TechSpot

Win update impossible and all certificates suddenly expired

Solved
By needhelp51
Apr 6, 2014
  1. Hello,

    I recently installed win7 and everything was fine up til today. All certificates in all browser seem wrong, my browser suggest I might be being hacked. Windows update worked fine, but impossible since this morning. Also, two Toshiba drivers show as unknown origin even though they were downloaded from Toshiba site and worked fine before today. Computer is suddenly sluggish also. I suspect something is going on.

    Here are the logs:

    Malwarebytes Anti-Malware
    www.malwarebytes.org
    Scan Date: 2006-07-01
    Scan Time: 02:33:06
    Logfile: Log MBAM.txt
    Administrator: Yes
    Version: 2.00.1.1004
    Malware Database: v2014.04.06.09
    Rootkit Database: v2014.03.27.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Chameleon: Disabled
    OS: Windows 7 Service Pack 1
    CPU: x86
    File System: NTFS
    User: Admin
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 212294
    Time Elapsed: 22 min, 12 sec
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Shuriken: Enabled
    PUP: Enabled
    PUM: Enabled
    Processes: 0
    (No malicious items detected)
    Modules: 0
    (No malicious items detected)
    Registry Keys: 0
    (No malicious items detected)
    Registry Values: 0
    (No malicious items detected)
    Registry Data: 0
    (No malicious items detected)
    Folders: 0
    (No malicious items detected)
    Files: 2
    PUP.Optional.BundleInstaller, C:\$Recycle.Bin\S-1-5-21-811221372-2198457851-1441504835-1000\$RYUI9P4.exe, Quarantined, [e83969beec8f2d09d9761651827f5ea2],
    PUP.Optional.BundleInstaller, C:\Windows\Temp\_avast_\ws1673.dat, Quarantined, [be636dba5c1f8aacdc73df88b9483bc5],
    Physical Sectors: 0
    (No malicious items detected)

    (end)

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 11.0.9600.16521 BrowserJavaVersion: 10.51.2
    Run by Admin at 2:34:43 on 2006-07-01
    Microsoft Windows 7 Professionnel 6.1.7601.1.1252.1.1036.18.3070.1774 [GMT -4:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
    FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Secunia\PSI\PSIA.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files\Secunia\PSI\psi_tray.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\conhost.exe
    c:\program files\windows defender\MpCmdRun.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    .
    ============== Pseudo HJT Report ===============
    .
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
    mRun: [COMODO Internet Security] c:\program files\comodo\comodo internet security\cistray.exe
    mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE
    mRun: [SmoothView] c:\program files\toshiba\smoothview\SmoothView.exe
    mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    TCP: NameServer = 47.55.55.55 142.166.166.166
    TCP: Interfaces\{83A967BC-B179-4662-BC85-2206CCDD72C9} : DHCPNameServer = 47.55.55.55 142.166.166.166
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.154\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\yk8py79e.default\
    FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\update\1.3.23.9\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-4-4 49944]
    R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-4-4 180760]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-4-4 776976]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-4-4 411552]
    R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2014-3-25 20072]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2014-3-25 607168]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2014-3-25 43728]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-4-4 67824]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-4-4 50344]
    R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2013-12-6 1229528]
    R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-4-4 67264]
    R3 netw5v32;Pilote de carte de liaison WiFi sans fil Intel(R) 5000 Series pour Windows Vista 32 bits;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\comodo\comodo internet security\cmdvirth.exe [2014-3-25 1663192]
    S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-4-3 108032]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf_x86.sys [2013-12-6 16024]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
    S3 StorSvc;Service de stockage;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-4-3 49152]
    S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
    S3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\wat\WatAdminSvc.exe [2014-4-3 1343400]
    .
    =============== Created Last 30 ================
    .
    2014-04-06 13:53:18 24576 ----a-w- c:\windows\system32\TSCI.dll
    2014-04-06 13:53:18 24576 ----a-w- c:\windows\system32\THCI.dll
    2014-04-05 19:49:01 -------- d-----w- c:\users\admin\appdata\roaming\OpenOffice
    2014-04-05 17:03:10 -------- d-----w- c:\program files\EA GAMES
    2014-04-05 17:01:42 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
    2014-04-05 17:01:42 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll
    2014-04-05 17:01:42 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
    2014-04-05 17:01:41 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
    2014-04-05 14:19:56 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-04-05 14:19:30 73432 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-04-05 14:19:30 51416 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-04-05 14:19:30 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-04-05 14:19:30 -------- d-----w- c:\programdata\Malwarebytes
    2014-04-05 14:19:30 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2014-04-05 13:47:23 -------- d-----w- c:\programdata\Auslogics
    2014-04-05 13:46:50 -------- d-----w- c:\program files\Auslogics
    2014-04-05 13:36:06 -------- d-----w- c:\program files\Audacity
    2014-04-05 13:31:10 -------- d-----w- c:\programdata\Oracle
    2014-04-05 13:25:15 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2014-04-05 03:27:25 -------- d-----w- c:\users\admin\appdata\roaming\DonationCoder
    2014-04-05 02:47:04 -------- d-----w- c:\programdata\DonationCoder
    2014-04-05 02:47:03 -------- d-----w- c:\program files\ScreenshotCaptor
    2014-04-05 02:46:50 -------- d-----w- c:\users\admin\appdata\local\Programs
    2014-04-04 23:17:06 -------- d-----w- c:\program files\Synaptics
    2014-04-04 23:14:16 430080 ----a-w- c:\windows\system32\TOSCDSPD.cpl
    2014-04-04 23:12:49 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
    2014-04-04 23:12:48 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
    2014-04-04 23:12:48 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
    2014-04-04 23:12:48 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
    2014-04-04 23:12:48 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
    2014-04-04 23:12:48 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
    2014-04-04 23:12:47 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
    2014-04-04 23:12:47 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
    2014-04-04 23:00:49 128344 ----a-w- c:\windows\system32\TODDSrv.exe
    2014-04-04 23:00:39 -------- d-----w- c:\program files\TOSHIBA
    2014-04-04 22:59:39 -------- d-----w- c:\users\admin\appdata\roaming\WinBatch
    2014-04-04 22:17:22 -------- d-s---w- c:\programdata\Shared Space
    2014-04-04 22:17:01 -------- d-----w- c:\program files\COMODO
    2014-04-04 22:16:49 -------- d-----w- c:\programdata\Comodo Downloader
    2014-04-04 22:13:29 -------- d-----w- c:\programdata\Comodo
    2014-04-04 22:02:49 -------- d-----w- c:\users\admin\appdata\roaming\AVAST Software
    2014-04-04 22:01:49 67264 ----a-w- c:\windows\system32\drivers\aswStm.sys
    2014-04-04 22:01:44 180760 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2014-04-04 22:01:40 776976 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2014-04-04 22:01:37 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2014-04-04 22:01:34 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2014-04-04 22:01:32 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2014-04-04 22:01:19 43152 ----a-w- c:\windows\avastSS.scr
    2014-04-04 21:58:34 -------- d-----w- c:\program files\AVAST Software
    2014-04-04 21:57:11 -------- d-----w- c:\programdata\AVAST Software
    2014-04-04 21:51:12 -------- d-----w- c:\users\admin\appdata\local\Secunia PSI
    2014-04-04 21:50:58 -------- d-----w- c:\program files\Secunia
    2014-04-04 21:49:30 7969936 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
    2014-04-04 21:49:23 7969936 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{86f4a052-cdea-46b7-88e4-279ec55a6db8}\mpengine.dll
    2014-04-04 03:44:57 -------- d-----w- c:\users\admin\appdata\roaming\IrfanView
    2014-04-04 03:44:56 -------- d-----w- c:\program files\IrfanView
    2014-04-04 03:42:12 -------- d-----w- c:\users\admin\appdata\local\Adobe
    2014-04-04 03:41:29 -------- d-----w- c:\program files\VideoLAN
    2014-04-04 03:28:57 454656 ----a-w- c:\windows\system32\vbscript.dll
    2014-04-04 03:23:46 417792 ----a-w- c:\windows\system32\WMPhoto.dll
    2014-04-04 03:23:17 3419136 ----a-w- c:\windows\system32\d2d1.dll
    2014-04-04 03:23:17 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
    2014-04-04 03:15:52 -------- d-----w- c:\windows\system32\MRT
    2014-04-04 03:07:38 32256 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
    2014-04-04 03:07:28 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
    2014-04-04 03:07:25 49152 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
    2014-04-04 03:07:22 855552 ----a-w- c:\windows\system32\rdvidcrl.dll
    2014-04-04 03:07:22 76288 ----a-w- c:\windows\system32\TSWbPrxy.exe
    2014-04-04 03:07:22 53248 ----a-w- c:\windows\system32\tsgqec.dll
    2014-04-04 03:07:22 50176 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
    2014-04-04 03:07:22 350208 ----a-w- c:\windows\system32\wksprt.exe
    2014-04-04 03:07:22 17920 ----a-w- c:\windows\system32\wksprtPS.dll
    2014-04-04 03:07:22 14336 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
    2014-04-04 03:07:18 1068544 ----a-w- c:\windows\system32\mstsc.exe
    2014-04-04 03:06:34 -------- d-----w- c:\program files\CONEXANT
    2014-04-04 03:05:32 514560 ----a-w- c:\windows\system32\qdvd.dll
    2014-04-04 03:05:29 792576 ----a-w- c:\windows\system32\TSWorkspace.dll
    2014-04-04 02:58:09 -------- d-----w- c:\windows\Migration
    2014-04-04 02:48:04 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
    2014-04-04 02:48:04 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
    2014-04-04 02:47:55 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
    2014-04-04 02:47:55 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
    2014-04-04 02:47:53 613888 ----a-w- c:\windows\system32\WUDFx.dll
    2014-04-04 02:47:53 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
    2014-04-04 02:47:53 196608 ----a-w- c:\windows\system32\WUDFHost.exe
    2014-04-04 02:41:02 -------- d-----w- c:\windows\system32\Wat
    2014-04-04 02:29:54 12625408 ----a-w- c:\windows\system32\wmploc.DLL
    2014-04-04 02:29:53 164864 ----a-w- c:\program files\windows media player\wmplayer.exe
    2014-04-04 02:02:03 5120 ----a-w- c:\windows\system32\wmi.dll
    2014-04-04 02:02:03 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2014-04-04 02:00:39 -------- d-----w- c:\users\admin\appdata\local\Skype
    2014-04-04 01:59:52 -------- d-----r- c:\program files\Skype
    2014-04-04 01:55:17 46704 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll
    2014-04-04 01:52:59 75376 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
    2014-04-04 01:52:59 307824 ----a-w- c:\program files\mozilla firefox\freebl3.dll
    2014-04-04 01:52:59 275568 ----a-w- c:\program files\mozilla firefox\firefox.exe
    2014-04-04 01:52:59 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
    2014-04-04 01:52:59 20080 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
    2014-04-04 01:52:59 117360 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
    2014-04-04 01:50:09 988672 ----a-w- c:\program files\windows journal\JNTFiltr.dll
    2014-04-04 01:50:09 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
    2014-04-04 01:50:09 936448 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
    2014-04-04 01:50:09 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
    2014-04-04 01:50:06 94208 ----a-w- c:\program files\common files\system\ole db\msdaosp.dll
    2014-04-04 01:50:06 86016 ----a-w- c:\windows\system32\odbccu32.dll
    2014-04-04 01:50:06 81920 ----a-w- c:\windows\system32\odbccr32.dll
    2014-04-04 01:50:06 319488 ----a-w- c:\windows\system32\odbcjt32.dll
    2014-04-04 01:50:06 122880 ----a-w- c:\windows\system32\odbccp32.dll
    2014-04-04 01:50:05 163840 ----a-w- c:\windows\system32\odbctrac.dll
    2014-04-04 01:41:36 1247744 ----a-w- c:\windows\system32\DWrite.dll
    2014-04-04 01:41:30 2349056 ----a-w- c:\windows\system32\win32k.sys
    2014-04-04 01:41:25 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
    2014-04-04 01:41:21 530432 ----a-w- c:\windows\system32\comctl32.dll
    2014-04-04 01:41:16 626688 ----a-w- c:\windows\system32\usp10.dll
    2014-04-04 01:41:12 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2014-04-04 01:41:09 55808 ----a-w- c:\windows\system32\drivers\hidclass.sys
    2014-04-04 01:41:09 25728 ----a-w- c:\windows\system32\drivers\hidparse.sys
    2014-04-04 01:41:06 652800 ----a-w- c:\windows\system32\rpcrt4.dll
    2014-04-04 01:41:04 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
    2014-04-04 01:41:03 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
    2014-04-04 01:40:59 175104 ----a-w- c:\windows\system32\wintrust.dll
    2014-04-04 01:40:46 1796096 ----a-w- c:\windows\system32\authui.dll
    2014-04-04 01:40:45 152576 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
    2014-04-04 01:40:44 168960 ----a-w- c:\windows\system32\credui.dll
    2014-04-04 01:40:11 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
    2014-04-04 01:39:50 311808 ----a-w- c:\windows\system32\drivers\srv.sys
    2014-04-04 01:39:50 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
    2014-04-04 01:39:50 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2014-04-04 01:39:47 376832 ----a-w- c:\windows\system32\dpnet.dll
    2014-04-04 01:39:14 509440 ----a-w- c:\windows\system32\qedit.dll
    2014-04-04 01:39:09 301568 ----a-w- c:\windows\system32\msieftp.dll
    2014-04-04 01:39:05 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys
    2014-04-04 01:37:59 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
    2014-04-04 01:37:24 75776 ----a-w- c:\windows\system32\psisrndr.ax
    2014-04-04 01:37:24 465408 ----a-w- c:\windows\system32\psisdecd.dll
    2014-04-04 01:37:16 729024 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2014-04-04 01:37:16 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2014-04-04 01:36:52 24576 ----a-w- c:\windows\system32\cryptdlg.dll
    2014-04-04 01:36:13 2048 ----a-w- c:\windows\system32\tzres.dll
    2014-04-04 01:34:33 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
    2014-04-04 01:34:33 185344 ----a-w- c:\windows\system32\wwansvc.dll
    2014-04-04 01:34:23 492544 ----a-w- c:\windows\system32\win32spl.dll
    2014-04-04 01:34:14 1389568 ----a-w- c:\windows\system32\msxml6.dll
    2014-04-04 01:34:03 295424 ----a-w- c:\windows\system32\atmfd.dll
    2014-04-04 01:34:02 70656 ----a-w- c:\windows\system32\fontsub.dll
    2014-04-04 01:34:02 34304 ----a-w- c:\windows\system32\atmlib.dll
    2014-04-04 01:34:02 26112 ----a-w- c:\windows\system32\lpk.dll
    2014-04-04 01:34:02 10240 ----a-w- c:\windows\system32\dciman32.dll
    2014-04-04 01:33:48 434688 ----a-w- c:\windows\system32\scavengeui.dll
    2014-04-04 01:32:54 903168 ----a-w- c:\windows\system32\certutil.exe
    2014-04-04 01:32:52 43008 ----a-w- c:\windows\system32\certenc.dll
    2014-04-04 01:32:01 52224 ----a-w- c:\windows\system32\nlaapi.dll
    2014-04-04 01:32:01 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
    2014-04-04 01:32:01 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
    2014-04-04 01:32:01 242176 ----a-w- c:\windows\system32\nlasvc.dll
    2014-04-04 01:32:01 175104 ----a-w- c:\windows\system32\netcorehc.dll
    2014-04-04 01:32:01 156672 ----a-w- c:\windows\system32\ncsi.dll
    2014-04-04 01:32:00 18944 ----a-w- c:\windows\system32\netevent.dll
    2014-04-04 01:31:33 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2014-04-04 01:29:23 680960 ----a-w- c:\program files\windows defender\MpSvc.dll
    2014-04-04 01:29:23 392704 ----a-w- c:\program files\windows defender\MpClient.dll
    2014-04-04 01:29:23 224768 ----a-w- c:\program files\windows defender\MpCommu.dll
    2014-04-04 01:28:33 41984 ----a-w- c:\windows\system32\browcli.dll
    2014-04-04 01:28:33 102912 ----a-w- c:\windows\system32\browser.dll
    2014-04-04 01:25:21 805376 ----a-w- c:\windows\system32\cdosys.dll
    2014-04-04 01:25:21 352256 ----a-w- c:\program files\common files\system\ado\msadomd.dll
    2014-04-04 01:25:21 1019904 ----a-w- c:\program files\common files\system\ado\msado15.dll
    2014-04-04 01:25:20 57344 ----a-w- c:\program files\common files\system\ado\msador15.dll
    2014-04-04 01:25:20 372736 ----a-w- c:\program files\common files\system\ado\msadox.dll
    2014-04-04 01:25:20 212992 ----a-w- c:\program files\common files\system\msadc\msadco.dll
    2014-04-04 01:25:20 143360 ----a-w- c:\program files\common files\system\ado\msjro.dll
    2014-04-04 01:25:15 400896 ----a-w- c:\windows\system32\srcore.dll
    2014-04-04 01:25:12 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
    2014-04-04 01:25:10 1328128 ----a-w- c:\windows\system32\quartz.dll
    2014-04-04 01:24:56 81408 ----a-w- c:\windows\system32\drivers\drmk.sys
    2014-04-04 01:24:56 177152 ----a-w- c:\windows\system32\drivers\portcls.sys
    2014-04-04 01:24:53 850944 ----a-w- c:\windows\system32\sbe.dll
    2014-04-04 01:24:53 642048 ----a-w- c:\windows\system32\CPFilters.dll
    2014-04-04 01:24:53 199680 ----a-w- c:\windows\system32\mpg2splt.ax
    2014-04-04 01:24:12 542208 ----a-w- c:\windows\system32\kerberos.dll
    2014-04-04 01:15:48 31232 ----a-w- c:\windows\system32\prevhost.exe
    2014-04-04 01:11:10 708608 ----a-w- c:\program files\common files\system\wab32.dll
    2014-04-04 01:09:54 478720 ----a-w- c:\windows\system32\timedate.cpl
    2014-04-04 01:09:46 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2014-04-04 01:09:42 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2014-04-04 01:09:42 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2014-04-04 01:09:42 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2014-04-04 01:09:39 741376 ----a-w- c:\windows\system32\inetcomm.dll
    2014-04-04 01:09:35 67072 ----a-w- c:\windows\system32\packager.dll
    2014-04-04 01:09:31 2342400 ----a-w- c:\windows\system32\msi.dll
    2014-04-04 01:06:37 314880 ----a-w- c:\windows\system32\webio.dll
    2014-04-04 01:05:58 240576 ----a-w- c:\windows\system32\drivers\netio.sys
    2014-04-04 01:05:48 78336 ----a-w- c:\windows\system32\synceng.dll
    2014-04-04 01:05:26 338944 ----a-w- c:\windows\system32\drivers\afd.sys
    2014-04-04 01:05:26 231424 ----a-w- c:\windows\system32\mswsock.dll
    2014-04-04 01:05:26 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2014-04-04 01:05:26 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2014-04-04 01:04:58 133056 ----a-w- c:\windows\system32\drivers\ataport.sys
    2014-04-04 01:04:37 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
    2014-04-04 01:04:36 656896 ----a-w- c:\windows\system32\nshwfp.dll
    2014-04-04 01:04:36 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
    2014-04-04 01:04:23 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
    2014-04-04 01:04:23 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
    2014-04-04 01:03:32 140288 ----a-w- c:\windows\system32\cryptsvc.dll
    2014-04-04 01:03:32 1168384 ----a-w- c:\windows\system32\crypt32.dll
    2014-04-04 01:03:31 103936 ----a-w- c:\windows\system32\cryptnet.dll
    2014-04-04 01:02:08 86016 ----a-w- c:\windows\system32\drivers\usbcir.sys
    2014-04-04 00:59:51 381440 ----a-w- c:\windows\system32\wer.dll
    2014-04-04 00:59:31 1164288 ----a-w- c:\windows\system32\mfc42u.dll
    2014-04-04 00:59:31 1137664 ----a-w- c:\windows\system32\mfc42.dll
    2014-04-04 00:57:21 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
    2014-04-04 00:57:01 571904 ----a-w- c:\windows\system32\oleaut32.dll
    2014-04-04 00:57:01 233472 ----a-w- c:\windows\system32\oleacc.dll
    2014-04-04 00:53:51 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
    2014-04-04 00:53:51 666624 ----a-w- c:\windows\system32\mssvp.dll
    2014-04-04 00:53:51 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
    2014-04-04 00:53:51 337408 ----a-w- c:\windows\system32\mssph.dll
    2014-04-04 00:53:51 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
    2014-04-04 00:53:51 1549312 ----a-w- c:\windows\system32\tquery.dll
    2014-04-04 00:53:51 1401344 ----a-w- c:\windows\system32\mssrch.dll
    2014-04-04 00:53:50 59392 ----a-w- c:\windows\system32\msscntrs.dll
    2014-04-04 00:53:50 197120 ----a-w- c:\windows\system32\mssphtb.dll
    2014-04-04 00:51:13 534528 ----a-w- c:\windows\system32\EncDec.dll
    2014-04-04 00:34:24 -------- d-----w- c:\program files\OpenOffice 4
    2014-04-04 00:33:04 49152 ----a-w- c:\windows\system32\taskhost.exe
    2014-04-04 00:32:57 690688 ----a-w- c:\windows\system32\msvcrt.dll
    2014-04-04 00:32:08 164352 ----a-w- c:\windows\system32\profsvc.dll
    2014-04-04 00:24:45 769024 ----a-w- c:\windows\system32\localspl.dll
    2014-04-04 00:24:35 1505280 ----a-w- c:\windows\system32\d3d11.dll
    2014-04-04 00:24:31 442880 ----a-w- c:\windows\system32\ntshrui.dll
    2014-04-04 00:12:43 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
    2014-04-04 00:12:21 123904 ----a-w- c:\windows\system32\poqexec.exe
    2014-04-04 00:12:18 9728 ----a-w- c:\windows\system32\Wdfres.dll
    2014-04-04 00:12:18 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2014-04-04 00:12:18 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
    2014-04-04 00:12:08 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
    2014-04-04 00:12:03 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2014-04-04 00:12:03 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
    2014-04-04 00:12:03 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2014-04-04 00:12:03 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
    2014-04-04 00:12:03 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2014-04-04 00:12:03 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
    2014-04-04 00:04:00 -------- d-----w- c:\windows\system32\wbem\en-US
    2014-04-04 00:03:15 -------- d-----w- c:\program files\mp3DirectCut
    2014-04-04 00:00:12 -------- d-----w- c:\program files\CCleaner
    2014-04-03 23:45:05 101720 ----a-w- c:\windows\system32\consent.exe
    2014-04-03 23:45:04 47104 ----a-w- c:\windows\system32\appinfo.dll
    2014-04-03 23:40:12 -------- d-sh--w- c:\windows\Installer
    2014-04-03 23:39:16 231584 ------w- c:\windows\system32\MpSigStub.exe
    2014-04-03 23:37:28 826880 ----a-w- c:\windows\system32\rdpcore.dll
    2014-04-03 23:37:28 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2014-04-03 23:34:22 -------- d-----w- c:\users\admin\appdata\local\Google
    2014-04-03 23:33:40 -------- d-----w- c:\users\admin\appdata\local\Apps
    2014-04-03 23:33:38 -------- d-----w- c:\users\admin\appdata\local\Deployment
    2014-04-03 23:22:27 33792 ----a-w- c:\windows\system32\wuapp.exe
    2014-04-03 23:22:27 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2014-04-03 23:22:24 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2014-04-03 23:21:44 88576 ----a-w- c:\windows\system32\wudriver.dll
    2014-04-03 02:35:23 -------- d-sh--w- C:\Boot
    2014-04-02 23:21:03 -------- d-----w- C:\Bureau2014
    2014-04-02 21:54:03 -------- d-----w- c:\windows\Panther
    2014-04-02 21:40:01 -------- d-----w- C:\Windows.old
    2014-03-26 00:22:50 43728 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2014-03-26 00:22:48 607168 ----a-w- c:\windows\system32\drivers\cmdguard.sys
    2014-03-26 00:22:48 20072 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2014-03-26 00:22:38 363504 ----a-w- c:\windows\system32\guard32.dll
    2014-03-26 00:22:38 36000 ----a-w- c:\windows\system32\cmdcsr.dll
    2014-03-26 00:22:26 284888 ----a-w- c:\windows\system32\cmdvrt32.dll
    2014-03-26 00:22:24 40664 ----a-w- c:\windows\system32\cmdkbd32.dll
    2014-03-08 00:51:40 -------- d-----w- C:\Intel
    2013-12-29 22:08:29 -------- d-----w- C:\Python27
    2013-12-29 21:59:44 -------- d-----w- C:\Python33
    2013-12-06 14:47:12 16024 ----a-w- c:\windows\system32\drivers\psi_mf_x86.sys
    2013-09-12 01:21:54 863344 ----a-w- c:\windows\system32\msvcr110_clr0400.dll
    2013-09-12 01:21:54 501872 ----a-w- c:\windows\system32\msvcp110_clr0400.dll
    2013-09-12 01:21:54 28776 ----a-w- c:\windows\system32\aspnet_counters.dll
    2013-09-12 01:21:54 18000 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
    2013-08-22 02:32:42 -------- d-sha-r- C:\cmdcons
    2013-06-09 19:44:59 -------- d-----w- C:\Ancien Disque
    2013-05-18 20:44:20 -------- d--h--w- C:\VTRoot
    2013-05-12 15:13:10 -------- d-----w- C:\97317ce748271ca34c4e3f38a69f021d
    2013-05-12 14:51:02 -------- d-----w- C:\Mes Affaires
    2013-05-11 22:46:35 -------- d-----w- C:\4996927265dc45c02c01
    2013-04-29 03:19:31 -------- d-----w- c:\program files\ImpotRapide 2007
    2013-04-29 03:18:44 -------- d-----w- c:\program files\ImpotRapide 2012
    2013-04-29 03:18:37 -------- d-----w- c:\program files\ImpotRapide 2010
    2013-04-29 03:18:29 -------- d-----w- c:\program files\ImpotRapide 2009
    2013-04-29 03:18:23 -------- d-----w- c:\program files\ImpotRapide 2008
    2011-04-19 08:47:04 670032 ----a-w- c:\program files\common files\microsoft shared\vc\msdia90.dll
    2011-04-12 01:45:14 -------- d-----w- c:\program files\Windows Journal
    2011-04-12 01:45:07 -------- d-----w- c:\windows\ShellNew
    2011-04-12 01:45:07 -------- d-----w- c:\windows\ehome
    2011-04-12 01:35:38 -------- d-----w- c:\windows\system32\XPSViewer
    2011-04-12 01:35:38 -------- d-----w- c:\windows\system32\winrm
    2011-04-12 01:35:38 -------- d-----w- c:\windows\system32\WCN
    2011-04-12 01:35:38 -------- d-----w- c:\windows\system32\slmgr
    2011-04-12 01:35:38 -------- d-----w- c:\windows\system32\Printing_Admin_Scripts
    2011-04-12 01:35:38 -------- d-----w- c:\windows\system32\fr
    2011-04-12 01:35:38 -------- d-----w- c:\windows\system32\drivers\umdf\fr-FR
    2011-04-12 01:35:38 -------- d-----w- c:\windows\system32\drivers\fr-FR
    2011-04-12 01:35:38 -------- d-----w- c:\windows\system32\040C
    2011-04-12 01:35:38 -------- d-----w- c:\windows\fr-FR
    2011-04-12 01:35:38 -------- d-----w- c:\windows\DigitalLocker
    2011-04-12 01:35:37 -------- d-----w- c:\windows\system32\wbem\fr-FR
    2011-04-12 01:35:19 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\fr-fr\LXKPTPRC.DLL.mui
    2011-02-20 03:03:12 421200 ----a-w- c:\windows\system32\msvcp100.dll
    2011-02-19 04:40:50 773968 ----a-w- c:\windows\system32\msvcr100.dll
    2010-11-20 21:00:53 -------- d-----w- c:\windows\system32\wbem\Performance
    2009-07-30 21:45:56 22912 ----a-w- c:\windows\system32\drivers\tdcmdpst.sys
    2009-07-14 19:28:42 23512 ----a-w- c:\windows\system32\drivers\TVALZ_O.SYS
    2009-07-14 04:53:55 -------- d-sh--we C:\Documents and Settings
    2009-07-14 04:53:50 -------- d-----w- c:\windows\system32\wbem\mof\good
    2009-07-14 04:53:50 -------- d-----w- c:\windows\system32\wbem\mof\bad
    2009-07-14 04:41:11 -------- d-----w- c:\windows\system32\wbem\MOF
    2009-07-14 04:34:16 -------- d-----w- c:\windows\Setup
    2009-07-14 04:34:13 -------- d-----w- c:\windows\ServiceProfiles
    2009-07-14 04:34:06 -------- d-s---w- c:\windows\system32\Microsoft
    .
    ==================== Find3M ====================
    .
    2014-04-04 23:15:55 1060424 ----a-w- c:\windows\system32\WdfCoInstaller01000.dll
    2014-04-04 23:15:49 143360 ----a-w- c:\windows\system32\SynTPAPI.dll
    2014-04-04 23:15:49 110592 ----a-w- c:\windows\system32\SynTPCo4.dll
    2014-04-04 23:15:48 179896 ----a-w- c:\windows\system32\drivers\SynTP.sys
    2014-04-04 23:15:47 196608 ----a-w- c:\windows\system32\SynCtrl.dll
    2014-04-04 23:15:46 163840 ----a-w- c:\windows\system32\SynCOM.dll
    2014-04-04 22:54:28 172032 ----a-w- c:\windows\system32\UCI32114.dll
    2014-04-04 22:54:27 61952 ----a-w- c:\windows\system32\CHDAudPropShortcut.exe
    2014-04-04 22:54:26 566272 ----a-w- c:\windows\system32\drivers\CHDAud.sys
    2014-04-04 22:54:26 5120 ----a-w- c:\windows\system32\CHdAudPropres.dll
    2014-04-04 22:54:26 24064 ----a-w- c:\windows\system32\CHdAudprop.dll
    2014-04-04 01:06:14 69632 ----a-w- c:\windows\system32\smss.exe
    2014-04-04 01:06:14 640512 ----a-w- c:\windows\system32\advapi32.dll
    2014-04-04 01:06:14 619520 ----a-w- c:\windows\system32\tdh.dll
    2014-04-04 01:06:14 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2014-04-04 01:06:14 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
    2014-04-04 01:06:14 38912 ----a-w- c:\windows\system32\csrsrv.dll
    2014-04-04 01:06:14 1289096 ----a-w- c:\windows\system32\ntdll.dll
    2014-03-01 04:11:20 2724864 ----a-w- c:\windows\system32\mshtml.tlb
    2014-03-01 04:10:48 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
    2014-03-01 03:52:43 61952 ----a-w- c:\windows\system32\iesetup.dll
    2014-03-01 03:51:53 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
    2014-03-01 03:38:26 112128 ----a-w- c:\windows\system32\ieUnatt.exe
    2014-03-01 03:38:23 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
    2014-03-01 03:37:35 553472 ----a-w- c:\windows\system32\jscript9diag.dll
    2014-03-01 03:31:30 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
    2014-03-01 03:14:15 4244480 ----a-w- c:\windows\system32\jscript9.dll
    2014-03-01 03:00:08 1964032 ----a-w- c:\windows\system32\inetcpl.cpl
    2014-03-01 02:32:16 1820160 ----a-w- c:\windows\system32\wininet.dll
    2014-02-04 02:04:22 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2014-01-09 02:22:42 5694464 ----a-w- c:\windows\system32\mstscax.dll
    2013-12-06 02:02:08 2048 ----a-w- c:\windows\system32\msxml3r.dll
    2013-12-06 02:02:08 1237504 ----a-w- c:\windows\system32\msxml3.dll
    2013-12-04 02:03:20 87040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
    2013-12-04 02:03:20 87040 ----a-w- c:\windows\system32\secproc_ssp.dll
    2013-12-04 02:03:20 423936 ----a-w- c:\windows\system32\secproc_isv.dll
    2013-12-04 02:03:08 428032 ----a-w- c:\windows\system32\secproc.dll
    2013-12-04 02:02:06 390144 ----a-w- c:\windows\system32\msdrm.dll
    2013-12-04 01:54:14 510976 ----a-w- c:\windows\system32\RMActivate_ssp.exe
    2013-12-04 01:54:10 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe
    2013-12-04 01:54:09 572416 ----a-w- c:\windows\system32\RMActivate.exe
    2013-12-04 01:54:06 508928 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
    2013-10-19 01:36:59 159232 ----a-w- c:\windows\system32\imagehlp.dll
    2013-10-12 02:04:36 121856 ----a-w- c:\windows\system32\wshom.ocx
    2013-10-12 02:03:31 163840 ----a-w- c:\windows\system32\scrrun.dll
    2013-10-12 01:15:48 141824 ----a-w- c:\windows\system32\wscript.exe
    2013-10-12 01:15:48 126976 ----a-w- c:\windows\system32\cscript.exe
    2013-10-03 01:58:07 305152 ----a-w- c:\windows\system32\gdi32.dll
    2013-10-02 03:01:40 3584 ----a-w- c:\windows\system32\drivers\fr-fr\tsusbflt.sys.mui
    2013-09-25 02:01:08 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2013-09-25 02:01:06 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2013-09-25 01:57:46 99840 ----a-w- c:\windows\system32\sspicli.dll
    2013-09-25 01:57:26 22016 ----a-w- c:\windows\system32\secur32.dll
    2013-09-25 01:57:24 247808 ----a-w- c:\windows\system32\schannel.dll
    2013-09-25 01:56:42 220160 ----a-w- c:\windows\system32\ncrypt.dll
    2013-09-25 01:56:02 1038848 ----a-w- c:\windows\system32\lsasrv.dll
    2013-09-25 00:49:20 22016 ----a-w- c:\windows\system32\lsass.exe
    2013-09-25 00:49:18 15872 ----a-w- c:\windows\system32\sspisrv.dll
    2013-08-02 01:50:36 169984 ----a-w- c:\windows\system32\winsrv.dll
    2013-08-02 01:49:19 293376 ----a-w- c:\windows\system32\KernelBase.dll
    2013-08-02 00:52:57 271360 ----a-w- c:\windows\system32\conhost.exe
    2013-08-02 00:43:05 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2013-08-02 00:43:05 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2013-08-02 00:43:05 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2013-08-02 00:43:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2013-07-04 12:16:47 369848 ----a-w- c:\windows\system32\drivers\cng.sys
    2013-07-04 11:57:28 205824 ----a-w- c:\windows\system32\WebClnt.dll
    2013-07-04 11:51:04 81920 ----a-w- c:\windows\system32\davclnt.dll
    2013-07-04 09:48:52 115712 ----a-w- c:\windows\system32\drivers\mrxdav.sys
    2013-06-15 03:38:43 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
    2013-04-13 04:45:16 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2013-04-13 04:45:15 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
    2012-12-07 12:26:17 308736 ----a-w- c:\windows\system32\Wpc.dll
    2012-12-07 12:20:43 2576384 ----a-w- c:\windows\system32\gameux.dll
    2012-10-16 07:39:52 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
    2012-07-26 04:44:39 2560 ----a-w- c:\windows\system32\drivers\fr-fr\wdf01000.sys.mui
    2012-04-26 04:45:55 58880 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-04-26 04:45:54 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-04-26 04:41:16 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-03-17 07:27:18 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
    2012-02-11 05:37:49 317440 ----a-w- c:\windows\system32\spoolsv.exe
    2011-03-11 05:39:05 148864 ----a-w- c:\windows\system32\drivers\storport.sys
    2011-03-11 05:39:00 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
    2011-03-11 05:39:00 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
    2011-03-11 05:38:51 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
    2011-03-11 05:38:37 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
    2011-03-11 05:38:37 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
    2011-03-11 05:33:09 1699328 ----a-w- c:\windows\system32\esent.dll
    2011-03-11 05:31:07 74240 ----a-w- c:\windows\system32\fsutil.exe
    2011-03-03 05:38:01 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
    2011-03-03 05:36:16 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
    2011-02-25 05:30:54 2616320 ----a-w- c:\windows\explorer.exe
    2010-11-20 21:31:02 152576 ----a-w- c:\windows\system32\msclmd.dll
    2009-07-14 01:26:21 249408 ----a-w- c:\windows\system32\clfs.sys
    2009-07-14 01:20:45 12368 ----a-w- c:\windows\system32\drivers\pciide.sys
    2009-07-14 01:19:11 57424 ----a-w- c:\windows\system32\drivers\ULIAGPKX.SYS
    2009-07-14 01:17:54 55584 ----a-w- c:\windows\system32\drivers\dumpfve.sys
    2009-07-14 01:17:54 249680 ----a-w- c:\windows\system32\bcryptprimitives.dll
    2009-07-14 01:17:54 242936 ----a-w- c:\windows\system32\rsaenh.dll
    2009-07-14 01:17:54 156728 ----a-w- c:\windows\system32\dssenh.dll
    .
    ============= FINISH: 2:38:30,37 ===============
     
