Jump to content

Recommended Posts

Hi there, seems I have contracted this virus. 

Here are the files:

dds.txt:
 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16843  BrowserJavaVersion: 10.40.2
Run by Jami at 16:04:20 on 2014-03-27
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.8112.5891 [GMT -7:00]
.
AV: Trend Micro Titanium Maximum Security *Enabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Trend Micro Titanium Maximum Security *Enabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
C:\Windows\system32\dashost.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\PasswordBox\pbbtnService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhostex.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\PROGRA~2\Raptr\raptr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Raptr\raptr_ep64.exe
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SYSTEM32\notepad.exe
C:\Windows\SYSTEM32\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = about:blank
uProxyServer = hxxp=127.0.0.1:47145;https=127.0.0.1:47145
uProxyOverride = <-loopback>
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20013\1.0.1221\1.0.1221\TmopIEPlg32.dll
BHO: TSToolbarBHO: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
BHO: PasswordBox Helper: {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.2.101\AVG SafeGuard toolbar_toolbar.dll
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1137\7.5.1137\TmBpIe32.dll
BHO: PrintEco: {BEB54677-E12F-44E7-AC7E-48241B866B5F} - C:\Program Files (x86)\PrintEco\PrintEco Office\adxloader.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Trend Micro Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.2.101\AVG SafeGuard toolbar_toolbar.dll
TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} - 
uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [iLivid] "C:\Users\Jami\AppData\Local\iLivid\iLivid.exe" -autorun
uRun: [ContentExplorer] "C:\Users\Jami\AppData\Roaming\ContentExplorer\ContentExplorer.exe"
uRun: [LVMaintenance] C:\Users\Jami\AppData\Roaming\LVMaintenance\LVMaintenance.exe
uRun: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ASUS Easy Update] C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe
mRun: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
StartupFolder: C:\Users\Jami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\Jami\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{5816852B-5C92-4444-B820-A2B886E88934} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1137\7.5.1137\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20013\1.0.1221\1.0.1221\TmopIEPlg32.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: bitguard.exe - tasklist.exe
IFEO: bprotect.exe - tasklist.exe
IFEO: bpsvc.exe - tasklist.exe
IFEO: browsemngr.exe - tasklist.exe
IFEO: browserdefender.exe - tasklist.exe
x64-mStart Page = about:blank
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20013\1.0.1221\1.0.1221\TmopIEPlg.dll
x64-BHO: QuickShare WidgetEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} - 
x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1137\7.5.1137\TmBpIe64.dll
x64-BHO: PrintEco: {BEB54677-E12F-44E7-AC7E-48241B866B5F} - C:\Program Files (x86)\PrintEco\PrintEco Office\adxloader64.dll
x64-TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} - 
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""
x64-Run: [etMonitor] C:\Windows\etMon.exe
x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1137\7.5.1137\TmBpIe64.dll
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20013\1.0.1221\1.0.1221\TmopIEPlg.dll
x64-Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - <orphaned>
x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-IFEO: bitguard.exe - tasklist.exe
x64-IFEO: bprotect.exe - tasklist.exe
x64-IFEO: bpsvc.exe - tasklist.exe
x64-IFEO: browsemngr.exe - tasklist.exe
x64-IFEO: browserdefender.exe - tasklist.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jami\AppData\Roaming\Mozilla\Firefox\Profiles\at73luqo.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll
FF - plugin: C:\Users\Jami\AppData\Local\Roblox\Versions\version-a70065f9195a4a76\NPRobloxProxy.dll
FF - plugin: C:\Users\Jami\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\Drivers\amd_sata.sys [2013-1-7 79016]
R0 amd_xata;amd_xata;C:\Windows\System32\Drivers\amd_xata.sys [2013-1-7 26280]
R0 TMEBC;TMEBC;C:\Windows\System32\Drivers\TMEBC64.sys [2013-2-24 46392]
R1 tmevtmgr;tmevtmgr;C:\Windows\System32\Drivers\tmevtmgr.sys [2013-2-24 77184]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-10-17 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-12-6 344064]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2013-2-24 310952]
R2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2013-9-19 59648]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [2012-12-12 920736]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-12-12 951936]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2012-12-12 149120]
R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-5-24 1840128]
R2 Fitbit Connect;Fitbit Connect Service;C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [2013-2-25 1239584]
R2 PasswordBox;PasswordBox;C:\Program Files (x86)\PasswordBox\pbbtnService.exe [2013-11-1 67584]
R2 tmusa;Trend Micro Osprey Driver;C:\Windows\System32\Drivers\tmusa.sys [2013-2-24 92456]
R2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [2014-1-10 1772056]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2013-9-24 215040]
R3 AU8168;AU 8168 NT Driver;C:\Windows\System32\Drivers\au630x64.sys [2013-9-23 792648]
R3 tmeevw;tmeevw;C:\Windows\System32\Drivers\tmeevw.sys [2013-2-24 94520]
R3 tmnciesc;tmnciesc;C:\Windows\System32\Drivers\tmnciesc.sys [2013-2-24 210232]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2013-1-7 57000]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
S0 tmel;tmel;C:\Windows\System32\Drivers\tmel.sys [2013-2-24 34224]
S3 DCamUSBET;ET USB 2760 Camera;C:\Windows\System32\Drivers\etDevice64.sys [2007-7-23 527744]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudbus.sys [2013-2-6 102936]
S3 FiltUSBET;ET USB Device Lower Filter;C:\Windows\System32\Drivers\etFilter64.sys [2007-6-14 281088]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-4-26 2702848]
S3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-12-12 690832]
S3 ScanUSBET;ET USB Still Image Capture Device;C:\Windows\System32\Drivers\etScan64.sys [2007-7-23 9216]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudmdm.sys [2013-2-6 203544]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]
.
=============== Created Last 30 ================
.
2014-03-27 22:52:40 -------- d-----w- C:\FRST
2014-03-27 20:02:08 -------- d-----w- C:\Users\Jami\AppData\Local\Macromedia
2014-03-27 20:01:13 -------- d-----w- C:\Users\Jami\AppData\Local\Mozilla
2014-03-23 21:26:18 -------- d-----w- C:\Program Files\ATI Technologies
2014-03-23 21:25:26 -------- d-----w- C:\Windows\LastGood.Tmp
2014-03-23 21:24:34 -------- d-----w- C:\ProgramData\Package Cache
2014-03-23 21:21:42 -------- d-----w- C:\AMD
2014-03-23 21:17:56 -------- d-----w- C:\Users\Jami\AppData\Roaming\library_dir
2014-03-23 21:17:30 -------- d-----w- C:\Users\Jami\AppData\Roaming\Raptr
2014-03-23 21:17:18 -------- d-----w- C:\Program Files (x86)\Raptr
2014-03-15 02:25:29 254640 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10236.bin
2014-03-11 14:25:54 -------- d-----w- C:\Users\Jami\AppData\Roaming\LVMaintenance
2014-03-10 01:41:25 -------- d-----w- C:\Users\Jami\AppData\Roaming\Pogo Games
2014-03-08 14:37:40 -------- d-----w- C:\Program Files (x86)\PrintEco
2014-03-08 14:36:42 -------- d-----w- C:\Users\Jami\AppData\Roaming\ContentExplorer
2014-03-08 14:34:36 -------- d-----w- C:\Users\Jami\AppData\Local\FlvtoYoutubeDownloader
2014-03-08 14:34:35 -------- d-----w- C:\Users\Jami\AppData\Roaming\FlvtoConverter
2014-03-08 14:32:39 -------- d-----w- C:\Users\Jami\AppData\Local\Flvto Youtube Downloader
2014-03-06 18:03:15 -------- d-----w- C:\Program Files (x86)\Western Digital
2014-03-06 18:02:54 -------- d-----w- C:\Users\Jami\AppData\Roaming\com.wd.WDMyCloud
.
==================== Find3M  ====================
.
2014-03-08 14:37:47 238128 ----a-w- C:\Windows\RegBootClean64.exe
2014-03-04 22:52:34 78304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-04 22:52:34 694240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-23 08:13:41 2241536 ----a-w- C:\Windows\System32\wininet.dll
2014-02-23 08:13:31 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2014-02-23 08:13:31 53760 ----a-w- C:\Windows\System32\UXInit.dll
2014-02-23 08:11:59 3960320 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-23 08:11:52 67072 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-23 08:11:52 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2014-02-23 06:54:46 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-23 06:54:37 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
2014-02-23 06:53:22 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-23 06:53:18 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-23 06:53:18 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2014-02-23 06:35:36 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-23 06:31:25 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-23 04:06:33 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll
2014-02-08 04:34:42 4036608 ----a-w- C:\Windows\System32\win32k.sys
2014-02-05 23:41:39 595968 ----a-w- C:\Windows\System32\qedit.dll
2014-02-05 23:37:51 496640 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-01-31 00:48:33 1339392 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-01-31 00:06:01 1628160 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-01-12 23:30:39 2032640 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-01-12 23:30:18 2238976 ----a-w- C:\Windows\System32\d3d10warp.dll
.
============= FINISH: 16:04:36.97 ===============
 
 
 
attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 2/24/2013 9:21:23 PM
System Uptime: 3/27/2014 3:36:49 PM (1 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. |  | CM1855
Processor: AMD FX-8120 Eight-Core Processor            | Socket 942 | 3100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 150 GiB total, 14.2 GiB free.
D: is FIXED (NTFS) - 764 GiB total, 764.161 GiB free.
E: is CDROM (UDF)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is FIXED (FAT32) - 32 GiB total, 31.748 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet J4680 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet J4680 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service: 
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Image File Execution Options =============
.
IFEO: bitguard.exe - tasklist.exe
IFEO: bprotect.exe - tasklist.exe
IFEO: bpsvc.exe - tasklist.exe
IFEO: browsemngr.exe - tasklist.exe
IFEO: browserdefender.exe - tasklist.exe
IFEO: browsermngr.exe - tasklist.exe
IFEO: browserprotect.exe - tasklist.exe
IFEO: browsersafeguard.exe - tasklist.exe
IFEO: bundlesweetimsetup.exe - tasklist.exe
IFEO: cltmngsvc.exe - tasklist.exe
IFEO: delta babylon.exe - tasklist.exe
IFEO: delta tb.exe - tasklist.exe
IFEO: delta2.exe - tasklist.exe
IFEO: deltainstaller.exe - tasklist.exe
IFEO: deltasetup.exe - tasklist.exe
IFEO: deltatb.exe - tasklist.exe
IFEO: deltatb_2501-c733154b.exe - tasklist.exe
IFEO: dprotectsvc.exe - tasklist.exe
IFEO: iminentsetup.exe - tasklist.exe
IFEO: protectedsearch.exe - tasklist.exe
IFEO: rjatydimofu.exe - tasklist.exe
IFEO: searchprotection.exe - tasklist.exe
IFEO: searchprotector.exe - tasklist.exe
IFEO: snapdo.exe - tasklist.exe
IFEO: stinst32.exe - tasklist.exe
IFEO: stinst64.exe - tasklist.exe
IFEO: sweetimsetup.exe - tasklist.exe
IFEO: tbdelta.exetoolbar783881609.exe - tasklist.exe
IFEO: utiljumpflip.exe - tasklist.exe
x64-IFEO: bitguard.exe - tasklist.exe
x64-IFEO: bprotect.exe - tasklist.exe
x64-IFEO: bpsvc.exe - tasklist.exe
x64-IFEO: browsemngr.exe - tasklist.exe
x64-IFEO: browserdefender.exe - tasklist.exe
x64-IFEO: browsermngr.exe - tasklist.exe
x64-IFEO: browserprotect.exe - tasklist.exe
x64-IFEO: browsersafeguard.exe - tasklist.exe
x64-IFEO: bundlesweetimsetup.exe - tasklist.exe
x64-IFEO: cltmngsvc.exe - tasklist.exe
x64-IFEO: delta babylon.exe - tasklist.exe
x64-IFEO: delta tb.exe - tasklist.exe
x64-IFEO: delta2.exe - tasklist.exe
x64-IFEO: deltainstaller.exe - tasklist.exe
x64-IFEO: deltasetup.exe - tasklist.exe
x64-IFEO: deltatb.exe - tasklist.exe
x64-IFEO: deltatb_2501-c733154b.exe - tasklist.exe
x64-IFEO: dprotectsvc.exe - tasklist.exe
x64-IFEO: iminentsetup.exe - tasklist.exe
x64-IFEO: protectedsearch.exe - tasklist.exe
x64-IFEO: rjatydimofu.exe - tasklist.exe
x64-IFEO: searchprotection.exe - tasklist.exe
x64-IFEO: searchprotector.exe - tasklist.exe
x64-IFEO: snapdo.exe - tasklist.exe
x64-IFEO: stinst32.exe - tasklist.exe
x64-IFEO: stinst64.exe - tasklist.exe
x64-IFEO: sweetimsetup.exe - tasklist.exe
x64-IFEO: tbdelta.exetoolbar783881609.exe - tasklist.exe
x64-IFEO: utiljumpflip.exe - tasklist.exe
.
==== Installed Programs ======================
.
???
????
4660_4680_Help
64 Bit HP CIO Components Installer
Adobe Flash Player 12 Plugin
Adobe Reader X (10.1.8) MUI
Adobe Shockwave Player 12.0
AI Suite II
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Control Center
AMD Catalyst Install Manager
AMD Fuel
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS Music Maker
ASUS MX Suite
ASUS Video easy
ASUSDVD
AVG SafeGuard toolbar
Bonjour
Bonjour Print Services
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Carbonite
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
ContentExplorer
CopyTrans Suite Remove Only
Curse Client
D3DX10
Destinations
DeviceDiscovery
DocProc
Fax
Firebird SQL Server - MAGIX Edition
Fitbit Connect
Fotogalerie
Galeria de Fotografias
Galerie de photos
Galería de fotos
Google Chrome
Google Update Helper
GPBaseService2
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP OfficeJet J4600 All-In-One Series
HP Solution Center 14.0
HP Update
HPProductAssistant
HPSSupply
HydraVision
iTunes
J4680
Java 7 Update 40
Java Auto Updater
LINE
LK Maintenance
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft Application Error Reporting
Microsoft Money Plus
Microsoft Money Shared Libraries
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft WSE 3.0 Runtime
Movie Maker
Mozilla Firefox 28.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
Network64
OCR Software by I.R.I.S. 14.0
OpenOffice.org 3.4.1
OPERATION MANIA
Origin
Overlord
Photo Common
Photo Gallery
PhotoFiltre 7
Plants vs. Zombies: Game of the Year
PrintEco Office
ProductContext
QuickShare
Quit Keeper
Raccolta foto
Raptr
Realtek Ethernet Controller Driver
ROBLOX Player for Jami
ROBLOX Studio 2013 for Jami
S?????? f?t???af???
Scan
Shop for HP Supplies
Sid Meier's Civilization III: Complete
Sid Meier's Civilization IV
Sid Meier's Civilization V
SolutionCenter
Status
Steam
swMSM
The Sims 2
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims 2 Pets
The Sims™ 2 Seasons
The Sims™ 3
Toolbox
TrayApp
Trend Micro Titanium
Trend Micro Titanium Maximum Security
Unity Web Player
Ventrilo Client
WD My Cloud
WebReg
Windows Live
Windows Live ???
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Wizard101
World of Warcraft
Yahoo! Messenger
Yahoo! Software Update
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
3/27/2014 9:28:43 AM, Error: Service Control Manager [7038]  - The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:  The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
3/22/2014 1:06:14 PM, Error: Schannel [36888]  - A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 11.
.
==== End Of File ===========================
 

 

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 


Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
When it's done you'll see: Pending: Uncheck any elements you don't want removed.
Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
Look over the log especially under Files/Folders for any program you want to save.
If there's a program you want to save, just uncheck it from AdwCleaner.
If you're not sure, post the log for review.
If you're ready to clean it all up.....click the Clean button.
After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
To restore an item that has been deleted (if necessary):
Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Let me see those logs..

 

Kevin

Link to post
Share on other sites

Ok, working on everything but first here is the AdwCleaner report, not sure what to remove from this one:

 

# AdwCleaner v3.022 - Report created 27/03/2014 at 19:11:16
# Updated 13/03/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Jami - JAMIPC
# Running from : C:\Users\Jami\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : vToolbarUpdater17.3.0
 
***** [ Files / Folders ] *****
 
Folder Found : C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\heoldelcflnigdllmlopiefhkkobendj
Folder Found : C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\heoldelcflnigdllmlopiefhkkobendj
Folder Found : C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found : C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\heoldelcflnigdllmlopiefhkkobendj
Folder Found : C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Found C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found C:\ProgramData\AVG SafeGuard toolbar
Folder Found C:\ProgramData\BitGuard
Folder Found C:\ProgramData\Browser Manager
Folder Found C:\ProgramData\BrowserProtect
Folder Found C:\Users\Jami\AppData\Local\AVG SafeGuard toolbar
Folder Found C:\Users\Jami\AppData\LocalLow\AVG SafeGuard toolbar
Folder Found C:\Users\Kids\AppData\Local\AVG SafeGuard toolbar
Folder Found C:\Users\Kids\AppData\LocalLow\AVG SafeGuard toolbar
Folder Found C:\Users\Linda\AppData\Local\AVG SafeGuard toolbar
Folder Found C:\Users\Linda\AppData\LocalLow\AVG SafeGuard toolbar
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AVG SafeGuard toolbar
Key Found : HKCU\Software\Classes\iLivid.torrent
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : [x64] HKCU\Software\AVG SafeGuard toolbar
Key Found : HKLM\Software\AVG SafeGuard toolbar
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\heoldelcflnigdllmlopiefhkkobendj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [iLivid]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16843
 
 
-\\ Mozilla Firefox v28.0 (en-US)
 
[ File : C:\Users\Jami\AppData\Roaming\Mozilla\Firefox\Profiles\at73luqo.default\prefs.js ]
 
 
-\\ Google Chrome v33.0.1750.154
 
[ File : C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found : homepage
 
[ File : C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found : homepage
 
[ File : C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found : homepage
Found : search_url
Found : keyword
 
*************************
 
AdwCleaner[R0].txt - [8476 octets] - [27/03/2014 19:11:16]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8536 octets] ##########
Link to post
Share on other sites

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.03.27.07

 

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16843

Jami :: JAMIPC [administrator]

 

3/27/2014 6:38:00 PM

mbam-log-2014-03-27 (18-38-00).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 293256

Time elapsed: 6 minute(s), 46 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.3 (03.23.2014:1)

OS: Windows 8 x64

Ran by Jami on Thu 03/27/2014 at 18:58:02.32

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ilivid

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyricspal

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.bandobjectattribute

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.dockingpanel

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.iesmartbar

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.iesmartbarbandobject

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.smartbardisplaystate

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.smartbarmenuform

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\quickshare_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\quickshare_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\Users\Jami\appdata\local\ilivid"

