Connect Service;C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [2013-2-25 1239584]R2 PasswordBox;PasswordBox;C:\Program Files (x86)\PasswordBox\pbbtnService.exe [2013-11-1 67584]R2 tmusa;Trend Micro Osprey Driver;C:\Windows\System32\Drivers\tmusa.sys [2013-2-24 92456]R2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [2014-1-10 1772056]R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2013-9-24 215040]R3 AU8168;AU 8168 NT Driver;C:\Windows\System32\Drivers\au630x64.sys [2013-9-23 792648]R3 tmeevw;tmeevw;C:\Windows\System32\Drivers\tmeevw.sys [2013-2-24 94520]R3 tmnciesc;tmnciesc;C:\Windows\System32\Drivers\tmnciesc.sys [2013-2-24 210232]R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2013-1-7 57000]R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]S0 tmel;tmel;C:\Windows\System32\Drivers\tmel.sys [2013-2-24 34224]S3 DCamUSBET;ET USB 2760 Camera;C:\Windows\System32\Drivers\etDevice64.sys [2007-7-23 527744]S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudbus.sys [2013-2-6 102936]S3 FiltUSBET;ET USB Device Lower Filter;C:\Windows\System32\Drivers\etFilter64.sys [2007-6-14 281088]S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-4-26 2702848]S3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-12-12 690832]S3 ScanUSBET;ET USB Still Image Capture Device;C:\Windows\System32\Drivers\etScan64.sys [2007-7-23 9216]S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudmdm.sys [2013-2-6 203544]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784].=============== File Associations ===============.FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice].=============== Created Last 30 ================.2014-03-27 22:52:40 -------- d-----w- C:\FRST2014-03-27 20:02:08 -------- d-----w- C:\Users\Jami\AppData\Local\Macromedia2014-03-27 20:01:13 -------- d-----w- C:\Users\Jami\AppData\Local\Mozilla2014-03-23 21:26:18 -------- d-----w- C:\Program Files\ATI Technologies2014-03-23 21:25:26 -------- d-----w- C:\Windows\LastGood.Tmp2014-03-23 21:24:34 -------- d-----w- C:\ProgramData\Package Cache2014-03-23 21:21:42 -------- d-----w- C:\AMD2014-03-23 21:17:56 -------- d-----w- C:\Users\Jami\AppData\Roaming\library_dir2014-03-23 21:17:30 -------- d-----w- C:\Users\Jami\AppData\Roaming\Raptr2014-03-23 21:17:18 -------- d-----w- C:\Program Files (x86)\Raptr2014-03-15 02:25:29 254640 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10236.bin2014-03-11 14:25:54 -------- d-----w- C:\Users\Jami\AppData\Roaming\LVMaintenance2014-03-10 01:41:25 -------- d-----w- C:\Users\Jami\AppData\Roaming\Pogo Games2014-03-08 14:37:40 -------- d-----w- C:\Program Files (x86)\PrintEco2014-03-08 14:36:42 -------- d-----w- C:\Users\Jami\AppData\Roaming\ContentExplorer2014-03-08 14:34:36 -------- d-----w- C:\Users\Jami\AppData\Local\FlvtoYoutubeDownloader2014-03-08 14:34:35 -------- d-----w- C:\Users\Jami\AppData\Roaming\FlvtoConverter2014-03-08 14:32:39 -------- d-----w- C:\Users\Jami\AppData\Local\Flvto Youtube Downloader2014-03-06 18:03:15 -------- d-----w- C:\Program Files (x86)\Western Digital2014-03-06 18:02:54 -------- d-----w- C:\Users\Jami\AppData\Roaming\com.wd.WDMyCloud.