  2. needhelp51

    needhelp51 TS Enthusiast Topic Starter Posts: 218

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Professionnel
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2014-04-02 22:24:38
    System Uptime: 2006-07-01 00:30:46 (2 hours ago)
    .
    Motherboard: TOSHIBA | | Satellite P100
    Processor: Genuine Intel(R) CPU T2400 @ 1.83GHz | U2E1 | 989/166mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 932 GiB total, 708,886 GiB free.
    D: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Contrôleur de stockage de masse
    Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_FF311179&REV_00\4&1423FFA9&0&22F0
    Manufacturer:
    Name: Contrôleur de stockage de masse
    PNP Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_FF311179&REV_00\4&1423FFA9&0&22F0
    Service:
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Adobe Reader XI (11.0.06) - Français
    Audacity 2.0.5
    Auslogics DiskDefrag
    avast! Free Antivirus
    CCleaner
    COMODO Firewall
    Conexant HD Audio
    Google Chrome
    Google Update Helper
    HDAUDIO Soft Data Fax Modem with SmartCP
    IrfanView (remove only)
    Java 7 Update 51
    Java Auto Updater
    Malwarebytes Anti-Malware version 2.0.1.1004
    Medal of Honor Allied Assault
    Microsoft .NET Framework 4.5.1
    Microsoft .NET Framework 4.5.1 (FRA)
    Microsoft .NET Framework 4.5.1 (Français)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 28.0 (x86 fr)
    Mozilla Maintenance Service
    NVIDIA Drivers
    OpenOffice 4.0.1
    Réducteur de bruit lect. CD/DVD
    Screenshot Captor 4.8
    Secunia PSI (3.0.0.9016)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Skype™ 6.14
    Synaptics Pointing Device Driver
    TOSHIBA Disc Creator
    TOSHIBA Value Added Package
    VLC media player 2.1.3
    .
    ==== End Of File ===========================
     
  3. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:
    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  4. needhelp51

    needhelp51 TS Enthusiast Topic Starter Posts: 218

    Just noticed my Windows date/time is 2006/07/01 03:49 AM...

    Here are the requested logs:

    The RK logs are huge (190000 caracters) and there are two of them.

    Here is the SEARCH log:

    RogueKiller V8.8.15 [Mar 27 2014] par Adlice Software
    mail : http://www.adlice.com/contact/
    Remontees : http://forum.adlice.com
    Site Web : http://www.surlatoile.org/RogueKiller/
    Blog : http://www.adlice.com
    Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
    Demarrage : Mode normal
    Utilisateur : Admin [Droits d'admin]
    Mode : Recherche -- Date : 07/01/2006 03:17:23
    | ARK || FAK || MBR |
    ¤¤¤ Processus malicieux : 0 ¤¤¤
    ¤¤¤ Entrees de registre : 3 ¤¤¤
    [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> TROUVÉ
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
    ¤¤¤ Tâches planifiées : 0 ¤¤¤
    ¤¤¤ Entrées Startup : 0 ¤¤¤
    ¤¤¤ Navigateurs web : 0 ¤¤¤
    ¤¤¤ Addons navigateur : 0 ¤¤¤
    ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
    ¤¤¤ Driver : [CHARGE] ¤¤¤
    [Address] EAT @explorer.exe (DllGetClassObject) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ACF9D)
    [Address] EAT @explorer.exe (IEnumString_Next_WIC_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AE000)
    [Address] EAT @explorer.exe (IEnumString_Reset_WIC_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AE029)
    [Address] EAT @explorer.exe (IPropertyBag2_Write_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AE049)
    [Address] EAT @explorer.exe (IWICBitmapClipper_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADD2A)
    [Address] EAT @explorer.exe (IWICBitmapCodecInfo_DoesSupportAnimation_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AEA9A)
    [Address] EAT @explorer.exe (IWICBitmapCodecInfo_DoesSupportLossless_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AEABD)
    [Address] EAT @explorer.exe (IWICBitmapCodecInfo_DoesSupportMultiframe_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AEAE0)
    [Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetContainerFormat_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AE9D3)
    [Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetDeviceManufacturer_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AE9F6)
    [Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetDeviceModels_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AEA1F)
    [Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetFileExtensions_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AEA71)
    [Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetMimeTypes_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AEA48)
    [Address] EAT @explorer.exe (IWICBitmapDecoder_CopyPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD845)
    [Address] EAT @explorer.exe (IWICBitmapDecoder_GetColorContexts_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AE9AA)
    [Address] EAT @explorer.exe (IWICBitmapDecoder_GetDecoderInfo_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD822)
    [Address] EAT @explorer.exe (IWICBitmapDecoder_GetFrameCount_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD9A2)
    [Address] EAT @explorer.exe (IWICBitmapDecoder_GetFrame_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD868)
    [Address] EAT @explorer.exe (IWICBitmapDecoder_GetMetadataQueryReader_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD8DA)
    [Address] EAT @explorer.exe (IWICBitmapDecoder_GetPreview_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADC74)
    [Address] EAT @explorer.exe (IWICBitmapDecoder_GetThumbnail_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AE9D3)
    [Address] EAT @explorer.exe (IWICBitmapEncoder_Commit_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADC05)
    [Address] EAT @explorer.exe (IWICBitmapEncoder_CreateNewFrame_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADB87)
    [Address] EAT @explorer.exe (IWICBitmapEncoder_GetEncoderInfo_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADB5E)
    [Address] EAT @explorer.exe (IWICBitmapEncoder_GetMetadataQueryWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD9A2)
    [Address] EAT @explorer.exe (IWICBitmapEncoder_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADB32)
    [Address] EAT @explorer.exe (IWICBitmapEncoder_SetPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADBDC)
    [Address] EAT @explorer.exe (IWICBitmapEncoder_SetThumbnail_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADBB3)
    [Address] EAT @explorer.exe (IWICBitmapFlipRotator_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADD2A)
    [Address] EAT @explorer.exe (IWICBitmapFrameDecode_GetColorContexts_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD88E)
    [Address] EAT @explorer.exe (IWICBitmapFrameDecode_GetMetadataQueryReader_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD8DA)
    [Address] EAT @explorer.exe (IWICBitmapFrameDecode_GetThumbnail_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD8B7)
    [Address] EAT @explorer.exe (IWICBitmapFrameEncode_Commit_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD9C5)
    [Address] EAT @explorer.exe (IWICBitmapFrameEncode_GetMetadataQueryWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AEB03)
    [Address] EAT @explorer.exe (IWICBitmapFrameEncode_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADFB7)
    [Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetColorContexts_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADB06)
    [Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetResolution_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADA17)
    [Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetSize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD9E5)
    [Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetThumbnail_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADADD)
    [Address] EAT @explorer.exe (IWICBitmapFrameEncode_WriteSource_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADA71)
    [Address] EAT @explorer.exe (IWICBitmapLock_GetDataPointer_STA_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD7FC)
    [Address] EAT @explorer.exe (IWICBitmapLock_GetStride_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADC25)
    [Address] EAT @explorer.exe (IWICBitmapScaler_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADCFE)
    [Address] EAT @explorer.exe (IWICBitmapSource_CopyPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD822)
    [Address] EAT @explorer.exe (IWICBitmapSource_CopyPixels_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADC48)
    [Address] EAT @explorer.exe (IWICBitmapSource_GetPixelFormat_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADC25)
    [Address] EAT @explorer.exe (IWICBitmapSource_GetResolution_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD7FC)
    [Address] EAT @explorer.exe (IWICBitmapSource_GetSize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD91D)
    [Address] EAT @explorer.exe (IWICBitmap_Lock_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AE981)
    [Address] EAT @explorer.exe (IWICBitmap_SetPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADC74)
    [Address] EAT @explorer.exe (IWICBitmap_SetResolution_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADC97)
    [Address] EAT @explorer.exe (IWICColorContext_InitializeFromMemory_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AEB75)
    [Address] EAT @explorer.exe (IWICComponentFactory_CreateMetadataWriterFromReader_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD7AA)
    [Address] EAT @explorer.exe (IWICComponentFactory_CreateQueryWriterFromBlockWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD7D3)
    [Address] EAT @explorer.exe (IWICComponentInfo_GetAuthor_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AE958)
    [Address] EAT @explorer.exe (IWICComponentInfo_GetCLSID_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADC25)
    [Address] EAT @explorer.exe (IWICComponentInfo_GetFriendlyName_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AE9AA)
    [Address] EAT @explorer.exe (IWICComponentInfo_GetSpecVersion_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD88E)
    [Address] EAT @explorer.exe (IWICComponentInfo_GetVersion_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AE981)
    [Address] EAT @explorer.exe (IWICFastMetadataEncoder_Commit_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD8FD)
    [Address] EAT @explorer.exe (IWICFastMetadataEncoder_GetMetadataQueryWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADC25)
    [Address] EAT @explorer.exe (IWICFormatConverter_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADCC7)
    [Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapClipper_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD557)
    [Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFlipRotator_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD580)
    [Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromHBITMAP_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD6BA)
    [Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromHICON_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD6E6)
    [Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromMemory_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD656)
    [Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromSource_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD62D)
    [Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapScaler_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD52E)
    [Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmap_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD68B)
    [Address] EAT @explorer.exe (IWICImagingFactory_CreateComponentInfo_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD4D9)
    [Address] EAT @explorer.exe (IWICImagingFactory_CreateDecoderFromFileHandle_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD4A1)
    [Address] EAT @explorer.exe (IWICImagingFactory_CreateDecoderFromFilename_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD466)
    [Address] EAT @explorer.exe (IWICImagingFactory_CreateDecoderFromStream_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD42E)
    [Address] EAT @explorer.exe (IWICImagingFactory_CreateEncoder_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD5D2)
    [Address] EAT @explorer.exe (IWICImagingFactory_CreateFastMetadataEncoderFromDecoder_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD70C)
    [Address] EAT @explorer.exe (IWICImagingFactory_CreateFastMetadataEncoderFromFrameDecode_Prox-Lï�?–B#ø"##ÿÿÿÿŒ–B#tD##LïG) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD732)
    [Address] EAT @explorer.exe (IWICImagingFactory_CreateFormatConverter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD505)
    [Address] EAT @explorer.exe (IWICImagingFactory_CreatePalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADADD)
    [Address] EAT @explorer.exe (IWICImagingFactory_CreateQueryWriterFromReader_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD781)
    [Address] EAT @explorer.exe (IWICImagingFactory_CreateQueryWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD758)
    [Address] EAT @explorer.exe (IWICImagingFactory_CreateStream_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD5A9)
    [Address] EAT @explorer.exe (IWICMetadataBlockReader_GetCount_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADC25)
    [Address] EAT @explorer.exe (IWICMetadataBlockReader_GetReaderByIndex_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD7FC)
    [Address] EAT @explorer.exe (IWICMetadataQueryReader_GetContainerFormat_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADFB7)
    [Address] EAT @explorer.exe (IWICMetadataQueryReader_GetEnumerator_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD822)
    [Address] EAT @explorer.exe (IWICMetadataQueryReader_GetLocation_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AE049)
    [Address] EAT @explorer.exe (IWICMetadataQueryReader_GetMetadataByName_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD7FC)
    [Address] EAT @explorer.exe (IWICMetadataQueryWriter_RemoveMetadataByName_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD8DA)
    [Address] EAT @explorer.exe (IWICMetadataQueryWriter_SetMetadataByName_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADFDA)
    [Address] EAT @explorer.exe (IWICPalette_GetColorCount_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD96C)
    [Address] EAT @explorer.exe (IWICPalette_GetColors_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD88E)
    [Address] EAT @explorer.exe (IWICPalette_GetType_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD845)
    [Address] EAT @explorer.exe (IWICPalette_HasAlpha_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD9A2)
    [Address] EAT @explorer.exe (IWICPalette_InitializeCustom_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AEB75)
    [Address] EAT @explorer.exe (IWICPalette_InitializeFromBitmap_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD943)
    [Address] EAT @explorer.exe (IWICPalette_InitializeFromPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD822)
    [Address] EAT @explorer.exe (IWICPalette_InitializePredefined_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD91D)
    [Address] EAT @explorer.exe (IWICPixelFormatInfo_GetBitsPerPixel_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AEB03)
    [Address] EAT @explorer.exe (IWICPixelFormatInfo_GetChannelCount_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADD50)
    [Address] EAT @explorer.exe (IWICPixelFormatInfo_GetChannelMask_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AEB26)
    [Address] EAT @explorer.exe (IWICStream_InitializeFromIStream_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADD50)
    [Address] EAT @explorer.exe (IWICStream_InitializeFromMemory_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADD73)
    [Address] EAT @explorer.exe (WICConvertBitmapSource) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADDB8)
    [Address] EAT @explorer.exe (WICCreateBitmapFromSection) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADF8D)
    [Address] EAT @explorer.exe (WICCreateBitmapFromSectionEx) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADE8C)
    [Address] EAT @explorer.exe (WICCreateColorContext_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AEB52)
    [Address] EAT @explorer.exe (WICCreateImagingFactory_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD02B)
    [Address] EAT @explorer.exe (WICGetMetadataContentSize) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AE61D)
    [Address] EAT @explorer.exe (WICMapGuidToShortName) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD0EC)
    [Address] EAT @explorer.exe (WICMapSchemaToName) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD2E0)
    [Address] EAT @explorer.exe (WICMapShortNameToGuid) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD217)
    [Address] EAT @explorer.exe (WICMatchMetadataContent) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AE072)
    [Address] EAT @explorer.exe (WICSerializeMetadataContent) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AE1B4)
    [Address] EAT @explorer.exe (WICSetEncoderFormat_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADD99)
    [Address] EAT @explorer.exe (DllCanUnloadNow) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74142B3B)
    [Address] EAT @explorer.exe (DllGetClassObject) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7415188E)
    [Address] EAT @explorer.exe (DllGetVersion) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74142982)
    [Address] EAT @explorer.exe (DllRegisterServer) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741D7DC5)
    [Address] EAT @explorer.exe (DllUnregisterServer) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741D818F)
    [Address] EAT @explorer.exe (Migrate10CachedPackagesA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DC744)
    [Address] EAT @explorer.exe (Migrate10CachedPackagesW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DE1AC)
    [Address] EAT @explorer.exe (MsiAdvertiseProductA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E257F)
    [Address] EAT @explorer.exe (MsiAdvertiseProductExA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E27D7)
    [Address] EAT @explorer.exe (MsiAdvertiseProductExW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DD6C1)
    [Address] EAT @explorer.exe (MsiAdvertiseProductW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DD46F)
    [Address] EAT @explorer.exe (MsiAdvertiseScriptA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E8A3F)
    [Address] EAT @explorer.exe (MsiAdvertiseScriptW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EB641)
    [Address] EAT @explorer.exe (MsiApplyMultiplePatchesA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F5903)
    [Address] EAT @explorer.exe (MsiApplyMultiplePatchesW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F1057)
    [Address] EAT @explorer.exe (MsiApplyPatchA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E2D5D)
    [Address] EAT @explorer.exe (MsiApplyPatchW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DD943)
    [Address] EAT @explorer.exe (MsiBeginTransactionA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F9441)
    [Address] EAT @explorer.exe (MsiBeginTransactionW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F39D4)
    [Address] EAT @explorer.exe (MsiCloseAllHandles) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742000C3)
    [Address] EAT @explorer.exe (MsiCloseHandle) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74200015)
    [Address] EAT @explorer.exe (MsiCollectUserInfoA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E1C3A)
    [Address] EAT @explorer.exe (MsiCollectUserInfoW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DD16F)
    [Address] EAT @explorer.exe (MsiConfigureFeatureA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E1D5A)
    [Address] EAT @explorer.exe (MsiConfigureFeatureFromDescriptorA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741ED70A)
    [Address] EAT @explorer.exe (MsiConfigureFeatureFromDescriptorW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EE41B)
    [Address] EAT @explorer.exe (MsiConfigureFeatureW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DD2B7)
    [Address] EAT @explorer.exe (MsiConfigureProductA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EF256)
    [Address] EAT @explorer.exe (MsiConfigureProductExA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EDACA)
    [Address] EAT @explorer.exe (MsiConfigureProductExW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EE891)
    [Address] EAT @explorer.exe (MsiConfigureProductW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EF581)
    [Address] EAT @explorer.exe (MsiCreateAndVerifyInstallerDirectory) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7415B2E1)
    [Address] EAT @explorer.exe (MsiCreateRecord) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74201514)
    [Address] EAT @explorer.exe (MsiCreateTransformSummaryInfoA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742055D1)
    [Address] EAT @explorer.exe (MsiCreateTransformSummaryInfoW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742048EF)
    [Address] EAT @explorer.exe (MsiDatabaseApplyTransformA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742048A9)
    [Address] EAT @explorer.exe (MsiDatabaseApplyTransformW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74201397)
    [Address] EAT @explorer.exe (MsiDatabaseCommit) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74200DEB)
    [Address] EAT @explorer.exe (MsiDatabaseExportA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74204792)
    [Address] EAT @explorer.exe (MsiDatabaseExportW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74201008)
    [Address] EAT @explorer.exe (MsiDatabaseGenerateTransformA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7420485D)
    [Address] EAT @explorer.exe (MsiDatabaseGenerateTransformW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74201270)
    [Address] EAT @explorer.exe (MsiDatabaseGetPrimaryKeysA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742045FD)
    [Address] EAT @explorer.exe (MsiDatabaseGetPrimaryKeysW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74203C54)
    [Address] EAT @explorer.exe (MsiDatabaseImportA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7420472E)
    [Address] EAT @explorer.exe (MsiDatabaseImportW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74200F1E)
    [Address] EAT @explorer.exe (MsiDatabaseIsTablePersistentA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74204643)
    [Address] EAT @explorer.exe (MsiDatabaseIsTablePersistentW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74200C8F)
    [Address] EAT @explorer.exe (MsiDatabaseMergeA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74204817)
    [Address] EAT @explorer.exe (MsiDatabaseMergeW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74201111)
    [Address] EAT @explorer.exe (MsiDatabaseOpenViewA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742045B7)
    [Address] EAT @explorer.exe (MsiDatabaseOpenViewW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742002B7)
    [Address] EAT @explorer.exe (MsiDecomposeDescriptorA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EDA7B)
    [Address] EAT @explorer.exe (MsiDecomposeDescriptorW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74136286)
    [Address] EAT @explorer.exe (MsiDeleteUserDataA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EA367)
    [Address] EAT @explorer.exe (MsiDeleteUserDataW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E69EB)
    [Address] EAT @explorer.exe (MsiDetermineApplicablePatchesA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741FD4C5)
    [Address] EAT @explorer.exe (MsiDetermineApplicablePatchesW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741FC559)
    [Address] EAT @explorer.exe (MsiDeterminePatchSequenceA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741FD9D9)
    [Address] EAT @explorer.exe (MsiDeterminePatchSequenceW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741FC9E1)
    [Address] EAT @explorer.exe (MsiDoActionA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7420613D)
    [Address] EAT @explorer.exe (MsiDoActionW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74202D61)
    [Address] EAT @explorer.exe (MsiEnableLogA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E189B)
    [Address] EAT @explorer.exe (MsiEnableLogW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DFBE9)
    [Address] EAT @explorer.exe (MsiEnableUIPreview) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742039CD)
    [Address] EAT @explorer.exe (MsiEndTransaction) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F3E11)
    [Address] EAT @explorer.exe (MsiEnumClientsA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7415EC96)
    [Address] EAT @explorer.exe (MsiEnumClientsExA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F5D6E)
    [Address] EAT @explorer.exe (MsiEnumClientsExW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F13A7)
    [Address] EAT @explorer.exe (MsiEnumClientsW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74143647)
    [Address] EAT @explorer.exe (MsiEnumComponentCostsA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74207847)
    [Address] EAT @explorer.exe (MsiEnumComponentCostsW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74207A95)
    [Address] EAT @explorer.exe (MsiEnumComponentQualifiersA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741ECD6D)
    [Address] EAT @explorer.exe (MsiEnumComponentQualifiersW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7414384D)
    [Address] EAT @explorer.exe (MsiEnumComponentsA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E91B9)
    [Address] EAT @explorer.exe (MsiEnumComponentsExA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F5B08)
    [Address] EAT @explorer.exe (MsiEnumComponentsExW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F121D)
    [Address] EAT @explorer.exe (MsiEnumComponentsW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EBA57)
    [Address] EAT @explorer.exe (MsiEnumFeaturesA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E9C04)
    [Address] EAT @explorer.exe (MsiEnumFeaturesW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EC259)
    [Address] EAT @explorer.exe (MsiEnumPatchesA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F97EB)
    [Address] EAT @explorer.exe (MsiEnumPatchesExA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F4897)
    [Address] EAT @explorer.exe (MsiEnumPatchesExW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F0E79)
    [Address] EAT @explorer.exe (MsiEnumPatchesW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F468E)
    [Address] EAT @explorer.exe (MsiEnumProductsA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E9175)
    [Address] EAT @explorer.exe (MsiEnumProductsExA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F6313)
    [Address] EAT @explorer.exe (MsiEnumProductsExW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F1729)
    [Address] EAT @explorer.exe (MsiEnumProductsW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7414559D)
    [Address] EAT @explorer.exe (MsiEnumRelatedProductsA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E9109)
    [Address] EAT @explorer.exe (MsiEnumRelatedProductsW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EB9EB)
    [Address] EAT @explorer.exe (MsiEvaluateConditionA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742061C6)
    [Address] EAT @explorer.exe (MsiEvaluateConditionW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742030C1)
    [Address] EAT @explorer.exe (MsiExtractPatchXMLDataA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F4FAE)
    [Address] EAT @explorer.exe (MsiExtractPatchXMLDataW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F4C22)
    [Address] EAT @explorer.exe (MsiFormatRecordA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74202A73)
    [Address] EAT @explorer.exe (MsiFormatRecordW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74202BF9)
    [Address] EAT @explorer.exe (MsiGetActiveDatabase) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74202639)
    [Address] EAT @explorer.exe (MsiGetComponentPathA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EEEBD)
    [Address] EAT @explorer.exe (MsiGetComponentPathExA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F6053)
    [Address] EAT @explorer.exe (MsiGetComponentPathExW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F1559)
    [Address] EAT @explorer.exe (MsiGetComponentPathW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741362DD)
    [Address] EAT @explorer.exe (MsiGetComponentStateA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742071E3)
    [Address] EAT @explorer.exe (MsiGetComponentStateW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742072DC)
    [Address] EAT @explorer.exe (MsiGetDatabaseState) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74200ED9)
    [Address] EAT @explorer.exe (MsiGetFeatureCostA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742075FD)
    [Address] EAT @explorer.exe (MsiGetFeatureCostW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74207702)
    [Address] EAT @explorer.exe (MsiGetFeatureInfoA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E0D1A)
    [Address] EAT @explorer.exe (MsiGetFeatureInfoW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DF5EE)
    [Address] EAT @explorer.exe (MsiGetFeatureStateA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74206CD5)
    [Address] EAT @explorer.exe (MsiGetFeatureStateW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74206DC3)
    [Address] EAT @explorer.exe (MsiGetFeatureUsageA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EA111)
    [Address] EAT @explorer.exe (MsiGetFeatureUsageW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EC9BD)
    [Address] EAT @explorer.exe (MsiGetFeatureValidStatesA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74207CC5)
    [Address] EAT @explorer.exe (MsiGetFeatureValidStatesW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742036EC)
    [Address] EAT @explorer.exe (MsiGetFileHashA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E1214)
    [Address] EAT @explorer.exe (MsiGetFileHashW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DCA49)
    [Address] EAT @explorer.exe (MsiGetFileSignatureInformationA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E128C)
    [Address] EAT @explorer.exe (MsiGetFileSignatureInformationW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DCA9F)
    [Address] EAT @explorer.exe (MsiGetFileVersionA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E0EF8)
    [Address] EAT @explorer.exe (MsiGetFileVersionW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E3D2F)
    [Address] EAT @explorer.exe (MsiGetLanguage) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74202727)
    [Address] EAT @explorer.exe (MsiGetLastErrorRecord) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74201D69)
    [Address] EAT @explorer.exe (MsiGetMode) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7420279F)
    [Address] EAT @explorer.exe (MsiGetPatchFileListA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741FD25D)
    [Address] EAT @explorer.exe (MsiGetPatchFileListW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F8B6E)
    [Address] EAT @explorer.exe (MsiGetPatchInfoA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EA24F)
    [Address] EAT @explorer.exe (MsiGetPatchInfoExA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F55E9)
    [Address] EAT @explorer.exe (MsiGetPatchInfoExW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F5177)
    [Address] EAT @explorer.exe (MsiGetPatchInfoW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741ECAFB)
    [Address] EAT @explorer.exe (MsiGetProductCodeA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7415EADC)
    [Address] EAT @explorer.exe (MsiGetProductCodeFromPackageCodeA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EED5F)
    [Address] EAT @explorer.exe (MsiGetProductCodeFromPackageCodeW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EF353)
    [Address] EAT @explorer.exe (MsiGetProductCodeW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7415EE6C)
    [Address] EAT @explorer.exe (MsiGetProductInfoA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741ED362)
    [Address] EAT @explorer.exe (MsiGetProductInfoExA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F65DE)
    [Address] EAT @explorer.exe (MsiGetProductInfoExW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F18FF)
    [Address] EAT @explorer.exe (MsiGetProductInfoFromScriptA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E0880)
    [Address] EAT @explorer.exe (MsiGetProductInfoFromScriptW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DF132)
    [Address] EAT @explorer.exe (MsiGetProductInfoW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74144273)
    [Address] EAT @explorer.exe (MsiGetProductPropertyA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E0B90)
    [Address] EAT @explorer.exe (MsiGetProductPropertyW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DF48B)
    [Address] EAT @explorer.exe (MsiGetPropertyA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7420596D)
    [Address] EAT @explorer.exe (MsiGetPropertyW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74205BA3)
    [Address] EAT @explorer.exe (MsiGetShortcutTargetA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E2A58)
    [Address] EAT @explorer.exe (MsiGetShortcutTargetW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E4689)
    [Address] EAT @explorer.exe (MsiGetSourcePathA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74206209)
    [Address] EAT @explorer.exe (MsiGetSourcePathW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7420640D)
    [Address] EAT @explorer.exe (MsiGetSummaryInformationA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742058BD)
    [Address] EAT @explorer.exe (MsiGetSummaryInformationW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74204293)
    [Address] EAT @explorer.exe (MsiGetTargetPathA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742065F5)
    [Address] EAT @explorer.exe (MsiGetTargetPathW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742067F9)
    [Address] EAT @explorer.exe (MsiGetUserInfoA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E91FE)
    [Address] EAT @explorer.exe (MsiGetUserInfoW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7415E466)
    [Address] EAT @explorer.exe (MsiInstallMissingComponentA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E22C7)
    [Address] EAT @explorer.exe (MsiInstallMissingComponentW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E43D9)
    [Address] EAT @explorer.exe (MsiInstallMissingFileA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E2067)
    [Address] EAT @explorer.exe (MsiInstallMissingFileW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E4179)
    [Address] EAT @explorer.exe (MsiInstallProductA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E197E)
    [Address] EAT @explorer.exe (MsiInstallProductW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DCE4B)
    [Address] EAT @explorer.exe (MsiInvalidateFeatureCache) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7419D1D3)
    [Address] EAT @explorer.exe (MsiIsProductElevatedA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E3306)
    [Address] EAT @explorer.exe (MsiIsProductElevatedW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E4A5D)
    [Address] EAT @explorer.exe (MsiJoinTransaction) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F3FEB)
    [Address] EAT @explorer.exe (MsiLoadStringA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E141F)
    [Address] EAT @explorer.exe (MsiLoadStringW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7414AE09)
    [Address] EAT @explorer.exe (MsiLocateComponentA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EF19F)
    [Address] EAT @explorer.exe (MsiLocateComponentW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EF4CA)
    [Address] EAT @explorer.exe (MsiMessageBoxA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E16DA)
    [Address] EAT @explorer.exe (MsiMessageBoxExA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E1528)
    [Address] EAT @explorer.exe (MsiMessageBoxExW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DCCB1)
    [Address] EAT @explorer.exe (MsiMessageBoxW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DCE24)
    [Address] EAT @explorer.exe (MsiNotifySidChangeA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EA306)
    [Address] EAT @explorer.exe (MsiNotifySidChangeW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E501B)
    [Address] EAT @explorer.exe (MsiOpenDatabaseA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74204691)
    [Address] EAT @explorer.exe (MsiOpenDatabaseW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74203D8D)
    [Address] EAT @explorer.exe (MsiOpenPackageA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DEDC0)
    [Address] EAT @explorer.exe (MsiOpenPackageExA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DC63E)
    [Address] EAT @explorer.exe (MsiOpenPackageExW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DC8E9)
    [Address] EAT @explorer.exe (MsiOpenPackageW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DF7AB)
    [Address] EAT @explorer.exe (MsiOpenProductA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E8BF2)
    [Address] EAT @explorer.exe (MsiOpenProductW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EB857)
    [Address] EAT @explorer.exe (MsiPreviewBillboardA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74207D4E)
    [Address] EAT @explorer.exe (MsiPreviewBillboardW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74203AEA)
    [Address] EAT @explorer.exe (MsiPreviewDialogA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74207D0B)
    [Address] EAT @explorer.exe (MsiPreviewDialogW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74203A96)
    [Address] EAT @explorer.exe (MsiProcessAdvertiseScriptA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741ECBB2)
    [Address] EAT @explorer.exe (MsiProcessAdvertiseScriptW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EDF39)
    [Address] EAT @explorer.exe (MsiProcessMessage) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74202F51)
    [Address] EAT @explorer.exe (MsiProvideAssemblyA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EFD5D)
    [Address] EAT @explorer.exe (MsiProvideAssemblyW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F0765)
    [Address] EAT @explorer.exe (MsiProvideComponentA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EF7B9)
    [Address] EAT @explorer.exe (MsiProvideComponentFromDescriptorA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EFAB3)
    [Address] EAT @explorer.exe (MsiProvideComponentFromDescriptorW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74144F84)
    [Address] EAT @explorer.exe (MsiProvideComponentW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F030C)
    [Address] EAT @explorer.exe (MsiProvideQualifiedComponentA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7415C385)
    [Address] EAT @explorer.exe (MsiProvideQualifiedComponentExA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7415D411)
    [Address] EAT @explorer.exe (MsiProvideQualifiedComponentExW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74138A47)
    [Address] EAT @explorer.exe (MsiProvideQualifiedComponentW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74138C86)
    [Address] EAT @explorer.exe (MsiQueryComponentStateA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F687C)
    [Address] EAT @explorer.exe (MsiQueryComponentStateW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F1AE1)
    [Address] EAT @explorer.exe (MsiQueryFeatureStateA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EF6F1)
    [Address] EAT @explorer.exe (MsiQueryFeatureStateExA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F6A94)
    [Address] EAT @explorer.exe (MsiQueryFeatureStateExW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F1CD9)
    [Address] EAT @explorer.exe (MsiQueryFeatureStateFromDescriptorA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EFC02)
    [Address] EAT @explorer.exe (MsiQueryFeatureStateFromDescriptorW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F057D)
    [Address] EAT @explorer.exe (MsiQueryFeatureStateW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7413617D)
    [Address] EAT @explorer.exe (MsiQueryProductStateA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741ED45D)
    [Address] EAT @explorer.exe (MsiQueryProductStateW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741449FE)
    [Address] EAT @explorer.exe (MsiRecordClearData) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74201D27)
    [Address] EAT @explorer.exe (MsiRecordDataSize) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742016E5)
    [Address] EAT @explorer.exe (MsiRecordGetFieldCount) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74201916)
    [Address] EAT @explorer.exe (MsiRecordGetInteger) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742018B5)
    [Address] EAT @explorer.exe (MsiRecordGetStringA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74203F1D)
    [Address] EAT @explorer.exe (MsiRecordGetStringW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742040CC)
    [Address] EAT @explorer.exe (MsiRecordIsNull) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742015F5)
    [Address] EAT @explorer.exe (MsiRecordReadStream) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74201B6D)
    [Address] EAT @explorer.exe (MsiRecordSetInteger) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742017C2)
    [Address] EAT @explorer.exe (MsiRecordSetStreamA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74205877)
    [Address] EAT @explorer.exe (MsiRecordSetStreamW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74201A03)
    [Address] EAT @explorer.exe (MsiRecordSetStringA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7420561D)
    [Address] EAT @explorer.exe (MsiRecordSetStringW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7420572E)
    [Address] EAT @explorer.exe (MsiReinstallFeatureA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E1EDE)
    [Address] EAT @explorer.exe (MsiReinstallFeatureFromDescriptorA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741ED8C2)
    [Address] EAT @explorer.exe (MsiReinstallFeatureFromDescriptorW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EE657)
    [Address] EAT @explorer.exe (MsiReinstallFeatureW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74148C24)
    [Address] EAT @explorer.exe (MsiReinstallProductA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E1AFE)
    [Address] EAT @explorer.exe (MsiReinstallProductW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DCFF1)
    [Address] EAT @explorer.exe (MsiRemovePatchesA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F9606)
    [Address] EAT @explorer.exe (MsiRemovePatchesW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F3702)
    [Address] EAT @explorer.exe (MsiSequenceA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74206180)
    [Address] EAT @explorer.exe (MsiSequenceW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74202E4B)
    [Address] EAT @explorer.exe (MsiSetComponentStateA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742073EB)
    [Address] EAT @explorer.exe (MsiSetComponentStateW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742074E5)
    [Address] EAT @explorer.exe (MsiSetExternalUIA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DC72F)
    [Address] EAT @explorer.exe (MsiSetExternalUIRecord) : WTSAPI32.dll -> HOOKED
     