Successfully deleted: [Folder] "C:\Users\Jami\appdata\locallow\datamngr"

Successfully deleted: [Folder] "C:\Users\Jami\appdata\locallow\smartbar"

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Thu 03/27/2014 at 19:05:01.20

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

# AdwCleaner v3.022 - Report created 28/03/2014 at 13:00:17

# Updated 13/03/2014 by Xplode

# Operating System : Windows 8  (64 bits)

# Username : Jami - JAMIPC

# Running from : C:\Users\Jami\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

Service Deleted : vToolbarUpdater17.3.0

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar

[#] Folder Deleted : C:\ProgramData\BitGuard

[#] Folder Deleted : C:\ProgramData\Browser Manager

[#] Folder Deleted : C:\ProgramData\BrowserProtect

Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar

Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search

Folder Deleted : C:\Users\Jami\AppData\Local\AVG SafeGuard toolbar

Folder Deleted : C:\Users\Jami\AppData\LocalLow\AVG SafeGuard toolbar

Folder Deleted : C:\Users\Kids\AppData\Local\AVG SafeGuard toolbar

Folder Deleted : C:\Users\Kids\AppData\LocalLow\AVG SafeGuard toolbar

Folder Deleted : C:\Users\Linda\AppData\Local\AVG SafeGuard toolbar

Folder Deleted : C:\Users\Linda\AppData\LocalLow\AVG SafeGuard toolbar

Folder Deleted : C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\heoldelcflnigdllmlopiefhkkobendj

Folder Deleted : C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\heoldelcflnigdllmlopiefhkkobendj

Folder Deleted : C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\heoldelcflnigdllmlopiefhkkobendj

Folder Deleted : C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

Folder Deleted : C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\heoldelcflnigdllmlopiefhkkobendj

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

Key Deleted : HKCU\Software\Classes\iLivid.torrent

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [iLivid]

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\AVG SafeGuard toolbar

Key Deleted : HKLM\Software\AVG SafeGuard toolbar

Key Deleted : HKLM\Software\AVG Security Toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16843

 

 

-\\ Mozilla Firefox v28.0 (en-US)

 

[ File : C:\Users\Jami\AppData\Roaming\Mozilla\Firefox\Profiles\at73luqo.default\prefs.js ]

 

 

-\\ Google Chrome v33.0.1750.154

 

[ File : C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deleted : homepage

 

[ File : C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deleted : homepage

 

[ File : C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deleted : homepage

Deleted : search_url

Deleted : keyword

 

*************************

 

AdwCleaner[R0].txt - [8684 octets] - [27/03/2014 19:11:16]

AdwCleaner[R1].txt - [8744 octets] - [28/03/2014 12:57:39]

AdwCleaner[s0].txt - [8760 octets] - [28/03/2014 13:00:17]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [8820 octets] ##########

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014

Ran by Jami (administrator) on JAMIPC on 28-03-2014 13:12:55

Running from C:\Users\Jami\Desktop

Windows 8 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(AMD) C:\Windows\system32\atiesrxx.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe

(Microsoft Corporation) C:\Windows\system32\dashost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe

(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe

(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe

(ContentExplorer) C:\Users\Jami\AppData\Roaming\ContentExplorer\ContentExplorer.exe

(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe

(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe

(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe

() C:\Users\Jami\AppData\Roaming\LVMaintenance\LVMaintenance.exe

(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6839952 2012-08-31] (Realtek Semiconductor)

HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1382568 2013-09-16] (Trend Micro Inc.)

HKLM\...\Run: [etMonitor] - C:\Windows\etMon.exe

HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [216928 2013-08-29] (Trend Micro Inc.)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [ASUS Easy Update] - C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe [195200 2012-05-24] (ASUSTeK Computer Inc.)

HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] - C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2012-08-20] (ASUSTek Computer Inc.)

HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2012-12-12] (ASUSTek Computer Inc.)

HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()

HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)

HKLM-x32\...\Run: [Fitbit Connect] - C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [Carbonite Backup] - C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056264 2013-10-10] (Carbonite, Inc.)

HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM-x32\...\Run: [] - [X]

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)

HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)

HKU\S-1-5-21-1638031616-1474997356-39108045-1002\...\Run: [steam] - C:\Program Files (x86)\Steam\Steam.exe [1815464 2014-01-07] (Valve Corporation)

HKU\S-1-5-21-1638031616-1474997356-39108045-1002\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent

HKU\S-1-5-21-1638031616-1474997356-39108045-1002\...\Run: [Fitbit Connect] - C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)

HKU\S-1-5-21-1638031616-1474997356-39108045-1002\...\Run: [Messenger (Yahoo!)] - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)

HKU\S-1-5-21-1638031616-1474997356-39108045-1002\...\Run: [ContentExplorer] - C:\Users\Jami\AppData\Roaming\ContentExplorer\ContentExplorer.exe [443152 2014-03-03] (ContentExplorer)

HKU\S-1-5-21-1638031616-1474997356-39108045-1002\...\Run: [LVMaintenance] - C:\Users\Jami\AppData\Roaming\LVMaintenance\LVMaintenance.exe [76560 2014-02-14] ()

HKU\S-1-5-21-1638031616-1474997356-39108045-1002\...\Run: [Raptr] - C:\Program Files (x86)\Raptr\raptrstub.exe [55360 2014-03-06] (Raptr, Inc)

HKU\S-1-5-21-1638031616-1474997356-39108045-1002\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2012-08-28] (AMD)

HKU\S-1-5-21-1638031616-1474997356-39108045-1002\...\MountPoints2: {ceb3222c-58bf-11e2-be6a-806e6f6e6963} - "E:\Autorun.exe" 

IFEO\bpsvc.exe: [Debugger] tasklist.exe

IFEO\browsersafeguard.exe: [Debugger] tasklist.exe

IFEO\dprotectsvc.exe: [Debugger] tasklist.exe

IFEO\protectedsearch.exe: [Debugger] tasklist.exe

IFEO\rjatydimofu.exe: [Debugger] tasklist.exe

IFEO\searchprotection.exe: [Debugger] tasklist.exe

IFEO\searchprotector.exe: [Debugger] tasklist.exe

IFEO\snapdo.exe: [Debugger] tasklist.exe

IFEO\stinst32.exe: [Debugger] tasklist.exe

IFEO\stinst64.exe: [Debugger] tasklist.exe

IFEO\utiljumpflip.exe: [Debugger] tasklist.exe

Startup: C:\Users\Jami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

Startup: C:\Users\Jami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk

ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

 

==================== Internet (Whitelisted) ====================

 

ProxyEnable: Internet Explorer proxy is enabled.

ProxyServer: http=127.0.0.1:29080;https=127.0.0.1:29080

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS

BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20013\1.0.1221\1.0.1221\TmopIEPlg.dll (Trend Micro Inc.)

BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll (Trend Micro Inc.)

BHO: PrintEco - {BEB54677-E12F-44E7-AC7E-48241B866B5F} - C:\Program Files (x86)\PrintEco\PrintEco Office\adxloader64.dll ()

BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20013\1.0.1221\1.0.1221\TmopIEPlg32.dll (Trend Micro Inc.)

BHO-x32: TSToolbarBHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)

BHO-x32: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll (Trend Micro Inc.)

BHO-x32: PrintEco - {BEB54677-E12F-44E7-AC7E-48241B866B5F} - C:\Program Files (x86)\PrintEco\PrintEco Office\adxloader.dll ()

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)

Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll (Trend Micro Inc.)

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20013\1.0.1221\1.0.1221\TmopIEPlg.dll (Trend Micro Inc.)

Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} -  No File

Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File

Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll (Trend Micro Inc.)

Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20013\1.0.1221\1.0.1221\TmopIEPlg32.dll (Trend Micro Inc.)

Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)

Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

 

FireFox:

========

FF ProfilePath: C:\Users\Jami\AppData\Roaming\Mozilla\Firefox\Profiles\at73luqo.default

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (Oberon-Media )

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @TrendMicro.com/FFExtension - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Program Files (x86)\Roblox\Versions\version-bd188fd437234e9b\\NPRobloxProxy.dll ( ROBLOX Corporation)

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Jami\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF HKLM\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension

FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension [2014-03-07]

FF HKLM-x32\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension

FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension [2014-03-07]

FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension

FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2013-02-24]

FF HKLM-x32\...\Firefox\Extensions: [{21541D23-FDA1-4bf3-8AF2-8F623BF70B07}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension\

FF Extension: Trend Micro Osprey Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension\ []

FF HKLM-x32\...\Firefox\Extensions: [firefox@printecosoftware.com] - C:\Program Files (x86)\PrintEco\PrintEco Office\firefox@printecosoftware.com.xpi

FF Extension: PrintEco - C:\Program Files (x86)\PrintEco\PrintEco Office\firefox@printecosoftware.com.xpi [2014-03-04]

 

Chrome: 

=======


CHR Extension: (Theme Creator) - C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc [2013-10-20]

CHR Extension: (Fotor Photo Editor) - C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbckhhmjfnmedpakkaaflpnmkamdppf [2013-10-20]

CHR Extension: (Games) - C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgeknbdakknlclbcpnigjcijckeddmde [2013-10-20]

CHR Extension: (Gravity Guy) - C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjlgidnccmkehcefagofppjbnhogbjmm [2013-10-20]

CHR Extension: (TrendMicro BEP Extension) - C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee [2013-08-07]

CHR Extension: (Classic Games) - C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpckajjkmjncafjlkielcgheibdlnfgc [2013-11-20]

CHR Extension: (Gun Bros) - C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciamkmigckbgfajcieiflmkedohjjohh [2013-11-20]

CHR Extension: (Where’s My Water?) - C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\dppkanhlnhknbjopeodjbhgmnjppdijc [2013-10-20]

CHR Extension: (Rush Team) - C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecdnoeebfjlplfkljdedokbcmebojbpb [2013-11-20]

CHR Extension: (UNO HD) - C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbiocfeggkcomnebamodmbngedojipdp [2013-10-20]

CHR Extension: (Gangnam Style Game) - C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdbdhcafljkcahgefanhpdahdnpfkaok [2013-11-20]

CHR Extension: (Star Stable Online) - C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnlmdkpemkkigkgelegknllpmfclakkk [2013-11-01]

CHR Extension: (Sniper Team) - C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgbbaloijjnkpigapgmocdpoblnlec [2014-03-05]

CHR Extension: (Marvel Comics) - C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfaknohpjconjoefidanhihokmkice [2013-10-20]

CHR Extension: (HD Parking) - C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkdooliglceibodeofbaodappohpdop [2013-10-20]

CHR Extension: (Blocks) - C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdnglanfhhkanekkdmakmbegnojgpmnm [2013-10-20]

CHR Extension: (Where Is My Water) - C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgklcgpnkamlodmgnponcegackdgfkhd [2013-10-20]

CHR Extension: (Plants vs Zombies) - C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2013-12-30]

CHR Extension: (Need for Speed World) - C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnnelgnkomjdakpkjpkfehdipjifjmbk [2014-03-05]

CHR Extension: (Where’s My Water) - C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfdakejncginkgjhklbahbangbmohobn [2013-10-20]

CHR Extension: (Google Wallet) - C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

CHR Extension: (Adblock Pro) - C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2013-12-11]

CHR Extension: (Canvas Rider) - C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk [2014-03-05]

CHR HKLM\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\chrome_tmbep.crx [2013-10-08]

CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\chrome_tmbep.crx [2013-10-08]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Services (Whitelisted) =================

 

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()

R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)

R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-08-21] (ASUSTeK Computer Inc.)

R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1239584 2013-02-25] (Fitbit, Inc.)

R2 HPSLPSVC; C:\Users\Jami\AppData\Local\Temp\7zS4A63\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.)

R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2013-11-01] (PasswordBox, Inc.)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)

R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [X]

 

==================== Drivers (Whitelisted) ====================

 

R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.)

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()

R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-02] ()

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [215040 2013-09-24] (Advanced Micro Devices)

R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek                                            )

S3 DCamUSBET; C:\Windows\system32\DRIVERS\etDevice64.sys [527744 2007-07-23] (eMPIA Technology, Inc.)

S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)

S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)

S3 FiltUSBET; C:\Windows\system32\DRIVERS\etFilter64.sys [281088 2007-06-14] (eMPIA Technology Inc.)

S3 ScanUSBET; C:\Windows\system32\DRIVERS\etScan64.sys [9216 2007-07-23] (eMPIA Technology, Inc.)

R1 tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [109072 2013-09-04] (Trend Micro Inc.)

R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [175528 2013-09-04] (Trend Micro Inc.)

R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [46392 2012-08-24] (Trend Micro Inc.)

R3 tmeevw; C:\Windows\system32\DRIVERS\tmeevw.sys [94520 2012-12-07] (Trend Micro Inc.)

S0 tmel; C:\Windows\System32\DRIVERS\tmel.sys [34224 2012-07-26] (Trend Micro Inc.)

R1 tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [77184 2013-09-04] (Trend Micro Inc.)

R3 tmnciesc; C:\Windows\system32\DRIVERS\tmnciesc.sys [210232 2012-07-05] (Trend Micro Inc.)

R2 tmusa; C:\Windows\system32\DRIVERS\tmusa.sys [92456 2012-12-26] (Trend Micro Inc.)

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-03-28 13:12 - 2014-03-28 13:12 - 00022754 _____ () C:\Users\Jami\Desktop\FRST.txt

2014-03-28 13:00 - 2014-03-28 13:00 - 00002823 _____ () C:\Users\Jami\Desktop\instructions.txt

2014-03-28 12:59 - 2014-03-28 12:59 - 00007311 _____ () C:\Users\Jami\Desktop\reports.txt

2014-03-28 10:07 - 2014-03-28 10:07 - 00633712 _____ (ROBLOX Corporation) C:\Users\Jami\Downloads\RobloxPlayerLauncher (19).exe

2014-03-28 10:07 - 2014-03-28 10:07 - 00001322 _____ () C:\Users\Jami\Desktop\ROBLOX Player.lnk

2014-03-28 10:07 - 2014-03-28 10:07 - 00001141 _____ () C:\Users\Jami\Desktop\ROBLOX Studio 2013.lnk

2014-03-28 10:07 - 2014-03-28 10:07 - 00000000 ____D () C:\ProgramData\Roblox

2014-03-28 10:07 - 2014-03-28 10:07 - 00000000 ____D () C:\Program Files (x86)\Roblox

2014-03-28 09:36 - 2014-03-28 09:36 - 00633712 _____ (ROBLOX Corporation) C:\Users\Jami\Downloads\RobloxPlayerLauncher (18).exe

2014-03-28 09:36 - 2014-03-28 09:36 - 00633712 _____ (ROBLOX Corporation) C:\Users\Jami\Downloads\RobloxPlayerLauncher (17).exe

2014-03-28 09:35 - 2014-03-28 09:35 - 00633712 _____ (ROBLOX Corporation) C:\Users\Jami\Downloads\RobloxPlayerLauncher (16).exe

2014-03-28 09:35 - 2014-03-28 09:35 - 00633712 _____ (ROBLOX Corporation) C:\Users\Jami\Downloads\RobloxPlayerLauncher (15).exe

2014-03-28 09:33 - 2014-03-28 09:33 - 00633712 _____ (ROBLOX Corporation) C:\Users\Jami\Downloads\RobloxPlayerLauncher (14).exe

2014-03-28 09:30 - 2014-03-28 09:30 - 00633712 _____ (ROBLOX Corporation) C:\Users\Jami\Downloads\RobloxPlayerLauncher (13).exe

2014-03-27 21:18 - 2014-03-27 21:18 - 00633712 _____ (ROBLOX Corporation) C:\Users\Jami\Downloads\RobloxPlayerLauncher (12).exe

2014-03-27 19:09 - 2014-03-28 13:01 - 00000000 ____D () C:\AdwCleaner

2014-03-27 19:06 - 2014-03-27 19:06 - 01950720 _____ () C:\Users\Jami\Desktop\AdwCleaner.exe

2014-03-27 19:05 - 2014-03-27 19:05 - 00006393 _____ () C:\Users\Jami\Desktop\JRT.txt

2014-03-27 18:56 - 2014-03-27 18:56 - 01038974 _____ (Thisisu) C:\Users\Jami\Desktop\JRT.exe

2014-03-27 16:04 - 2014-03-27 16:06 - 00008283 _____ () C:\Users\Jami\Desktop\attach.txt

2014-03-27 16:04 - 2014-03-27 16:05 - 00020805 _____ () C:\Users\Jami\Desktop\dds.txt

2014-03-27 16:03 - 2014-03-27 16:03 - 00688992 ____R (Swearware) C:\Users\Jami\Downloads\dds.scr

2014-03-27 15:53 - 2014-03-27 15:54 - 00036665 _____ () C:\Users\Jami\Downloads\Addition.txt

2014-03-27 15:52 - 2014-03-28 13:12 - 00000000 ____D () C:\FRST

2014-03-27 15:52 - 2014-03-27 15:54 - 00055109 _____ () C:\Users\Jami\Downloads\FRST.txt

2014-03-27 15:52 - 2014-03-27 15:52 - 02157056 _____ (Farbar) C:\Users\Jami\Desktop\FRST64.exe

2014-03-27 15:51 - 2014-03-27 15:52 - 01145856 _____ (Farbar) C:\Users\Jami\Downloads\FRST.exe

2014-03-27 15:41 - 2014-03-27 15:41 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Jami\Downloads\rkill64.exe

2014-03-27 15:41 - 2014-03-27 15:41 - 00001904 _____ () C:\Users\Jami\Desktop\Rkill.txt

2014-03-27 15:40 - 2014-03-27 15:40 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Jami\Downloads\rkill.exe

2014-03-27 13:02 - 2014-03-27 13:02 - 00000000 ____D () C:\Users\Jami\AppData\Local\Macromedia

2014-03-27 13:01 - 2014-03-27 13:01 - 00001154 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-03-27 13:01 - 2014-03-27 13:01 - 00000000 ____D () C:\Users\Jami\AppData\Local\Mozilla

2014-03-27 13:00 - 2014-03-27 13:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-03-27 13:00 - 2014-03-27 13:00 - 00282880 _____ (Mozilla) C:\Users\Jami\Downloads\Firefox Setup Stub 28.0.exe

2014-03-26 17:41 - 2014-03-26 17:41 - 00633712 _____ (ROBLOX Corporation) C:\Users\Jami\Downloads\RobloxPlayerLauncher (11).exe

2014-03-26 17:40 - 2014-03-26 17:40 - 00633712 _____ (ROBLOX Corporation) C:\Users\Jami\Downloads\RobloxPlayerLauncher (10).exe

2014-03-25 17:00 - 2014-03-25 17:00 - 00591616 ____R () C:\Users\Jami\Money Backup_2014-03-25_170039.mbf