==================== Find3M ====================.2014-03-08 14:37:47 238128 ----a-w- C:\Windows\RegBootClean64.exe2014-03-04 22:52:34 78304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2014-03-04 22:52:34 694240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2014-02-23 08:13:41 2241536 ----a-w- C:\Windows\System32\wininet.dll2014-02-23 08:13:31 915968 ----a-w- C:\Windows\System32\uxtheme.dll2014-02-23 08:13:31 53760 ----a-w- C:\Windows\System32\UXInit.dll2014-02-23 08:11:59 3960320 ----a-w- C:\Windows\System32\jscript9.dll2014-02-23 08:11:52 67072 ----a-w- C:\Windows\System32\iesetup.dll2014-02-23 08:11:52 136704 ----a-w- C:\Windows\System32\iesysprep.dll2014-02-23 06:54:46 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2014-02-23 06:54:37 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll2014-02-23 06:53:22 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll2014-02-23 06:53:18 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2014-02-23 06:53:18 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2014-02-23 06:35:36 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2014-02-23 06:31:25 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2014-02-23 04:06:33 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll2014-02-08 04:34:42 4036608 ----a-w- C:\Windows\System32\win32k.sys2014-02-05 23:41:39 595968 ----a-w- C:\Windows\System32\qedit.dll2014-02-05 23:37:51 496640 ----a-w- C:\Windows\SysWow64\qedit.dll2014-01-31 00:48:33 1339392 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll2014-01-31 00:06:01 1628160 ----a-w- C:\Windows\System32\WindowsCodecs.dll2014-01-12 23:30:39 2032640 ----a-w- C:\Windows\SysWow64\d3d10warp.dll2014-01-12 23:30:18 2238976 ----a-w- C:\Windows\System32\d3d10warp.dll.============= FINISH: 16:04:36.97 =============== attach.txt: .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 8Boot Device: \Device\HarddiskVolume2Install Date: 2/24/2013 9:21:23 PMSystem Uptime: 3/27/2014 3:36:49 PM (1 hours ago).Motherboard: ASUSTeK COMPUTER INC. | | CM1855Processor: AMD FX-8120 Eight-Core Processor | Socket 942 | 3100/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 150 GiB total, 14.2 GiB free.D: is FIXED (NTFS) - 764 GiB total, 764.161 GiB free.E: is CDROM (UDF)F: is RemovableG: is RemovableH: is RemovableI: is RemovableJ: is FIXED (FAT32) - 32 GiB total, 31.748 GiB free..==== Disabled Device Manager Items =============.Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}Description: Officejet J4680 seriesDevice ID: ROOT\MULTIFUNCTION\0000Manufacturer: HPName: Officejet J4680 seriesPNP Device ID: ROOT\MULTIFUNCTION\0000Service: .==== System Restore Points ===================.No restore point in system..==== Image File Execution Options =============.IFEO: bitguard.exe - tasklist.exeIFEO: bprotect.exe - tasklist.exeIFEO: bpsvc.exe - tasklist.exeIFEO: browsemngr.exe - tasklist.exeIFEO: browserdefender.exe - tasklist.exeIFEO: browsermngr.exe - tasklist.exeIFEO: browserprotect.exe - tasklist.exeIFEO: browsersafeguard.exe - tasklist.exeIFEO: bundlesweetimsetup.exe - tasklist.exeIFEO: cltmngsvc.exe - tasklist.exeIFEO: delta babylon.exe - tasklist.exeIFEO: delta tb.exe - tasklist.exeIFEO: delta2.exe - tasklist.exeIFEO: deltainstaller.exe - tasklist.exeIFEO: deltasetup.exe - tasklist.exeIFEO: deltatb.exe - tasklist.exeIFEO: deltatb_2501-c733154b.exe - tasklist.exeIFEO: dprotectsvc.exe - tasklist.exeIFEO: iminentsetup.exe - tasklist.exeIFEO: protectedsearch.exe - tasklist.exeIFEO: rjatydimofu.exe - tasklist.exeIFEO: searchprotection.exe - tasklist.exeIFEO: searchprotector.exe - tasklist.exeIFEO: snapdo.exe - tasklist.exeIFEO: stinst32.exe - tasklist.exeIFEO: stinst64.exe - tasklist.exeIFEO: sweetimsetup.exe - tasklist.exeIFEO: tbdelta.exetoolbar783881609.exe - tasklist.exeIFEO: utiljumpflip.exe - tasklist.exex64-IFEO: bitguard.exe - tasklist.exex64-IFEO: bprotect.exe - tasklist.exex64-IFEO: bpsvc.exe - tasklist.exex64-IFEO: browsemngr.exe - tasklist.exex64-IFEO: browserdefender.exe - tasklist.exex64-IFEO: browsermngr.exe - tasklist.exex64-IFEO: browserprotect.exe - tasklist.exex64-IFEO: browsersafeguard.exe - tasklist.exex64-IFEO: bundlesweetimsetup.exe - tasklist.exex64-IFEO: cltmngsvc.exe - tasklist.exex64-IFEO: delta babylon.exe - tasklist.exex64-IFEO: delta tb.exe - tasklist.exex64-IFEO: delta2.exe - tasklist.exex64-IFEO: deltainstaller.exe - tasklist.exex64-IFEO: deltasetup.exe - tasklist.exex64-IFEO: deltatb.exe - tasklist.exex64-IFEO: deltatb_2501-c733154b.exe - tasklist.exex64-IFEO: dprotectsvc.exe - tasklist.exex64-IFEO: iminentsetup.exe - tasklist.exex64-IFEO: protectedsearch.exe - tasklist.exex64-IFEO: rjatydimofu.exe - tasklist.exex64-IFEO: searchprotection.exe - tasklist.exex64-IFEO: searchprotector.exe - tasklist.exex64-IFEO: snapdo.exe - tasklist.exex64-IFEO: stinst32.exe - tasklist.exex64-IFEO: stinst64.exe - tasklist.exex64-IFEO: sweetimsetup.exe - tasklist.exex64-IFEO: tbdelta.exetoolbar783881609.exe - tasklist.exex64-IFEO: utiljumpflip.exe - tasklist.exe.==== Installed Programs ======================.???????4660_4680_Help64 Bit HP CIO Components InstallerAdobe Flash Player 12 PluginAdobe Reader X (10.1.8) MUIAdobe Shockwave Player 12.0AI Suite IIAMD Accelerated Video TranscodingAMD APP SDK RuntimeAMD Catalyst Control CenterAMD Catalyst Install ManagerAMD FuelApple Application SupportApple Mobile Device SupportApple Software UpdateASUS Music MakerASUS MX SuiteASUS Video easyASUSDVDAVG SafeGuard toolbarBonjourBonjour Print Servicesbpd_scanBPDSoftwareBPDSoftware_IniBufferChmCarboniteCatalyst Control Center - BrandingCatalyst Control Center Graphics Previews CommonCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishContentExplorerCopyTrans Suite Remove OnlyCurse ClientD3DX10DestinationsDeviceDiscoveryDocProcFaxFirebird SQL Server - MAGIX EditionFitbit ConnectFotogalerieGaleria de FotografiasGalerie de photosGalería de fotosGoogle ChromeGoogle Update HelperGPBaseService2HP Customer Participation Program 14.0HP Imaging Device Functions 14.0HP OfficeJet J4600 All-In-One SeriesHP Solution Center 14.0HP UpdateHPProductAssistantHPSSupplyHydraVisioniTunesJ4680Java 7 Update 40Java Auto UpdaterLINELK MaintenanceMalwarebytes Anti-Malware version 1.75.0.1300MarketResearchMicrosoft Application Error ReportingMicrosoft Money PlusMicrosoft Money Shared LibrariesMicrosoft SilverlightMicrosoft SkyDriveMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727Microsoft WSE 3.0 RuntimeMovie MakerMozilla Firefox 28.0 (x86 en-US)Mozilla Maintenance ServiceMSVCRTMSVCRT110MSVCRT110_amd64MSXML 4.0 SP3 ParserMSXML 4.0 SP3 Parser (KB2758694)Network64OCR Software by I.R.I.S. 14.0OpenOffice.org 3.4.1OPERATION MANIAOriginOverlordPhoto CommonPhoto GalleryPhotoFiltre 7Plants vs. Zombies: Game of the YearPrintEco OfficeProductContextQuickShareQuit KeeperRaccolta fotoRaptrRealtek Ethernet Controller DriverROBLOX Player for JamiROBLOX Studio 2013 for JamiS?????? f?t???af???ScanShop for HP SuppliesSid Meier's Civilization III: CompleteSid Meier's Civilization IVSid Meier's Civilization VSolutionCenterStatusSteamswMSMThe Sims 2The Sims 2 NightlifeThe Sims 2 Open For BusinessThe Sims 2 PetsThe Sims™ 2 SeasonsThe Sims™ 3ToolboxTrayAppTrend Micro TitaniumTrend Micro Titanium Maximum SecurityUnity Web PlayerVentrilo ClientWD My CloudWebRegWindows LiveWindows Live ???Windows Live Communications PlatformWindows Live EssentialsWindows Live InstallerWindows Live Photo CommonWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWizard101World of WarcraftYahoo! MessengerYahoo! Software UpdateZuma's Revenge.==== Event Viewer Messages From Past Week ========.3/27/2014 9:28:43 AM, Error: Service Control Manager [7038] - The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).3/22/2014 1:06:14 PM, Error: Schannel [36888] - A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 11..==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.