  5. needhelp51

    needhelp51 TS Enthusiast Topic Starter Posts: 218

    Here is search log part 2

    (C:\Windows\system32\msi.dll @ 0x741F336B)
    [Address] EAT @explorer.exe (MsiSetExternalUIW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74144E86)
    [Address] EAT @explorer.exe (MsiSetFeatureAttributesA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74207001)
    [Address] EAT @explorer.exe (MsiSetFeatureAttributesW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742070B4)
    [Address] EAT @explorer.exe (MsiSetFeatureStateA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74206E2D)
    [Address] EAT @explorer.exe (MsiSetFeatureStateW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74206EDF)
    [Address] EAT @explorer.exe (MsiSetInstallLevel) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74203424)
    [Address] EAT @explorer.exe (MsiSetInternalUI) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74144FE6)
    [Address] EAT @explorer.exe (MsiSetMode) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742028BB)
    [Address] EAT @explorer.exe (MsiSetOfflineContextW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74208485)
    [Address] EAT @explorer.exe (MsiSetPropertyA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74205DC1)
    [Address] EAT @explorer.exe (MsiSetPropertyW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74205F85)
    [Address] EAT @explorer.exe (MsiSetTargetPathA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742069DD)
    [Address] EAT @explorer.exe (MsiSetTargetPathW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74206B61)
    [Address] EAT @explorer.exe (MsiSourceListAddMediaDiskA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F7136)
    [Address] EAT @explorer.exe (MsiSourceListAddMediaDiskW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F2165)
    [Address] EAT @explorer.exe (MsiSourceListAddSourceA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E3037)
    [Address] EAT @explorer.exe (MsiSourceListAddSourceExA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F6F13)
    [Address] EAT @explorer.exe (MsiSourceListAddSourceExW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F1F43)
    [Address] EAT @explorer.exe (MsiSourceListAddSourceW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DDC51)
    [Address] EAT @explorer.exe (MsiSourceListClearAllA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E2EF0)
    [Address] EAT @explorer.exe (MsiSourceListClearAllExA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F7875)
    [Address] EAT @explorer.exe (MsiSourceListClearAllExW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F281B)
    [Address] EAT @explorer.exe (MsiSourceListClearAllW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DDAEB)
    [Address] EAT @explorer.exe (MsiSourceListClearMediaDiskA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F764A)
    [Address] EAT @explorer.exe (MsiSourceListClearMediaDiskW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F260D)
    [Address] EAT @explorer.exe (MsiSourceListClearSourceA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F7436)
    [Address] EAT @explorer.exe (MsiSourceListClearSourceW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F2405)
    [Address] EAT @explorer.exe (MsiSourceListEnumMediaDisksA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F834E)
    [Address] EAT @explorer.exe (MsiSourceListEnumMediaDisksW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F31B5)
    [Address] EAT @explorer.exe (MsiSourceListEnumSourcesA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F7C4B)
    [Address] EAT @explorer.exe (MsiSourceListEnumSourcesW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F2C07)
    [Address] EAT @explorer.exe (MsiSourceListForceResolutionA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E31B8)
    [Address] EAT @explorer.exe (MsiSourceListForceResolutionExA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F7A6C)
    [Address] EAT @explorer.exe (MsiSourceListForceResolutionExW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F2A09)
    [Address] EAT @explorer.exe (MsiSourceListForceResolutionW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DDDDB)
    [Address] EAT @explorer.exe (MsiSourceListGetInfoA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F7E30)
    [Address] EAT @explorer.exe (MsiSourceListGetInfoW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F2DB5)
    [Address] EAT @explorer.exe (MsiSourceListSetInfoA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F80F8)
    [Address] EAT @explorer.exe (MsiSourceListSetInfoW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F2FAB)
    [Address] EAT @explorer.exe (MsiSummaryInfoGetPropertyA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742021B9)
    [Address] EAT @explorer.exe (MsiSummaryInfoGetPropertyCount) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74201E3D)
    [Address] EAT @explorer.exe (MsiSummaryInfoGetPropertyW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7420238B)
    [Address] EAT @explorer.exe (MsiSummaryInfoPersist) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74202551)
    [Address] EAT @explorer.exe (MsiSummaryInfoSetPropertyA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74205906)
    [Address] EAT @explorer.exe (MsiSummaryInfoSetPropertyW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74201F2B)
    [Address] EAT @explorer.exe (MsiUseFeatureA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F0D83)
    [Address] EAT @explorer.exe (MsiUseFeatureExA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EF9E8)
    [Address] EAT @explorer.exe (MsiUseFeatureExW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74144D3A)
    [Address] EAT @explorer.exe (MsiUseFeatureW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F0DA0)
    [Address] EAT @explorer.exe (MsiVerifyDiskSpace) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74203863)
    [Address] EAT @explorer.exe (MsiVerifyPackageA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E07AA)
    [Address] EAT @explorer.exe (MsiVerifyPackageW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DF097)
    [Address] EAT @explorer.exe (MsiViewClose) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74200BAF)
    [Address] EAT @explorer.exe (MsiViewExecute) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7420070F)
    [Address] EAT @explorer.exe (MsiViewFetch) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74200833)
    [Address] EAT @explorer.exe (MsiViewGetColumnInfo) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74200A91)
    [Address] EAT @explorer.exe (MsiViewGetErrorA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742003F1)
    [Address] EAT @explorer.exe (MsiViewGetErrorW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742005CE)
    [Address] EAT @explorer.exe (MsiViewModify) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7420093F)
    [Address] EAT @explorer.exe (QueryInstanceCount) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74142B2A)
    [Address] EAT @explorer.exe (BeginBufferedAnimation) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E309AE)
    [Address] EAT @explorer.exe (BeginBufferedPaint) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E249A1)
    [Address] EAT @explorer.exe (BeginPanningFeedback) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E50731)
    [Address] EAT @explorer.exe (BufferedPaintClear) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E26395)
    [Address] EAT @explorer.exe (BufferedPaintInit) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E2940E)
    [Address] EAT @explorer.exe (BufferedPaintRenderAnimation) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E308ED)
    [Address] EAT @explorer.exe (BufferedPaintSetAlpha) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E3E6B3)
    [Address] EAT @explorer.exe (BufferedPaintStopAllAnimations) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E3D395)
    [Address] EAT @explorer.exe (BufferedPaintUnInit) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E294AB)
    [Address] EAT @explorer.exe (CloseThemeData) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E26A18)
    [Address] EAT @explorer.exe (DrawThemeBackground) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E23982)
    [Address] EAT @explorer.exe (DrawThemeBackgroundEx) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E3D9DA)
    [Address] EAT @explorer.exe (DrawThemeEdge) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E43B52)
    [Address] EAT @explorer.exe (DrawThemeIcon) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E535E7)
    [Address] EAT @explorer.exe (DrawThemeParentBackground) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E253E5)
    [Address] EAT @explorer.exe (DrawThemeParentBackgroundEx) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E251BF)
    [Address] EAT @explorer.exe (DrawThemeText) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E24EA1)
    [Address] EAT @explorer.exe (DrawThemeTextEx) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E263E6)
    [Address] EAT @explorer.exe (EnableThemeDialogTexture) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E2FCAF)
    [Address] EAT @explorer.exe (EnableTheming) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E52FEB)
    [Address] EAT @explorer.exe (EndBufferedAnimation) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E23F9A)
    [Address] EAT @explorer.exe (EndBufferedPaint) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E23F9A)
    [Address] EAT @explorer.exe (EndPanningFeedback) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E506CC)
    [Address] EAT @explorer.exe (GetBufferedPaintBits) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E24BAF)
    [Address] EAT @explorer.exe (GetBufferedPaintDC) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E304BC)
    [Address] EAT @explorer.exe (GetBufferedPaintTargetDC) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E30473)
    [Address] EAT @explorer.exe (GetBufferedPaintTargetRect) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E52E7F)
    [Address] EAT @explorer.exe (GetCurrentThemeName) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E305DD)
    [Address] EAT @explorer.exe (GetThemeAppProperties) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E30FB1)
    [Address] EAT @explorer.exe (GetThemeBackgroundContentRect) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E2CD2E)
    [Address] EAT @explorer.exe (GetThemeBackgroundExtent) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E2F8BF)
    [Address] EAT @explorer.exe (GetThemeBackgroundRegion) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E3165D)
    [Address] EAT @explorer.exe (GetThemeBitmap) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E2BF93)
    [Address] EAT @explorer.exe (GetThemeBool) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E27C1F)
    [Address] EAT @explorer.exe (GetThemeColor) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E2616C)
    [Address] EAT @explorer.exe (GetThemeDocumentationProperty) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E52932)
    [Address] EAT @explorer.exe (GetThemeEnumValue) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E2616C)
    [Address] EAT @explorer.exe (GetThemeFilename) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E52412)
    [Address] EAT @explorer.exe (GetThemeFont) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E2FF21)
    [Address] EAT @explorer.exe (GetThemeInt) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E2616C)
    [Address] EAT @explorer.exe (GetThemeIntList) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E523B1)
    [Address] EAT @explorer.exe (GetThemeMargins) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E286E9)
    [Address] EAT @explorer.exe (GetThemeMetric) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E306E2)
    [Address] EAT @explorer.exe (GetThemePartSize) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E2CDB1)
    [Address] EAT @explorer.exe (GetThemePosition) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E52350)
    [Address] EAT @explorer.exe (GetThemePropertyOrigin) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E43FBB)
    [Address] EAT @explorer.exe (GetThemeRect) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E33611)
    [Address] EAT @explorer.exe (GetThemeStream) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E339D9)
    [Address] EAT @explorer.exe (GetThemeString) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E522E4)
    [Address] EAT @explorer.exe (GetThemeSysBool) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E53172)
    [Address] EAT @explorer.exe (GetThemeSysColor) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E43274)
    [Address] EAT @explorer.exe (GetThemeSysColorBrush) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E5301E)
    [Address] EAT @explorer.exe (GetThemeSysFont) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E529C4)
    [Address] EAT @explorer.exe (GetThemeSysInt) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E52BD3)
    [Address] EAT @explorer.exe (GetThemeSysSize) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E5320B)
    [Address] EAT @explorer.exe (GetThemeSysString) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E52B3F)
    [Address] EAT @explorer.exe (GetThemeTextExtent) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E22D57)
    [Address] EAT @explorer.exe (GetThemeTextMetrics) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E2F992)
    [Address] EAT @explorer.exe (GetThemeTransitionDuration) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E31081)
    [Address] EAT @explorer.exe (GetWindowTheme) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E2DF46)
    [Address] EAT @explorer.exe (HitTestThemeBackground) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E33CE3)
    [Address] EAT @explorer.exe (IsAppThemed) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E2F869)
    [Address] EAT @explorer.exe (IsCompositionActive) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E22E9A)
    [Address] EAT @explorer.exe (IsThemeActive) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E2F785)
    [Address] EAT @explorer.exe (IsThemeBackgroundPartiallyTransparent) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E260AB)
    [Address] EAT @explorer.exe (IsThemeDialogTextureEnabled) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E5312B)
    [Address] EAT @explorer.exe (IsThemePartDefined) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E285B4)
    [Address] EAT @explorer.exe (OpenThemeData) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E273D2)
    [Address] EAT @explorer.exe (OpenThemeDataEx) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E43D43)
    [Address] EAT @explorer.exe (SetThemeAppProperties) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E53296)
    [Address] EAT @explorer.exe (SetWindowTheme) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E30134)
    [Address] EAT @explorer.exe (SetWindowThemeAttribute) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E3CFE6)
    [Address] EAT @explorer.exe (ThemeInitApiHook) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E2B176)
    [Address] EAT @explorer.exe (UpdatePanningFeedback) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E5068D)
    [Address] EAT @explorer.exe (GdipAddPathArc) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE74C6)
    [Address] EAT @explorer.exe (GdipAddPathArcI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE7599)
    [Address] EAT @explorer.exe (GdipAddPathBezier) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE760F)
    [Address] EAT @explorer.exe (GdipAddPathBezierI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE76F4)
    [Address] EAT @explorer.exe (GdipAddPathBeziers) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE7778)
    [Address] EAT @explorer.exe (GdipAddPathBeziersI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE7838)
    [Address] EAT @explorer.exe (GdipAddPathClosedCurve) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE7F15)
    [Address] EAT @explorer.exe (GdipAddPathClosedCurve2) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE80DE)
    [Address] EAT @explorer.exe (GdipAddPathClosedCurve2I) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE81A5)
    [Address] EAT @explorer.exe (GdipAddPathClosedCurveI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE7FD5)
    [Address] EAT @explorer.exe (GdipAddPathCurve) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE7941)
    [Address] EAT @explorer.exe (GdipAddPathCurve2) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE7B2D)
    [Address] EAT @explorer.exe (GdipAddPathCurve2I) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE7BFB)
    [Address] EAT @explorer.exe (GdipAddPathCurve3) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE7D2E)
    [Address] EAT @explorer.exe (GdipAddPathCurve3I) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE7DFF)
    [Address] EAT @explorer.exe (GdipAddPathCurveI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE7A01)
    [Address] EAT @explorer.exe (GdipAddPathEllipse) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE85A8)
    [Address] EAT @explorer.exe (GdipAddPathEllipseI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE8667)
    [Address] EAT @explorer.exe (GdipAddPathLine) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE71D4)
    [Address] EAT @explorer.exe (GdipAddPathLine2) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE72FD)
    [Address] EAT @explorer.exe (GdipAddPathLine2I) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE73BD)
    [Address] EAT @explorer.exe (GdipAddPathLineI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE7295)
    [Address] EAT @explorer.exe (GdipAddPathPath) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE89E1)
    [Address] EAT @explorer.exe (GdipAddPathPie) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE86CF)
    [Address] EAT @explorer.exe (GdipAddPathPieI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE87A2)
    [Address] EAT @explorer.exe (GdipAddPathPolygon) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE8818)
    [Address] EAT @explorer.exe (GdipAddPathPolygonI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE88D8)
    [Address] EAT @explorer.exe (GdipAddPathRectangle) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE82B5)
    [Address] EAT @explorer.exe (GdipAddPathRectangleI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE8376)
    [Address] EAT @explorer.exe (GdipAddPathRectangles) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE83DE)
    [Address] EAT @explorer.exe (GdipAddPathRectanglesI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE849E)
    [Address] EAT @explorer.exe (GdipAddPathString) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE8A8A)
    [Address] EAT @explorer.exe (GdipAddPathStringI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE8C03)
    [Address] EAT @explorer.exe (GdipAlloc) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F024CB)
    [Address] EAT @explorer.exe (GdipBeginContainer) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F00E5E)
    [Address] EAT @explorer.exe (GdipBeginContainer2) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F00F5F)
    [Address] EAT @explorer.exe (GdipBeginContainerI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F01023)
    [Address] EAT @explorer.exe (GdipBitmapApplyEffect) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF7307)
    [Address] EAT @explorer.exe (GdipBitmapConvertFormat) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF709C)
    [Address] EAT @explorer.exe (GdipBitmapCreateApplyEffect) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF726A)
    [Address] EAT @explorer.exe (GdipBitmapGetHistogram) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF73BB)
    [Address] EAT @explorer.exe (GdipBitmapGetHistogramSize) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF7490)
    [Address] EAT @explorer.exe (GdipBitmapGetPixel) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF6CFA)
    [Address] EAT @explorer.exe (GdipBitmapLockBits) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF6B83)
    [Address] EAT @explorer.exe (GdipBitmapSetPixel) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF6DC0)
    [Address] EAT @explorer.exe (GdipBitmapSetResolution) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF762F)
    [Address] EAT @explorer.exe (GdipBitmapUnlockBits) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF6C43)
    [Address] EAT @explorer.exe (GdipClearPathMarkers) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE6FD4)
    [Address] EAT @explorer.exe (GdipCloneBitmapArea) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F06C2A)
    [Address] EAT @explorer.exe (GdipCloneBitmapAreaI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF6A8F)
    [Address] EAT @explorer.exe (GdipCloneBrush) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EED87E)
    [Address] EAT @explorer.exe (GdipCloneCustomLineCap) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF2EB5)
    [Address] EAT @explorer.exe (GdipCloneFont) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F02FAC)
    [Address] EAT @explorer.exe (GdipCloneFontFamily) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F02A1B)
    [Address] EAT @explorer.exe (GdipCloneImage) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF4C90)
    [Address] EAT @explorer.exe (GdipCloneImageAttributes) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF77B1)
    [Address] EAT @explorer.exe (GdipCloneMatrix) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEAA39)
    [Address] EAT @explorer.exe (GdipClonePath) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE651A)
    [Address] EAT @explorer.exe (GdipClonePen) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF0B54)
    [Address] EAT @explorer.exe (GdipCloneRegion) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEBEC7)
    [Address] EAT @explorer.exe (GdipCloneStringFormat) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F03F8B)
    [Address] EAT @explorer.exe (GdipClosePathFigure) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE6DEB)
    [Address] EAT @explorer.exe (GdipClosePathFigures) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE6E8E)
    [Address] EAT @explorer.exe (GdipCombineRegionPath) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEC310)
    [Address] EAT @explorer.exe (GdipCombineRegionRect) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEC1BC)
    [Address] EAT @explorer.exe (GdipCombineRegionRectI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEC293)
    [Address] EAT @explorer.exe (GdipCombineRegionRegion) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEC43E)
    [Address] EAT @explorer.exe (GdipComment) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F0325C)
    [Address] EAT @explorer.exe (GdipConvertToEmfPlus) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F04F0F)
    [Address] EAT @explorer.exe (GdipConvertToEmfPlusToFile) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F04FEF)
    [Address] EAT @explorer.exe (GdipConvertToEmfPlusToStream) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F050E3)
    [Address] EAT @explorer.exe (GdipCreateAdjustableArrowCap) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F06B65)
    [Address] EAT @explorer.exe (GdipCreateBitmapFromDirectDrawSurface) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF6518)
    [Address] EAT @explorer.exe (GdipCreateBitmapFromFile) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF5EB5)
    [Address] EAT @explorer.exe (GdipCreateBitmapFromFileICM) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF6151)
    [Address] EAT @explorer.exe (GdipCreateBitmapFromGdiDib) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF6605)
    [Address] EAT @explorer.exe (GdipCreateBitmapFromGraphics) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF63C5)
    [Address] EAT @explorer.exe (GdipCreateBitmapFromHBITMAP) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF6707)
    [Address] EAT @explorer.exe (GdipCreateBitmapFromHICON) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF6885)
    [Address] EAT @explorer.exe (GdipCreateBitmapFromResource) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF6917)
    [Address] EAT @explorer.exe (GdipCreateBitmapFromScan0) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF62A0)
    [Address] EAT @explorer.exe (GdipCreateBitmapFromStream) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF5D68)
    [Address] EAT @explorer.exe (GdipCreateBitmapFromStreamICM) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF6003)
    [Address] EAT @explorer.exe (GdipCreateCachedBitmap) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F04A81)
    [Address] EAT @explorer.exe (GdipCreateCustomLineCap) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF2CCB)
    [Address] EAT @explorer.exe (GdipCreateEffect) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF6E69)
    [Address] EAT @explorer.exe (GdipCreateFont) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F027CA)
    [Address] EAT @explorer.exe (GdipCreateFontFamilyFromName) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F02590)
    [Address] EAT @explorer.exe (GdipCreateFontFromDC) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F03636)
    [Address] EAT @explorer.exe (GdipCreateFontFromLogfontA) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F03730)
    [Address] EAT @explorer.exe (GdipCreateFontFromLogfontW) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F03833)
    [Address] EAT @explorer.exe (GdipCreateFromHDC) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF8301)
    [Address] EAT @explorer.exe (GdipCreateFromHDC2) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF83AB)
    [Address] EAT @explorer.exe (GdipCreateFromHWND) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF8456)
    [Address] EAT @explorer.exe (GdipCreateFromHWNDICM) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF8500)
    [Address] EAT @explorer.exe (GdipCreateHBITMAPFromBitmap) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF679C)
    [Address] EAT @explorer.exe (GdipCreateHICONFromBitmap) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF69AC)
    [Address] EAT @explorer.exe (GdipCreateHalftonePalette) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F04D8C)
    [Address] EAT @explorer.exe (GdipCreateHatchBrush) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F062CA)
    [Address] EAT @explorer.exe (GdipCreateImageAttributes) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF76DE)
    [Address] EAT @explorer.exe (GdipCreateLineBrush) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEDFFA)
    [Address] EAT @explorer.exe (GdipCreateLineBrushFromRect) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEE1BF)
    [Address] EAT @explorer.exe (GdipCreateLineBrushFromRectI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEE2AF)
    [Address] EAT @explorer.exe (GdipCreateLineBrushFromRectWithAngle) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEE377)
    [Address] EAT @explorer.exe (GdipCreateLineBrushFromRectWithAngleI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEE46E)
    [Address] EAT @explorer.exe (GdipCreateLineBrushI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEE0F0)
    [Address] EAT @explorer.exe (GdipCreateMatrix) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEA68E)
    [Address] EAT @explorer.exe (GdipCreateMatrix2) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEA744)
    [Address] EAT @explorer.exe (GdipCreateMatrix3) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEA884)
    [Address] EAT @explorer.exe (GdipCreateMatrix3I) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEA94C)
    [Address] EAT @explorer.exe (GdipCreateMetafileFromEmf) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F0153C)
    [Address] EAT @explorer.exe (GdipCreateMetafileFromFile) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F01614)
    [Address] EAT @explorer.exe (GdipCreateMetafileFromStream) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F017C3)
    [Address] EAT @explorer.exe (GdipCreateMetafileFromWmf) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F0145F)
    [Address] EAT @explorer.exe (GdipCreateMetafileFromWmfFile) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F016EB)
    [Address] EAT @explorer.exe (GdipCreatePath) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F061D9)
    [Address] EAT @explorer.exe (GdipCreatePath2) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE627E)
    [Address] EAT @explorer.exe (GdipCreatePath2I) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE634F)
    [Address] EAT @explorer.exe (GdipCreatePathGradient) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F06893)
    [Address] EAT @explorer.exe (GdipCreatePathGradientFromPath) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F06AA7)
    [Address] EAT @explorer.exe (GdipCreatePathGradientI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F06955)
    [Address] EAT @explorer.exe (GdipCreatePathIter) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE9AB7)
    [Address] EAT @explorer.exe (GdipCreatePen1) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF08D0)
    [Address] EAT @explorer.exe (GdipCreatePen2) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF0A01)
    [Address] EAT @explorer.exe (GdipCreateRegion) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEB9CE)
    [Address] EAT @explorer.exe (GdipCreateRegionHrgn) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEBDF8)
    [Address] EAT @explorer.exe (GdipCreateRegionPath) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEBBF4)
    [Address] EAT @explorer.exe (GdipCreateRegionRect) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEBA87)
    [Address] EAT @explorer.exe (GdipCreateRegionRectI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEBB49)
    [Address] EAT @explorer.exe (GdipCreateRegionRgnData) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEBD16)
    [Address] EAT @explorer.exe (GdipCreateSolidFill) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F0707F)
    [Address] EAT @explorer.exe (GdipCreateStreamOnFile) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE5877)
    [Address] EAT @explorer.exe (GdipCreateStringFormat) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F03DC1)
    [Address] EAT @explorer.exe (GdipCreateTexture) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F063AB)
    [Address] EAT @explorer.exe (GdipCreateTexture2) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F064CD)
    [Address] EAT @explorer.exe (GdipCreateTexture2I) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F067B9)
    [Address] EAT @explorer.exe (GdipCreateTextureIA) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F0660F)
    [Address] EAT @explorer.exe (GdipCreateTextureIAI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F06859)
    [Address] EAT @explorer.exe (GdipDeleteBrush) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EED958)
    [Address] EAT @explorer.exe (GdipDeleteCachedBitmap) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F04BEC)
    [Address] EAT @explorer.exe (GdipDeleteCustomLineCap) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF3069)
    [Address] EAT @explorer.exe (GdipDeleteEffect) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF6EFA)
    [Address] EAT @explorer.exe (GdipDeleteFont) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F03065)
    [Address] EAT @explorer.exe (GdipDeleteFontFamily) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F02922)
    [Address] EAT @explorer.exe (GdipDeleteGraphics) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF85AA)
    [Address] EAT @explorer.exe (GdipDeleteMatrix) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEAB0E)
    [Address] EAT @explorer.exe (GdipDeletePath) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE65EE)
    [Address] EAT @explorer.exe (GdipDeletePathIter) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE9B70)
    [Address] EAT @explorer.exe (GdipDeletePen) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF0C2B)
    [Address] EAT @explorer.exe (GdipDeletePrivateFontCollection) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F03A7D)
    [Address] EAT @explorer.exe (GdipDeleteRegion) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEBFE6)
    [Address] EAT @explorer.exe (GdipDeleteStringFormat) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F04036)
    [Address] EAT @explorer.exe (GdipDisposeImage) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF4D5E)
    [Address] EAT @explorer.exe (GdipDisposeImageAttributes) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF787F)
    [Address] EAT @explorer.exe (GdipDrawArc) : OLEACC.dll -> HOOKED
     
  6. needhelp51

    needhelp51 TS Enthusiast Topic Starter Posts: 218

    Here is search log part 3:

    (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFA4A5)
    [Address] EAT @explorer.exe (GdipDrawArcI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFA5DF)
    [Address] EAT @explorer.exe (GdipDrawBezier) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFA658)
    [Address] EAT @explorer.exe (GdipDrawBezierI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFA7A0)
    [Address] EAT @explorer.exe (GdipDrawBeziers) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFA827)
    [Address] EAT @explorer.exe (GdipDrawBeziersI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFA951)
    [Address] EAT @explorer.exe (GdipDrawCachedBitmap) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F04C86)
    [Address] EAT @explorer.exe (GdipDrawClosedCurve) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFBC79)
    [Address] EAT @explorer.exe (GdipDrawClosedCurve2) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFBEBC)
    [Address] EAT @explorer.exe (GdipDrawClosedCurve2I) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFBFED)
    [Address] EAT @explorer.exe (GdipDrawClosedCurveI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFBDA3)
    [Address] EAT @explorer.exe (GdipDrawCurve) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFB581)
    [Address] EAT @explorer.exe (GdipDrawCurve2) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFB7C4)
    [Address] EAT @explorer.exe (GdipDrawCurve2I) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFB8FC)
    [Address] EAT @explorer.exe (GdipDrawCurve3) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFBA1C)
    [Address] EAT @explorer.exe (GdipDrawCurve3I) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFBB53)
    [Address] EAT @explorer.exe (GdipDrawCurveI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFB6AB)
    [Address] EAT @explorer.exe (GdipDrawDriverString) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFDA1A)
    [Address] EAT @explorer.exe (GdipDrawEllipse) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFAE82)
    [Address] EAT @explorer.exe (GdipDrawEllipseI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFAFA6)
    [Address] EAT @explorer.exe (GdipDrawImage) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFDF1E)
    [Address] EAT @explorer.exe (GdipDrawImageFX) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFEB79)
    [Address] EAT @explorer.exe (GdipDrawImageI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFE099)
    [Address] EAT @explorer.exe (GdipDrawImagePointRect) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFE553)
    [Address] EAT @explorer.exe (GdipDrawImagePointRectI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFE6EF)
    [Address] EAT @explorer.exe (GdipDrawImagePoints) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFE2BF)
    [Address] EAT @explorer.exe (GdipDrawImagePointsI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFE417)
    [Address] EAT @explorer.exe (GdipDrawImagePointsRect) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFE78B)
    [Address] EAT @explorer.exe (GdipDrawImagePointsRectI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFE9EA)
    [Address] EAT @explorer.exe (GdipDrawImageRect) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFE0F5)
    [Address] EAT @explorer.exe (GdipDrawImageRectI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFE254)
    [Address] EAT @explorer.exe (GdipDrawImageRectRect) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F06CAE)
    [Address] EAT @explorer.exe (GdipDrawImageRectRectI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F06F04)
    [Address] EAT @explorer.exe (GdipDrawLine) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFA0D1)
    [Address] EAT @explorer.exe (GdipDrawLineI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFA1F5)
    [Address] EAT @explorer.exe (GdipDrawLines) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFA260)
    [Address] EAT @explorer.exe (GdipDrawLinesI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFA38C)
    [Address] EAT @explorer.exe (GdipDrawPath) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFB407)
    [Address] EAT @explorer.exe (GdipDrawPie) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFB011)
    [Address] EAT @explorer.exe (GdipDrawPieI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFB14B)
    [Address] EAT @explorer.exe (GdipDrawPolygon) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFB1C4)
    [Address] EAT @explorer.exe (GdipDrawPolygonI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFB2EE)
    [Address] EAT @explorer.exe (GdipDrawRectangle) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFAA8D)
    [Address] EAT @explorer.exe (GdipDrawRectangleI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFABB1)
    [Address] EAT @explorer.exe (GdipDrawRectangles) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFAC1C)
    [Address] EAT @explorer.exe (GdipDrawRectanglesI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFAD46)
    [Address] EAT @explorer.exe (GdipDrawString) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFD512)
    [Address] EAT @explorer.exe (GdipEmfToWmfBits) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F04EB9)
    [Address] EAT @explorer.exe (GdipEndContainer) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F010D0)
    [Address] EAT @explorer.exe (GdipEnumerateMetafileDestPoint) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFECBA)
    [Address] EAT @explorer.exe (GdipEnumerateMetafileDestPointI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFEE6B)
    [Address] EAT @explorer.exe (GdipEnumerateMetafileDestPoints) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFF0F8)
    [Address] EAT @explorer.exe (GdipEnumerateMetafileDestPointsI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFF2AC)
    [Address] EAT @explorer.exe (GdipEnumerateMetafileDestRect) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFEED3)
    [Address] EAT @explorer.exe (GdipEnumerateMetafileDestRectI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFF084)
    [Address] EAT @explorer.exe (GdipEnumerateMetafileSrcRectDestPoint) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFF417)
    [Address] EAT @explorer.exe (GdipEnumerateMetafileSrcRectDestPointI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFF5F7)
    [Address] EAT @explorer.exe (GdipEnumerateMetafileSrcRectDestPoints) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFF8F5)
    [Address] EAT @explorer.exe (GdipEnumerateMetafileSrcRectDestPointsI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFFAD8)
    [Address] EAT @explorer.exe (GdipEnumerateMetafileSrcRectDestRect) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFF680)
    [Address] EAT @explorer.exe (GdipEnumerateMetafileSrcRectDestRectI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFF860)
    [Address] EAT @explorer.exe (GdipFillClosedCurve) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFCEEC)
    [Address] EAT @explorer.exe (GdipFillClosedCurve2) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFD13E)
    [Address] EAT @explorer.exe (GdipFillClosedCurve2I) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFD275)
    [Address] EAT @explorer.exe (GdipFillClosedCurveI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFD025)
    [Address] EAT @explorer.exe (GdipFillEllipse) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFCA23)
    [Address] EAT @explorer.exe (GdipFillEllipseI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFCB4E)
    [Address] EAT @explorer.exe (GdipFillPath) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFCD6F)
    [Address] EAT @explorer.exe (GdipFillPie) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFCBB9)
    [Address] EAT @explorer.exe (GdipFillPieI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFCCF6)
    [Address] EAT @explorer.exe (GdipFillPolygon) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFC591)
    [Address] EAT @explorer.exe (GdipFillPolygon2) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFC7DD)
    [Address] EAT @explorer.exe (GdipFillPolygon2I) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFC90A)
    [Address] EAT @explorer.exe (GdipFillPolygonI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFC6C1)
    [Address] EAT @explorer.exe (GdipFillRectangle) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFC1B5)
    [Address] EAT @explorer.exe (GdipFillRectangleI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFC2E0)
    [Address] EAT @explorer.exe (GdipFillRectangles) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFC34B)
    [Address] EAT @explorer.exe (GdipFillRectanglesI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFC478)
    [Address] EAT @explorer.exe (GdipFillRegion) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFD398)
    [Address] EAT @explorer.exe (GdipFindFirstImageItem) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF5ABA)
    [Address] EAT @explorer.exe (GdipFindNextImageItem) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF5B60)
    [Address] EAT @explorer.exe (GdipFlattenPath) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE8C93)
    [Address] EAT @explorer.exe (GdipFlush) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF8645)
    [Address] EAT @explorer.exe (GdipFree) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F02546)
    [Address] EAT @explorer.exe (GdipGetAdjustableArrowCapFillState) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF3CA4)
    [Address] EAT @explorer.exe (GdipGetAdjustableArrowCapHeight) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF3897)
    [Address] EAT @explorer.exe (GdipGetAdjustableArrowCapMiddleInset) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF3B4D)
    [Address] EAT @explorer.exe (GdipGetAdjustableArrowCapWidth) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF39F2)
    [Address] EAT @explorer.exe (GdipGetAllPropertyItems) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF4AB3)
    [Address] EAT @explorer.exe (GdipGetBrushType) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EED9F5)
    [Address] EAT @explorer.exe (GdipGetCellAscent) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F03456)
    [Address] EAT @explorer.exe (GdipGetCellDescent) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F034F6)
    [Address] EAT @explorer.exe (GdipGetClip) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F004CC)
    [Address] EAT @explorer.exe (GdipGetClipBounds) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F005C4)
    [Address] EAT @explorer.exe (GdipGetClipBoundsI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F00677)
    [Address] EAT @explorer.exe (GdipGetCompositingMode) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF88EF)
    [Address] EAT @explorer.exe (GdipGetCompositingQuality) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF8A3F)
    [Address] EAT @explorer.exe (GdipGetCustomLineCapBaseCap) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF3485)
    [Address] EAT @explorer.exe (GdipGetCustomLineCapBaseInset) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF35DC)
    [Address] EAT @explorer.exe (GdipGetCustomLineCapStrokeCaps) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF31A9)
    [Address] EAT @explorer.exe (GdipGetCustomLineCapStrokeJoin) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF3325)
    [Address] EAT @explorer.exe (GdipGetCustomLineCapType) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF2FB2)
    [Address] EAT @explorer.exe (GdipGetCustomLineCapWidthScale) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF3733)
    [Address] EAT @explorer.exe (GdipGetDC) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F030DD)
    [Address] EAT @explorer.exe (GdipGetDpiX) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF9BE3)
    [Address] EAT @explorer.exe (GdipGetDpiY) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF9C94)
    [Address] EAT @explorer.exe (GdipGetEffectParameterSize) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF6FCE)
    [Address] EAT @explorer.exe (GdipGetEffectParameters) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF7033)
    [Address] EAT @explorer.exe (GdipGetEmHeight) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F033B6)
    [Address] EAT @explorer.exe (GdipGetEncoderParameterList) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF4145)
    [Address] EAT @explorer.exe (GdipGetEncoderParameterListSize) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF40A4)
    [Address] EAT @explorer.exe (GdipGetFamily) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F04140)
    [Address] EAT @explorer.exe (GdipGetFamilyName) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFDE91)
    [Address] EAT @explorer.exe (GdipGetFontCollectionFamilyCount) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F03B31)
    [Address] EAT @explorer.exe (GdipGetFontCollectionFamilyList) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F03BCD)
    [Address] EAT @explorer.exe (GdipGetFontHeight) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F02DFB)
    [Address] EAT @explorer.exe (GdipGetFontHeightGivenDPI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F02F03)
    [Address] EAT @explorer.exe (GdipGetFontSize) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F02D5D)
    [Address] EAT @explorer.exe (GdipGetFontStyle) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F02ABB)
    [Address] EAT @explorer.exe (GdipGetFontUnit) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F0432A)
    [Address] EAT @explorer.exe (GdipGetGenericFontFamilyMonospace) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F02751)
    [Address] EAT @explorer.exe (GdipGetGenericFontFamilySansSerif) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F0265F)
    [Address] EAT @explorer.exe (GdipGetGenericFontFamilySerif) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F026D8)
    [Address] EAT @explorer.exe (GdipGetHatchBackgroundColor) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEDC14)
    [Address] EAT @explorer.exe (GdipGetHatchForegroundColor) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEDB5E)
    [Address] EAT @explorer.exe (GdipGetHatchStyle) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEDAA8)
    [Address] EAT @explorer.exe (GdipGetHemfFromMetafile) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F013A4)
    [Address] EAT @explorer.exe (GdipGetImageAttributesAdjustedPalette) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF8219)
    [Address] EAT @explorer.exe (GdipGetImageBounds) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF4F73)
    [Address] EAT @explorer.exe (GdipGetImageDecoders) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F020EC)
    [Address] EAT @explorer.exe (GdipGetImageDecodersSize) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F02063)
    [Address] EAT @explorer.exe (GdipGetImageDimension) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF5048)
    [Address] EAT @explorer.exe (GdipGetImageEncoders) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F02320)
    [Address] EAT @explorer.exe (GdipGetImageEncodersSize) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F02297)
    [Address] EAT @explorer.exe (GdipGetImageFlags) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF5459)
    [Address] EAT @explorer.exe (GdipGetImageGraphicsContext) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF4E9C)
    [Address] EAT @explorer.exe (GdipGetImageHeight) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF51DA)
    [Address] EAT @explorer.exe (GdipGetImageHorizontalResolution) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF52AF)
    [Address] EAT @explorer.exe (GdipGetImageItemData) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF5C06)
    [Address] EAT @explorer.exe (GdipGetImagePalette) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF56DC)
    [Address] EAT @explorer.exe (GdipGetImagePaletteSize) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF5864)
    [Address] EAT @explorer.exe (GdipGetImagePixelFormat) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF5607)
    [Address] EAT @explorer.exe (GdipGetImageRawFormat) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF552E)
    [Address] EAT @explorer.exe (GdipGetImageThumbnail) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF59E3)
    [Address] EAT @explorer.exe (GdipGetImageType) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF5933)
    [Address] EAT @explorer.exe (GdipGetImageVerticalResolution) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF5384)
    [Address] EAT @explorer.exe (GdipGetImageWidth) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF5105)
    [Address] EAT @explorer.exe (GdipGetInterpolationMode) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF9195)
    [Address] EAT @explorer.exe (GdipGetLineBlend) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEE767)
    [Address] EAT @explorer.exe (GdipGetLineBlendCount) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEE6B1)
    [Address] EAT @explorer.exe (GdipGetLineColors) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEE5F2)
    [Address] EAT @explorer.exe (GdipGetLineGammaCorrection) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE57EC)
    [Address] EAT @explorer.exe (GdipGetLinePresetBlend) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEE90F)
    [Address] EAT @explorer.exe (GdipGetLinePresetBlendCount) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEFC74)
    [Address] EAT @explorer.exe (GdipGetLineRect) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEF8E3)
    [Address] EAT @explorer.exe (GdipGetLineRectI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEF998)
    [Address] EAT @explorer.exe (GdipGetLineSpacing) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F03596)
    [Address] EAT @explorer.exe (GdipGetLineTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF01D0)
    [Address] EAT @explorer.exe (GdipGetLineWrapMode) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF011D)
    [Address] EAT @explorer.exe (GdipGetLogFontA) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F02B59)
    [Address] EAT @explorer.exe (GdipGetLogFontW) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F02C5B)
    [Address] EAT @explorer.exe (GdipGetMatrixElements) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEB67E)
    [Address] EAT @explorer.exe (GdipGetMetafileDownLevelRasterizationLimit) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F01F4B)
    [Address] EAT @explorer.exe (GdipGetMetafileHeaderFromEmf) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F011D9)
    [Address] EAT @explorer.exe (GdipGetMetafileHeaderFromFile) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F0123C)
    [Address] EAT @explorer.exe (GdipGetMetafileHeaderFromMetafile) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F01300)
    [Address] EAT @explorer.exe (GdipGetMetafileHeaderFromStream) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F0129D)
    [Address] EAT @explorer.exe (GdipGetMetafileHeaderFromWmf) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F0116F)
    [Address] EAT @explorer.exe (GdipGetNearestColor) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFA01A)
    [Address] EAT @explorer.exe (GdipGetPageScale) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF9A8D)
    [Address] EAT @explorer.exe (GdipGetPageUnit) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF991E)
    [Address] EAT @explorer.exe (GdipGetPathData) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE6CA4)
    [Address] EAT @explorer.exe (GdipGetPathFillMode) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE6B4A)
    [Address] EAT @explorer.exe (GdipGetPathGradientBlend) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEFBA0)
    [Address] EAT @explorer.exe (GdipGetPathGradientBlendCount) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEE6B1)
    [Address] EAT @explorer.exe (GdipGetPathGradientCenterColor) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEF067)
    [Address] EAT @explorer.exe (GdipGetPathGradientCenterPoint) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEF500)
    [Address] EAT @explorer.exe (GdipGetPathGradientCenterPointI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEF5BA)
    [Address] EAT @explorer.exe (GdipGetPathGradientFocusScales) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF0744)
    [Address] EAT @explorer.exe (GdipGetPathGradientGammaCorrection) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEFAED)
    [Address] EAT @explorer.exe (GdipGetPathGradientPath) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEF4BD)
    [Address] EAT @explorer.exe (GdipGetPathGradientPointCount) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEF776)
    [Address] EAT @explorer.exe (GdipGetPathGradientPresetBlend) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEFD2E)
    [Address] EAT @explorer.exe (GdipGetPathGradientPresetBlendCount) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEFC74)
    [Address] EAT @explorer.exe (GdipGetPathGradientRect) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEF8E3)
    [Address] EAT @explorer.exe (GdipGetPathGradientRectI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEF998)
    [Address] EAT @explorer.exe (GdipGetPathGradientSurroundColorCount) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEF829)
    [Address] EAT @explorer.exe (GdipGetPathGradientSurroundColorsWithCount) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEF1D3)
    [Address] EAT @explorer.exe (GdipGetPathGradientTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF01D0)
    [Address] EAT @explorer.exe (GdipGetPathGradientWrapMode) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF011D)
    [Address] EAT @explorer.exe (GdipGetPathLastPoint) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE711A)
    [Address] EAT @explorer.exe (GdipGetPathPoints) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE68FA)
    [Address] EAT @explorer.exe (GdipGetPathPointsI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE6A06)
    [Address] EAT @explorer.exe (GdipGetPathTypes) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE67F1)
    [Address] EAT @explorer.exe (GdipGetPathWorldBounds) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE92AF)
    [Address] EAT @explorer.exe (GdipGetPathWorldBoundsI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE947B)
    [Address] EAT @explorer.exe (GdipGetPenBrushFill) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF2462)
    [Address] EAT @explorer.exe (GdipGetPenColor) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF2297)
    [Address] EAT @explorer.exe (GdipGetPenCompoundArray) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF2C11)
    [Address] EAT @explorer.exe (GdipGetPenCompoundCount) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF2AA7)
    [Address] EAT @explorer.exe (GdipGetPenCustomEndCap) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF1856)
    [Address] EAT @explorer.exe (GdipGetPenCustomStartCap) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF1697)
    [Address] EAT @explorer.exe (GdipGetPenDashArray) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF29ED)
    [Address] EAT @explorer.exe (GdipGetPenDashCap197819) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF138A)
    [Address] EAT @explorer.exe (GdipGetPenDashCount) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF2883)
    [Address] EAT @explorer.exe (GdipGetPenDashOffset) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF2735)
    [Address] EAT @explorer.exe (GdipGetPenDashStyle) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF25E4)
    [Address] EAT @explorer.exe (GdipGetPenEndCap) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF12DA)
    [Address] EAT @explorer.exe (GdipGetPenFillType) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF2527)
    [Address] EAT @explorer.exe (GdipGetPenLineJoin) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF14DF)
    [Address] EAT @explorer.exe (GdipGetPenMiterLimit) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF19B2)
    [Address] EAT @explorer.exe (GdipGetPenMode) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF1B05)
    [Address] EAT @explorer.exe (GdipGetPenStartCap) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF122A)
    [Address] EAT @explorer.exe (GdipGetPenTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF1CBB)
    [Address] EAT @explorer.exe (GdipGetPenUnit) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF0EF0)
    [Address] EAT @explorer.exe (GdipGetPenWidth) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF0D81)
    [Address] EAT @explorer.exe (GdipGetPixelOffsetMode) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF8D3E)
    [Address] EAT @explorer.exe (GdipGetPointCount) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE673E)
    [Address] EAT @explorer.exe (GdipGetPropertyCount) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF479D)
    [Address] EAT @explorer.exe (GdipGetPropertyIdList) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF4838)
    [Address] EAT @explorer.exe (GdipGetPropertyItem) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF4974)
    [Address] EAT @explorer.exe (GdipGetPropertyItemSize) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF48D6)
    [Address] EAT @explorer.exe (GdipGetPropertySize) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF4A15)
    [Address] EAT @explorer.exe (GdipGetRegionBounds) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEC754)
    [Address] EAT @explorer.exe (GdipGetRegionBoundsI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEC876)
    [Address] EAT @explorer.exe (GdipGetRegionData) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EED062)
    [Address] EAT @explorer.exe (GdipGetRegionDataSize) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EECF89)
    [Address] EAT @explorer.exe (GdipGetRegionHRgn) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEC9F1)
    [Address] EAT @explorer.exe (GdipGetRegionScans) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EED62C)
    [Address] EAT @explorer.exe (GdipGetRegionScansCount) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EED504)
    [Address] EAT @explorer.exe (GdipGetRegionScansI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EED755)
    [Address] EAT @explorer.exe (GdipGetRenderingOrigin) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF877D)
    [Address] EAT @explorer.exe (GdipGetSmoothingMode) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF8BAF)
    [Address] EAT @explorer.exe (GdipGetSolidFillColor) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEDF44)
    [Address] EAT @explorer.exe (GdipGetStringFormatAlign) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F02ABB)
    [Address] EAT @explorer.exe (GdipGetStringFormatDigitSubstitution) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F048AF)
    [Address] EAT @explorer.exe (GdipGetStringFormatFlags) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F04140)
    [Address] EAT @explorer.exe (GdipGetStringFormatHotkeyPrefix) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F04469)
    [Address] EAT @explorer.exe (GdipGetStringFormatLineAlign) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F0432A)
    [Address] EAT @explorer.exe (GdipGetStringFormatMeasurableCharacterRangeCount) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F04704)
    [Address] EAT @explorer.exe (GdipGetStringFormatTabStopCount) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F045B7)
    [Address] EAT @explorer.exe (GdipGetStringFormatTabStops) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F04659)
    [Address] EAT @explorer.exe (GdipGetStringFormatTrimming) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d
     
  7. needhelp51

    needhelp51 TS Enthusiast Topic Starter Posts: 218

    Here is search log part 4 (last):

    2e82386681b36\gdiplus.dll @ 0x73F049DF)
    [Address] EAT @explorer.exe (GdipGetTextContrast) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF8F4F)
    [Address] EAT @explorer.exe (GdipGetTextRenderingHint) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF9000)
    [Address] EAT @explorer.exe (GdipGetTextureImage) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEDD6E)
    [Address] EAT @explorer.exe (GdipGetTextureTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF01D0)
    [Address] EAT @explorer.exe (GdipGetTextureWrapMode) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF011D)
    [Address] EAT @explorer.exe (GdipGetVisibleClipBounds) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F00837)
    [Address] EAT @explorer.exe (GdipGetVisibleClipBoundsI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F008EA)
    [Address] EAT @explorer.exe (GdipGetWorldTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF9782)
    [Address] EAT @explorer.exe (GdipGraphicsClear) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFC10D)
    [Address] EAT @explorer.exe (GdipGraphicsSetAbort) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF7590)
    [Address] EAT @explorer.exe (GdipImageForceValidation) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF5CAC)
    [Address] EAT @explorer.exe (GdipImageGetFrameCount) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF45B5)
    [Address] EAT @explorer.exe (GdipImageGetFrameDimensionsCount) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF4482)
    [Address] EAT @explorer.exe (GdipImageGetFrameDimensionsList) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF451A)
    [Address] EAT @explorer.exe (GdipImageRotateFlip) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF4705)
    [Address] EAT @explorer.exe (GdipImageSelectActiveFrame) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF4650)
    [Address] EAT @explorer.exe (GdipImageSetAbort) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF74EA)
    [Address] EAT @explorer.exe (GdipInitializePalette) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF718C)
    [Address] EAT @explorer.exe (GdipInvertMatrix) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEB0F4)
    [Address] EAT @explorer.exe (GdipIsClipEmpty) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F00782)
    [Address] EAT @explorer.exe (GdipIsEmptyRegion) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EECB35)
    [Address] EAT @explorer.exe (GdipIsEqualRegion) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EECDC5)
    [Address] EAT @explorer.exe (GdipIsInfiniteRegion) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EECC7D)
    [Address] EAT @explorer.exe (GdipIsMatrixEqual) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEB899)
    [Address] EAT @explorer.exe (GdipIsMatrixIdentity) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEB7E6)
    [Address] EAT @explorer.exe (GdipIsMatrixInvertible) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEB731)
    [Address] EAT @explorer.exe (GdipIsOutlineVisiblePathPoint) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE982D)
    [Address] EAT @explorer.exe (GdipIsOutlineVisiblePathPointI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE9A55)
    [Address] EAT @explorer.exe (GdipIsStyleAvailable) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F03317)
    [Address] EAT @explorer.exe (GdipIsVisibleClipEmpty) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F009F5)
    [Address] EAT @explorer.exe (GdipIsVisiblePathPoint) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE9647)
    [Address] EAT @explorer.exe (GdipIsVisiblePathPointI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE97CE)
    [Address] EAT @explorer.exe (GdipIsVisiblePoint) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F00AAA)
    [Address] EAT @explorer.exe (GdipIsVisiblePointI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F00B6F)
    [Address] EAT @explorer.exe (GdipIsVisibleRect) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F00BCB)
    [Address] EAT @explorer.exe (GdipIsVisibleRectI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F00C9F)
    [Address] EAT @explorer.exe (GdipIsVisibleRegionPoint) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EED155)
    [Address] EAT @explorer.exe (GdipIsVisibleRegionPointI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EED2C0)
    [Address] EAT @explorer.exe (GdipIsVisibleRegionRect) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EED31F)
    [Address] EAT @explorer.exe (GdipIsVisibleRegionRectI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EED496)
    [Address] EAT @explorer.exe (GdipLoadImageFromFile) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF3E2B)
    [Address] EAT @explorer.exe (GdipLoadImageFromFileICM) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF3FD1)
    [Address] EAT @explorer.exe (GdipLoadImageFromStream) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF3D58)
    [Address] EAT @explorer.exe (GdipLoadImageFromStreamICM) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF3EFE)
    [Address] EAT @explorer.exe (GdipMeasureCharacterRanges) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFD896)
    [Address] EAT @explorer.exe (GdipMeasureDriverString) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFDC8D)
    [Address] EAT @explorer.exe (GdipMeasureString) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFD6FB)
    [Address] EAT @explorer.exe (GdipMultiplyLineTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF0485)
    [Address] EAT @explorer.exe (GdipMultiplyMatrix) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEAC7D)
    [Address] EAT @explorer.exe (GdipMultiplyPathGradientTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF0485)
    [Address] EAT @explorer.exe (GdipMultiplyPenTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF1E61)
    [Address] EAT @explorer.exe (GdipMultiplyTextureTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF0485)
    [Address] EAT @explorer.exe (GdipMultiplyWorldTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF93D4)
    [Address] EAT @explorer.exe (GdipNewInstalledFontCollection) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F03936)
    [Address] EAT @explorer.exe (GdipNewPrivateFontCollection) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F039B9)
    [Address] EAT @explorer.exe (GdipPathIterCopyData) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEA586)
    [Address] EAT @explorer.exe (GdipPathIterEnumerate) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEA481)
    [Address] EAT @explorer.exe (GdipPathIterGetCount) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEA0EA)
    [Address] EAT @explorer.exe (GdipPathIterGetSubpathCount) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEA1A7)
    [Address] EAT @explorer.exe (GdipPathIterHasCurve) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEA321)
    [Address] EAT @explorer.exe (GdipPathIterIsValid) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEA264)
    [Address] EAT @explorer.exe (GdipPathIterNextMarker) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE9F2B)
    [Address] EAT @explorer.exe (GdipPathIterNextMarkerPath) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEA02A)
    [Address] EAT @explorer.exe (GdipPathIterNextPathType) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE9E0D)
    [Address] EAT @explorer.exe (GdipPathIterNextSubpath) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE9C0A)
    [Address] EAT @explorer.exe (GdipPathIterNextSubpathPath) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE9D28)
    [Address] EAT @explorer.exe (GdipPathIterRewind) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEA3D2)
    [Address] EAT @explorer.exe (GdipPlayMetafileRecord) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFFC76)
    [Address] EAT @explorer.exe (GdipPlayTSClientRecord) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F051D7)
    [Address] EAT @explorer.exe (GdipPrivateAddFontFile) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F03C82)
    [Address] EAT @explorer.exe (GdipPrivateAddMemoryFont) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F03D20)
    [Address] EAT @explorer.exe (GdipRecordMetafile) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F01898)
    [Address] EAT @explorer.exe (GdipRecordMetafileFileName) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F01A6D)
    [Address] EAT @explorer.exe (GdipRecordMetafileFileNameI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F01BA5)
    [Address] EAT @explorer.exe (GdipRecordMetafileI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F019B7)
    [Address] EAT @explorer.exe (GdipRecordMetafileStream) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F01C5E)
    [Address] EAT @explorer.exe (GdipRecordMetafileStreamI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F01D96)
    [Address] EAT @explorer.exe (GdipReleaseDC) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F031A4)
    [Address] EAT @explorer.exe (GdipRemovePropertyItem) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF4B54)
    [Address] EAT @explorer.exe (GdipResetClip) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F00328)
    [Address] EAT @explorer.exe (GdipResetImageAttributes) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF79D5)
    [Address] EAT @explorer.exe (GdipResetLineTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF03E2)
    [Address] EAT @explorer.exe (GdipResetPageTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF9878)
    [Address] EAT @explorer.exe (GdipResetPath) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE669B)
    [Address] EAT @explorer.exe (GdipResetPathGradientTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF03E2)
    [Address] EAT @explorer.exe (GdipResetPenTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF1DC1)
    [Address] EAT @explorer.exe (GdipResetTextureTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF03E2)
    [Address] EAT @explorer.exe (GdipResetWorldTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF9336)
    [Address] EAT @explorer.exe (GdipRestoreGraphics) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F00DBF)
    [Address] EAT @explorer.exe (GdipReversePath) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE7077)
    [Address] EAT @explorer.exe (GdipRotateLineTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF0677)
    [Address] EAT @explorer.exe (GdipRotateMatrix) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEAF5C)
    [Address] EAT @explorer.exe (GdipRotatePathGradientTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF0677)
    [Address] EAT @explorer.exe (GdipRotatePenTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF2123)
    [Address] EAT @explorer.exe (GdipRotateTextureTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF0677)
    [Address] EAT @explorer.exe (GdipRotateWorldTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF96BA)
    [Address] EAT @explorer.exe (GdipSaveAdd) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF433D)
    [Address] EAT @explorer.exe (GdipSaveAddImage) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF43DB)
    [Address] EAT @explorer.exe (GdipSaveGraphics) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F00D0A)
    [Address] EAT @explorer.exe (GdipSaveImageToFile) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF4293)
    [Address] EAT @explorer.exe (GdipSaveImageToStream) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF41E9)
    [Address] EAT @explorer.exe (GdipScaleLineTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF059E)
    [Address] EAT @explorer.exe (GdipScaleMatrix) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEAE8A)
    [Address] EAT @explorer.exe (GdipScalePathGradientTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF059E)
    [Address] EAT @explorer.exe (GdipScalePenTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF204D)
    [Address] EAT @explorer.exe (GdipScaleTextureTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF059E)
    [Address] EAT @explorer.exe (GdipScaleWorldTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF95E6)
    [Address] EAT @explorer.exe (GdipSetAdjustableArrowCapFillState) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF3C01)
    [Address] EAT @explorer.exe (GdipSetAdjustableArrowCapHeight) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF37F0)
    [Address] EAT @explorer.exe (GdipSetAdjustableArrowCapMiddleInset) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF3AA6)
    [Address] EAT @explorer.exe (GdipSetAdjustableArrowCapWidth) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF394B)
    [Address] EAT @explorer.exe (GdipSetClipGraphics) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFFD64)
    [Address] EAT @explorer.exe (GdipSetClipHrgn) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F0023B)
    [Address] EAT @explorer.exe (GdipSetClipPath) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFFFDA)
    [Address] EAT @explorer.exe (GdipSetClipRect) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFFE90)
    [Address] EAT @explorer.exe (GdipSetClipRectI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFFF6F)
    [Address] EAT @explorer.exe (GdipSetClipRegion) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F0010D)
    [Address] EAT @explorer.exe (GdipSetCompositingMode) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF8850)
    [Address] EAT @explorer.exe (GdipSetCompositingQuality) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF89A0)
    [Address] EAT @explorer.exe (GdipSetCustomLineCapBaseCap) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF33E2)
    [Address] EAT @explorer.exe (GdipSetCustomLineCapBaseInset) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF3542)
    [Address] EAT @explorer.exe (GdipSetCustomLineCapStrokeCaps) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF3103)
    [Address] EAT @explorer.exe (GdipSetCustomLineCapStrokeJoin) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF328B)
    [Address] EAT @explorer.exe (GdipSetCustomLineCapWidthScale) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF3699)
    [Address] EAT @explorer.exe (GdipSetEffectParameters) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF6F65)
    [Address] EAT @explorer.exe (GdipSetEmpty) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEC11E)
    [Address] EAT @explorer.exe (GdipSetImageAttributesCachedBackground) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF80CD)
    [Address] EAT @explorer.exe (GdipSetImageAttributesColorKeys) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF7DA9)
    [Address] EAT @explorer.exe (GdipSetImageAttributesColorMatrix) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF7A92)
    [Address] EAT @explorer.exe (GdipSetImageAttributesGamma) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF7C22)
    [Address] EAT @explorer.exe (GdipSetImageAttributesNoOp) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF7CE9)
    [Address] EAT @explorer.exe (GdipSetImageAttributesOutputChannel) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF7E81)
    [Address] EAT @explorer.exe (GdipSetImageAttributesOutputChannelColorProfile) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF7F44)
    [Address] EAT @explorer.exe (GdipSetImageAttributesRemapTable) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF8007)
    [Address] EAT @explorer.exe (GdipSetImageAttributesThreshold) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF7B5B)
    [Address] EAT @explorer.exe (GdipSetImageAttributesToIdentity) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF7918)
    [Address] EAT @explorer.exe (GdipSetImageAttributesWrapMode) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF8170)
    [Address] EAT @explorer.exe (GdipSetImagePalette) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF5796)
    [Address] EAT @explorer.exe (GdipSetInfinite) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEC080)
    [Address] EAT @explorer.exe (GdipSetInterpolationMode) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF90B1)
    [Address] EAT @explorer.exe (GdipSetLineBlend) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEE83B)
    [Address] EAT @explorer.exe (GdipSetLineColors) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEE53D)
    [Address] EAT @explorer.exe (GdipSetLineGammaCorrection) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE5793)
    [Address] EAT @explorer.exe (GdipSetLineLinearBlend) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEEE2A)
    [Address] EAT @explorer.exe (GdipSetLinePresetBlend) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEEB24)
    [Address] EAT @explorer.exe (GdipSetLineSigmaBlend) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEED78)
    [Address] EAT @explorer.exe (GdipSetLineTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF02D9)
    [Address] EAT @explorer.exe (GdipSetLineWrapMode) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEEEDC)
    [Address] EAT @explorer.exe (GdipSetMatrixElements) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEABB9)
    [Address] EAT @explorer.exe (GdipSetMetafileDownLevelRasterizationLimit) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F01E4F)
    [Address] EAT @explorer.exe (GdipSetPageScale) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF9B3E)
    [Address] EAT @explorer.exe (GdipSetPageUnit) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF99CF)
    [Address] EAT @explorer.exe (GdipSetPathFillMode) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE6C00)
    [Address] EAT @explorer.exe (GdipSetPathGradientBlend) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEE83B)
    [Address] EAT @explorer.exe (GdipSetPathGradientCenterColor) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEF12F)
    [Address] EAT @explorer.exe (GdipSetPathGradientCenterPoint) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEF64E)
    [Address] EAT @explorer.exe (GdipSetPathGradientCenterPointI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEF708)
    [Address] EAT @explorer.exe (GdipSetPathGradientFocusScales) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF0829)
    [Address] EAT @explorer.exe (GdipSetPathGradientGammaCorrection) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEFA50)
    [Address] EAT @explorer.exe (GdipSetPathGradientLinearBlend) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEEE2A)
    [Address] EAT @explorer.exe (GdipSetPathGradientPath) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEF4BD)
    [Address] EAT @explorer.exe (GdipSetPathGradientPresetBlend) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEFEDA)
    [Address] EAT @explorer.exe (GdipSetPathGradientSigmaBlend) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEED78)
    [Address] EAT @explorer.exe (GdipSetPathGradientSurroundColorsWithCount) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEF301)
    [Address] EAT @explorer.exe (GdipSetPathGradientTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF02D9)
    [Address] EAT @explorer.exe (GdipSetPathGradientWrapMode) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEDCCA)
    [Address] EAT @explorer.exe (GdipSetPathMarker) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE6F31)
    [Address] EAT @explorer.exe (GdipSetPenBrushFill) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF2357)
    [Address] EAT @explorer.exe (GdipSetPenColor) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF21ED)
    [Address] EAT @explorer.exe (GdipSetPenCompoundArray) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF2B57)
    [Address] EAT @explorer.exe (GdipSetPenCustomEndCap) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF174E)
    [Address] EAT @explorer.exe (GdipSetPenCustomStartCap) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF158F)
    [Address] EAT @explorer.exe (GdipSetPenDashArray) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF2933)
    [Address] EAT @explorer.exe (GdipSetPenDashCap197819) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF1189)
    [Address] EAT @explorer.exe (GdipSetPenDashOffset) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF27E5)
    [Address] EAT @explorer.exe (GdipSetPenDashStyle) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF2694)
    [Address] EAT @explorer.exe (GdipSetPenEndCap) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF10E8)
    [Address] EAT @explorer.exe (GdipSetPenLineCap197819) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF0FA0)
    [Address] EAT @explorer.exe (GdipSetPenLineJoin) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF1441)
    [Address] EAT @explorer.exe (GdipSetPenMiterLimit) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF190D)
    [Address] EAT @explorer.exe (GdipSetPenMode) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF1A62)
    [Address] EAT @explorer.exe (GdipSetPenStartCap) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF1047)
    [Address] EAT @explorer.exe (GdipSetPenTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF1BB5)
    [Address] EAT @explorer.exe (GdipSetPenUnit) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF0E31)
    [Address] EAT @explorer.exe (GdipSetPenWidth) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF0CE3)
    [Address] EAT @explorer.exe (GdipSetPixelOffsetMode) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF8C85)
    [Address] EAT @explorer.exe (GdipSetPropertyItem) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF4BEF)
    [Address] EAT @explorer.exe (GdipSetRenderingOrigin) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF86DB)
    [Address] EAT @explorer.exe (GdipSetSmoothingMode) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF8AF0)
    [Address] EAT @explorer.exe (GdipSetSolidFillColor) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEDEA1)
    [Address] EAT @explorer.exe (GdipSetStringFormatAlign) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F041DE)
    [Address] EAT @explorer.exe (GdipSetStringFormatDigitSubstitution) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F0481E)
    [Address] EAT @explorer.exe (GdipSetStringFormatFlags) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F040B4)
    [Address] EAT @explorer.exe (GdipSetStringFormatHotkeyPrefix) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F043C8)
    [Address] EAT @explorer.exe (GdipSetStringFormatLineAlign) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F04284)
    [Address] EAT @explorer.exe (GdipSetStringFormatMeasurableCharacterRanges) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F04786)
    [Address] EAT @explorer.exe (GdipSetStringFormatTabStops) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F0450B)
    [Address] EAT @explorer.exe (GdipSetStringFormatTrimming) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F04940)
    [Address] EAT @explorer.exe (GdipSetTextContrast) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF8EAE)
    [Address] EAT @explorer.exe (GdipSetTextRenderingHint) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF8DEF)
    [Address] EAT @explorer.exe (GdipSetTextureTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF02D9)
    [Address] EAT @explorer.exe (GdipSetTextureWrapMode) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEDCCA)
    [Address] EAT @explorer.exe (GdipSetWorldTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF9232)
    [Address] EAT @explorer.exe (GdipShearMatrix) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEB022)
    [Address] EAT @explorer.exe (GdipStartPathFigure) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE6D4A)
    [Address] EAT @explorer.exe (GdipStringFormatGetGenericDefault) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F03E91)
    [Address] EAT @explorer.exe (GdipStringFormatGetGenericTypographic) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F03F14)
    [Address] EAT @explorer.exe (GdipTestControl) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F04E42)
    [Address] EAT @explorer.exe (GdipTransformMatrixPoints) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEB192)
    [Address] EAT @explorer.exe (GdipTransformMatrixPointsI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEB24B)
    [Address] EAT @explorer.exe (GdipTransformPath) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE91A8)
    [Address] EAT @explorer.exe (GdipTransformPoints) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF9D45)
    [Address] EAT @explorer.exe (GdipTransformPointsI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF9E06)
    [Address] EAT @explorer.exe (GdipTransformRegion) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEC64E)
    [Address] EAT @explorer.exe (GdipTranslateClip) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F003C6)
    [Address] EAT @explorer.exe (GdipTranslateClipI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F00473)
    [Address] EAT @explorer.exe (GdipTranslateLineTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEEF8E)
    [Address] EAT @explorer.exe (GdipTranslateMatrix) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEADB8)
    [Address] EAT @explorer.exe (GdipTranslatePathGradientTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEEF8E)
    [Address] EAT @explorer.exe (GdipTranslatePenTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF1F77)
    [Address] EAT @explorer.exe (GdipTranslateRegion) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEC56E)
    [Address] EAT @explorer.exe (GdipTranslateRegionI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEC5F5)
    [Address] EAT @explorer.exe (GdipTranslateTextureTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEEF8E)
    [Address] EAT @explorer.exe (GdipTranslateWorldTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF9512)
    [Address] EAT @explorer.exe (GdipVectorTransformMatrixPoints) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEB3C1)
    [Address] EAT @explorer.exe (GdipVectorTransformMatrixPointsI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEB47A)
    [Address] EAT @explorer.exe (GdipWarpPath) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE9048)
    [Address] EAT @explorer.exe (GdipWidenPath) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE8EC5)
    [Address] EAT @explorer.exe (GdipWindingModeOutline) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE8DAB)
    [Address] EAT @explorer.exe (GdiplusNotificationHook) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE6189)
    [Address] EAT @explorer.exe (GdiplusNotificationUnhook) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE6205)
    [Address] EAT @explorer.exe (GdiplusShutdown) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE56EC)
    [Address] EAT @explorer.exe (GdiplusStartup) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE562E)
    ¤¤¤ Ruches Externes: ¤¤¤
    ¤¤¤ Infection : ¤¤¤
    ¤¤¤ Fichier HOSTS: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts
    ¤¤¤ MBR Verif: ¤¤¤
    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MQ01ABD100 ATA Device +++++
    --- User ---
    [MBR] 66b391a23e756908897a22067406417e
    [BSP] 66b9074cfe339a50f6f3163c89590255 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 MB
    User = LL1 ... OK!
    User = LL2 ... OK!
    Termine : << RKreport[0]_S_07012006_031723.txt >>
     