2014-03-25 10:15 - 2014-03-25 10:15 - 00000073 _____ () C:\Users\Jami\Desktop\AFNI.txt

2014-03-25 10:12 - 2014-03-25 10:12 - 00576268 ____R () C:\Users\Jami\Money Backup_2014-03-25_101159.mbf

2014-03-24 11:13 - 2014-03-24 11:13 - 00611054 ____R () C:\Users\Jami\Money Backup_2014-03-24_111319.mbf

2014-03-23 16:02 - 2014-03-23 16:02 - 00000318 _____ () C:\Users\Jami\Desktop\Curse Client.appref-ms

2014-03-23 16:02 - 2014-03-23 16:02 - 00000000 ____D () C:\Users\Jami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse

2014-03-23 14:54 - 2014-03-23 14:54 - 00402696 _____ () C:\Users\Jami\Downloads\setup (1).exe

2014-03-23 14:26 - 2014-03-23 14:26 - 00060777 _____ () C:\Windows\SysWOW64\CCCInstall_201403231426475854.log

2014-03-23 14:26 - 2014-03-23 14:26 - 00000000 ____D () C:\ProgramData\ATI

2014-03-23 14:26 - 2014-03-23 14:26 - 00000000 ____D () C:\Program Files\ATI Technologies

2014-03-23 14:25 - 2014-03-23 14:25 - 00000103 _____ () C:\Windows\setupact.log

2014-03-23 14:25 - 2014-03-23 14:25 - 00000000 ____D () C:\Windows\LastGood.Tmp

2014-03-23 14:25 - 2014-03-23 14:25 - 00000000 _____ () C:\Windows\setuperr.log

2014-03-23 14:24 - 2014-03-23 14:24 - 00000000 ____D () C:\ProgramData\Package Cache

2014-03-23 14:21 - 2014-03-23 14:21 - 00000000 ____D () C:\AMD

2014-03-23 14:18 - 2014-03-23 14:18 - 00000000 ____D () C:\Users\Jami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved

2014-03-23 14:17 - 2014-03-28 13:04 - 00000000 ____D () C:\Users\Jami\AppData\Roaming\Raptr

2014-03-23 14:17 - 2014-03-23 14:18 - 00000000 ____D () C:\Program Files (x86)\Raptr

2014-03-23 14:17 - 2014-03-23 14:17 - 01007930 _____ () C:\Users\Jami\Downloads\amddriverdownload_installer.exe

2014-03-23 14:17 - 2014-03-23 14:17 - 00000000 ____D () C:\Users\Jami\AppData\Roaming\library_dir

2014-03-22 23:50 - 2014-03-22 23:51 - 40893773 _____ () C:\Users\Jami\Downloads\DefaultDan.zip

2014-03-22 10:46 - 2014-03-22 10:46 - 00633712 _____ (ROBLOX Corporation) C:\Users\Linda\Downloads\RobloxPlayerLauncher (8).exe

2014-03-22 10:45 - 2014-03-22 10:46 - 00633712 _____ (ROBLOX Corporation) C:\Users\Linda\Downloads\RobloxPlayerLauncher (7).exe

2014-03-22 03:19 - 2014-03-22 03:19 - 00633712 _____ (ROBLOX Corporation) C:\Users\Linda\Downloads\RobloxPlayerLauncher (6).exe

2014-03-22 02:41 - 2014-03-22 03:16 - 00000000 ____D () C:\Users\Linda\Documents\kids

2014-03-21 01:42 - 2014-03-21 01:42 - 01070496 _____ (Unity Technologies ApS) C:\Users\Linda\Downloads\UnityWebPlayer (3).exe

2014-03-21 01:42 - 2014-03-21 01:42 - 00000000 ____D () C:\Users\Linda\AppData\Local\Unity

2014-03-21 01:41 - 2014-03-21 01:41 - 01070496 _____ (Unity Technologies ApS) C:\Users\Linda\Downloads\UnityWebPlayer (2).exe

2014-03-20 22:39 - 2014-03-20 22:39 - 00000000 ____D () C:\Users\Kids\AppData\Roaming\HpUpdate

2014-03-20 09:37 - 2014-03-20 09:37 - 00002354 _____ () C:\Users\Jami\Downloads\invite.ics

2014-03-19 04:16 - 2014-03-19 04:16 - 01070496 _____ (Unity Technologies ApS) C:\Users\Linda\Downloads\UnityWebPlayer (1).exe

2014-03-17 17:22 - 2014-03-18 15:00 - 00000000 ____D () C:\Users\Jami\Desktop\Schedules

2014-03-15 06:42 - 2014-03-15 06:43 - 00000000 ____D () C:\Users\Jami\Desktop\serra band boosters

2014-03-15 03:19 - 2014-03-15 03:19 - 01070496 _____ (Unity Technologies ApS) C:\Users\Linda\Downloads\UnityWebPlayer.exe

2014-03-14 17:48 - 2014-03-14 17:48 - 00381488 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-03-11 17:51 - 2014-02-23 01:13 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-03-11 17:51 - 2014-02-23 01:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-03-11 17:51 - 2014-02-23 01:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll

2014-03-11 17:51 - 2014-02-23 01:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll

2014-03-11 17:51 - 2014-02-23 01:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-03-11 17:51 - 2014-02-23 01:12 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-03-11 17:51 - 2014-02-23 01:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-03-11 17:51 - 2014-02-23 01:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-03-11 17:51 - 2014-02-23 01:11 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-03-11 17:51 - 2014-02-23 01:11 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-03-11 17:51 - 2014-02-23 01:11 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-03-11 17:51 - 2014-02-23 01:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-03-11 17:51 - 2014-02-23 01:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2014-03-11 17:51 - 2014-02-23 01:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-03-11 17:51 - 2014-02-23 01:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-03-11 17:51 - 2014-02-23 01:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-03-11 17:51 - 2014-02-22 23:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-03-11 17:51 - 2014-02-22 23:54 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-03-11 17:51 - 2014-02-22 23:54 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll

2014-03-11 17:51 - 2014-02-22 23:53 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-03-11 17:51 - 2014-02-22 23:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-03-11 17:51 - 2014-02-22 23:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-03-11 17:51 - 2014-02-22 23:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-03-11 17:51 - 2014-02-22 23:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2014-03-11 17:51 - 2014-02-22 23:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-03-11 17:51 - 2014-02-22 23:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-03-11 17:51 - 2014-02-22 23:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2014-03-11 17:51 - 2014-02-22 23:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-03-11 17:51 - 2014-02-22 23:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-03-11 17:51 - 2014-02-22 23:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-03-11 17:51 - 2014-02-22 23:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-03-11 17:51 - 2014-02-22 23:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-03-11 17:51 - 2014-02-22 21:06 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll

2014-03-11 17:51 - 2014-02-07 21:34 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-03-11 17:51 - 2014-02-05 16:41 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2014-03-11 17:51 - 2014-02-05 16:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

2014-03-11 17:51 - 2014-01-30 17:48 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2014-03-11 17:51 - 2014-01-30 17:06 - 01628160 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-03-11 17:51 - 2013-12-06 23:36 - 19751936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-03-11 17:51 - 2013-12-06 22:15 - 17560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2014-03-11 17:51 - 2013-10-25 00:34 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys

2014-03-11 17:51 - 2013-10-24 15:34 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys

2014-03-11 07:25 - 2014-03-11 07:25 - 00000000 ____D () C:\Users\Jami\AppData\Roaming\LVMaintenance

2014-03-09 18:41 - 2014-03-09 18:41 - 00000000 ____D () C:\Users\Jami\AppData\Roaming\Pogo Games

2014-03-08 21:07 - 2014-03-08 21:07 - 00402696 _____ () C:\Users\Jami\Downloads\setup.exe

2014-03-08 07:37 - 2014-03-08 07:37 - 00000000 ____D () C:\Users\Jami\Documents\Add-in Express

2014-03-08 07:37 - 2014-03-08 07:37 - 00000000 ____D () C:\Program Files (x86)\PrintEco

2014-03-08 07:36 - 2014-03-08 07:37 - 00000000 ____D () C:\Users\Jami\AppData\Roaming\ContentExplorer

2014-03-08 07:34 - 2014-03-08 07:36 - 00000000 ____D () C:\Users\Jami\AppData\Roaming\FlvtoConverter

2014-03-08 07:34 - 2014-03-08 07:34 - 00000000 ____D () C:\Users\Jami\AppData\Local\FlvtoYoutubeDownloader

2014-03-08 07:33 - 2014-03-12 17:48 - 00000000 ____D () C:\Users\Jami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flvto Youtube Downloader

2014-03-08 07:32 - 2014-03-12 17:48 - 00000000 ____D () C:\Users\Jami\AppData\Local\Flvto Youtube Downloader

2014-03-08 07:31 - 2014-03-08 07:31 - 00678032 _____ (Hotger) C:\Users\Jami\Downloads\FYDMystart.exe

2014-03-08 07:31 - 2014-03-08 07:31 - 00622736 _____ (Hotger) C:\Users\Jami\Downloads\FYDLoad.exe

2014-03-07 20:32 - 2014-03-27 15:38 - 00000000 ____D () C:\Users\Jami\Desktop\World of Warcraft

2014-03-07 20:32 - 2014-03-07 20:32 - 00000913 _____ () C:\Users\Public\Desktop\World of Warcraft.lnk

2014-03-06 11:47 - 2014-03-06 11:48 - 00010240 ___SH () C:\Users\Public\Thumbs.db

2014-03-06 11:03 - 2014-03-06 11:03 - 00001079 _____ () C:\Users\Public\Desktop\WD My Cloud.lnk

2014-03-06 11:03 - 2014-03-06 11:03 - 00000000 ____D () C:\Program Files (x86)\Western Digital

2014-03-06 11:02 - 2014-03-06 11:02 - 00000000 ____D () C:\Users\Jami\AppData\Roaming\com.wd.WDMyCloud

2014-03-06 10:57 - 2014-03-06 10:57 - 64458736 _____ () C:\Users\Jami\Downloads\WDMyCloud_win (1).exe

2014-03-06 10:11 - 2014-03-06 10:12 - 83293072 _____ (Blizzard Entertainment) C:\Users\Jami\Downloads\World-of-Warcraft-Setup-enUS.exe

2014-02-27 21:37 - 2014-03-24 21:52 - 00000000 ____D () C:\Users\Jami\Documents\andrea folder

2014-02-27 08:27 - 2014-02-27 08:27 - 00543088 _____ (ROBLOX Corporation) C:\Users\Jami\Downloads\RobloxPlayerLauncher (9).exe

 

==================== One Month Modified Files and Folders =======

 

2014-03-28 13:13 - 2014-03-28 13:12 - 00022754 _____ () C:\Users\Jami\Desktop\FRST.txt

2014-03-28 13:12 - 2014-03-27 15:52 - 00000000 ____D () C:\FRST

2014-03-28 13:08 - 2013-02-24 22:28 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1638031616-1474997356-39108045-1002

2014-03-28 13:05 - 2012-07-25 22:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM

2014-03-28 13:04 - 2014-03-23 14:17 - 00000000 ____D () C:\Users\Jami\AppData\Roaming\Raptr

2014-03-28 13:03 - 2013-02-24 22:30 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-03-28 13:03 - 2013-01-07 04:52 - 01759139 _____ () C:\Windows\WindowsUpdate.log

2014-03-28 13:03 - 2012-07-26 00:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-03-28 13:01 - 2014-03-27 19:09 - 00000000 ____D () C:\AdwCleaner

2014-03-28 13:00 - 2014-03-28 13:00 - 00002823 _____ () C:\Users\Jami\Desktop\instructions.txt

2014-03-28 13:00 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\sru

2014-03-28 12:59 - 2014-03-28 12:59 - 00007311 _____ () C:\Users\Jami\Desktop\reports.txt

2014-03-28 12:48 - 2013-05-29 09:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-03-28 12:17 - 2013-02-24 22:30 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-03-28 10:50 - 2012-07-25 22:26 - 00000154 _____ () C:\Windows\win.ini

2014-03-28 10:07 - 2014-03-28 10:07 - 00633712 _____ (ROBLOX Corporation) C:\Users\Jami\Downloads\RobloxPlayerLauncher (19).exe

2014-03-28 10:07 - 2014-03-28 10:07 - 00001322 _____ () C:\Users\Jami\Desktop\ROBLOX Player.lnk

2014-03-28 10:07 - 2014-03-28 10:07 - 00001141 _____ () C:\Users\Jami\Desktop\ROBLOX Studio 2013.lnk

2014-03-28 10:07 - 2014-03-28 10:07 - 00000000 ____D () C:\ProgramData\Roblox

2014-03-28 10:07 - 2014-03-28 10:07 - 00000000 ____D () C:\Program Files (x86)\Roblox

2014-03-28 09:36 - 2014-03-28 09:36 - 00633712 _____ (ROBLOX Corporation) C:\Users\Jami\Downloads\RobloxPlayerLauncher (18).exe

2014-03-28 09:36 - 2014-03-28 09:36 - 00633712 _____ (ROBLOX Corporation) C:\Users\Jami\Downloads\RobloxPlayerLauncher (17).exe

2014-03-28 09:35 - 2014-03-28 09:35 - 00633712 _____ (ROBLOX Corporation) C:\Users\Jami\Downloads\RobloxPlayerLauncher (16).exe

2014-03-28 09:35 - 2014-03-28 09:35 - 00633712 _____ (ROBLOX Corporation) C:\Users\Jami\Downloads\RobloxPlayerLauncher (15).exe

2014-03-28 09:33 - 2014-03-28 09:33 - 00633712 _____ (ROBLOX Corporation) C:\Users\Jami\Downloads\RobloxPlayerLauncher (14).exe

2014-03-28 09:30 - 2014-03-28 09:30 - 00633712 _____ (ROBLOX Corporation) C:\Users\Jami\Downloads\RobloxPlayerLauncher (13).exe

2014-03-27 21:18 - 2014-03-27 21:18 - 00633712 _____ (ROBLOX Corporation) C:\Users\Jami\Downloads\RobloxPlayerLauncher (12).exe

2014-03-27 20:40 - 2014-02-18 14:21 - 00000000 ____D () C:\Users\Jami\Desktop\Equine Ranch

2014-03-27 19:57 - 2012-07-26 00:28 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-03-27 19:06 - 2014-03-27 19:06 - 01950720 _____ () C:\Users\Jami\Desktop\AdwCleaner.exe

2014-03-27 19:05 - 2014-03-27 19:05 - 00006393 _____ () C:\Users\Jami\Desktop\JRT.txt

2014-03-27 18:56 - 2014-03-27 18:56 - 01038974 _____ (Thisisu) C:\Users\Jami\Desktop\JRT.exe

2014-03-27 16:06 - 2014-03-27 16:04 - 00008283 _____ () C:\Users\Jami\Desktop\attach.txt

2014-03-27 16:05 - 2014-03-27 16:04 - 00020805 _____ () C:\Users\Jami\Desktop\dds.txt

2014-03-27 16:03 - 2014-03-27 16:03 - 00688992 ____R (Swearware) C:\Users\Jami\Downloads\dds.scr

2014-03-27 15:54 - 2014-03-27 15:53 - 00036665 _____ () C:\Users\Jami\Downloads\Addition.txt

2014-03-27 15:54 - 2014-03-27 15:52 - 00055109 _____ () C:\Users\Jami\Downloads\FRST.txt

2014-03-27 15:52 - 2014-03-27 15:52 - 02157056 _____ (Farbar) C:\Users\Jami\Desktop\FRST64.exe

2014-03-27 15:52 - 2014-03-27 15:51 - 01145856 _____ (Farbar) C:\Users\Jami\Downloads\FRST.exe

2014-03-27 15:41 - 2014-03-27 15:41 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Jami\Downloads\rkill64.exe

2014-03-27 15:41 - 2014-03-27 15:41 - 00001904 _____ () C:\Users\Jami\Desktop\Rkill.txt

2014-03-27 15:40 - 2014-03-27 15:40 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Jami\Downloads\rkill.exe

2014-03-27 15:38 - 2014-03-07 20:32 - 00000000 ____D () C:\Users\Jami\Desktop\World of Warcraft

2014-03-27 15:38 - 2013-02-24 22:30 - 00000000 ____D () C:\Users\Jami\AppData\Local\Deployment

2014-03-27 13:10 - 2013-08-31 16:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-03-27 13:02 - 2014-03-27 13:02 - 00000000 ____D () C:\Users\Jami\AppData\Local\Macromedia

2014-03-27 13:01 - 2014-03-27 13:01 - 00001154 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-03-27 13:01 - 2014-03-27 13:01 - 00000000 ____D () C:\Users\Jami\AppData\Local\Mozilla

2014-03-27 13:01 - 2014-03-27 13:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-03-27 13:01 - 2013-02-25 12:43 - 00000000 ____D () C:\Users\Jami\AppData\Roaming\Mozilla

2014-03-27 13:00 - 2014-03-27 13:00 - 00282880 _____ (Mozilla) C:\Users\Jami\Downloads\Firefox Setup Stub 28.0.exe

2014-03-27 12:54 - 2014-02-03 20:07 - 00634880 ___SH () C:\Users\Jami\Desktop\Thumbs.db

2014-03-26 20:15 - 2012-12-12 02:04 - 01524838 _____ () C:\Windows\PFRO.log

2014-03-26 17:41 - 2014-03-26 17:41 - 00633712 _____ (ROBLOX Corporation) C:\Users\Jami\Downloads\RobloxPlayerLauncher (11).exe

2014-03-26 17:40 - 2014-03-26 17:40 - 00633712 _____ (ROBLOX Corporation) C:\Users\Jami\Downloads\RobloxPlayerLauncher (10).exe

2014-03-26 16:12 - 2013-02-24 22:30 - 00003880 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-03-26 16:12 - 2013-02-24 22:30 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-03-25 17:00 - 2014-03-25 17:00 - 00591616 ____R () C:\Users\Jami\Money Backup_2014-03-25_170039.mbf

2014-03-25 17:00 - 2014-02-13 20:12 - 03768320 _____ () C:\Users\Jami\Money.mny

2014-03-25 17:00 - 2013-02-24 22:21 - 00000000 ____D () C:\Users\Jami

2014-03-25 10:15 - 2014-03-25 10:15 - 00000073 _____ () C:\Users\Jami\Desktop\AFNI.txt

2014-03-25 10:12 - 2014-03-25 10:12 - 00576268 ____R () C:\Users\Jami\Money Backup_2014-03-25_101159.mbf

2014-03-24 21:52 - 2014-02-27 21:37 - 00000000 ____D () C:\Users\Jami\Documents\andrea folder

2014-03-24 11:13 - 2014-03-24 11:13 - 00611054 ____R () C:\Users\Jami\Money Backup_2014-03-24_111319.mbf

2014-03-24 03:15 - 2012-07-25 22:26 - 00524288 ___SH () C:\Windows\system32\config\BBI

2014-03-23 16:03 - 2013-03-18 15:36 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft

2014-03-23 16:02 - 2014-03-23 16:02 - 00000318 _____ () C:\Users\Jami\Desktop\Curse Client.appref-ms

2014-03-23 16:02 - 2014-03-23 16:02 - 00000000 ____D () C:\Users\Jami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse

2014-03-23 14:54 - 2014-03-23 14:54 - 00402696 _____ () C:\Users\Jami\Downloads\setup (1).exe

2014-03-23 14:26 - 2014-03-23 14:26 - 00060777 _____ () C:\Windows\SysWOW64\CCCInstall_201403231426475854.log

2014-03-23 14:26 - 2014-03-23 14:26 - 00000000 ____D () C:\ProgramData\ATI

2014-03-23 14:26 - 2014-03-23 14:26 - 00000000 ____D () C:\Program Files\ATI Technologies

2014-03-23 14:26 - 2013-01-07 04:50 - 00000000 ____D () C:\ProgramData\AMD

2014-03-23 14:25 - 2014-03-23 14:25 - 00000103 _____ () C:\Windows\setupact.log

2014-03-23 14:25 - 2014-03-23 14:25 - 00000000 ____D () C:\Windows\LastGood.Tmp

2014-03-23 14:25 - 2014-03-23 14:25 - 00000000 _____ () C:\Windows\setuperr.log

2014-03-23 14:25 - 2013-01-07 04:50 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies

2014-03-23 14:24 - 2014-03-23 14:24 - 00000000 ____D () C:\ProgramData\Package Cache

2014-03-23 14:21 - 2014-03-23 14:21 - 00000000 ____D () C:\AMD

2014-03-23 14:18 - 2014-03-23 14:18 - 00000000 ____D () C:\Users\Jami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved

2014-03-23 14:18 - 2014-03-23 14:17 - 00000000 ____D () C:\Program Files (x86)\Raptr

2014-03-23 14:17 - 2014-03-23 14:17 - 01007930 _____ () C:\Users\Jami\Downloads\amddriverdownload_installer.exe

2014-03-23 14:17 - 2014-03-23 14:17 - 00000000 ____D () C:\Users\Jami\AppData\Roaming\library_dir

2014-03-22 23:51 - 2014-03-22 23:50 - 40893773 _____ () C:\Users\Jami\Downloads\DefaultDan.zip

2014-03-22 22:41 - 2014-02-11 20:49 - 00000000 ____D () C:\Users\Jami\Desktop\alyssa homework #2

2014-03-22 10:49 - 2013-10-16 05:06 - 00001353 _____ () C:\Users\Kids\Desktop\ROBLOX Player.lnk

2014-03-22 10:49 - 2013-10-16 05:06 - 00000000 ____D () C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox

2014-03-22 10:46 - 2014-03-22 10:46 - 00633712 _____ (ROBLOX Corporation) C:\Users\Linda\Downloads\RobloxPlayerLauncher (8).exe

2014-03-22 10:46 - 2014-03-22 10:45 - 00633712 _____ (ROBLOX Corporation) C:\Users\Linda\Downloads\RobloxPlayerLauncher (7).exe

2014-03-22 03:20 - 2014-02-08 12:49 - 00001354 _____ () C:\Users\Linda\Desktop\ROBLOX Player.lnk

2014-03-22 03:20 - 2014-02-08 12:48 - 00001173 _____ () C:\Users\Linda\Desktop\ROBLOX Studio 2013.lnk

2014-03-22 03:20 - 2014-02-08 12:48 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox

2014-03-22 03:19 - 2014-03-22 03:19 - 00633712 _____ (ROBLOX Corporation) C:\Users\Linda\Downloads\RobloxPlayerLauncher (6).exe

2014-03-22 03:16 - 2014-03-22 02:41 - 00000000 ____D () C:\Users\Linda\Documents\kids

2014-03-22 02:54 - 2013-10-24 20:11 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1638031616-1474997356-39108045-1007

2014-03-21 01:42 - 2014-03-21 01:42 - 01070496 _____ (Unity Technologies ApS) C:\Users\Linda\Downloads\UnityWebPlayer (3).exe

2014-03-21 01:42 - 2014-03-21 01:42 - 00000000 ____D () C:\Users\Linda\AppData\Local\Unity

2014-03-21 01:41 - 2014-03-21 01:41 - 01070496 _____ (Unity Technologies ApS) C:\Users\Linda\Downloads\UnityWebPlayer (2).exe

2014-03-20 22:39 - 2014-03-20 22:39 - 00000000 ____D () C:\Users\Kids\AppData\Roaming\HpUpdate

2014-03-20 13:54 - 2013-04-01 07:59 - 00000000 ____D () C:\Users\Jami\AppData\Local\Roblox

2014-03-20 09:37 - 2014-03-20 09:37 - 00002354 _____ () C:\Users\Jami\Downloads\invite.ics

2014-03-19 04:34 - 2013-08-14 13:13 - 00000000 ____D () C:\Windows\system32\MRT

2014-03-19 04:32 - 2013-02-25 09:37 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-03-19 04:16 - 2014-03-19 04:16 - 01070496 _____ (Unity Technologies ApS) C:\Users\Linda\Downloads\UnityWebPlayer (1).exe

2014-03-18 15:00 - 2014-03-17 17:22 - 00000000 ____D () C:\Users\Jami\Desktop\Schedules

2014-03-18 09:13 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\AUInstallAgent

2014-03-16 17:34 - 2013-09-04 05:30 - 00000000 ____D () C:\Users\Kids\Documents\alyssa's homework

2014-03-15 07:22 - 2013-09-02 23:00 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1638031616-1474997356-39108045-1006

2014-03-15 06:48 - 2013-10-13 06:34 - 00000000 ___RD () C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-03-15 06:48 - 2013-10-13 06:34 - 00000000 ___RD () C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2014-03-15 06:43 - 2014-03-15 06:42 - 00000000 ____D () C:\Users\Jami\Desktop\serra band boosters

2014-03-15 06:40 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\NDF

2014-03-15 03:19 - 2014-03-15 03:19 - 01070496 _____ (Unity Technologies ApS) C:\Users\Linda\Downloads\UnityWebPlayer.exe

2014-03-15 02:17 - 2013-10-24 18:54 - 00000000 ___RD () C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-03-15 02:17 - 2013-10-24 18:54 - 00000000 ___RD () C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2014-03-14 17:48 - 2014-03-14 17:48 - 00381488 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-03-14 03:22 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\rescache

2014-03-13 17:00 - 2013-02-24 22:23 - 00000000 ___RD () C:\Users\Jami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-03-13 17:00 - 2013-02-24 22:23 - 00000000 ___RD () C:\Users\Jami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2014-03-13 16:58 - 2013-07-11 00:52 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-03-13 16:58 - 2013-07-11 00:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-03-13 16:56 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-03-13 16:56 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-03-13 16:55 - 2012-07-26 01:12 - 00000000 ___RD () C:\Windows\ToastData

2014-03-13 16:55 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files\Windows Defender

2014-03-13 16:55 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender

2014-03-12 18:53 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\FxsTmp

2014-03-12 17:48 - 2014-03-08 07:33 - 00000000 ____D () C:\Users\Jami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flvto Youtube Downloader

2014-03-12 17:48 - 2014-03-08 07:32 - 00000000 ____D () C:\Users\Jami\AppData\Local\Flvto Youtube Downloader

2014-03-11 10:48 - 2013-05-29 09:01 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-03-11 07:25 - 2014-03-11 07:25 - 00000000 ____D () C:\Users\Jami\AppData\Roaming\LVMaintenance

2014-03-09 18:41 - 2014-03-09 18:41 - 00000000 ____D () C:\Users\Jami\AppData\Roaming\Pogo Games

2014-03-09 18:27 - 2013-12-26 02:43 - 00000000 ____D () C:\Users\Jami\Documents\andrea

2014-03-08 21:07 - 2014-03-08 21:07 - 00402696 _____ () C:\Users\Jami\Downloads\setup.exe

2014-03-08 07:51 - 2013-03-14 11:26 - 00823808 ___SH () C:\Users\Jami\Downloads\Thumbs.db

2014-03-08 07:37 - 2014-03-08 07:37 - 00000000 ____D () C:\Users\Jami\Documents\Add-in Express

2014-03-08 07:37 - 2014-03-08 07:37 - 00000000 ____D () C:\Program Files (x86)\PrintEco

2014-03-08 07:37 - 2014-03-08 07:36 - 00000000 ____D () C:\Users\Jami\AppData\Roaming\ContentExplorer

2014-03-08 07:37 - 2013-02-25 00:28 - 00238128 _____ () C:\Windows\RegBootClean64.exe

2014-03-08 07:36 - 2014-03-08 07:34 - 00000000 ____D () C:\Users\Jami\AppData\Roaming\FlvtoConverter

2014-03-08 07:34 - 2014-03-08 07:34 - 00000000 ____D () C:\Users\Jami\AppData\Local\FlvtoYoutubeDownloader

2014-03-08 07:31 - 2014-03-08 07:31 - 00678032 _____ (Hotger) C:\Users\Jami\Downloads\FYDMystart.exe

2014-03-08 07:31 - 2014-03-08 07:31 - 00622736 _____ (Hotger) C:\Users\Jami\Downloads\FYDLoad.exe

2014-03-07 20:32 - 2014-03-07 20:32 - 00000913 _____ () C:\Users\Public\Desktop\World of Warcraft.lnk

2014-03-06 11:57 - 2013-10-16 14:55 - 00000000 ____D () C:\Program Files (x86)\Yahoo!

2014-03-06 11:48 - 2014-03-06 11:47 - 00010240 ___SH () C:\Users\Public\Thumbs.db

2014-03-06 11:03 - 2014-03-06 11:03 - 00001079 _____ () C:\Users\Public\Desktop\WD My Cloud.lnk

2014-03-06 11:03 - 2014-03-06 11:03 - 00000000 ____D () C:\Program Files (x86)\Western Digital

2014-03-06 11:02 - 2014-03-06 11:02 - 00000000 ____D () C:\Users\Jami\AppData\Roaming\com.wd.WDMyCloud

2014-03-06 11:02 - 2014-02-14 21:18 - 00000000 ____D () C:\Users\Jami\AppData\Local\Western Digital

2014-03-06 10:57 - 2014-03-06 10:57 - 64458736 _____ () C:\Users\Jami\Downloads\WDMyCloud_win (1).exe

2014-03-06 10:17 - 2013-08-31 16:15 - 00000000 ____D () C:\Users\Jami\AppData\Local\Thunderbird

2014-03-06 10:12 - 2014-03-06 10:11 - 83293072 _____ (Blizzard Entertainment) C:\Users\Jami\Downloads\World-of-Warcraft-Setup-enUS.exe

2014-03-04 15:52 - 2013-07-11 03:43 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-03-04 15:52 - 2013-07-11 03:43 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-02-27 08:27 - 2014-02-27 08:27 - 00543088 _____ (ROBLOX Corporation) C:\Users\Jami\Downloads\RobloxPlayerLauncher (9).exe
Link to post
Share on other sites

Some content of TEMP:

====================

C:\Users\Jami\AppData\Local\Temp\13-12_win7_win8_64_dd_ccc_whql.exe

C:\Users\Jami\AppData\Local\Temp\AutoRun.exe

C:\Users\Jami\AppData\Local\Temp\AutoRunGUI.dll

C:\Users\Jami\AppData\Local\Temp\HitmanPro.exe

C:\Users\Jami\AppData\Local\Temp\Quarantine.exe

C:\Users\Jami\AppData\Local\Temp\raptrpatch.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-03-28 03:39

 

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014

Ran by Jami at 2014-03-27 15:53:28

Running from C:\Users\Jami\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: Trend Micro Titanium Maximum Security (Enabled - Up to date) {B7599298-8445-728A-A5C7-A26A082C8BDA}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Trend Micro Titanium Maximum Security (Enabled - Up to date) {0C38737C-A27F-7D04-9F77-991873ABC167}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

4660_4680_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden

Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)

Adobe Reader X (10.1.8) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)

AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.00.01 - ASUSTeK Computer Inc.)

AMD Accelerated Video Transcoding (Version: 2.00.0002 - Advanced Micro Devices, Inc.) Hidden

AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden

AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden

AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)

AMD Fuel (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden

Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

ASUS Music Maker (HKLM-x32\...\MAGIX_{5E00D8DF-905B-41C7-B562-C126DE3A4167}) (Version: 18.0.3.3 - MAGIX AG)

ASUS Music Maker (Version: 18.0.3.3 - MAGIX AG) Hidden

ASUS MX Suite (HKLM-x32\...\MAGIX_{9204F334-2A46-49F1-89C4-65CEB7AC1974}) (Version: 1.13.0.121 - MAGIX AG)

ASUS MX Suite (Version: 1.13.0.121 - MAGIX AG) Hidden

ASUS Video easy (HKLM-x32\...\MAGIX_{7DB84618-76E3-4999-A9A0-D7D756E14129}) (Version: 3.0.1.42 - MAGIX AG)

ASUS Video easy (Version: 3.0.1.42 - MAGIX AG) Hidden

ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)

ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden

AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 17.3.2.101 - AVG Technologies)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)

bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden

BPDSoftware (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden

BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden

Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.5.0 build 3621  (Oct-10-2013) - Carbonite)

Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden

ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden

ContentExplorer (HKLM-x32\...\ContentExplorer) (Version: 4.5 - ContentExplorer.net)

CopyTrans Suite Remove Only (HKCU\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)

Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.792 - Curse)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden

DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden

DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden

Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden

Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{6C5F8503-55D2-4398-858C-362B7A7AF51C}) (Version: 2.1.31.0 - MAGIX AG)

Fitbit Connect (HKLM-x32\...\Fitbit Connect) (Version: 1.0.0.2578 - Fitbit Inc.)

Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Galeria de Fotografias (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)

Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden

GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden

HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)

HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)

HP OfficeJet J4600 All-In-One Series (HKLM\...\{6122CE5C-9DD3-402D-8413-57B681739FA7}) (Version: 14.0 - HP)

HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)

HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)

HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden

HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden

HydraVision (x32 Version: 4.2.236.0 - Advanced Micro Devices, Inc.) Hidden

iTunes (HKLM\...\{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}) (Version: 11.1.4.62 - Apple Inc.)

J4680 (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden

Java 7 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

LINE (HKLM-x32\...\LINE) (Version: 3.2.0.76 - NHN Japan)

LK Maintenance (HKLM-x32\...\{4ACD145C-665E-40CC-89A0-A3213D761571}) (Version: 1.0 - LK Maintenance)

Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)

MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Money Plus (HKLM-x32\...\Money2008b) (Version: 17 - Microsoft)

Microsoft Money Shared Libraries (x32 Version: 17.0.0.3817 - Microsoft Corporation) Hidden

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden

Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)

Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden

MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden

MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden

OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)

OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)

OPERATION MANIA (HKLM-x32\...\11551673) (Version:  - Oberon Media)

Origin (HKLM-x32\...\Origin) (Version: 8.4.1.210 - Electronic Arts, Inc.)

Overlord (HKLM-x32\...\Steam App 11450) (Version:  - CodeMasters)

Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

PhotoFiltre 7 (HKCU\...\PhotoFiltre 7) (Version:  - )

Plants vs. Zombies: Game of the Year (HKLM-x32\...\Steam App 3590) (Version:  - PopCap Games, Inc.)

PrintEco Office (HKLM-x32\...\{864C0654-5C9F-4F03-85D5-47CA3062C7E2}) (Version: 1.4.70 - PrintEco)

ProductContext (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden

QuickShare (HKLM-x32\...\{04DB50FA-EA80-4256-85F9-540C582E280D}) (Version: 1.39.60.10936 - Linkury Inc.) <==== ATTENTION

Quit Keeper (HKLM-x32\...\QuitKeeper) (Version:  - )

Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Raptr (HKLM-x32\...\Raptr) (Version:  - )

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)

ROBLOX Player for Jami (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)

ROBLOX Studio 2013 for Jami (HKCU\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)

Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden

Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)

Sid Meier's Civilization III: Complete (HKLM-x32\...\Steam App 3910) (Version:  - Firaxis Games)

Sid Meier's Civilization IV (HKLM-x32\...\Steam App 3900) (Version:  - Firaxis Games)

Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - Firaxis Games)

SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden

Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden

Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

The Sims 2 (HKLM-x32\...\{8AB8D458-939E-403F-0097-9BA1C1F013D5}) (Version:  - )

The Sims 2 Nightlife (HKLM-x32\...\{F7529650-B9DB-481B-0089-A2AC3C2821C1}) (Version:  - )

The Sims 2 Open For Business (HKLM-x32\...\{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}) (Version:  - )

The Sims 2 Pets (HKLM-x32\...\{4817189D-1785-4627-A33C-39FD90919300}) (Version:  - )

The Sims™ 2 Seasons (HKLM-x32\...\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}) (Version:  - )

The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)

Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden

TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden

Trend Micro Titanium (Version: 6.00 - Trend Micro Inc.) Hidden

Trend Micro Titanium Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 6.0 - Trend Micro Inc.)

Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)

Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)

WD My Cloud (HKLM\...\{68E25871-B2E9-4353-9DF3-72165918F1A6}) (Version: 1.0.4.34 - Western Digital Technologies, Inc.)

WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden

Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live ??? (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live ??? (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)

World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )

Zuma's Revenge (HKLM-x32\...\Steam App 3620) (Version:  - PopCap Games, Inc.)

S?????? f?t???af??? (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

???? (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

??? (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

 

==================== Restore Points  =========================

 

 

==================== Hosts content: ==========================

 

2012-07-25 22:26 - 2012-07-25 22:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask

Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

Task: {24D8A1B8-C80E-415C-8DF7-5D87E566630A} - System32\Tasks\Titanium BTC => C:\Program Files\Trend Micro\Titanium\plugin\TMDC\TMDC.exe [2013-03-01] (Trend Micro Inc.)

Task: {28718A27-AC5D-44AC-9FF2-4195A0F6AF3E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {2E9D14F9-6116-4658-865A-68B0BB96BC0A} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe

Task: {2FE43FE0-CBE4-4493-9A2D-61F74FF6FCEA} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\Pogo Games\PogoDGC.exe <==== ATTENTION

Task: {54ADDC0F-8BB1-494F-97BF-AF3C7A94DFC6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)

Task: {62652242-4DCF-4F52-BDBE-B616D03894BB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-24] (Google Inc.)

Task: {77584E48-9E9D-4227-A18D-A03898D6D8AF} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)

Task: {968C564A-31AB-47C9-A3CD-164C4F99340A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-24] (Google Inc.)