  8. needhelp51

    needhelp51 TS Enthusiast Topic Starter Posts: 218

    Here is delete log part 1:

    RogueKiller V8.8.15 [Mar 27 2014] par Adlice Software
    mail : http://www.adlice.com/contact/
    Remontees : http://forum.adlice.com
    Site Web : http://www.surlatoile.org/RogueKiller/
    Blog : http://www.adlice.com
    Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
    Demarrage : Mode normal
    Utilisateur : Admin [Droits d'admin]
    Mode : Suppression -- Date : 07/01/2006 03:17:46
    | ARK || FAK || MBR |
    ¤¤¤ Processus malicieux : 0 ¤¤¤
    ¤¤¤ Entrees de registre : 3 ¤¤¤
    [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REMPLACÉ (1)
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0)
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)
    ¤¤¤ Tâches planifiées : 0 ¤¤¤
    ¤¤¤ Entrées Startup : 0 ¤¤¤
    ¤¤¤ Navigateurs web : 0 ¤¤¤
    ¤¤¤ Addons navigateur : 0 ¤¤¤
    ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
    ¤¤¤ Driver : [CHARGE] ¤¤¤
    [Address] EAT @explorer.exe (DllGetClassObject) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ACF9D)
    [Address] EAT @explorer.exe (IEnumString_Next_WIC_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AE000)
    [Address] EAT @explorer.exe (IEnumString_Reset_WIC_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AE029)
    [Address] EAT @explorer.exe (IPropertyBag2_Write_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AE049)
    [Address] EAT @explorer.exe (IWICBitmapClipper_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADD2A)
    [Address] EAT @explorer.exe (IWICBitmapCodecInfo_DoesSupportAnimation_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AEA9A)
    [Address] EAT @explorer.exe (IWICBitmapCodecInfo_DoesSupportLossless_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AEABD)
    [Address] EAT @explorer.exe (IWICBitmapCodecInfo_DoesSupportMultiframe_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AEAE0)
    [Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetContainerFormat_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AE9D3)
    [Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetDeviceManufacturer_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AE9F6)
    [Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetDeviceModels_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AEA1F)
    [Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetFileExtensions_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AEA71)
    [Address] EAT @explorer.exe (IWICBitmapCodecInfo_GetMimeTypes_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AEA48)
    [Address] EAT @explorer.exe (IWICBitmapDecoder_CopyPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD845)
    [Address] EAT @explorer.exe (IWICBitmapDecoder_GetColorContexts_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AE9AA)
    [Address] EAT @explorer.exe (IWICBitmapDecoder_GetDecoderInfo_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD822)
    [Address] EAT @explorer.exe (IWICBitmapDecoder_GetFrameCount_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD9A2)
    [Address] EAT @explorer.exe (IWICBitmapDecoder_GetFrame_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD868)
    [Address] EAT @explorer.exe (IWICBitmapDecoder_GetMetadataQueryReader_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD8DA)
    [Address] EAT @explorer.exe (IWICBitmapDecoder_GetPreview_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADC74)
    [Address] EAT @explorer.exe (IWICBitmapDecoder_GetThumbnail_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AE9D3)
    [Address] EAT @explorer.exe (IWICBitmapEncoder_Commit_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADC05)
    [Address] EAT @explorer.exe (IWICBitmapEncoder_CreateNewFrame_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADB87)
    [Address] EAT @explorer.exe (IWICBitmapEncoder_GetEncoderInfo_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADB5E)
    [Address] EAT @explorer.exe (IWICBitmapEncoder_GetMetadataQueryWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD9A2)
    [Address] EAT @explorer.exe (IWICBitmapEncoder_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADB32)
    [Address] EAT @explorer.exe (IWICBitmapEncoder_SetPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADBDC)
    [Address] EAT @explorer.exe (IWICBitmapEncoder_SetThumbnail_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADBB3)
    [Address] EAT @explorer.exe (IWICBitmapFlipRotator_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADD2A)
    [Address] EAT @explorer.exe (IWICBitmapFrameDecode_GetColorContexts_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD88E)
    [Address] EAT @explorer.exe (IWICBitmapFrameDecode_GetMetadataQueryReader_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD8DA)
    [Address] EAT @explorer.exe (IWICBitmapFrameDecode_GetThumbnail_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD8B7)
    [Address] EAT @explorer.exe (IWICBitmapFrameEncode_Commit_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD9C5)
    [Address] EAT @explorer.exe (IWICBitmapFrameEncode_GetMetadataQueryWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AEB03)
    [Address] EAT @explorer.exe (IWICBitmapFrameEncode_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADFB7)
    [Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetColorContexts_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADB06)
    [Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetResolution_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADA17)
    [Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetSize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD9E5)
    [Address] EAT @explorer.exe (IWICBitmapFrameEncode_SetThumbnail_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADADD)
    [Address] EAT @explorer.exe (IWICBitmapFrameEncode_WriteSource_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADA71)
    [Address] EAT @explorer.exe (IWICBitmapLock_GetDataPointer_STA_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD7FC)
    [Address] EAT @explorer.exe (IWICBitmapLock_GetStride_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADC25)
    [Address] EAT @explorer.exe (IWICBitmapScaler_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADCFE)
    [Address] EAT @explorer.exe (IWICBitmapSource_CopyPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD822)
    [Address] EAT @explorer.exe (IWICBitmapSource_CopyPixels_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADC48)
    [Address] EAT @explorer.exe (IWICBitmapSource_GetPixelFormat_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADC25)
    [Address] EAT @explorer.exe (IWICBitmapSource_GetResolution_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD7FC)
    [Address] EAT @explorer.exe (IWICBitmapSource_GetSize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD91D)
    [Address] EAT @explorer.exe (IWICBitmap_Lock_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AE981)
    [Address] EAT @explorer.exe (IWICBitmap_SetPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADC74)
    [Address] EAT @explorer.exe (IWICBitmap_SetResolution_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADC97)
    [Address] EAT @explorer.exe (IWICColorContext_InitializeFromMemory_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AEB75)
    [Address] EAT @explorer.exe (IWICComponentFactory_CreateMetadataWriterFromReader_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD7AA)
    [Address] EAT @explorer.exe (IWICComponentFactory_CreateQueryWriterFromBlockWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD7D3)
    [Address] EAT @explorer.exe (IWICComponentInfo_GetAuthor_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AE958)
    [Address] EAT @explorer.exe (IWICComponentInfo_GetCLSID_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADC25)
    [Address] EAT @explorer.exe (IWICComponentInfo_GetFriendlyName_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AE9AA)
    [Address] EAT @explorer.exe (IWICComponentInfo_GetSpecVersion_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD88E)
    [Address] EAT @explorer.exe (IWICComponentInfo_GetVersion_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AE981)
    [Address] EAT @explorer.exe (IWICFastMetadataEncoder_Commit_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD8FD)
    [Address] EAT @explorer.exe (IWICFastMetadataEncoder_GetMetadataQueryWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADC25)
    [Address] EAT @explorer.exe (IWICFormatConverter_Initialize_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADCC7)
    [Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapClipper_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD557)
    [Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFlipRotator_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD580)
    [Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromHBITMAP_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD6BA)
    [Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromHICON_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD6E6)
    [Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromMemory_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD656)
    [Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapFromSource_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD62D)
    [Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmapScaler_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD52E)
    [Address] EAT @explorer.exe (IWICImagingFactory_CreateBitmap_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD68B)
    [Address] EAT @explorer.exe (IWICImagingFactory_CreateComponentInfo_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD4D9)
    [Address] EAT @explorer.exe (IWICImagingFactory_CreateDecoderFromFileHandle_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD4A1)
    [Address] EAT @explorer.exe (IWICImagingFactory_CreateDecoderFromFilename_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD466)
    [Address] EAT @explorer.exe (IWICImagingFactory_CreateDecoderFromStream_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD42E)
    [Address] EAT @explorer.exe (IWICImagingFactory_CreateEncoder_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD5D2)
    [Address] EAT @explorer.exe (IWICImagingFactory_CreateFastMetadataEncoderFromDecoder_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD70C)
    [Address] EAT @explorer.exe (IWICImagingFactory_CreateFastMetadataEncoderFromFrameDecode_Prox-Lï�?–B#ø"##ÿÿÿÿŒ–B#tD##LïG) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD732)
    [Address] EAT @explorer.exe (IWICImagingFactory_CreateFormatConverter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD505)
    [Address] EAT @explorer.exe (IWICImagingFactory_CreatePalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADADD)
    [Address] EAT @explorer.exe (IWICImagingFactory_CreateQueryWriterFromReader_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD781)
    [Address] EAT @explorer.exe (IWICImagingFactory_CreateQueryWriter_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD758)
    [Address] EAT @explorer.exe (IWICImagingFactory_CreateStream_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD5A9)
    [Address] EAT @explorer.exe (IWICMetadataBlockReader_GetCount_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADC25)
    [Address] EAT @explorer.exe (IWICMetadataBlockReader_GetReaderByIndex_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD7FC)
    [Address] EAT @explorer.exe (IWICMetadataQueryReader_GetContainerFormat_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADFB7)
    [Address] EAT @explorer.exe (IWICMetadataQueryReader_GetEnumerator_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD822)
    [Address] EAT @explorer.exe (IWICMetadataQueryReader_GetLocation_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AE049)
    [Address] EAT @explorer.exe (IWICMetadataQueryReader_GetMetadataByName_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD7FC)
    [Address] EAT @explorer.exe (IWICMetadataQueryWriter_RemoveMetadataByName_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD8DA)
    [Address] EAT @explorer.exe (IWICMetadataQueryWriter_SetMetadataByName_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADFDA)
    [Address] EAT @explorer.exe (IWICPalette_GetColorCount_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD96C)
    [Address] EAT @explorer.exe (IWICPalette_GetColors_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD88E)
    [Address] EAT @explorer.exe (IWICPalette_GetType_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD845)
    [Address] EAT @explorer.exe (IWICPalette_HasAlpha_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD9A2)
    [Address] EAT @explorer.exe (IWICPalette_InitializeCustom_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AEB75)
    [Address] EAT @explorer.exe (IWICPalette_InitializeFromBitmap_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD943)
    [Address] EAT @explorer.exe (IWICPalette_InitializeFromPalette_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD822)
    [Address] EAT @explorer.exe (IWICPalette_InitializePredefined_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD91D)
    [Address] EAT @explorer.exe (IWICPixelFormatInfo_GetBitsPerPixel_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AEB03)
    [Address] EAT @explorer.exe (IWICPixelFormatInfo_GetChannelCount_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADD50)
    [Address] EAT @explorer.exe (IWICPixelFormatInfo_GetChannelMask_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AEB26)
    [Address] EAT @explorer.exe (IWICStream_InitializeFromIStream_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADD50)
    [Address] EAT @explorer.exe (IWICStream_InitializeFromMemory_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADD73)
    [Address] EAT @explorer.exe (WICConvertBitmapSource) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADDB8)
    [Address] EAT @explorer.exe (WICCreateBitmapFromSection) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADF8D)
    [Address] EAT @explorer.exe (WICCreateBitmapFromSectionEx) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADE8C)
    [Address] EAT @explorer.exe (WICCreateColorContext_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AEB52)
    [Address] EAT @explorer.exe (WICCreateImagingFactory_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD02B)
    [Address] EAT @explorer.exe (WICGetMetadataContentSize) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AE61D)
    [Address] EAT @explorer.exe (WICMapGuidToShortName) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD0EC)
    [Address] EAT @explorer.exe (WICMapSchemaToName) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD2E0)
    [Address] EAT @explorer.exe (WICMapShortNameToGuid) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AD217)
    [Address] EAT @explorer.exe (WICMatchMetadataContent) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AE072)
    [Address] EAT @explorer.exe (WICSerializeMetadataContent) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735AE1B4)
    [Address] EAT @explorer.exe (WICSetEncoderFormat_Proxy) : XmlLite.dll -> HOOKED (C:\Windows\system32\WindowsCodecs.dll @ 0x735ADD99)
    [Address] EAT @explorer.exe (DllCanUnloadNow) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74142B3B)
    [Address] EAT @explorer.exe (DllGetClassObject) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7415188E)
    [Address] EAT @explorer.exe (DllGetVersion) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74142982)
    [Address] EAT @explorer.exe (DllRegisterServer) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741D7DC5)
    [Address] EAT @explorer.exe (DllUnregisterServer) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741D818F)
    [Address] EAT @explorer.exe (Migrate10CachedPackagesA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DC744)
    [Address] EAT @explorer.exe (Migrate10CachedPackagesW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DE1AC)
    [Address] EAT @explorer.exe (MsiAdvertiseProductA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E257F)
    [Address] EAT @explorer.exe (MsiAdvertiseProductExA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E27D7)
    [Address] EAT @explorer.exe (MsiAdvertiseProductExW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DD6C1)
    [Address] EAT @explorer.exe (MsiAdvertiseProductW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DD46F)
    [Address] EAT @explorer.exe (MsiAdvertiseScriptA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E8A3F)
    [Address] EAT @explorer.exe (MsiAdvertiseScriptW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EB641)
    [Address] EAT @explorer.exe (MsiApplyMultiplePatchesA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F5903)
    [Address] EAT @explorer.exe (MsiApplyMultiplePatchesW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F1057)
    [Address] EAT @explorer.exe (MsiApplyPatchA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E2D5D)
    [Address] EAT @explorer.exe (MsiApplyPatchW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DD943)
    [Address] EAT @explorer.exe (MsiBeginTransactionA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F9441)
    [Address] EAT @explorer.exe (MsiBeginTransactionW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F39D4)
    [Address] EAT @explorer.exe (MsiCloseAllHandles) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742000C3)
    [Address] EAT @explorer.exe (MsiCloseHandle) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74200015)
    [Address] EAT @explorer.exe (MsiCollectUserInfoA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E1C3A)
    [Address] EAT @explorer.exe (MsiCollectUserInfoW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DD16F)
    [Address] EAT @explorer.exe (MsiConfigureFeatureA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E1D5A)
    [Address] EAT @explorer.exe (MsiConfigureFeatureFromDescriptorA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741ED70A)
    [Address] EAT @explorer.exe (MsiConfigureFeatureFromDescriptorW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EE41B)
    [Address] EAT @explorer.exe (MsiConfigureFeatureW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DD2B7)
    [Address] EAT @explorer.exe (MsiConfigureProductA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EF256)
    [Address] EAT @explorer.exe (MsiConfigureProductExA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EDACA)
    [Address] EAT @explorer.exe (MsiConfigureProductExW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EE891)
    [Address] EAT @explorer.exe (MsiConfigureProductW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EF581)
    [Address] EAT @explorer.exe (MsiCreateAndVerifyInstallerDirectory) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7415B2E1)
    [Address] EAT @explorer.exe (MsiCreateRecord) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74201514)
    [Address] EAT @explorer.exe (MsiCreateTransformSummaryInfoA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742055D1)
    [Address] EAT @explorer.exe (MsiCreateTransformSummaryInfoW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742048EF)
    [Address] EAT @explorer.exe (MsiDatabaseApplyTransformA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742048A9)
    [Address] EAT @explorer.exe (MsiDatabaseApplyTransformW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74201397)
    [Address] EAT @explorer.exe (MsiDatabaseCommit) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74200DEB)
    [Address] EAT @explorer.exe (MsiDatabaseExportA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74204792)
    [Address] EAT @explorer.exe (MsiDatabaseExportW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74201008)
    [Address] EAT @explorer.exe (MsiDatabaseGenerateTransformA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7420485D)
    [Address] EAT @explorer.exe (MsiDatabaseGenerateTransformW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74201270)
    [Address] EAT @explorer.exe (MsiDatabaseGetPrimaryKeysA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742045FD)
    [Address] EAT @explorer.exe (MsiDatabaseGetPrimaryKeysW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74203C54)
    [Address] EAT @explorer.exe (MsiDatabaseImportA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7420472E)
    [Address] EAT @explorer.exe (MsiDatabaseImportW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74200F1E)
    [Address] EAT @explorer.exe (MsiDatabaseIsTablePersistentA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74204643)
    [Address] EAT @explorer.exe (MsiDatabaseIsTablePersistentW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74200C8F)
    [Address] EAT @explorer.exe (MsiDatabaseMergeA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74204817)
    [Address] EAT @explorer.exe (MsiDatabaseMergeW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74201111)
    [Address] EAT @explorer.exe (MsiDatabaseOpenViewA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742045B7)
    [Address] EAT @explorer.exe (MsiDatabaseOpenViewW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742002B7)
    [Address] EAT @explorer.exe (MsiDecomposeDescriptorA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EDA7B)
    [Address] EAT @explorer.exe (MsiDecomposeDescriptorW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74136286)
    [Address] EAT @explorer.exe (MsiDeleteUserDataA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EA367)
    [Address] EAT @explorer.exe (MsiDeleteUserDataW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E69EB)
    [Address] EAT @explorer.exe (MsiDetermineApplicablePatchesA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741FD4C5)
    [Address] EAT @explorer.exe (MsiDetermineApplicablePatchesW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741FC559)
    [Address] EAT @explorer.exe (MsiDeterminePatchSequenceA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741FD9D9)
    [Address] EAT @explorer.exe (MsiDeterminePatchSequenceW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741FC9E1)
    [Address] EAT @explorer.exe (MsiDoActionA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7420613D)
    [Address] EAT @explorer.exe (MsiDoActionW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74202D61)
    [Address] EAT @explorer.exe (MsiEnableLogA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E189B)
    [Address] EAT @explorer.exe (MsiEnableLogW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DFBE9)
    [Address] EAT @explorer.exe (MsiEnableUIPreview) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742039CD)
    [Address] EAT @explorer.exe (MsiEndTransaction) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F3E11)
    [Address] EAT @explorer.exe (MsiEnumClientsA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7415EC96)
    [Address] EAT @explorer.exe (MsiEnumClientsExA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F5D6E)
    [Address] EAT @explorer.exe (MsiEnumClientsExW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F13A7)
    [Address] EAT @explorer.exe (MsiEnumClientsW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74143647)
    [Address] EAT @explorer.exe (MsiEnumComponentCostsA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74207847)
    [Address] EAT @explorer.exe (MsiEnumComponentCostsW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74207A95)
    [Address] EAT @explorer.exe (MsiEnumComponentQualifiersA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741ECD6D)
    [Address] EAT @explorer.exe (MsiEnumComponentQualifiersW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7414384D)
    [Address] EAT @explorer.exe (MsiEnumComponentsA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E91B9)
    [Address] EAT @explorer.exe (MsiEnumComponentsExA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F5B08)
    [Address] EAT @explorer.exe (MsiEnumComponentsExW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F121D)
    [Address] EAT @explorer.exe (MsiEnumComponentsW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EBA57)
    [Address] EAT @explorer.exe (MsiEnumFeaturesA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E9C04)
    [Address] EAT @explorer.exe (MsiEnumFeaturesW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EC259)
    [Address] EAT @explorer.exe (MsiEnumPatchesA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F97EB)
    [Address] EAT @explorer.exe (MsiEnumPatchesExA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F4897)
    [Address] EAT @explorer.exe (MsiEnumPatchesExW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F0E79)
    [Address] EAT @explorer.exe (MsiEnumPatchesW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F468E)
    [Address] EAT @explorer.exe (MsiEnumProductsA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E9175)
    [Address] EAT @explorer.exe (MsiEnumProductsExA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F6313)
    [Address] EAT @explorer.exe (MsiEnumProductsExW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F1729)
    [Address] EAT @explorer.exe (MsiEnumProductsW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7414559D)
    [Address] EAT @explorer.exe (MsiEnumRelatedProductsA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E9109)
    [Address] EAT @explorer.exe (MsiEnumRelatedProductsW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EB9EB)
    [Address] EAT @explorer.exe (MsiEvaluateConditionA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742061C6)
    [Address] EAT @explorer.exe (MsiEvaluateConditionW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742030C1)
    [Address] EAT @explorer.exe (MsiExtractPatchXMLDataA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F4FAE)
    [Address] EAT @explorer.exe (MsiExtractPatchXMLDataW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F4C22)
    [Address] EAT @explorer.exe (MsiFormatRecordA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74202A73)
    [Address] EAT @explorer.exe (MsiFormatRecordW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74202BF9)
    [Address] EAT @explorer.exe (MsiGetActiveDatabase) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74202639)
    [Address] EAT @explorer.exe (MsiGetComponentPathA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EEEBD)
    [Address] EAT @explorer.exe (MsiGetComponentPathExA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F6053)
    [Address] EAT @explorer.exe (MsiGetComponentPathExW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F1559)
    [Address] EAT @explorer.exe (MsiGetComponentPathW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741362DD)
    [Address] EAT @explorer.exe (MsiGetComponentStateA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742071E3)
    [Address] EAT @explorer.exe (MsiGetComponentStateW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742072DC)
    [Address] EAT @explorer.exe (MsiGetDatabaseState) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74200ED9)
    [Address] EAT @explorer.exe (MsiGetFeatureCostA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742075FD)
    [Address] EAT @explorer.exe (MsiGetFeatureCostW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74207702)
    [Address] EAT @explorer.exe (MsiGetFeatureInfoA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E0D1A)
    [Address] EAT @explorer.exe (MsiGetFeatureInfoW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DF5EE)
    [Address] EAT @explorer.exe (MsiGetFeatureStateA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74206CD5)
    [Address] EAT @explorer.exe (MsiGetFeatureStateW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74206DC3)
    [Address] EAT @explorer.exe (MsiGetFeatureUsageA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EA111)
    [Address] EAT @explorer.exe (MsiGetFeatureUsageW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EC9BD)
    [Address] EAT @explorer.exe (MsiGetFeatureValidStatesA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74207CC5)
    [Address] EAT @explorer.exe (MsiGetFeatureValidStatesW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742036EC)
    [Address] EAT @explorer.exe (MsiGetFileHashA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E1214)
    [Address] EAT @explorer.exe (MsiGetFileHashW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DCA49)
    [Address] EAT @explorer.exe (MsiGetFileSignatureInformationA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E128C)
    [Address] EAT @explorer.exe (MsiGetFileSignatureInformationW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DCA9F)
    [Address] EAT @explorer.exe (MsiGetFileVersionA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E0EF8)
    [Address] EAT @explorer.exe (MsiGetFileVersionW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E3D2F)
    [Address] EAT @explorer.exe (MsiGetLanguage) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74202727)
    [Address] EAT @explorer.exe (MsiGetLastErrorRecord) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74201D69)
    [Address] EAT @explorer.exe (MsiGetMode) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7420279F)
    [Address] EAT @explorer.exe (MsiGetPatchFileListA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741FD25D)
    [Address] EAT @explorer.exe (MsiGetPatchFileListW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F8B6E)
    [Address] EAT @explorer.exe (MsiGetPatchInfoA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EA24F)
    [Address] EAT @explorer.exe (MsiGetPatchInfoExA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F55E9)
    [Address] EAT @explorer.exe (MsiGetPatchInfoExW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F5177)
    [Address] EAT @explorer.exe (MsiGetPatchInfoW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741ECAFB)
    [Address] EAT @explorer.exe (MsiGetProductCodeA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7415EADC)
    [Address] EAT @explorer.exe (MsiGetProductCodeFromPackageCodeA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EED5F)
    [Address] EAT @explorer.exe (MsiGetProductCodeFromPackageCodeW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EF353)
    [Address] EAT @explorer.exe (MsiGetProductCodeW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7415EE6C)
    [Address] EAT @explorer.exe (MsiGetProductInfoA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741ED362)
    [Address] EAT @explorer.exe (MsiGetProductInfoExA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F65DE)
    [Address] EAT @explorer.exe (MsiGetProductInfoExW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F18FF)
    [Address] EAT @explorer.exe (MsiGetProductInfoFromScriptA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E0880)
    [Address] EAT @explorer.exe (MsiGetProductInfoFromScriptW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DF132)
    [Address] EAT @explorer.exe (MsiGetProductInfoW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74144273)
    [Address] EAT @explorer.exe (MsiGetProductPropertyA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E0B90)
    [Address] EAT @explorer.exe (MsiGetProductPropertyW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DF48B)
    [Address] EAT @explorer.exe (MsiGetPropertyA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7420596D)
    [Address] EAT @explorer.exe (MsiGetPropertyW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74205BA3)
    [Address] EAT @explorer.exe (MsiGetShortcutTargetA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E2A58)
    [Address] EAT @explorer.exe (MsiGetShortcutTargetW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E4689)
    [Address] EAT @explorer.exe (MsiGetSourcePathA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74206209)
    [Address] EAT @explorer.exe (MsiGetSourcePathW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7420640D)
    [Address] EAT @explorer.exe (MsiGetSummaryInformationA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742058BD)
    [Address] EAT @explorer.exe (MsiGetSummaryInformationW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74204293)
    [Address] EAT @explorer.exe (MsiGetTargetPathA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742065F5)
    [Address] EAT @explorer.exe (MsiGetTargetPathW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742067F9)
    [Address] EAT @explorer.exe (MsiGetUserInfoA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E91FE)
    [Address] EAT @explorer.exe (MsiGetUserInfoW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7415E466)
    [Address] EAT @explorer.exe (MsiInstallMissingComponentA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E22C7)
    [Address] EAT @explorer.exe (MsiInstallMissingComponentW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E43D9)
    [Address] EAT @explorer.exe (MsiInstallMissingFileA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E2067)
    [Address] EAT @explorer.exe (MsiInstallMissingFileW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E4179)
    [Address] EAT @explorer.exe (MsiInstallProductA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E197E)
    [Address] EAT @explorer.exe (MsiInstallProductW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DCE4B)
    [Address] EAT @explorer.exe (MsiInvalidateFeatureCache) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7419D1D3)
    [Address] EAT @explorer.exe (MsiIsProductElevatedA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E3306)
    [Address] EAT @explorer.exe (MsiIsProductElevatedW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E4A5D)
    [Address] EAT @explorer.exe (MsiJoinTransaction) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F3FEB)
    [Address] EAT @explorer.exe (MsiLoadStringA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E141F)
    [Address] EAT @explorer.exe (MsiLoadStringW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7414AE09)
    [Address] EAT @explorer.exe (MsiLocateComponentA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EF19F)
    [Address] EAT @explorer.exe (MsiLocateComponentW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EF4CA)
    [Address] EAT @explorer.exe (MsiMessageBoxA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E16DA)
    [Address] EAT @explorer.exe (MsiMessageBoxExA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E1528)
    [Address] EAT @explorer.exe (MsiMessageBoxExW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DCCB1)
    [Address] EAT @explorer.exe (MsiMessageBoxW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DCE24)
    [Address] EAT @explorer.exe (MsiNotifySidChangeA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EA306)
    [Address] EAT @explorer.exe (MsiNotifySidChangeW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E501B)
    [Address] EAT @explorer.exe (MsiOpenDatabaseA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74204691)
    [Address] EAT @explorer.exe (MsiOpenDatabaseW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74203D8D)
    [Address] EAT @explorer.exe (MsiOpenPackageA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DEDC0)
    [Address] EAT @explorer.exe (MsiOpenPackageExA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DC63E)
    [Address] EAT @explorer.exe (MsiOpenPackageExW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DC8E9)
    [Address] EAT @explorer.exe (MsiOpenPackageW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DF7AB)
    [Address] EAT @explorer.exe (MsiOpenProductA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E8BF2)
    [Address] EAT @explorer.exe (MsiOpenProductW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EB857)
    [Address] EAT @explorer.exe (MsiPreviewBillboardA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74207D4E)
    [Address] EAT @explorer.exe (MsiPreviewBillboardW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74203AEA)
    [Address] EAT @explorer.exe (MsiPreviewDialogA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74207D0B)
    [Address] EAT @explorer.exe (MsiPreviewDialogW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74203A96)
    [Address] EAT @explorer.exe (MsiProcessAdvertiseScriptA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741ECBB2)
    [Address] EAT @explorer.exe (MsiProcessAdvertiseScriptW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EDF39)
    [Address] EAT @explorer.exe (MsiProcessMessage) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74202F51)
    [Address] EAT @explorer.exe (MsiProvideAssemblyA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EFD5D)
    [Address] EAT @explorer.exe (MsiProvideAssemblyW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F0765)
    [Address] EAT @explorer.exe (MsiProvideComponentA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EF7B9)
    [Address] EAT @explorer.exe (MsiProvideComponentFromDescriptorA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EFAB3)
    [Address] EAT @explorer.exe (MsiProvideComponentFromDescriptorW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74144F84)
    [Address] EAT @explorer.exe (MsiProvideComponentW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F030C)
    [Address] EAT @explorer.exe (MsiProvideQualifiedComponentA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7415C385)
    [Address] EAT @explorer.exe (MsiProvideQualifiedComponentExA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7415D411)
    [Address] EAT @explorer.exe (MsiProvideQualifiedComponentExW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74138A47)
    [Address] EAT @explorer.exe (MsiProvideQualifiedComponentW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74138C86)
    [Address] EAT @explorer.exe (MsiQueryComponentStateA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F687C)
    [Address] EAT @explorer.exe (MsiQueryComponentStateW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F1AE1)
    [Address] EAT @explorer.exe (MsiQueryFeatureStateA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EF6F1)
    [Address] EAT @explorer.exe (MsiQueryFeatureStateExA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F6A94)
    [Address] EAT @explorer.exe (MsiQueryFeatureStateExW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F1CD9)
    [Address] EAT @explorer.exe (MsiQueryFeatureStateFromDescriptorA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EFC02)
    [Address] EAT @explorer.exe (MsiQueryFeatureStateFromDescriptorW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F057D)
    [Address] EAT @explorer.exe (MsiQueryFeatureStateW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7413617D)
    [Address] EAT @explorer.exe (MsiQueryProductStateA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741ED45D)
    [Address] EAT @explorer.exe (MsiQueryProductStateW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741449FE)
    [Address] EAT @explorer.exe (MsiRecordClearData) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74201D27)
    [Address] EAT @explorer.exe (MsiRecordDataSize) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742016E5)
    [Address] EAT @explorer.exe (MsiRecordGetFieldCount) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74201916)
    [Address] EAT @explorer.exe (MsiRecordGetInteger) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742018B5)
    [Address] EAT @explorer.exe (MsiRecordGetStringA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74203F1D)
    [Address] EAT @explorer.exe (MsiRecordGetStringW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742040CC)
    [Address] EAT @explorer.exe (MsiRecordIsNull) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742015F5)
    [Address] EAT @explorer.exe (MsiRecordReadStream) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74201B6D)
    [Address] EAT @explorer.exe (MsiRecordSetInteger) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742017C2)
    [Address] EAT @explorer.exe (MsiRecordSetStreamA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74205877)
    [Address] EAT @explorer.exe (MsiRecordSetStreamW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74201A03)
    [Address] EAT @explorer.exe (MsiRecordSetStringA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7420561D)
    [Address] EAT @explorer.exe (MsiRecordSetStringW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7420572E)
    [Address] EAT @explorer.exe (MsiReinstallFeatureA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E1EDE)
    [Address] EAT @explorer.exe (MsiReinstallFeatureFromDescriptorA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741ED8C2)
    [Address] EAT @explorer.exe (MsiReinstallFeatureFromDescriptorW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EE657)
    [Address] EAT @explorer.exe (MsiReinstallFeatureW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74148C24)
    [Address] EAT @explorer.exe (MsiReinstallProductA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E1AFE)
    [Address] EAT @explorer.exe (MsiReinstallProductW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DCFF1)
    [Address] EAT @explorer.exe (MsiRemovePatchesA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F9606)
    [Address] EAT @explorer.exe (MsiRemovePatchesW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F3702)
    [Address] EAT @explorer.exe (MsiSequenceA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74206180)
    [Address] EAT @explorer.exe (MsiSequenceW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74202E4B)
    [Address] EAT @explorer.exe (MsiSetComponentStateA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742073EB)
    [Address] EAT @explorer.exe (MsiSetComponentStateW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742074E5)
    [Address] EAT @explorer.exe (MsiSetExternalUIA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DC72F)
    [Address] EAT @explorer.exe (MsiSetExternalUIRecord) : WTSAPI32.dll -> HOOKED
     