Task: {9B99B1EF-1026-4069-9F62-327337AED9FB} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-15] (Microsoft Corporation)

Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing

Task: {ACAF94F8-EE80-477D-A25A-61047D46B38A} - System32\Tasks\ASUS\ASUS Smart Cooling Helper => C:\Program Files (x86)\ASUS\AI Suite II\Smart Cooling\AsSmartCoolingService.exe [2012-03-28] (ASUSTeK Computer Inc.)

Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState

Task: {DA353554-4C2E-4039-A187-6F2ED955365F} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\Windows\system32\NotificationUI.exe [2013-08-15] (Microsoft Corporation)

Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2013-02-24 23:29 - 2012-05-02 12:27 - 00049664 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_49.dll

2013-02-24 23:29 - 2012-05-02 12:24 - 00731136 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll

2013-02-24 23:29 - 2012-05-02 12:24 - 00064512 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_49.dll

2013-02-24 23:29 - 2012-05-02 12:25 - 01719808 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll

2013-02-24 23:29 - 2012-05-02 12:25 - 00016896 _____ () C:\Program Files\Trend Micro\AMSP\boost_system-vc80-mt-1_49.dll

2013-02-24 23:26 - 2012-07-25 08:53 - 00289088 _____ () C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll

2013-12-06 16:06 - 2013-12-06 16:06 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll

2013-07-26 05:59 - 2013-07-26 05:59 - 00814592 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll

2013-07-26 05:59 - 2013-07-26 05:59 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll

2012-12-12 02:19 - 2012-06-01 02:42 - 00920736 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe

2014-01-10 22:59 - 2014-01-10 22:59 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe

2013-10-09 05:38 - 2014-02-03 18:12 - 02552856 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe

2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2012-12-12 02:19 - 2014-03-27 15:37 - 00035840 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll

2012-12-12 02:19 - 2010-06-28 19:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll

2013-11-01 13:11 - 2013-11-01 13:11 - 00090624 _____ () C:\Program Files (x86)\PasswordBox\libwebsocketswin32.dll

2014-01-10 22:59 - 2014-01-10 22:59 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\log4cplusU.dll

2013-10-16 14:57 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll

2010-11-22 15:56 - 2010-11-22 15:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd

2010-11-22 15:56 - 2010-11-22 15:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd

2010-11-22 15:56 - 2010-11-22 15:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd

2014-02-21 15:32 - 2014-02-21 15:32 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd

2014-02-21 15:32 - 2014-02-21 15:32 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd

2014-02-21 15:32 - 2014-02-21 15:32 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd

2014-02-21 15:32 - 2014-02-21 15:32 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd

2010-11-22 15:57 - 2010-11-22 15:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd

2010-11-22 15:56 - 2010-11-22 15:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll

2010-11-22 15:56 - 2010-11-22 15:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd

2010-11-22 15:56 - 2010-11-22 15:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd

2010-11-22 15:57 - 2010-11-22 15:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd

2010-11-22 15:57 - 2010-11-22 15:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd

2010-11-22 15:56 - 2010-11-22 15:56 - 00124928 _____ () C:\Program Files (x86)\Raptr\_elementtree.pyd

2010-11-22 15:56 - 2010-11-22 15:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd

2012-02-06 13:28 - 2012-02-06 13:28 - 00031744 _____ () C:\Program Files (x86)\Raptr\Crypto.Cipher.AES.pyd

2012-02-06 13:28 - 2012-02-06 13:28 - 00010752 _____ () C:\Program Files (x86)\Raptr\Crypto.Random.OSRNG.winrandom.pyd

2012-02-06 13:28 - 2012-02-06 13:28 - 00011264 _____ () C:\Program Files (x86)\Raptr\Crypto.Util._counter.pyd

2011-05-10 12:01 - 2011-05-10 12:01 - 00030208 _____ () C:\Program Files (x86)\Raptr\simplejson._speedups.pyd

2014-02-21 15:32 - 2014-02-21 15:32 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd

2010-11-22 15:56 - 2010-11-22 15:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd

2011-02-15 11:17 - 2011-02-15 11:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll

2010-11-22 15:56 - 2010-11-22 15:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll

2010-11-22 15:57 - 2010-11-22 15:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd

2010-11-22 15:57 - 2010-11-22 15:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd

2010-11-22 15:56 - 2010-11-22 15:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd

2010-11-22 15:56 - 2010-11-22 15:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd

2013-11-20 17:05 - 2013-11-20 17:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll

2010-11-22 15:56 - 2010-11-22 15:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd

2010-11-22 15:57 - 2010-11-22 15:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd

2010-11-22 15:57 - 2010-11-22 15:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd

2014-02-20 13:40 - 2014-02-20 13:40 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd

2011-02-15 11:17 - 2011-02-15 11:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll

2010-11-22 16:06 - 2010-11-22 16:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll

2013-05-09 16:52 - 2013-05-09 16:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll

2013-05-09 16:52 - 2013-05-09 16:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll

2013-05-09 16:52 - 2013-05-09 16:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll

2013-05-03 11:57 - 2013-05-03 11:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll

2013-05-03 11:56 - 2013-05-03 11:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll

2013-05-03 11:56 - 2013-05-03 11:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll

2013-05-03 11:57 - 2013-05-03 11:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll

2013-05-03 11:56 - 2013-05-03 11:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll

2013-05-03 11:57 - 2013-05-03 11:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll

2013-05-03 11:57 - 2013-05-03 11:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll

2013-05-03 11:57 - 2013-05-03 11:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll

2013-05-03 11:57 - 2013-05-03 11:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll

2014-03-15 12:14 - 2014-03-14 17:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll

2014-03-15 12:14 - 2014-03-14 17:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll

2014-03-15 12:14 - 2014-03-14 17:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll

2014-03-15 12:14 - 2014-03-14 17:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll

2014-03-15 12:14 - 2014-03-14 17:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll

2014-03-15 12:14 - 2014-03-14 17:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll

2013-02-24 23:26 - 2012-07-25 08:54 - 00049152 _____ () C:\Program Files\Trend Micro\Titanium\UIFramework\boost_date_time-vc80-mt-1_49.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

AlternateDataStreams: C:\ProgramData\Temp:19C3BC3A

AlternateDataStreams: C:\ProgramData\Temp:588B60C7

AlternateDataStreams: C:\ProgramData\Temp:99963C1E

 

==================== Safe Mode (whitelisted) ===================

 

 

==================== Disabled items from MSCONFIG ==============

 

 

==================== Faulty Device Manager Devices =============

 

Name: Officejet J4680 series

Description: Officejet J4680 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (03/27/2014 02:12:23 PM) (Source: Perflib) (User: )

Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll8

 

Error: (03/27/2014 02:12:23 PM) (Source: Perflib) (User: )

Description: MSDTCC:\Windows\system32\msdtcuiu.DLL8

 

Error: (03/27/2014 02:12:23 PM) (Source: Perflib) (User: )

Description: LsaC:\Windows\System32\Secur32.dll8

 

Error: (03/27/2014 02:12:23 PM) (Source: Perflib) (User: )

Description: ESENTC:\Windows\system32\esentprf.dll8

 

Error: (03/27/2014 02:12:23 PM) (Source: Perflib) (User: )

Description: BITSC:\Windows\System32\bitsperf.dll8

 

Error: (03/27/2014 01:10:00 PM) (Source: VSS) (User: )

Description: Volume Shadow Copy Service error: Error on creating/using the COM+ Writers publisher interface: BackupShutdown [0x80042302, A Volume Shadow Copy Service component encountered an unexpected error.

Check the Application event log for more information.

].

 

Error: (03/27/2014 01:10:00 PM) (Source: VSS) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine IMultiInterfaceEventControl::GetSubscriptions.  hr = 0x80010108, The object invoked has disconnected from its clients.

.

 

Error: (03/27/2014 10:36:46 AM) (Source: Perflib) (User: )

Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll8

 

Error: (03/27/2014 10:36:46 AM) (Source: Perflib) (User: )

Description: MSDTCC:\Windows\system32\msdtcuiu.DLL8

 

Error: (03/27/2014 10:36:46 AM) (Source: Perflib) (User: )

Description: LsaC:\Windows\System32\Secur32.dll8

 

 

System errors:

=============

Error: (03/27/2014 09:28:43 AM) (Source: Service Control Manager) (User: )

Description: The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: 

%%50

 

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

 

Error: (03/26/2014 06:23:53 PM) (Source: Service Control Manager) (User: )

Description: The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: 

%%50

 

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

 

Error: (03/22/2014 01:06:14 PM) (Source: Schannel) (User: NT AUTHORITY)

Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 11.

 

Error: (03/22/2014 01:06:14 PM) (Source: Schannel) (User: NT AUTHORITY)

Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 11.

 

Error: (03/22/2014 10:54:06 AM) (Source: Schannel) (User: NT AUTHORITY)

Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 11.

 

Error: (03/22/2014 10:54:05 AM) (Source: Schannel) (User: NT AUTHORITY)

Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 11.

 

Error: (03/21/2014 05:19:03 AM) (Source: DCOM) (User: JamiPC)

Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

 

Error: (03/21/2014 05:19:03 AM) (Source: DCOM) (User: JamiPC)

Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

 

Error: (03/20/2014 10:39:48 PM) (Source: Schannel) (User: NT AUTHORITY)

Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 11.

 

Error: (03/20/2014 10:39:47 PM) (Source: Schannel) (User: NT AUTHORITY)

Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 11.

 

 

Microsoft Office Sessions:

=========================

Error: (03/27/2014 02:12:23 PM) (Source: Perflib)(User: )

Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll8

 

Error: (03/27/2014 02:12:23 PM) (Source: Perflib)(User: )

Description: MSDTCC:\Windows\system32\msdtcuiu.DLL8

 

Error: (03/27/2014 02:12:23 PM) (Source: Perflib)(User: )

Description: LsaC:\Windows\System32\Secur32.dll8

 

Error: (03/27/2014 02:12:23 PM) (Source: Perflib)(User: )

Description: ESENTC:\Windows\system32\esentprf.dll8

 

Error: (03/27/2014 02:12:23 PM) (Source: Perflib)(User: )

Description: BITSC:\Windows\System32\bitsperf.dll8

 

Error: (03/27/2014 01:10:00 PM) (Source: VSS)(User: )

Description: BackupShutdown0x80042302, A Volume Shadow Copy Service component encountered an unexpected error.

Check the Application event log for more information.

 

Error: (03/27/2014 01:10:00 PM) (Source: VSS)(User: )

Description: IMultiInterfaceEventControl::GetSubscriptions0x80010108, The object invoked has disconnected from its clients.

 

Error: (03/27/2014 10:36:46 AM) (Source: Perflib)(User: )

Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll8

 

Error: (03/27/2014 10:36:46 AM) (Source: Perflib)(User: )

Description: MSDTCC:\Windows\system32\msdtcuiu.DLL8

 

Error: (03/27/2014 10:36:46 AM) (Source: Perflib)(User: )

Description: LsaC:\Windows\System32\Secur32.dll8

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 27%

Total physical RAM: 8112.43 MB

Available physical RAM: 5877.66 MB

Total Pagefile: 9328.43 MB

Available Pagefile: 6973.72 MB

Total Virtual: 8192 MB

Available Virtual: 8191.75 MB

 

==================== Drives ================================

 

Drive c: (Windows) (Fixed) (Total:150 GB) (Free:14.2 GB) NTFS

Drive d: (Data) (Fixed) (Total:764.35 GB) (Free:764.16 GB) NTFS

Drive e: (Sims3) (CDROM) (Total:5.54 GB) (Free:0 GB) UDF

Drive j: (RECOVERY) (Fixed) (Total:31.99 GB) (Free:31.75 GB) FAT32 ==>[system with boot components (obtained from reading drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 932 GB) (Disk ID: CE62FBEA)

 

Partition: GPT Partition Type.

 

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: B5D17918)

 

Partition: GPT Partition Type.

 

==================== End Of Log ============================

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Re-run AdwCleaner, use the clean option and remove all found entries, post the log

 

Next,

 

Re-run JRT post its log

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a FULL scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log...

 

Let me see all of those logs, also tell me if there are any remaining issues or concerns...

 

Kevin

 

 

 

fixlist.txt

Link to post
Share on other sites

Ok, here's the logs:
 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Jami at 2014-03-28 15:25:18 Run:1
Running from C:\Users\Jami\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
HKU\S-1-5-21-1638031616-1474997356-39108045-1002\...\Run: [LVMaintenance] - C:\Users\Jami\AppData\Roaming\LVMaintenance\LVMaintenance.exe [76560 2014-02-14] ()
C:\Users\Jami\AppData\Roaming\LVMaintenance
HKU\S-1-5-21-1638031616-1474997356-39108045-1002\...\MountPoints2: {ceb3222c-58bf-11e2-be6a-806e6f6e6963} - "E:\Autorun.exe" 
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:29080;https=127.0.0.1:29080
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\Jami\AppData\Local\Temp\13-12_win7_win8_64_dd_ccc_whql.exe
C:\Users\Jami\AppData\Local\Temp\AutoRun.exe
C:\Users\Jami\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Jami\AppData\Local\Temp\HitmanPro.exe
C:\Users\Jami\AppData\Local\Temp\Quarantine.exe
C:\Users\Jami\AppData\Local\Temp\raptrpatch.exe
(HKLM-x32\...\{4ACD145C-665E-40CC-89A0-A3213D761571})
(HKLM-x32\...\{04DB50FA-EA80-4256-85F9-540C582E280D})
Task: {2FE43FE0-CBE4-4493-9A2D-61F74FF6FCEA} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\Pogo Games\PogoDGC.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:19C3BC3A
AlternateDataStreams: C:\ProgramData\Temp:588B60C7
AlternateDataStreams: C:\ProgramData\Temp:99963C1E
End
*****************
 
HKU\S-1-5-21-1638031616-1474997356-39108045-1002\Software\Microsoft\Windows\CurrentVersion\Run\\LVMaintenance => Value deleted successfully.
C:\Users\Jami\AppData\Roaming\LVMaintenance => Moved successfully.
HKU\S-1-5-21-1638031616-1474997356-39108045-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ceb3222c-58bf-11e2-be6a-806e6f6e6963} => Key deleted successfully.
HKCR\CLSID\{ceb3222c-58bf-11e2-be6a-806e6f6e6963} => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rjatydimofu.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe => Key deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
C:\Users\Jami\AppData\Local\Temp\13-12_win7_win8_64_dd_ccc_whql.exe => Moved successfully.
C:\Users\Jami\AppData\Local\Temp\AutoRun.exe => Moved successfully.
C:\Users\Jami\AppData\Local\Temp\AutoRunGUI.dll => Moved successfully.
C:\Users\Jami\AppData\Local\Temp\HitmanPro.exe => Moved successfully.
C:\Users\Jami\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Jami\AppData\Local\Temp\raptrpatch.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2FE43FE0-CBE4-4493-9A2D-61F74FF6FCEA} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FE43FE0-CBE4-4493-9A2D-61F74FF6FCEA} => Key deleted successfully.
C:\Windows\System32\Tasks\RunAsStdUser Task => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser Task => Key deleted successfully.
C:\ProgramData\Temp => ":19C3BC3A" ADS removed successfully.
C:\ProgramData\Temp => ":588B60C7" ADS removed successfully.
C:\ProgramData\Temp => ":99963C1E" ADS removed successfully.
 
==== End of Fixlog ====
 
# AdwCleaner v3.022 - Report created 28/03/2014 at 15:28:33
# Updated 13/03/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Jami - JAMIPC
# Running from : C:\Users\Jami\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\heoldelcflnigdllmlopiefhkkobendj
Folder Deleted : C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\heoldelcflnigdllmlopiefhkkobendj
Folder Deleted : C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16843
 
 
-\\ Mozilla Firefox v28.0 (en-US)
 
[ File : C:\Users\Jami\AppData\Roaming\Mozilla\Firefox\Profiles\at73luqo.default\prefs.js ]
 
 
-\\ Google Chrome v33.0.1750.154
 
[ File : C:\Users\Jami\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : homepage
 
[ File : C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [8684 octets] - [27/03/2014 19:11:16]
AdwCleaner[R1].txt - [8744 octets] - [28/03/2014 12:57:39]
AdwCleaner[R2].txt - [1722 octets] - [28/03/2014 15:26:59]
AdwCleaner[s0].txt - [8964 octets] - [28/03/2014 13:00:17]
AdwCleaner[s1].txt - [1653 octets] - [28/03/2014 15:28:33]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1713 octets] ##########
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 8 x64
Ran by Jami on Fri 03/28/2014 at 15:32:48.15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 03/28/2014 at 15:37:40.76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.03.28.09
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16843
Jami :: JAMIPC [administrator]
 
3/28/2014 3:39:43 PM
mbam-log-2014-03-28 (15-39-43).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 581181
Time elapsed: 1 hour(s), 18 minute(s), 11 second(s)
 
Memory Processes Detected: 1
C:\Users\Jami\AppData\Roaming\ContentExplorer\ContentExplorer.exe (PUP.Optional.ContentExplorer.A) -> 4500 -> Delete on reboot.
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ContentExplorer (PUP.Optional.ContentExplorer.A) -> Data: "C:\Users\Jami\AppData\Roaming\ContentExplorer\ContentExplorer.exe" -> Quarantined and deleted successfully.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\Users\Jami\AppData\Roaming\ContentExplorer\ContentExplorer.exe (PUP.Optional.ContentExplorer.A) -> Delete on reboot.
 
(end)
Link to post
Share on other sites

I think that's taken care of, but somehow my internet connection settings keep resetting to a LAN connection, so when I restart my computer, I have to go into settings and change it from trying to use a proxy server for LAN to using my regular connection. I don't know if that is related, though.

Link to post
Share on other sites

Please download RogueKiller from here:

 

http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe'>http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe  <- 32 bit version

http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe'>http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe  <- 64 bit version

                                   

  • Make sure to get the correct version for your system.
  • Quit all running programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • Wait until Prescan has finished...
  • The following EULA will appear, please select accept
     
    RKLicence.png
     
  • Ensure MBR scan, Check faked and AntiRootkit are checked
  • Select Scan
     
    RK1A.png
     
  • When the scan completes select Report, copy and paste that to your reply.
     