  9. needhelp51

    needhelp51 TS Enthusiast Topic Starter Posts: 218

    Here is delete log part 2:

    (C:\Windows\system32\msi.dll @ 0x741F336B)
    [Address] EAT @explorer.exe (MsiSetExternalUIW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74144E86)
    [Address] EAT @explorer.exe (MsiSetFeatureAttributesA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74207001)
    [Address] EAT @explorer.exe (MsiSetFeatureAttributesW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742070B4)
    [Address] EAT @explorer.exe (MsiSetFeatureStateA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74206E2D)
    [Address] EAT @explorer.exe (MsiSetFeatureStateW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74206EDF)
    [Address] EAT @explorer.exe (MsiSetInstallLevel) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74203424)
    [Address] EAT @explorer.exe (MsiSetInternalUI) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74144FE6)
    [Address] EAT @explorer.exe (MsiSetMode) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742028BB)
    [Address] EAT @explorer.exe (MsiSetOfflineContextW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74208485)
    [Address] EAT @explorer.exe (MsiSetPropertyA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74205DC1)
    [Address] EAT @explorer.exe (MsiSetPropertyW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74205F85)
    [Address] EAT @explorer.exe (MsiSetTargetPathA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742069DD)
    [Address] EAT @explorer.exe (MsiSetTargetPathW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74206B61)
    [Address] EAT @explorer.exe (MsiSourceListAddMediaDiskA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F7136)
    [Address] EAT @explorer.exe (MsiSourceListAddMediaDiskW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F2165)
    [Address] EAT @explorer.exe (MsiSourceListAddSourceA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E3037)
    [Address] EAT @explorer.exe (MsiSourceListAddSourceExA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F6F13)
    [Address] EAT @explorer.exe (MsiSourceListAddSourceExW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F1F43)
    [Address] EAT @explorer.exe (MsiSourceListAddSourceW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DDC51)
    [Address] EAT @explorer.exe (MsiSourceListClearAllA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E2EF0)
    [Address] EAT @explorer.exe (MsiSourceListClearAllExA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F7875)
    [Address] EAT @explorer.exe (MsiSourceListClearAllExW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F281B)
    [Address] EAT @explorer.exe (MsiSourceListClearAllW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DDAEB)
    [Address] EAT @explorer.exe (MsiSourceListClearMediaDiskA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F764A)
    [Address] EAT @explorer.exe (MsiSourceListClearMediaDiskW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F260D)
    [Address] EAT @explorer.exe (MsiSourceListClearSourceA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F7436)
    [Address] EAT @explorer.exe (MsiSourceListClearSourceW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F2405)
    [Address] EAT @explorer.exe (MsiSourceListEnumMediaDisksA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F834E)
    [Address] EAT @explorer.exe (MsiSourceListEnumMediaDisksW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F31B5)
    [Address] EAT @explorer.exe (MsiSourceListEnumSourcesA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F7C4B)
    [Address] EAT @explorer.exe (MsiSourceListEnumSourcesW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F2C07)
    [Address] EAT @explorer.exe (MsiSourceListForceResolutionA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E31B8)
    [Address] EAT @explorer.exe (MsiSourceListForceResolutionExA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F7A6C)
    [Address] EAT @explorer.exe (MsiSourceListForceResolutionExW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F2A09)
    [Address] EAT @explorer.exe (MsiSourceListForceResolutionW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DDDDB)
    [Address] EAT @explorer.exe (MsiSourceListGetInfoA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F7E30)
    [Address] EAT @explorer.exe (MsiSourceListGetInfoW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F2DB5)
    [Address] EAT @explorer.exe (MsiSourceListSetInfoA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F80F8)
    [Address] EAT @explorer.exe (MsiSourceListSetInfoW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F2FAB)
    [Address] EAT @explorer.exe (MsiSummaryInfoGetPropertyA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742021B9)
    [Address] EAT @explorer.exe (MsiSummaryInfoGetPropertyCount) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74201E3D)
    [Address] EAT @explorer.exe (MsiSummaryInfoGetPropertyW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7420238B)
    [Address] EAT @explorer.exe (MsiSummaryInfoPersist) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74202551)
    [Address] EAT @explorer.exe (MsiSummaryInfoSetPropertyA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74205906)
    [Address] EAT @explorer.exe (MsiSummaryInfoSetPropertyW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74201F2B)
    [Address] EAT @explorer.exe (MsiUseFeatureA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F0D83)
    [Address] EAT @explorer.exe (MsiUseFeatureExA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741EF9E8)
    [Address] EAT @explorer.exe (MsiUseFeatureExW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74144D3A)
    [Address] EAT @explorer.exe (MsiUseFeatureW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741F0DA0)
    [Address] EAT @explorer.exe (MsiVerifyDiskSpace) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74203863)
    [Address] EAT @explorer.exe (MsiVerifyPackageA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741E07AA)
    [Address] EAT @explorer.exe (MsiVerifyPackageW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x741DF097)
    [Address] EAT @explorer.exe (MsiViewClose) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74200BAF)
    [Address] EAT @explorer.exe (MsiViewExecute) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7420070F)
    [Address] EAT @explorer.exe (MsiViewFetch) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74200833)
    [Address] EAT @explorer.exe (MsiViewGetColumnInfo) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74200A91)
    [Address] EAT @explorer.exe (MsiViewGetErrorA) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742003F1)
    [Address] EAT @explorer.exe (MsiViewGetErrorW) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x742005CE)
    [Address] EAT @explorer.exe (MsiViewModify) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x7420093F)
    [Address] EAT @explorer.exe (QueryInstanceCount) : WTSAPI32.dll -> HOOKED (C:\Windows\system32\msi.dll @ 0x74142B2A)
    [Address] EAT @explorer.exe (BeginBufferedAnimation) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E309AE)
    [Address] EAT @explorer.exe (BeginBufferedPaint) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E249A1)
    [Address] EAT @explorer.exe (BeginPanningFeedback) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E50731)
    [Address] EAT @explorer.exe (BufferedPaintClear) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E26395)
    [Address] EAT @explorer.exe (BufferedPaintInit) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E2940E)
    [Address] EAT @explorer.exe (BufferedPaintRenderAnimation) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E308ED)
    [Address] EAT @explorer.exe (BufferedPaintSetAlpha) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E3E6B3)
    [Address] EAT @explorer.exe (BufferedPaintStopAllAnimations) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E3D395)
    [Address] EAT @explorer.exe (BufferedPaintUnInit) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E294AB)
    [Address] EAT @explorer.exe (CloseThemeData) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E26A18)
    [Address] EAT @explorer.exe (DrawThemeBackground) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E23982)
    [Address] EAT @explorer.exe (DrawThemeBackgroundEx) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E3D9DA)
    [Address] EAT @explorer.exe (DrawThemeEdge) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E43B52)
    [Address] EAT @explorer.exe (DrawThemeIcon) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E535E7)
    [Address] EAT @explorer.exe (DrawThemeParentBackground) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E253E5)
    [Address] EAT @explorer.exe (DrawThemeParentBackgroundEx) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E251BF)
    [Address] EAT @explorer.exe (DrawThemeText) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E24EA1)
    [Address] EAT @explorer.exe (DrawThemeTextEx) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E263E6)
    [Address] EAT @explorer.exe (EnableThemeDialogTexture) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E2FCAF)
    [Address] EAT @explorer.exe (EnableTheming) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E52FEB)
    [Address] EAT @explorer.exe (EndBufferedAnimation) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E23F9A)
    [Address] EAT @explorer.exe (EndBufferedPaint) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E23F9A)
    [Address] EAT @explorer.exe (EndPanningFeedback) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E506CC)
    [Address] EAT @explorer.exe (GetBufferedPaintBits) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E24BAF)
    [Address] EAT @explorer.exe (GetBufferedPaintDC) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E304BC)
    [Address] EAT @explorer.exe (GetBufferedPaintTargetDC) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E30473)
    [Address] EAT @explorer.exe (GetBufferedPaintTargetRect) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E52E7F)
    [Address] EAT @explorer.exe (GetCurrentThemeName) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E305DD)
    [Address] EAT @explorer.exe (GetThemeAppProperties) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E30FB1)
    [Address] EAT @explorer.exe (GetThemeBackgroundContentRect) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E2CD2E)
    [Address] EAT @explorer.exe (GetThemeBackgroundExtent) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E2F8BF)
    [Address] EAT @explorer.exe (GetThemeBackgroundRegion) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E3165D)
    [Address] EAT @explorer.exe (GetThemeBitmap) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E2BF93)
    [Address] EAT @explorer.exe (GetThemeBool) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E27C1F)
    [Address] EAT @explorer.exe (GetThemeColor) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E2616C)
    [Address] EAT @explorer.exe (GetThemeDocumentationProperty) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E52932)
    [Address] EAT @explorer.exe (GetThemeEnumValue) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E2616C)
    [Address] EAT @explorer.exe (GetThemeFilename) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E52412)
    [Address] EAT @explorer.exe (GetThemeFont) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E2FF21)
    [Address] EAT @explorer.exe (GetThemeInt) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E2616C)
    [Address] EAT @explorer.exe (GetThemeIntList) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E523B1)
    [Address] EAT @explorer.exe (GetThemeMargins) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E286E9)
    [Address] EAT @explorer.exe (GetThemeMetric) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E306E2)
    [Address] EAT @explorer.exe (GetThemePartSize) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E2CDB1)
    [Address] EAT @explorer.exe (GetThemePosition) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E52350)
    [Address] EAT @explorer.exe (GetThemePropertyOrigin) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E43FBB)
    [Address] EAT @explorer.exe (GetThemeRect) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E33611)
    [Address] EAT @explorer.exe (GetThemeStream) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E339D9)
    [Address] EAT @explorer.exe (GetThemeString) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E522E4)
    [Address] EAT @explorer.exe (GetThemeSysBool) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E53172)
    [Address] EAT @explorer.exe (GetThemeSysColor) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E43274)
    [Address] EAT @explorer.exe (GetThemeSysColorBrush) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E5301E)
    [Address] EAT @explorer.exe (GetThemeSysFont) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E529C4)
    [Address] EAT @explorer.exe (GetThemeSysInt) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E52BD3)
    [Address] EAT @explorer.exe (GetThemeSysSize) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E5320B)
    [Address] EAT @explorer.exe (GetThemeSysString) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E52B3F)
    [Address] EAT @explorer.exe (GetThemeTextExtent) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E22D57)
    [Address] EAT @explorer.exe (GetThemeTextMetrics) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E2F992)
    [Address] EAT @explorer.exe (GetThemeTransitionDuration) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E31081)
    [Address] EAT @explorer.exe (GetWindowTheme) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E2DF46)
    [Address] EAT @explorer.exe (HitTestThemeBackground) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E33CE3)
    [Address] EAT @explorer.exe (IsAppThemed) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E2F869)
    [Address] EAT @explorer.exe (IsCompositionActive) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E22E9A)
    [Address] EAT @explorer.exe (IsThemeActive) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E2F785)
    [Address] EAT @explorer.exe (IsThemeBackgroundPartiallyTransparent) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E260AB)
    [Address] EAT @explorer.exe (IsThemeDialogTextureEnabled) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E5312B)
    [Address] EAT @explorer.exe (IsThemePartDefined) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E285B4)
    [Address] EAT @explorer.exe (OpenThemeData) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E273D2)
    [Address] EAT @explorer.exe (OpenThemeDataEx) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E43D43)
    [Address] EAT @explorer.exe (SetThemeAppProperties) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E53296)
    [Address] EAT @explorer.exe (SetWindowTheme) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E30134)
    [Address] EAT @explorer.exe (SetWindowThemeAttribute) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E3CFE6)
    [Address] EAT @explorer.exe (ThemeInitApiHook) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E2B176)
    [Address] EAT @explorer.exe (UpdatePanningFeedback) : WINSPOOL.DRV -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x73E5068D)
    [Address] EAT @explorer.exe (GdipAddPathArc) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE74C6)
    [Address] EAT @explorer.exe (GdipAddPathArcI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE7599)
    [Address] EAT @explorer.exe (GdipAddPathBezier) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE760F)
    [Address] EAT @explorer.exe (GdipAddPathBezierI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE76F4)
    [Address] EAT @explorer.exe (GdipAddPathBeziers) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE7778)
    [Address] EAT @explorer.exe (GdipAddPathBeziersI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE7838)
    [Address] EAT @explorer.exe (GdipAddPathClosedCurve) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE7F15)
    [Address] EAT @explorer.exe (GdipAddPathClosedCurve2) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE80DE)
    [Address] EAT @explorer.exe (GdipAddPathClosedCurve2I) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE81A5)
    [Address] EAT @explorer.exe (GdipAddPathClosedCurveI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE7FD5)
    [Address] EAT @explorer.exe (GdipAddPathCurve) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE7941)
    [Address] EAT @explorer.exe (GdipAddPathCurve2) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE7B2D)
    [Address] EAT @explorer.exe (GdipAddPathCurve2I) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE7BFB)
    [Address] EAT @explorer.exe (GdipAddPathCurve3) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE7D2E)
    [Address] EAT @explorer.exe (GdipAddPathCurve3I) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE7DFF)
    [Address] EAT @explorer.exe (GdipAddPathCurveI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE7A01)
    [Address] EAT @explorer.exe (GdipAddPathEllipse) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE85A8)
    [Address] EAT @explorer.exe (GdipAddPathEllipseI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE8667)
    [Address] EAT @explorer.exe (GdipAddPathLine) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE71D4)
    [Address] EAT @explorer.exe (GdipAddPathLine2) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE72FD)
    [Address] EAT @explorer.exe (GdipAddPathLine2I) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE73BD)
    [Address] EAT @explorer.exe (GdipAddPathLineI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE7295)
    [Address] EAT @explorer.exe (GdipAddPathPath) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE89E1)
    [Address] EAT @explorer.exe (GdipAddPathPie) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE86CF)
    [Address] EAT @explorer.exe (GdipAddPathPieI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE87A2)
    [Address] EAT @explorer.exe (GdipAddPathPolygon) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE8818)
    [Address] EAT @explorer.exe (GdipAddPathPolygonI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE88D8)
    [Address] EAT @explorer.exe (GdipAddPathRectangle) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE82B5)
    [Address] EAT @explorer.exe (GdipAddPathRectangleI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE8376)
    [Address] EAT @explorer.exe (GdipAddPathRectangles) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE83DE)
    [Address] EAT @explorer.exe (GdipAddPathRectanglesI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE849E)
    [Address] EAT @explorer.exe (GdipAddPathString) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE8A8A)
    [Address] EAT @explorer.exe (GdipAddPathStringI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE8C03)
    [Address] EAT @explorer.exe (GdipAlloc) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F024CB)
    [Address] EAT @explorer.exe (GdipBeginContainer) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F00E5E)
    [Address] EAT @explorer.exe (GdipBeginContainer2) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F00F5F)
    [Address] EAT @explorer.exe (GdipBeginContainerI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F01023)
    [Address] EAT @explorer.exe (GdipBitmapApplyEffect) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF7307)
    [Address] EAT @explorer.exe (GdipBitmapConvertFormat) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF709C)
    [Address] EAT @explorer.exe (GdipBitmapCreateApplyEffect) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF726A)
    [Address] EAT @explorer.exe (GdipBitmapGetHistogram) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF73BB)
    [Address] EAT @explorer.exe (GdipBitmapGetHistogramSize) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF7490)
    [Address] EAT @explorer.exe (GdipBitmapGetPixel) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF6CFA)
    [Address] EAT @explorer.exe (GdipBitmapLockBits) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF6B83)
    [Address] EAT @explorer.exe (GdipBitmapSetPixel) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF6DC0)
    [Address] EAT @explorer.exe (GdipBitmapSetResolution) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF762F)
    [Address] EAT @explorer.exe (GdipBitmapUnlockBits) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF6C43)
    [Address] EAT @explorer.exe (GdipClearPathMarkers) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE6FD4)
    [Address] EAT @explorer.exe (GdipCloneBitmapArea) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F06C2A)
    [Address] EAT @explorer.exe (GdipCloneBitmapAreaI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF6A8F)
    [Address] EAT @explorer.exe (GdipCloneBrush) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EED87E)
    [Address] EAT @explorer.exe (GdipCloneCustomLineCap) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF2EB5)
    [Address] EAT @explorer.exe (GdipCloneFont) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F02FAC)
    [Address] EAT @explorer.exe (GdipCloneFontFamily) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F02A1B)
    [Address] EAT @explorer.exe (GdipCloneImage) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF4C90)
    [Address] EAT @explorer.exe (GdipCloneImageAttributes) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF77B1)
    [Address] EAT @explorer.exe (GdipCloneMatrix) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEAA39)
    [Address] EAT @explorer.exe (GdipClonePath) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE651A)
    [Address] EAT @explorer.exe (GdipClonePen) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF0B54)
    [Address] EAT @explorer.exe (GdipCloneRegion) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEBEC7)
    [Address] EAT @explorer.exe (GdipCloneStringFormat) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F03F8B)
    [Address] EAT @explorer.exe (GdipClosePathFigure) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE6DEB)
    [Address] EAT @explorer.exe (GdipClosePathFigures) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE6E8E)
    [Address] EAT @explorer.exe (GdipCombineRegionPath) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEC310)
    [Address] EAT @explorer.exe (GdipCombineRegionRect) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEC1BC)
    [Address] EAT @explorer.exe (GdipCombineRegionRectI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEC293)
    [Address] EAT @explorer.exe (GdipCombineRegionRegion) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEC43E)
    [Address] EAT @explorer.exe (GdipComment) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F0325C)
    [Address] EAT @explorer.exe (GdipConvertToEmfPlus) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F04F0F)
    [Address] EAT @explorer.exe (GdipConvertToEmfPlusToFile) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F04FEF)
    [Address] EAT @explorer.exe (GdipConvertToEmfPlusToStream) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F050E3)
    [Address] EAT @explorer.exe (GdipCreateAdjustableArrowCap) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F06B65)
    [Address] EAT @explorer.exe (GdipCreateBitmapFromDirectDrawSurface) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF6518)
    [Address] EAT @explorer.exe (GdipCreateBitmapFromFile) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF5EB5)
    [Address] EAT @explorer.exe (GdipCreateBitmapFromFileICM) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF6151)
    [Address] EAT @explorer.exe (GdipCreateBitmapFromGdiDib) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF6605)
    [Address] EAT @explorer.exe (GdipCreateBitmapFromGraphics) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF63C5)
    [Address] EAT @explorer.exe (GdipCreateBitmapFromHBITMAP) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF6707)
    [Address] EAT @explorer.exe (GdipCreateBitmapFromHICON) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF6885)
    [Address] EAT @explorer.exe (GdipCreateBitmapFromResource) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF6917)
    [Address] EAT @explorer.exe (GdipCreateBitmapFromScan0) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF62A0)
    [Address] EAT @explorer.exe (GdipCreateBitmapFromStream) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF5D68)
    [Address] EAT @explorer.exe (GdipCreateBitmapFromStreamICM) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF6003)
    [Address] EAT @explorer.exe (GdipCreateCachedBitmap) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F04A81)
    [Address] EAT @explorer.exe (GdipCreateCustomLineCap) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF2CCB)
    [Address] EAT @explorer.exe (GdipCreateEffect) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF6E69)
    [Address] EAT @explorer.exe (GdipCreateFont) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F027CA)
    [Address] EAT @explorer.exe (GdipCreateFontFamilyFromName) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F02590)
    [Address] EAT @explorer.exe (GdipCreateFontFromDC) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F03636)
    [Address] EAT @explorer.exe (GdipCreateFontFromLogfontA) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F03730)
    [Address] EAT @explorer.exe (GdipCreateFontFromLogfontW) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F03833)
    [Address] EAT @explorer.exe (GdipCreateFromHDC) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF8301)
    [Address] EAT @explorer.exe (GdipCreateFromHDC2) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF83AB)
    [Address] EAT @explorer.exe (GdipCreateFromHWND) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF8456)
    [Address] EAT @explorer.exe (GdipCreateFromHWNDICM) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF8500)
    [Address] EAT @explorer.exe (GdipCreateHBITMAPFromBitmap) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF679C)
    [Address] EAT @explorer.exe (GdipCreateHICONFromBitmap) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF69AC)
    [Address] EAT @explorer.exe (GdipCreateHalftonePalette) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F04D8C)
    [Address] EAT @explorer.exe (GdipCreateHatchBrush) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F062CA)
    [Address] EAT @explorer.exe (GdipCreateImageAttributes) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF76DE)
    [Address] EAT @explorer.exe (GdipCreateLineBrush) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEDFFA)
    [Address] EAT @explorer.exe (GdipCreateLineBrushFromRect) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEE1BF)
    [Address] EAT @explorer.exe (GdipCreateLineBrushFromRectI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEE2AF)
    [Address] EAT @explorer.exe (GdipCreateLineBrushFromRectWithAngle) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEE377)
    [Address] EAT @explorer.exe (GdipCreateLineBrushFromRectWithAngleI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEE46E)
    [Address] EAT @explorer.exe (GdipCreateLineBrushI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEE0F0)
    [Address] EAT @explorer.exe (GdipCreateMatrix) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEA68E)
    [Address] EAT @explorer.exe (GdipCreateMatrix2) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEA744)
    [Address] EAT @explorer.exe (GdipCreateMatrix3) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEA884)
    [Address] EAT @explorer.exe (GdipCreateMatrix3I) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEA94C)
    [Address] EAT @explorer.exe (GdipCreateMetafileFromEmf) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F0153C)
    [Address] EAT @explorer.exe (GdipCreateMetafileFromFile) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F01614)
    [Address] EAT @explorer.exe (GdipCreateMetafileFromStream) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F017C3)
    [Address] EAT @explorer.exe (GdipCreateMetafileFromWmf) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F0145F)
    [Address] EAT @explorer.exe (GdipCreateMetafileFromWmfFile) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F016EB)
    [Address] EAT @explorer.exe (GdipCreatePath) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F061D9)
    [Address] EAT @explorer.exe (GdipCreatePath2) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE627E)
    [Address] EAT @explorer.exe (GdipCreatePath2I) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE634F)
    [Address] EAT @explorer.exe (GdipCreatePathGradient) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F06893)
    [Address] EAT @explorer.exe (GdipCreatePathGradientFromPath) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F06AA7)
    [Address] EAT @explorer.exe (GdipCreatePathGradientI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F06955)
    [Address] EAT @explorer.exe (GdipCreatePathIter) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE9AB7)
    [Address] EAT @explorer.exe (GdipCreatePen1) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF08D0)
    [Address] EAT @explorer.exe (GdipCreatePen2) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF0A01)
    [Address] EAT @explorer.exe (GdipCreateRegion) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEB9CE)
    [Address] EAT @explorer.exe (GdipCreateRegionHrgn) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEBDF8)
    [Address] EAT @explorer.exe (GdipCreateRegionPath) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEBBF4)
    [Address] EAT @explorer.exe (GdipCreateRegionRect) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEBA87)
    [Address] EAT @explorer.exe (GdipCreateRegionRectI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEBB49)
    [Address] EAT @explorer.exe (GdipCreateRegionRgnData) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEBD16)
    [Address] EAT @explorer.exe (GdipCreateSolidFill) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F0707F)
    [Address] EAT @explorer.exe (GdipCreateStreamOnFile) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE5877)
    [Address] EAT @explorer.exe (GdipCreateStringFormat) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F03DC1)
    [Address] EAT @explorer.exe (GdipCreateTexture) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F063AB)
    [Address] EAT @explorer.exe (GdipCreateTexture2) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F064CD)
    [Address] EAT @explorer.exe (GdipCreateTexture2I) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F067B9)
    [Address] EAT @explorer.exe (GdipCreateTextureIA) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F0660F)
    [Address] EAT @explorer.exe (GdipCreateTextureIAI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F06859)
    [Address] EAT @explorer.exe (GdipDeleteBrush) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EED958)
    [Address] EAT @explorer.exe (GdipDeleteCachedBitmap) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F04BEC)
    [Address] EAT @explorer.exe (GdipDeleteCustomLineCap) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF3069)
    [Address] EAT @explorer.exe (GdipDeleteEffect) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF6EFA)
    [Address] EAT @explorer.exe (GdipDeleteFont) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F03065)
    [Address] EAT @explorer.exe (GdipDeleteFontFamily) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F02922)
    [Address] EAT @explorer.exe (GdipDeleteGraphics) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF85AA)
    [Address] EAT @explorer.exe (GdipDeleteMatrix) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEAB0E)
    [Address] EAT @explorer.exe (GdipDeletePath) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE65EE)
    [Address] EAT @explorer.exe (GdipDeletePathIter) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE9B70)
    [Address] EAT @explorer.exe (GdipDeletePen) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF0C2B)
    [Address] EAT @explorer.exe (GdipDeletePrivateFontCollection) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F03A7D)
    [Address] EAT @explorer.exe (GdipDeleteRegion) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEBFE6)
    [Address] EAT @explorer.exe (GdipDeleteStringFormat) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F04036)
    [Address] EAT @explorer.exe (GdipDisposeImage) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF4D5E)
    [Address] EAT @explorer.exe (GdipDisposeImageAttributes) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF787F)
    [Address] EAT @explorer.exe (GdipDrawArc) : OLEACC.dll -> HOOKED
     