    RK2A.png
     
  • The log should be found in RKreport[?].txt on your Desktop
  • Exit/Close RogueKiller

Link to post
Share on other sites


RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software





 

Operating System : Windows 8 (6.2.9200 ) 64 bits version

Started in : Normal mode

User : Jami [Admin rights]

Mode : Scan -- Date : 03/28/2014 17:50:57

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 5 ¤¤¤

[RUN][sUSP PATH] HKLM\[...]\Run : etMonitor (C:\Windows\etMon.exe [x]) -> FOUND

[RUN][sUSP PATH] HKLM\[...]\RunOnce : DCERegBootClean64 (C:\Windows\RegBootClean64.exe [7]) -> FOUND

[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:44633;hxxps=127.0.0.1:44633 [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 1 ¤¤¤

[V2][sUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" - /silent $(Arg0) [x][x] -> FOUND

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Browser Addons : 1 ¤¤¤

[FF][PUP] at73luqo.default : AVG SafeGuard toolbar

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

[Address] EAT @explorer.exe (GdipAddPathArc) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16C868)

[Address] EAT @explorer.exe (GdipAddPathArcI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16C7C8)

[Address] EAT @explorer.exe (GdipAddPathBezier) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19F400)

[Address] EAT @explorer.exe (GdipAddPathBezierI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19F31C)

[Address] EAT @explorer.exe (GdipAddPathBeziers) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19F258)

[Address] EAT @explorer.exe (GdipAddPathBeziersI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19F174)

[Address] EAT @explorer.exe (GdipAddPathClosedCurve) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19EAC4)

[Address] EAT @explorer.exe (GdipAddPathClosedCurve2) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19E90C)

[Address] EAT @explorer.exe (GdipAddPathClosedCurve2I) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19E824)

[Address] EAT @explorer.exe (GdipAddPathClosedCurveI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19E9E0)

[Address] EAT @explorer.exe (GdipAddPathCurve) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19F094)

[Address] EAT @explorer.exe (GdipAddPathCurve2) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19EE94)

[Address] EAT @explorer.exe (GdipAddPathCurve2I) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19ED74)

[Address] EAT @explorer.exe (GdipAddPathCurve3) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19EC90)

[Address] EAT @explorer.exe (GdipAddPathCurve3I) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19EB90)

[Address] EAT @explorer.exe (GdipAddPathCurveI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19EF78)

[Address] EAT @explorer.exe (GdipAddPathEllipse) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19E3FC)

[Address] EAT @explorer.exe (GdipAddPathEllipseI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19E378)

[Address] EAT @explorer.exe (GdipAddPathLine) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16B964)

[Address] EAT @explorer.exe (GdipAddPathLine2) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19F61C)

[Address] EAT @explorer.exe (GdipAddPathLine2I) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19F538)

[Address] EAT @explorer.exe (GdipAddPathLineI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16B8E0)

[Address] EAT @explorer.exe (GdipAddPathPath) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19DF7C)

[Address] EAT @explorer.exe (GdipAddPathPie) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19E280)

[Address] EAT @explorer.exe (GdipAddPathPieI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19E1E0)

[Address] EAT @explorer.exe (GdipAddPathPolygon) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19E11C)

[Address] EAT @explorer.exe (GdipAddPathPolygonI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19E038)

[Address] EAT @explorer.exe (GdipAddPathRectangle) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19E730)

[Address] EAT @explorer.exe (GdipAddPathRectangleI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19E6AC)

[Address] EAT @explorer.exe (GdipAddPathRectangles) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19E5E8)

[Address] EAT @explorer.exe (GdipAddPathRectanglesI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19E4E8)

[Address] EAT @explorer.exe (GdipAddPathString) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19DDBC)

[Address] EAT @explorer.exe (GdipAddPathStringI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19DCD4)

[Address] EAT @explorer.exe (GdipAlloc) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B129ADC)

[Address] EAT @explorer.exe (GdipBeginContainer) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18B1C4)

[Address] EAT @explorer.exe (GdipBeginContainer2) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18B100)

[Address] EAT @explorer.exe (GdipBeginContainerI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18B000)

[Address] EAT @explorer.exe (GdipBitmapApplyEffect) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B192874)

[Address] EAT @explorer.exe (GdipBitmapConvertFormat) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B192B20)

[Address] EAT @explorer.exe (GdipBitmapCreateApplyEffect) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19295C)

[Address] EAT @explorer.exe (GdipBitmapGetHistogram) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19278C)

[Address] EAT @explorer.exe (GdipBitmapGetHistogramSize) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B192740)

[Address] EAT @explorer.exe (GdipBitmapGetPixel) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B192E18)

[Address] EAT @explorer.exe (GdipBitmapLockBits) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B12C490)

[Address] EAT @explorer.exe (GdipBitmapSetPixel) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1431E0)

[Address] EAT @explorer.exe (GdipBitmapSetResolution) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B144880)

[Address] EAT @explorer.exe (GdipBitmapUnlockBits) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B12C5C8)

[Address] EAT @explorer.exe (GdipClearPathMarkers) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19F848)

[Address] EAT @explorer.exe (GdipCloneBitmapArea) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B192F04)

[Address] EAT @explorer.exe (GdipCloneBitmapAreaI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1712D8)

[Address] EAT @explorer.exe (GdipCloneBrush) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19A32C)

[Address] EAT @explorer.exe (GdipCloneCustomLineCap) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B195450)

[Address] EAT @explorer.exe (GdipCloneFont) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18996C)

[Address] EAT @explorer.exe (GdipCloneFontFamily) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B189C18)

[Address] EAT @explorer.exe (GdipCloneImage) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1470D8)

[Address] EAT @explorer.exe (GdipCloneImageAttributes) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B192538)

[Address] EAT @explorer.exe (GdipCloneMatrix) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16B360)

[Address] EAT @explorer.exe (GdipClonePath) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1A0184)

[Address] EAT @explorer.exe (GdipClonePen) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B197048)

[Address] EAT @explorer.exe (GdipCloneRegion) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19B8FC)

[Address] EAT @explorer.exe (GdipCloneStringFormat) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B188CF0)

[Address] EAT @explorer.exe (GdipClosePathFigure) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19FA28)

[Address] EAT @explorer.exe (GdipClosePathFigures) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19F988)

[Address] EAT @explorer.exe (GdipCombineRegionPath) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19B538)

[Address] EAT @explorer.exe (GdipCombineRegionRect) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19B6F4)

[Address] EAT @explorer.exe (GdipCombineRegionRectI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19B654)

[Address] EAT @explorer.exe (GdipCombineRegionRegion) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1488A4)

[Address] EAT @explorer.exe (GdipComment) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B189878)

[Address] EAT @explorer.exe (GdipConvertToEmfPlus) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1880FC)

[Address] EAT @explorer.exe (GdipConvertToEmfPlusToFile) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B187FFC)

[Address] EAT @explorer.exe (GdipConvertToEmfPlusToStream) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B187EFC)

[Address] EAT @explorer.exe (GdipCreateAdjustableArrowCap) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B194B88)

[Address] EAT @explorer.exe (GdipCreateBitmapFromDirectDrawSurface) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1930A4)

[Address] EAT @explorer.exe (GdipCreateBitmapFromFile) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1406FC)

[Address] EAT @explorer.exe (GdipCreateBitmapFromFileICM) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B193330)

[Address] EAT @explorer.exe (GdipCreateBitmapFromGdiDib) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B13B994)

[Address] EAT @explorer.exe (GdipCreateBitmapFromGraphics) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1931D4)

[Address] EAT @explorer.exe (GdipCreateBitmapFromHBITMAP) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B122F28)

[Address] EAT @explorer.exe (GdipCreateBitmapFromHICON) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B147B2C)

[Address] EAT @explorer.exe (GdipCreateBitmapFromResource) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19300C)

[Address] EAT @explorer.exe (GdipCreateBitmapFromScan0) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1384A4)

[Address] EAT @explorer.exe (GdipCreateBitmapFromStream) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16FF40)

[Address] EAT @explorer.exe (GdipCreateBitmapFromStreamICM) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B193480)

[Address] EAT @explorer.exe (GdipCreateCachedBitmap) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B172F6C)

[Address] EAT @explorer.exe (GdipCreateCustomLineCap) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19551C)

[Address] EAT @explorer.exe (GdipCreateEffect) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B192DB0)

[Address] EAT @explorer.exe (GdipCreateFont) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1497BC)

[Address] EAT @explorer.exe (GdipCreateFontFamilyFromName) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B148DD4)

[Address] EAT @explorer.exe (GdipCreateFontFromDC) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B189520)

[Address] EAT @explorer.exe (GdipCreateFontFromLogfontA) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B189408)

[Address] EAT @explorer.exe (GdipCreateFontFromLogfontW) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B149380)

[Address] EAT @explorer.exe (GdipCreateFromHDC) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B12D848)

[Address] EAT @explorer.exe (GdipCreateFromHDC2) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19196C)

[Address] EAT @explorer.exe (GdipCreateFromHWND) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1918CC)

[Address] EAT @explorer.exe (GdipCreateFromHWNDICM) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19182C)

[Address] EAT @explorer.exe (GdipCreateHBITMAPFromBitmap) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B133830)

[Address] EAT @explorer.exe (GdipCreateHICONFromBitmap) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B14779C)

[Address] EAT @explorer.exe (GdipCreateHalftonePalette) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B149ED8)

[Address] EAT @explorer.exe (GdipCreateHatchBrush) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19A198)

[Address] EAT @explorer.exe (GdipCreateImageAttributes) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B146D10)

[Address] EAT @explorer.exe (GdipCreateLineBrush) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19984C)

[Address] EAT @explorer.exe (GdipCreateLineBrushFromRect) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B172150)

[Address] EAT @explorer.exe (GdipCreateLineBrushFromRectI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B172044)

[Address] EAT @explorer.exe (GdipCreateLineBrushFromRectWithAngle) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19961C)

[Address] EAT @explorer.exe (GdipCreateLineBrushFromRectWithAngleI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B199514)

[Address] EAT @explorer.exe (GdipCreateLineBrushI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B199738)

[Address] EAT @explorer.exe (GdipCreateMatrix) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1374C8)

[Address] EAT @explorer.exe (GdipCreateMatrix2) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16B244)

[Address] EAT @explorer.exe (GdipCreateMatrix3) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19C3C0)

[Address] EAT @explorer.exe (GdipCreateMatrix3I) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19C274)

[Address] EAT @explorer.exe (GdipCreateMetafileFromEmf) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18AB18)

[Address] EAT @explorer.exe (GdipCreateMetafileFromFile) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18AA30)

[Address] EAT @explorer.exe (GdipCreateMetafileFromStream) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18A854)

[Address] EAT @explorer.exe (GdipCreateMetafileFromWmf) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18AC0C)

[Address] EAT @explorer.exe (GdipCreateMetafileFromWmfFile) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18A93C)

[Address] EAT @explorer.exe (GdipCreatePath) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B13F200)

[Address] EAT @explorer.exe (GdipCreatePath2) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1A03C4)

[Address] EAT @explorer.exe (GdipCreatePath2I) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1A023C)

[Address] EAT @explorer.exe (GdipCreatePathGradient) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B198778)

[Address] EAT @explorer.exe (GdipCreatePathGradientFromPath) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B198598)

[Address] EAT @explorer.exe (GdipCreatePathGradientI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19864C)

[Address] EAT @explorer.exe (GdipCreatePathIter) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19CEE0)

[Address] EAT @explorer.exe (GdipCreatePen1) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B13A7E8)

[Address] EAT @explorer.exe (GdipCreatePen2) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B137D40)

[Address] EAT @explorer.exe (GdipCreateRegion) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B148040)

[Address] EAT @explorer.exe (GdipCreateRegionHrgn) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19BA00)

[Address] EAT @explorer.exe (GdipCreateRegionPath) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19BB94)

[Address] EAT @explorer.exe (GdipCreateRegionRect) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16D9CC)

[Address] EAT @explorer.exe (GdipCreateRegionRectI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16D918)

[Address] EAT @explorer.exe (GdipCreateRegionRgnData) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19BAC8)

[Address] EAT @explorer.exe (GdipCreateSolidFill) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B135630)

[Address] EAT @explorer.exe (GdipCreateStreamOnFile) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B15AB24)

[Address] EAT @explorer.exe (GdipCreateStringFormat) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B188EA0)

[Address] EAT @explorer.exe (GdipCreateTexture) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B142A40)

[Address] EAT @explorer.exe (GdipCreateTexture2) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B199EC4)

[Address] EAT @explorer.exe (GdipCreateTexture2I) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B199C40)

[Address] EAT @explorer.exe (GdipCreateTextureIA) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B199D10)

[Address] EAT @explorer.exe (GdipCreateTextureIAI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B199BF0)

[Address] EAT @explorer.exe (GdipDeleteBrush) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B135170)

[Address] EAT @explorer.exe (GdipDeleteCachedBitmap) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B143498)

[Address] EAT @explorer.exe (GdipDeleteCustomLineCap) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B195308)

[Address] EAT @explorer.exe (GdipDeleteEffect) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B192D60)

[Address] EAT @explorer.exe (GdipDeleteFont) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B13834C)

[Address] EAT @explorer.exe (GdipDeleteFontFamily) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B189CD0)

[Address] EAT @explorer.exe (GdipDeleteGraphics) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B12D378)

[Address] EAT @explorer.exe (GdipDeleteMatrix) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1373FC)

[Address] EAT @explorer.exe (GdipDeletePath) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B13F2E0)

[Address] EAT @explorer.exe (GdipDeletePathIter) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19CE4C)

[Address] EAT @explorer.exe (GdipDeletePen) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B13521C)

[Address] EAT @explorer.exe (GdipDeletePrivateFontCollection) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18924C)

[Address] EAT @explorer.exe (GdipDeleteRegion) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1376B8)

[Address] EAT @explorer.exe (GdipDeleteStringFormat) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B188C7C)

[Address] EAT @explorer.exe (GdipDisposeImage) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B121CE0)

[Address] EAT @explorer.exe (GdipDisposeImageAttributes) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B146B70)

[Address] EAT @explorer.exe (GdipDrawArc) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19040C)

[Address] EAT @explorer.exe (GdipDrawArcI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B190360)

[Address] EAT @explorer.exe (GdipDrawBezier) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B190208)

[Address] EAT @explorer.exe (GdipDrawBezierI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B190114)

[Address] EAT @explorer.exe (GdipDrawBeziers) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18FFF8)

[Address] EAT @explorer.exe (GdipDrawBeziersI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18FEDC)

[Address] EAT @explorer.exe (GdipDrawCachedBitmap) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B170EF0)

[Address] EAT @explorer.exe (GdipDrawClosedCurve) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18F140)

[Address] EAT @explorer.exe (GdipDrawClosedCurve2) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18EF38)

[Address] EAT @explorer.exe (GdipDrawClosedCurve2I) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18EE44)

[Address] EAT @explorer.exe (GdipDrawClosedCurveI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18F05C)

[Address] EAT @explorer.exe (GdipDrawCurve) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18F7B4)

[Address] EAT @explorer.exe (GdipDrawCurve2) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18F59C)

[Address] EAT @explorer.exe (GdipDrawCurve2I) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18F4A8)

[Address] EAT @explorer.exe (GdipDrawCurve3) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18F374)

[Address] EAT @explorer.exe (GdipDrawCurve3I) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18F268)

[Address] EAT @explorer.exe (GdipDrawCurveI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18F6D0)

[Address] EAT @explorer.exe (GdipDrawDriverString) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18D9A8)

[Address] EAT @explorer.exe (GdipDrawEllipse) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18FB64)

[Address] EAT @explorer.exe (GdipDrawEllipseI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18FAD4)

[Address] EAT @explorer.exe (GdipDrawImage) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B142DF0)

[Address] EAT @explorer.exe (GdipDrawImageFX) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18D004)

[Address] EAT @explorer.exe (GdipDrawImageI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B142D6C)

[Address] EAT @explorer.exe (GdipDrawImagePointRect) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16D77C)

[Address] EAT @explorer.exe (GdipDrawImagePointRectI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16D6B8)

[Address] EAT @explorer.exe (GdipDrawImagePoints) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18D658)

[Address] EAT @explorer.exe (GdipDrawImagePointsI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18D53C)

[Address] EAT @explorer.exe (GdipDrawImagePointsRect) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18D2CC)

[Address] EAT @explorer.exe (GdipDrawImagePointsRectI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18D134)

[Address] EAT @explorer.exe (GdipDrawImageRect) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B132664)

[Address] EAT @explorer.exe (GdipDrawImageRectI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1325C4)

[Address] EAT @explorer.exe (GdipDrawImageRectRect) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16EFC4)

[Address] EAT @explorer.exe (GdipDrawImageRectRectI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16EE90)

[Address] EAT @explorer.exe (GdipDrawLine) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1905D8)

[Address] EAT @explorer.exe (GdipDrawLineI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B190548)

[Address] EAT @explorer.exe (GdipDrawLines) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B13CA40)

[Address] EAT @explorer.exe (GdipDrawLinesI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B13C958)

[Address] EAT @explorer.exe (GdipDrawPath) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16AFA0)

[Address] EAT @explorer.exe (GdipDrawPie) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18F998)

[Address] EAT @explorer.exe (GdipDrawPieI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18F8EC)

[Address] EAT @explorer.exe (GdipDrawPolygon) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1527D0)

[Address] EAT @explorer.exe (GdipDrawPolygonI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1526E0)

[Address] EAT @explorer.exe (GdipDrawRectangle) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B13CD30)

[Address] EAT @explorer.exe (GdipDrawRectangleI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B13CC90)

[Address] EAT @explorer.exe (GdipDrawRectangles) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18FDC0)

[Address] EAT @explorer.exe (GdipDrawRectanglesI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18FC88)

[Address] EAT @explorer.exe (GdipDrawString) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18E018)

[Address] EAT @explorer.exe (GdipEmfToWmfBits) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B156A28)

[Address] EAT @explorer.exe (GdipEndContainer) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18AF58)

[Address] EAT @explorer.exe (GdipEnumerateMetafileDestPoint) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18CE6C)

[Address] EAT @explorer.exe (GdipEnumerateMetafileDestPointI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18CDD0)

[Address] EAT @explorer.exe (GdipEnumerateMetafileDestPoints) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18C9D4)

[Address] EAT @explorer.exe (GdipEnumerateMetafileDestPointsI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18C894)

[Address] EAT @explorer.exe (GdipEnumerateMetafileDestRect) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18CC38)

[Address] EAT @explorer.exe (GdipEnumerateMetafileDestRectI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18CB80)

[Address] EAT @explorer.exe (GdipEnumerateMetafileSrcRectDestPoint) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18C6D0)

[Address] EAT @explorer.exe (GdipEnumerateMetafileSrcRectDestPointI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18C5E0)

[Address] EAT @explorer.exe (GdipEnumerateMetafileSrcRectDestPoints) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18C15C)

[Address] EAT @explorer.exe (GdipEnumerateMetafileSrcRectDestPointsI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18BFD4)

[Address] EAT @explorer.exe (GdipEnumerateMetafileSrcRectDestRect) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18C41C)

[Address] EAT @explorer.exe (GdipEnumerateMetafileSrcRectDestRectI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18C328)

[Address] EAT @explorer.exe (GdipFillClosedCurve) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18E524)

[Address] EAT @explorer.exe (GdipFillClosedCurve2) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18E310)

[Address] EAT @explorer.exe (GdipFillClosedCurve2I) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18E210)

[Address] EAT @explorer.exe (GdipFillClosedCurveI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18E440)

[Address] EAT @explorer.exe (GdipFillEllipse) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B13F768)

[Address] EAT @explorer.exe (GdipFillEllipseI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18E990)

[Address] EAT @explorer.exe (GdipFillPath) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18E654)

[Address] EAT @explorer.exe (GdipFillPie) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18E850)

[Address] EAT @explorer.exe (GdipFillPieI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18E79C)

[Address] EAT @explorer.exe (GdipFillPolygon) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1529AC)

[Address] EAT @explorer.exe (GdipFillPolygon2) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18EB04)

[Address] EAT @explorer.exe (GdipFillPolygon2I) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18EA20)

[Address] EAT @explorer.exe (GdipFillPolygonI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1528BC)

[Address] EAT @explorer.exe (GdipFillRectangle) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B135870)

[Address] EAT @explorer.exe (GdipFillRectangleI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1357DC)

[Address] EAT @explorer.exe (GdipFillRectangles) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18ED28)

[Address] EAT @explorer.exe (GdipFillRectanglesI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18EC28)

[Address] EAT @explorer.exe (GdipFillRegion) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16D354)

[Address] EAT @explorer.exe (GdipFindFirstImageItem) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B193730)

[Address] EAT @explorer.exe (GdipFindNextImageItem) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B193680)

[Address] EAT @explorer.exe (GdipFlattenPath) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16AEC4)

[Address] EAT @explorer.exe (GdipFlush) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B191764)

[Address] EAT @explorer.exe (GdipFree) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B129A74)

[Address] EAT @explorer.exe (GdipGetAdjustableArrowCapFillState) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1945B0)

[Address] EAT @explorer.exe (GdipGetAdjustableArrowCapHeight) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B194A10)

[Address] EAT @explorer.exe (GdipGetAdjustableArrowCapMiddleInset) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B194720)

[Address] EAT @explorer.exe (GdipGetAdjustableArrowCapWidth) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B194898)

[Address] EAT @explorer.exe (GdipGetAllPropertyItems) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1411D8)

[Address] EAT @explorer.exe (GdipGetBrushType) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19A27C)

[Address] EAT @explorer.exe (GdipGetCellAscent) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B189708)

[Address] EAT @explorer.exe (GdipGetCellDescent) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B189644)

[Address] EAT @explorer.exe (GdipGetClip) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B148424)

[Address] EAT @explorer.exe (GdipGetClipBounds) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18B938)

[Address] EAT @explorer.exe (GdipGetClipBoundsI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B137B04)

[Address] EAT @explorer.exe (GdipGetCompositingMode) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16D0E0)

[Address] EAT @explorer.exe (GdipGetCompositingQuality) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B191478)

[Address] EAT @explorer.exe (GdipGetCustomLineCapBaseCap) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B194EF4)

[Address] EAT @explorer.exe (GdipGetCustomLineCapBaseInset) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B194DBC)

[Address] EAT @explorer.exe (GdipGetCustomLineCapStrokeCaps) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B195198)

[Address] EAT @explorer.exe (GdipGetCustomLineCapStrokeJoin) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B195058)

[Address] EAT @explorer.exe (GdipGetCustomLineCapType) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19539C)

[Address] EAT @explorer.exe (GdipGetCustomLineCapWidthScale) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B194C84)

[Address] EAT @explorer.exe (GdipGetDC) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1535E8)

[Address] EAT @explorer.exe (GdipGetDpiX) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B190A68)

[Address] EAT @explorer.exe (GdipGetDpiY) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B148AD8)

[Address] EAT @explorer.exe (GdipGetEffectParameterSize) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B192C8C)

[Address] EAT @explorer.exe (GdipGetEffectParameters) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B192C18)

[Address] EAT @explorer.exe (GdipGetEmHeight) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B149A70)

[Address] EAT @explorer.exe (GdipGetEncoderParameterList) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19419C)

[Address] EAT @explorer.exe (GdipGetEncoderParameterListSize) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B194260)

[Address] EAT @explorer.exe (GdipGetFamily) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B148C70)

[Address] EAT @explorer.exe (GdipGetFamilyName) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B149984)

[Address] EAT @explorer.exe (GdipGetFontCollectionFamilyCount) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B189178)

[Address] EAT @explorer.exe (GdipGetFontCollectionFamilyList) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1890BC)

[Address] EAT @explorer.exe (GdipGetFontHeight) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B149660)

[Address] EAT @explorer.exe (GdipGetFontHeightGivenDPI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B189A64)

[Address] EAT @explorer.exe (GdipGetFontSize) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B148CF0)

[Address] EAT @explorer.exe (GdipGetFontStyle) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B148B6C)

[Address] EAT @explorer.exe (GdipGetFontUnit) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B148BF0)

[Address] EAT @explorer.exe (GdipGetGenericFontFamilyMonospace) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B189DC4)

[Address] EAT @explorer.exe (GdipGetGenericFontFamilySansSerif) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B189EAC)

[Address] EAT @explorer.exe (GdipGetGenericFontFamilySerif) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B189E38)

[Address] EAT @explorer.exe (GdipGetHatchBackgroundColor) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19A030)

[Address] EAT @explorer.exe (GdipGetHatchForegroundColor) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1984E4)

[Address] EAT @explorer.exe (GdipGetHatchStyle) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19A0E4)

[Address] EAT @explorer.exe (GdipGetHemfFromMetafile) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B155A24)

[Address] EAT @explorer.exe (GdipGetImageAttributesAdjustedPalette) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B191A18)

[Address] EAT @explorer.exe (GdipGetImageBounds) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B193CEC)

[Address] EAT @explorer.exe (GdipGetImageDecoders) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B169270)

[Address] EAT @explorer.exe (GdipGetImageDecodersSize) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B169428)

[Address] EAT @explorer.exe (GdipGetImageDimension) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B193C28)

[Address] EAT @explorer.exe (GdipGetImageEncoders) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B126798)

[Address] EAT @explorer.exe (GdipGetImageEncodersSize) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1269D8)

[Address] EAT @explorer.exe (GdipGetImageFlags) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19396C)

[Address] EAT @explorer.exe (GdipGetImageGraphicsContext) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B139214)

[Address] EAT @explorer.exe (GdipGetImageHeight) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B12B680)

[Address] EAT @explorer.exe (GdipGetImageHorizontalResolution) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B193B3C)

[Address] EAT @explorer.exe (GdipGetImageItemData) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1935D0)

[Address] EAT @explorer.exe (GdipGetImagePalette) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1705B4)

[Address] EAT @explorer.exe (GdipGetImagePaletteSize) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B17067C)

[Address] EAT @explorer.exe (GdipGetImagePixelFormat) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B12B588)

[Address] EAT @explorer.exe (GdipGetImageRawFormat) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1418F4)

[Address] EAT @explorer.exe (GdipGetImageThumbnail) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1937E0)

[Address] EAT @explorer.exe (GdipGetImageType) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B146EA0)

[Address] EAT @explorer.exe (GdipGetImageVerticalResolution) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B193A50)

[Address] EAT @explorer.exe (GdipGetImageWidth) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B12C344)

[Address] EAT @explorer.exe (GdipGetInterpolationMode) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B191108)

[Address] EAT @explorer.exe (GdipGetLineBlend) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1990C8)

[Address] EAT @explorer.exe (GdipGetLineBlendCount) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B197A4C)

[Address] EAT @explorer.exe (GdipGetLineColors) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B199360)

[Address] EAT @explorer.exe (GdipGetLineGammaCorrection) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B199198)

[Address] EAT @explorer.exe (GdipGetLinePresetBlend) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B198E88)

[Address] EAT @explorer.exe (GdipGetLinePresetBlendCount) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B199004)

[Address] EAT @explorer.exe (GdipGetLineRect) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B197C48)

[Address] EAT @explorer.exe (GdipGetLineRectI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B199280)

[Address] EAT @explorer.exe (GdipGetLineSpacing) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B149B34)

[Address] EAT @explorer.exe (GdipGetLineTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B199AD0)

[Address] EAT @explorer.exe (GdipGetLineWrapMode) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B198AA0)

[Address] EAT @explorer.exe (GdipGetLogFontA) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B189B0C)

[Address] EAT @explorer.exe (GdipGetLogFontW) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B148EEC)

[Address] EAT @explorer.exe (GdipGetMatrixElements) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1375F0)

[Address] EAT @explorer.exe (GdipGetMetafileDownLevelRasterizationLimit) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B189F20)

[Address] EAT @explorer.exe (GdipGetMetafileHeaderFromEmf) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18AE8C)

[Address] EAT @explorer.exe (GdipGetMetafileHeaderFromFile) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18AE34)

[Address] EAT @explorer.exe (GdipGetMetafileHeaderFromMetafile) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18AD14)

[Address] EAT @explorer.exe (GdipGetMetafileHeaderFromStream) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18ADC4)

[Address] EAT @explorer.exe (GdipGetMetafileHeaderFromWmf) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18AEE4)

[Address] EAT @explorer.exe (GdipGetNearestColor) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1906F8)

Link to post
Share on other sites

[Address] EAT @explorer.exe (GdipGetPageScale) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B190BD0)

[Address] EAT @explorer.exe (GdipGetPageUnit) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B190C84)

[Address] EAT @explorer.exe (GdipGetPathData) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19FB68)

[Address] EAT @explorer.exe (GdipGetPathFillMode) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19FC14)

[Address] EAT @explorer.exe (GdipGetPathGradientBlend) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19797C)

[Address] EAT @explorer.exe (GdipGetPathGradientBlendCount) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B197A4C)

[Address] EAT @explorer.exe (GdipGetPathGradientCenterColor) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1984E4)

[Address] EAT @explorer.exe (GdipGetPathGradientCenterPoint) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B198034)

[Address] EAT @explorer.exe (GdipGetPathGradientCenterPointI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B197F98)

[Address] EAT @explorer.exe (GdipGetPathGradientFocusScales) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1971BC)

[Address] EAT @explorer.exe (GdipGetPathGradientGammaCorrection) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B197B00)

[Address] EAT @explorer.exe (GdipGetPathGradientPath) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1980E0)

[Address] EAT @explorer.exe (GdipGetPathGradientPointCount) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B197DB4)

[Address] EAT @explorer.exe (GdipGetPathGradientPresetBlend) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B197764)

[Address] EAT @explorer.exe (GdipGetPathGradientPresetBlendCount) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B199004)

[Address] EAT @explorer.exe (GdipGetPathGradientRect) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B197C48)

[Address] EAT @explorer.exe (GdipGetPathGradientRectI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B199280)

[Address] EAT @explorer.exe (GdipGetPathGradientSurroundColorCount) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B197CF8)

[Address] EAT @explorer.exe (GdipGetPathGradientSurroundColorsWithCount) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1982FC)

[Address] EAT @explorer.exe (GdipGetPathGradientTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B199AD0)

[Address] EAT @explorer.exe (GdipGetPathGradientWrapMode) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B198AA0)

[Address] EAT @explorer.exe (GdipGetPathLastPoint) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19F6E0)

[Address] EAT @explorer.exe (GdipGetPathPoints) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19FE14)

[Address] EAT @explorer.exe (GdipGetPathPointsI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19FCC8)

[Address] EAT @explorer.exe (GdipGetPathTypes) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19FF24)

[Address] EAT @explorer.exe (GdipGetPathWorldBounds) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19D680)

[Address] EAT @explorer.exe (GdipGetPathWorldBoundsI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19D4FC)

[Address] EAT @explorer.exe (GdipGetPenBrushFill) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B195D44)

[Address] EAT @explorer.exe (GdipGetPenColor) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B13F640)

[Address] EAT @explorer.exe (GdipGetPenCompoundArray) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1956CC)

[Address] EAT @explorer.exe (GdipGetPenCompoundCount) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19586C)

[Address] EAT @explorer.exe (GdipGetPenCustomEndCap) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19674C)

[Address] EAT @explorer.exe (GdipGetPenCustomStartCap) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1968FC)

[Address] EAT @explorer.exe (GdipGetPenDashArray) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19591C)

[Address] EAT @explorer.exe (GdipGetPenDashCap197819) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B196B5C)

[Address] EAT @explorer.exe (GdipGetPenDashCount) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B195A94)

[Address] EAT @explorer.exe (GdipGetPenDashOffset) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B195BE4)

[Address] EAT @explorer.exe (GdipGetPenDashStyle) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B195C94)

[Address] EAT @explorer.exe (GdipGetPenEndCap) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B196C10)

[Address] EAT @explorer.exe (GdipGetPenFillType) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B13FB50)

[Address] EAT @explorer.exe (GdipGetPenLineJoin) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B196AAC)

[Address] EAT @explorer.exe (GdipGetPenMiterLimit) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1965F0)

[Address] EAT @explorer.exe (GdipGetPenMode) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B196498)

[Address] EAT @explorer.exe (GdipGetPenStartCap) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B196CC0)

[Address] EAT @explorer.exe (GdipGetPenTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19624C)

[Address] EAT @explorer.exe (GdipGetPenUnit) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B196EE4)

[Address] EAT @explorer.exe (GdipGetPenWidth) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B13F6E0)

[Address] EAT @explorer.exe (GdipGetPixelOffsetMode) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1913C4)

[Address] EAT @explorer.exe (GdipGetPointCount) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1A0030)

[Address] EAT @explorer.exe (GdipGetPropertyCount) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B193F08)

[Address] EAT @explorer.exe (GdipGetPropertyIdList) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B193E6C)

[Address] EAT @explorer.exe (GdipGetPropertyItem) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1457EC)

[Address] EAT @explorer.exe (GdipGetPropertyItemSize) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B145760)

[Address] EAT @explorer.exe (GdipGetPropertySize) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B13FEF0)

[Address] EAT @explorer.exe (GdipGetRegionBounds) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19B260)

[Address] EAT @explorer.exe (GdipGetRegionBoundsI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19B0C4)

[Address] EAT @explorer.exe (GdipGetRegionData) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19ABA8)

[Address] EAT @explorer.exe (GdipGetRegionDataSize) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19AC7C)

[Address] EAT @explorer.exe (GdipGetRegionHRgn) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B14866C)

[Address] EAT @explorer.exe (GdipGetRegionScans) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19A4EC)

[Address] EAT @explorer.exe (GdipGetRegionScansCount) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19A60C)

[Address] EAT @explorer.exe (GdipGetRegionScansI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19A3EC)

[Address] EAT @explorer.exe (GdipGetRenderingOrigin) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1915D4)

[Address] EAT @explorer.exe (GdipGetSmoothingMode) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B13AA70)

[Address] EAT @explorer.exe (GdipGetSolidFillColor) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B199964)

[Address] EAT @explorer.exe (GdipGetStringFormatAlign) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B188A30)

[Address] EAT @explorer.exe (GdipGetStringFormatDigitSubstitution) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B188390)

[Address] EAT @explorer.exe (GdipGetStringFormatFlags) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B188B58)

[Address] EAT @explorer.exe (GdipGetStringFormatHotkeyPrefix) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1887E0)

[Address] EAT @explorer.exe (GdipGetStringFormatLineAlign) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B188908)

[Address] EAT @explorer.exe (GdipGetStringFormatMeasurableCharacterRangeCount) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18856C)

[Address] EAT @explorer.exe (GdipGetStringFormatTabStopCount) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B188698)

[Address] EAT @explorer.exe (GdipGetStringFormatTabStops) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1885DC)

[Address] EAT @explorer.exe (GdipGetStringFormatTrimming) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B188260)

[Address] EAT @explorer.exe (GdipGetTextContrast) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1911B0)

[Address] EAT @explorer.exe (GdipGetTextRenderingHint) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B148160)

[Address] EAT @explorer.exe (GdipGetTextureImage) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16DE20)

[Address] EAT @explorer.exe (GdipGetTextureTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B199AD0)

[Address] EAT @explorer.exe (GdipGetTextureWrapMode) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16DCCC)

[Address] EAT @explorer.exe (GdipGetVisibleClipBounds) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18B7D0)

[Address] EAT @explorer.exe (GdipGetVisibleClipBoundsI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18B690)

[Address] EAT @explorer.exe (GdipGetWorldTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B13780C)

[Address] EAT @explorer.exe (GdipGraphicsClear) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1419E8)

[Address] EAT @explorer.exe (GdipGraphicsSetAbort) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1925EC)

[Address] EAT @explorer.exe (GdipImageForceValidation) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B146F4C)

[Address] EAT @explorer.exe (GdipImageGetFrameCount) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B170478)

[Address] EAT @explorer.exe (GdipImageGetFrameDimensionsCount) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B170204)

[Address] EAT @explorer.exe (GdipImageGetFrameDimensionsList) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1702A4)

[Address] EAT @explorer.exe (GdipImageRotateFlip) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B173500)

[Address] EAT @explorer.exe (GdipImageSelectActiveFrame) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B193F94)

[Address] EAT @explorer.exe (GdipImageSetAbort) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B192690)

[Address] EAT @explorer.exe (GdipInitializePalette) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B192A30)

[Address] EAT @explorer.exe (GdipInvertMatrix) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19C100)

[Address] EAT @explorer.exe (GdipIsClipEmpty) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18B884)

[Address] EAT @explorer.exe (GdipIsEmptyRegion) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19AF40)

[Address] EAT @explorer.exe (GdipIsEqualRegion) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19AD48)

[Address] EAT @explorer.exe (GdipIsInfiniteRegion) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B148268)

[Address] EAT @explorer.exe (GdipIsMatrixEqual) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19BCA0)

[Address] EAT @explorer.exe (GdipIsMatrixIdentity) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B137760)

[Address] EAT @explorer.exe (GdipIsMatrixInvertible) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19BDC4)

[Address] EAT @explorer.exe (GdipIsOutlineVisiblePathPoint) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19D080)

[Address] EAT @explorer.exe (GdipIsOutlineVisiblePathPointI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19CFF8)

[Address] EAT @explorer.exe (GdipIsStyleAvailable) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1897B8)

[Address] EAT @explorer.exe (GdipIsVisibleClipEmpty) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18B5D4)

[Address] EAT @explorer.exe (GdipIsVisiblePathPoint) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19D344)

[Address] EAT @explorer.exe (GdipIsVisiblePathPointI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19D2C8)

[Address] EAT @explorer.exe (GdipIsVisiblePoint) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18B4F0)

[Address] EAT @explorer.exe (GdipIsVisiblePointI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18B480)

[Address] EAT @explorer.exe (GdipIsVisibleRect) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18B37C)

[Address] EAT @explorer.exe (GdipIsVisibleRectI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18B2F0)

[Address] EAT @explorer.exe (GdipIsVisibleRegionPoint) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19AA08)

[Address] EAT @explorer.exe (GdipIsVisibleRegionPointI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19A98C)

[Address] EAT @explorer.exe (GdipIsVisibleRegionRect) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19A7A8)

[Address] EAT @explorer.exe (GdipIsVisibleRegionRectI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19A70C)

[Address] EAT @explorer.exe (GdipLoadImageFromFile) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1944D4)

[Address] EAT @explorer.exe (GdipLoadImageFromFileICM) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B194314)

[Address] EAT @explorer.exe (GdipLoadImageFromStream) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B139F24)

[Address] EAT @explorer.exe (GdipLoadImageFromStreamICM) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1943F4)

[Address] EAT @explorer.exe (GdipMeasureCharacterRanges) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18DC28)

[Address] EAT @explorer.exe (GdipMeasureDriverString) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18D7D0)

[Address] EAT @explorer.exe (GdipMeasureString) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18DDF0)

[Address] EAT @explorer.exe (GdipMultiplyLineTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B197354)

[Address] EAT @explorer.exe (GdipMultiplyMatrix) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16A8BC)

[Address] EAT @explorer.exe (GdipMultiplyPathGradientTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B197354)

[Address] EAT @explorer.exe (GdipMultiplyPenTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B196094)

[Address] EAT @explorer.exe (GdipMultiplyTextureTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B197354)

[Address] EAT @explorer.exe (GdipMultiplyWorldTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B190F58)

[Address] EAT @explorer.exe (GdipNewInstalledFontCollection) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1893A0)

[Address] EAT @explorer.exe (GdipNewPrivateFontCollection) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1892EC)

[Address] EAT @explorer.exe (GdipPathIterCopyData) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19C4A8)

[Address] EAT @explorer.exe (GdipPathIterEnumerate) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19C598)

[Address] EAT @explorer.exe (GdipPathIterGetCount) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19C93C)

[Address] EAT @explorer.exe (GdipPathIterGetSubpathCount) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19C888)

[Address] EAT @explorer.exe (GdipPathIterHasCurve) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19C728)

[Address] EAT @explorer.exe (GdipPathIterIsValid) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19C7D4)

[Address] EAT @explorer.exe (GdipPathIterNextMarker) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19CAB4)

[Address] EAT @explorer.exe (GdipPathIterNextMarkerPath) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19C9F0)

[Address] EAT @explorer.exe (GdipPathIterNextPathType) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19CB98)

[Address] EAT @explorer.exe (GdipPathIterNextSubpath) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19CD5C)

[Address] EAT @explorer.exe (GdipPathIterNextSubpathPath) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19CC84)

[Address] EAT @explorer.exe (GdipPathIterRewind) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19C680)

[Address] EAT @explorer.exe (GdipPlayMetafileRecord) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18BEF4)

[Address] EAT @explorer.exe (GdipPlayTSClientRecord) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1879F8)

[Address] EAT @explorer.exe (GdipPrivateAddFontFile) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B189020)

[Address] EAT @explorer.exe (GdipPrivateAddMemoryFont) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B188F74)

[Address] EAT @explorer.exe (GdipRecordMetafile) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B162A54)

[Address] EAT @explorer.exe (GdipRecordMetafileFileName) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18A510)

[Address] EAT @explorer.exe (GdipRecordMetafileFileNameI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18A40C)

[Address] EAT @explorer.exe (GdipRecordMetafileI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18A66C)

[Address] EAT @explorer.exe (GdipRecordMetafileStream) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18A2B0)

[Address] EAT @explorer.exe (GdipRecordMetafileStreamI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18A1AC)

[Address] EAT @explorer.exe (GdipReleaseDC) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B153508)

[Address] EAT @explorer.exe (GdipRemovePropertyItem) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B193DE0)

[Address] EAT @explorer.exe (GdipResetClip) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B152D60)

[Address] EAT @explorer.exe (GdipResetImageAttributes) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B192358)

[Address] EAT @explorer.exe (GdipResetLineTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B198914)

[Address] EAT @explorer.exe (GdipResetPageTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B190D38)

[Address] EAT @explorer.exe (GdipResetPath) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1A00E0)

[Address] EAT @explorer.exe (GdipResetPathGradientTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B198914)

[Address] EAT @explorer.exe (GdipResetPenTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B196198)

[Address] EAT @explorer.exe (GdipResetTextureTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B198914)

[Address] EAT @explorer.exe (GdipResetWorldTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19106C)

[Address] EAT @explorer.exe (GdipRestoreGraphics) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1481E8)

[Address] EAT @explorer.exe (GdipReversePath) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19F7A8)

[Address] EAT @explorer.exe (GdipRotateLineTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B199A18)

[Address] EAT @explorer.exe (GdipRotateMatrix) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16B700)

[Address] EAT @explorer.exe (GdipRotatePathGradientTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B199A18)

[Address] EAT @explorer.exe (GdipRotatePenTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B195E0C)

[Address] EAT @explorer.exe (GdipRotateTextureTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B199A18)

[Address] EAT @explorer.exe (GdipRotateWorldTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B190DE0)

[Address] EAT @explorer.exe (GdipSaveAdd) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1940F8)

[Address] EAT @explorer.exe (GdipSaveAddImage) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B194040)

[Address] EAT @explorer.exe (GdipSaveGraphics) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B147F9C)

[Address] EAT @explorer.exe (GdipSaveImageToFile) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B125FD0)

[Address] EAT @explorer.exe (GdipSaveImageToStream) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B13FC80)

[Address] EAT @explorer.exe (GdipScaleLineTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19728C)

[Address] EAT @explorer.exe (GdipScaleMatrix) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16A738)

[Address] EAT @explorer.exe (GdipScalePathGradientTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19728C)

[Address] EAT @explorer.exe (GdipScalePenTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B195EDC)

[Address] EAT @explorer.exe (GdipScaleTextureTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19728C)

[Address] EAT @explorer.exe (GdipScaleWorldTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B190E94)

[Address] EAT @explorer.exe (GdipSetAdjustableArrowCapFillState) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B194660)

[Address] EAT @explorer.exe (GdipSetAdjustableArrowCapHeight) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B194AC0)

[Address] EAT @explorer.exe (GdipSetAdjustableArrowCapMiddleInset) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1947D0)

[Address] EAT @explorer.exe (GdipSetAdjustableArrowCapWidth) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B194948)

[Address] EAT @explorer.exe (GdipSetClipGraphics) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18BDEC)

[Address] EAT @explorer.exe (GdipSetClipHrgn) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18BB08)

[Address] EAT @explorer.exe (GdipSetClipPath) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18BCDC)

[Address] EAT @explorer.exe (GdipSetClipRect) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1369B0)

[Address] EAT @explorer.exe (GdipSetClipRectI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B136910)

[Address] EAT @explorer.exe (GdipSetClipRegion) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18BBD4)

[Address] EAT @explorer.exe (GdipSetCompositingMode) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B143358)

[Address] EAT @explorer.exe (GdipSetCompositingQuality) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19152C)

[Address] EAT @explorer.exe (GdipSetCustomLineCapBaseCap) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B194FA0)

[Address] EAT @explorer.exe (GdipSetCustomLineCapBaseInset) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B194E5C)

[Address] EAT @explorer.exe (GdipSetCustomLineCapStrokeCaps) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B195250)

[Address] EAT @explorer.exe (GdipSetCustomLineCapStrokeJoin) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B195104)

[Address] EAT @explorer.exe (GdipSetCustomLineCapWidthScale) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B194D24)

[Address] EAT @explorer.exe (GdipSetEffectParameters) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B192CEC)

[Address] EAT @explorer.exe (GdipSetEmpty) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19B7C4)

[Address] EAT @explorer.exe (GdipSetImageAttributesCachedBackground) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B191BC8)

[Address] EAT @explorer.exe (GdipSetImageAttributesColorKeys) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B147460)

[Address] EAT @explorer.exe (GdipSetImageAttributesColorMatrix) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B192284)

[Address] EAT @explorer.exe (GdipSetImageAttributesGamma) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19205C)

[Address] EAT @explorer.exe (GdipSetImageAttributesNoOp) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B191F54)

[Address] EAT @explorer.exe (GdipSetImageAttributesOutputChannel) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B191E38)

[Address] EAT @explorer.exe (GdipSetImageAttributesOutputChannelColorProfile) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B191D74)

[Address] EAT @explorer.exe (GdipSetImageAttributesRemapTable) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B191C70)

[Address] EAT @explorer.exe (GdipSetImageAttributesThreshold) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B192164)

[Address] EAT @explorer.exe (GdipSetImageAttributesToIdentity) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B192448)

[Address] EAT @explorer.exe (GdipSetImageAttributesWrapMode) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B191B10)

[Address] EAT @explorer.exe (GdipSetImagePalette) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1938AC)

[Address] EAT @explorer.exe (GdipSetInfinite) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19B860)

[Address] EAT @explorer.exe (GdipSetInterpolationMode) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B171170)

[Address] EAT @explorer.exe (GdipSetLineBlend) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B17273C)

[Address] EAT @explorer.exe (GdipSetLineColors) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B199454)

[Address] EAT @explorer.exe (GdipSetLineGammaCorrection) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B199214)

[Address] EAT @explorer.exe (GdipSetLineLinearBlend) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B198C10)

[Address] EAT @explorer.exe (GdipSetLinePresetBlend) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B198CD0)

[Address] EAT @explorer.exe (GdipSetLineSigmaBlend) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B172A58)

[Address] EAT @explorer.exe (GdipSetLineTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1989B4)

[Address] EAT @explorer.exe (GdipSetLineWrapMode) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B198B50)

[Address] EAT @explorer.exe (GdipSetMatrixElements) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16A7E0)

[Address] EAT @explorer.exe (GdipSetMetafileDownLevelRasterizationLimit) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18A068)

[Address] EAT @explorer.exe (GdipSetPageScale) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B190B1C)

[Address] EAT @explorer.exe (GdipSetPageUnit) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B149E40)

[Address] EAT @explorer.exe (GdipSetPathFillMode) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B13F4BC)

[Address] EAT @explorer.exe (GdipSetPathGradientBlend) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1978A8)

[Address] EAT @explorer.exe (GdipSetPathGradientCenterColor) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B198444)

[Address] EAT @explorer.exe (GdipSetPathGradientCenterPoint) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B197EDC)

[Address] EAT @explorer.exe (GdipSetPathGradientCenterPointI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B197E68)

[Address] EAT @explorer.exe (GdipSetPathGradientFocusScales) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B197104)

[Address] EAT @explorer.exe (GdipSetPathGradientGammaCorrection) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B197BB0)

[Address] EAT @explorer.exe (GdipSetPathGradientLinearBlend) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B198C10)

[Address] EAT @explorer.exe (GdipSetPathGradientPath) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1980E0)

[Address] EAT @explorer.exe (GdipSetPathGradientPresetBlend) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1975C4)

[Address] EAT @explorer.exe (GdipSetPathGradientSigmaBlend) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B197504)

[Address] EAT @explorer.exe (GdipSetPathGradientSurroundColorsWithCount) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B198110)

[Address] EAT @explorer.exe (GdipSetPathGradientTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1989B4)

[Address] EAT @explorer.exe (GdipSetPathGradientWrapMode) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B197458)

[Address] EAT @explorer.exe (GdipSetPathMarker) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19F8E8)

[Address] EAT @explorer.exe (GdipSetPenBrushFill) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B137974)

[Address] EAT @explorer.exe (GdipSetPenColor) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1508F8)

[Address] EAT @explorer.exe (GdipSetPenCompoundArray) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1957B0)

[Address] EAT @explorer.exe (GdipSetPenCustomEndCap) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B196814)

[Address] EAT @explorer.exe (GdipSetPenCustomStartCap) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1969C4)

[Address] EAT @explorer.exe (GdipSetPenDashArray) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1959D8)

[Address] EAT @explorer.exe (GdipSetPenDashCap197819) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B196D70)

[Address] EAT @explorer.exe (GdipSetPenDashOffset) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B195B44)

[Address] EAT @explorer.exe (GdipSetPenDashStyle) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B150860)

[Address] EAT @explorer.exe (GdipSetPenEndCap) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B13ABC0)

[Address] EAT @explorer.exe (GdipSetPenLineCap197819) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B196E18)

[Address] EAT @explorer.exe (GdipSetPenLineJoin) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B13AC50)

[Address] EAT @explorer.exe (GdipSetPenMiterLimit) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1966A0)

[Address] EAT @explorer.exe (GdipSetPenMode) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B196548)

[Address] EAT @explorer.exe (GdipSetPenStartCap) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B13AB30)

[Address] EAT @explorer.exe (GdipSetPenTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B196368)

[Address] EAT @explorer.exe (GdipSetPenUnit) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B196F94)

[Address] EAT @explorer.exe (GdipSetPenWidth) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B136B50)

[Address] EAT @explorer.exe (GdipSetPixelOffsetMode) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B17346C)

[Address] EAT @explorer.exe (GdipSetPropertyItem) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B144558)

[Address] EAT @explorer.exe (GdipSetRenderingOrigin) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1916AC)

[Address] EAT @explorer.exe (GdipSetSmoothingMode) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B131DB8)

[Address] EAT @explorer.exe (GdipSetSolidFillColor) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B136C1C)

[Address] EAT @explorer.exe (GdipSetStringFormatAlign) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B188AC0)

[Address] EAT @explorer.exe (GdipSetStringFormatDigitSubstitution) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18843C)

[Address] EAT @explorer.exe (GdipSetStringFormatFlags) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B188BE8)

[Address] EAT @explorer.exe (GdipSetStringFormatHotkeyPrefix) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B188870)

[Address] EAT @explorer.exe (GdipSetStringFormatLineAlign) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B188998)

[Address] EAT @explorer.exe (GdipSetStringFormatMeasurableCharacterRanges) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1884E8)

[Address] EAT @explorer.exe (GdipSetStringFormatTabStops) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B188728)

[Address] EAT @explorer.exe (GdipSetStringFormatTrimming) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1882F8)

[Address] EAT @explorer.exe (GdipSetTextContrast) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B191264)

[Address] EAT @explorer.exe (GdipSetTextRenderingHint) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19130C)

[Address] EAT @explorer.exe (GdipSetTextureTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1989B4)

[Address] EAT @explorer.exe (GdipSetTextureWrapMode) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16DF10)

[Address] EAT @explorer.exe (GdipSetWorldTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16D014)

[Address] EAT @explorer.exe (GdipShearMatrix) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19C19C)

[Address] EAT @explorer.exe (GdipStartPathFigure) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19FAC8)

[Address] EAT @explorer.exe (GdipStringFormatGetGenericDefault) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B188DF8)

[Address] EAT @explorer.exe (GdipStringFormatGetGenericTypographic) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B188D90)

[Address] EAT @explorer.exe (GdipTestControl) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1881EC)

[Address] EAT @explorer.exe (GdipTransformMatrixPoints) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16C110)

[Address] EAT @explorer.exe (GdipTransformMatrixPointsI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16BFE4)

[Address] EAT @explorer.exe (GdipTransformPath) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19D804)

[Address] EAT @explorer.exe (GdipTransformPoints) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19098C)

[Address] EAT @explorer.exe (GdipTransformPointsI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1907AC)

[Address] EAT @explorer.exe (GdipTransformRegion) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19B374)

[Address] EAT @explorer.exe (GdipTranslateClip) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18BA4C)

[Address] EAT @explorer.exe (GdipTranslateClipI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B18B9EC)

[Address] EAT @explorer.exe (GdipTranslateLineTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19884C)

[Address] EAT @explorer.exe (GdipTranslateMatrix) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B16A68C)

[Address] EAT @explorer.exe (GdipTranslatePathGradientTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19884C)

[Address] EAT @explorer.exe (GdipTranslatePenTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B195FB8)

[Address] EAT @explorer.exe (GdipTranslateRegion) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19B4BC)

[Address] EAT @explorer.exe (GdipTranslateRegionI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19B45C)

[Address] EAT @explorer.exe (GdipTranslateTextureTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19884C)

[Address] EAT @explorer.exe (GdipTranslateWorldTransform) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B147EEC)

[Address] EAT @explorer.exe (GdipVectorTransformMatrixPoints) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19C038)

[Address] EAT @explorer.exe (GdipVectorTransformMatrixPointsI) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19BE78)

[Address] EAT @explorer.exe (GdipWarpPath) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19D914)

[Address] EAT @explorer.exe (GdipWidenPath) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19DA68)

[Address] EAT @explorer.exe (GdipWindingModeOutline) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B19DBD0)

[Address] EAT @explorer.exe (GdiplusNotificationHook) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1A0510)

[Address] EAT @explorer.exe (GdiplusNotificationUnhook) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1A04AC)

[Address] EAT @explorer.exe (GdiplusShutdown) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1288CC)

[Address] EAT @explorer.exe (GdiplusStartup) : sfc_os.dll -> HOOKED (C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_726fbfe0cc22f012\gdiplus.dll @ 0x0B1232B0)

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection : PUP ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST1000DM 003-9YN162 SATA Disk Device +++++

--- User ---

[MBR] 8f2db576be6674b10e6cd2f5fc775b9e

[bSP] af9af62fb2883b0228c825713a1e8fbe : Empty MBR Code

Partition table:

0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB

User = LL1 ... OK!

User = LL2 ... OK!

 

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Generic- SD/MMC USB Device +++++

Error reading User MBR! ([0x15] The device is not ready. )

User = LL1 ... OK!

Error reading LL2 MBR! ([0x32] The request is not supported. )

 

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) Generic- Compact Flash USB Device +++++

Error reading User MBR! ([0x15] The device is not ready. )

User = LL1 ... OK!

Error reading LL2 MBR! ([0x32] The request is not supported. )

 

+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) Generic- SM/xD Picture USB Device +++++

Error reading User MBR! ([0x15] The device is not ready. )

User = LL1 ... OK!

Error reading LL2 MBR! ([0x32] The request is not supported. )

 

+++++ PhysicalDrive4: (\\.\PHYSICALDRIVE4 @ USB) Generic- MS/MS-Pro USB Device +++++

Error reading User MBR! ([0x15] The device is not ready. )

User = LL1 ... OK!

Error reading LL2 MBR! ([0x32] The request is not supported. )

 

Finished : << RKreport[0]_S_03282014_175057.txt >>
Link to post
Share on other sites

Ok we continue:

 

Quit all programs that you may have started.

  • For Vista or Windows 7, right-click and select "Run as Administrator" to start
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click on ProxyFix tab. Click on Report and copy/paste the content of the notepad to your next reply...


Next,

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

Run Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish



When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found


If threats were found

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish



close program

Copy and paste the report in next reply.

Let me see those two logs, also let me know if any remaining issues or concerns....

Kevin

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.