  10. needhelp51

    needhelp51 TS Enthusiast Topic Starter Posts: 218

    Here is delete log part 3:

    (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFA4A5)
    [Address] EAT @explorer.exe (GdipDrawArcI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFA5DF)
    [Address] EAT @explorer.exe (GdipDrawBezier) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFA658)
    [Address] EAT @explorer.exe (GdipDrawBezierI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFA7A0)
    [Address] EAT @explorer.exe (GdipDrawBeziers) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFA827)
    [Address] EAT @explorer.exe (GdipDrawBeziersI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFA951)
    [Address] EAT @explorer.exe (GdipDrawCachedBitmap) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F04C86)
    [Address] EAT @explorer.exe (GdipDrawClosedCurve) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFBC79)
    [Address] EAT @explorer.exe (GdipDrawClosedCurve2) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFBEBC)
    [Address] EAT @explorer.exe (GdipDrawClosedCurve2I) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFBFED)
    [Address] EAT @explorer.exe (GdipDrawClosedCurveI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFBDA3)
    [Address] EAT @explorer.exe (GdipDrawCurve) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFB581)
    [Address] EAT @explorer.exe (GdipDrawCurve2) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFB7C4)
    [Address] EAT @explorer.exe (GdipDrawCurve2I) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFB8FC)
    [Address] EAT @explorer.exe (GdipDrawCurve3) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFBA1C)
    [Address] EAT @explorer.exe (GdipDrawCurve3I) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFBB53)
    [Address] EAT @explorer.exe (GdipDrawCurveI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFB6AB)
    [Address] EAT @explorer.exe (GdipDrawDriverString) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFDA1A)
    [Address] EAT @explorer.exe (GdipDrawEllipse) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFAE82)
    [Address] EAT @explorer.exe (GdipDrawEllipseI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFAFA6)
    [Address] EAT @explorer.exe (GdipDrawImage) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFDF1E)
    [Address] EAT @explorer.exe (GdipDrawImageFX) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFEB79)
    [Address] EAT @explorer.exe (GdipDrawImageI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFE099)
    [Address] EAT @explorer.exe (GdipDrawImagePointRect) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFE553)
    [Address] EAT @explorer.exe (GdipDrawImagePointRectI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFE6EF)
    [Address] EAT @explorer.exe (GdipDrawImagePoints) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFE2BF)
    [Address] EAT @explorer.exe (GdipDrawImagePointsI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFE417)
    [Address] EAT @explorer.exe (GdipDrawImagePointsRect) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFE78B)
    [Address] EAT @explorer.exe (GdipDrawImagePointsRectI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFE9EA)
    [Address] EAT @explorer.exe (GdipDrawImageRect) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFE0F5)
    [Address] EAT @explorer.exe (GdipDrawImageRectI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFE254)
    [Address] EAT @explorer.exe (GdipDrawImageRectRect) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F06CAE)
    [Address] EAT @explorer.exe (GdipDrawImageRectRectI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F06F04)
    [Address] EAT @explorer.exe (GdipDrawLine) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFA0D1)
    [Address] EAT @explorer.exe (GdipDrawLineI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFA1F5)
    [Address] EAT @explorer.exe (GdipDrawLines) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFA260)
    [Address] EAT @explorer.exe (GdipDrawLinesI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFA38C)
    [Address] EAT @explorer.exe (GdipDrawPath) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFB407)
    [Address] EAT @explorer.exe (GdipDrawPie) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFB011)
    [Address] EAT @explorer.exe (GdipDrawPieI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFB14B)
    [Address] EAT @explorer.exe (GdipDrawPolygon) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFB1C4)
    [Address] EAT @explorer.exe (GdipDrawPolygonI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFB2EE)
    [Address] EAT @explorer.exe (GdipDrawRectangle) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFAA8D)
    [Address] EAT @explorer.exe (GdipDrawRectangleI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFABB1)
    [Address] EAT @explorer.exe (GdipDrawRectangles) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFAC1C)
    [Address] EAT @explorer.exe (GdipDrawRectanglesI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFAD46)
    [Address] EAT @explorer.exe (GdipDrawString) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFD512)
    [Address] EAT @explorer.exe (GdipEmfToWmfBits) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F04EB9)
    [Address] EAT @explorer.exe (GdipEndContainer) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F010D0)
    [Address] EAT @explorer.exe (GdipEnumerateMetafileDestPoint) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFECBA)
    [Address] EAT @explorer.exe (GdipEnumerateMetafileDestPointI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFEE6B)
    [Address] EAT @explorer.exe (GdipEnumerateMetafileDestPoints) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFF0F8)
    [Address] EAT @explorer.exe (GdipEnumerateMetafileDestPointsI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFF2AC)
    [Address] EAT @explorer.exe (GdipEnumerateMetafileDestRect) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFEED3)
    [Address] EAT @explorer.exe (GdipEnumerateMetafileDestRectI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFF084)
    [Address] EAT @explorer.exe (GdipEnumerateMetafileSrcRectDestPoint) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFF417)
    [Address] EAT @explorer.exe (GdipEnumerateMetafileSrcRectDestPointI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFF5F7)
    [Address] EAT @explorer.exe (GdipEnumerateMetafileSrcRectDestPoints) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFF8F5)
    [Address] EAT @explorer.exe (GdipEnumerateMetafileSrcRectDestPointsI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFFAD8)
    [Address] EAT @explorer.exe (GdipEnumerateMetafileSrcRectDestRect) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFF680)
    [Address] EAT @explorer.exe (GdipEnumerateMetafileSrcRectDestRectI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFF860)
    [Address] EAT @explorer.exe (GdipFillClosedCurve) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFCEEC)
    [Address] EAT @explorer.exe (GdipFillClosedCurve2) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFD13E)
    [Address] EAT @explorer.exe (GdipFillClosedCurve2I) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFD275)
    [Address] EAT @explorer.exe (GdipFillClosedCurveI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFD025)
    [Address] EAT @explorer.exe (GdipFillEllipse) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFCA23)
    [Address] EAT @explorer.exe (GdipFillEllipseI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFCB4E)
    [Address] EAT @explorer.exe (GdipFillPath) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFCD6F)
    [Address] EAT @explorer.exe (GdipFillPie) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFCBB9)
    [Address] EAT @explorer.exe (GdipFillPieI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFCCF6)
    [Address] EAT @explorer.exe (GdipFillPolygon) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFC591)
    [Address] EAT @explorer.exe (GdipFillPolygon2) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFC7DD)
    [Address] EAT @explorer.exe (GdipFillPolygon2I) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFC90A)
    [Address] EAT @explorer.exe (GdipFillPolygonI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFC6C1)
    [Address] EAT @explorer.exe (GdipFillRectangle) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFC1B5)
    [Address] EAT @explorer.exe (GdipFillRectangleI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFC2E0)
    [Address] EAT @explorer.exe (GdipFillRectangles) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFC34B)
    [Address] EAT @explorer.exe (GdipFillRectanglesI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFC478)
    [Address] EAT @explorer.exe (GdipFillRegion) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFD398)
    [Address] EAT @explorer.exe (GdipFindFirstImageItem) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF5ABA)
    [Address] EAT @explorer.exe (GdipFindNextImageItem) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF5B60)
    [Address] EAT @explorer.exe (GdipFlattenPath) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE8C93)
    [Address] EAT @explorer.exe (GdipFlush) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF8645)
    [Address] EAT @explorer.exe (GdipFree) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F02546)
    [Address] EAT @explorer.exe (GdipGetAdjustableArrowCapFillState) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF3CA4)
    [Address] EAT @explorer.exe (GdipGetAdjustableArrowCapHeight) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF3897)
    [Address] EAT @explorer.exe (GdipGetAdjustableArrowCapMiddleInset) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF3B4D)
    [Address] EAT @explorer.exe (GdipGetAdjustableArrowCapWidth) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF39F2)
    [Address] EAT @explorer.exe (GdipGetAllPropertyItems) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF4AB3)
    [Address] EAT @explorer.exe (GdipGetBrushType) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EED9F5)
    [Address] EAT @explorer.exe (GdipGetCellAscent) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F03456)
    [Address] EAT @explorer.exe (GdipGetCellDescent) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F034F6)
    [Address] EAT @explorer.exe (GdipGetClip) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F004CC)
    [Address] EAT @explorer.exe (GdipGetClipBounds) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F005C4)
    [Address] EAT @explorer.exe (GdipGetClipBoundsI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F00677)
    [Address] EAT @explorer.exe (GdipGetCompositingMode) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF88EF)
    [Address] EAT @explorer.exe (GdipGetCompositingQuality) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF8A3F)
    [Address] EAT @explorer.exe (GdipGetCustomLineCapBaseCap) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF3485)
    [Address] EAT @explorer.exe (GdipGetCustomLineCapBaseInset) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF35DC)
    [Address] EAT @explorer.exe (GdipGetCustomLineCapStrokeCaps) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF31A9)
    [Address] EAT @explorer.exe (GdipGetCustomLineCapStrokeJoin) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF3325)
    [Address] EAT @explorer.exe (GdipGetCustomLineCapType) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF2FB2)
    [Address] EAT @explorer.exe (GdipGetCustomLineCapWidthScale) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF3733)
    [Address] EAT @explorer.exe (GdipGetDC) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F030DD)
    [Address] EAT @explorer.exe (GdipGetDpiX) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF9BE3)
    [Address] EAT @explorer.exe (GdipGetDpiY) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF9C94)
    [Address] EAT @explorer.exe (GdipGetEffectParameterSize) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF6FCE)
    [Address] EAT @explorer.exe (GdipGetEffectParameters) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF7033)
    [Address] EAT @explorer.exe (GdipGetEmHeight) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F033B6)
    [Address] EAT @explorer.exe (GdipGetEncoderParameterList) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF4145)
    [Address] EAT @explorer.exe (GdipGetEncoderParameterListSize) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF40A4)
    [Address] EAT @explorer.exe (GdipGetFamily) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F04140)
    [Address] EAT @explorer.exe (GdipGetFamilyName) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFDE91)
    [Address] EAT @explorer.exe (GdipGetFontCollectionFamilyCount) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F03B31)
    [Address] EAT @explorer.exe (GdipGetFontCollectionFamilyList) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F03BCD)
    [Address] EAT @explorer.exe (GdipGetFontHeight) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F02DFB)
    [Address] EAT @explorer.exe (GdipGetFontHeightGivenDPI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F02F03)
    [Address] EAT @explorer.exe (GdipGetFontSize) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F02D5D)
    [Address] EAT @explorer.exe (GdipGetFontStyle) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F02ABB)
    [Address] EAT @explorer.exe (GdipGetFontUnit) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F0432A)
    [Address] EAT @explorer.exe (GdipGetGenericFontFamilyMonospace) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F02751)
    [Address] EAT @explorer.exe (GdipGetGenericFontFamilySansSerif) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F0265F)
    [Address] EAT @explorer.exe (GdipGetGenericFontFamilySerif) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F026D8)
    [Address] EAT @explorer.exe (GdipGetHatchBackgroundColor) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEDC14)
    [Address] EAT @explorer.exe (GdipGetHatchForegroundColor) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEDB5E)
    [Address] EAT @explorer.exe (GdipGetHatchStyle) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEDAA8)
    [Address] EAT @explorer.exe (GdipGetHemfFromMetafile) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F013A4)
    [Address] EAT @explorer.exe (GdipGetImageAttributesAdjustedPalette) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF8219)
    [Address] EAT @explorer.exe (GdipGetImageBounds) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF4F73)
    [Address] EAT @explorer.exe (GdipGetImageDecoders) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F020EC)
    [Address] EAT @explorer.exe (GdipGetImageDecodersSize) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F02063)
    [Address] EAT @explorer.exe (GdipGetImageDimension) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF5048)
    [Address] EAT @explorer.exe (GdipGetImageEncoders) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F02320)
    [Address] EAT @explorer.exe (GdipGetImageEncodersSize) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F02297)
    [Address] EAT @explorer.exe (GdipGetImageFlags) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF5459)
    [Address] EAT @explorer.exe (GdipGetImageGraphicsContext) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF4E9C)
    [Address] EAT @explorer.exe (GdipGetImageHeight) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF51DA)
    [Address] EAT @explorer.exe (GdipGetImageHorizontalResolution) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF52AF)
    [Address] EAT @explorer.exe (GdipGetImageItemData) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF5C06)
    [Address] EAT @explorer.exe (GdipGetImagePalette) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF56DC)
    [Address] EAT @explorer.exe (GdipGetImagePaletteSize) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF5864)
    [Address] EAT @explorer.exe (GdipGetImagePixelFormat) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF5607)
    [Address] EAT @explorer.exe (GdipGetImageRawFormat) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF552E)
    [Address] EAT @explorer.exe (GdipGetImageThumbnail) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF59E3)
    [Address] EAT @explorer.exe (GdipGetImageType) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF5933)
    [Address] EAT @explorer.exe (GdipGetImageVerticalResolution) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF5384)
    [Address] EAT @explorer.exe (GdipGetImageWidth) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF5105)
    [Address] EAT @explorer.exe (GdipGetInterpolationMode) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF9195)
    [Address] EAT @explorer.exe (GdipGetLineBlend) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEE767)
    [Address] EAT @explorer.exe (GdipGetLineBlendCount) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEE6B1)
    [Address] EAT @explorer.exe (GdipGetLineColors) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEE5F2)
    [Address] EAT @explorer.exe (GdipGetLineGammaCorrection) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE57EC)
    [Address] EAT @explorer.exe (GdipGetLinePresetBlend) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEE90F)
    [Address] EAT @explorer.exe (GdipGetLinePresetBlendCount) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEFC74)
    [Address] EAT @explorer.exe (GdipGetLineRect) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEF8E3)
    [Address] EAT @explorer.exe (GdipGetLineRectI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEF998)
    [Address] EAT @explorer.exe (GdipGetLineSpacing) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F03596)
    [Address] EAT @explorer.exe (GdipGetLineTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF01D0)
    [Address] EAT @explorer.exe (GdipGetLineWrapMode) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF011D)
    [Address] EAT @explorer.exe (GdipGetLogFontA) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F02B59)
    [Address] EAT @explorer.exe (GdipGetLogFontW) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F02C5B)
    [Address] EAT @explorer.exe (GdipGetMatrixElements) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEB67E)
    [Address] EAT @explorer.exe (GdipGetMetafileDownLevelRasterizationLimit) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F01F4B)
    [Address] EAT @explorer.exe (GdipGetMetafileHeaderFromEmf) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F011D9)
    [Address] EAT @explorer.exe (GdipGetMetafileHeaderFromFile) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F0123C)
    [Address] EAT @explorer.exe (GdipGetMetafileHeaderFromMetafile) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F01300)
    [Address] EAT @explorer.exe (GdipGetMetafileHeaderFromStream) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F0129D)
    [Address] EAT @explorer.exe (GdipGetMetafileHeaderFromWmf) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F0116F)
    [Address] EAT @explorer.exe (GdipGetNearestColor) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFA01A)
    [Address] EAT @explorer.exe (GdipGetPageScale) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF9A8D)
    [Address] EAT @explorer.exe (GdipGetPageUnit) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF991E)
    [Address] EAT @explorer.exe (GdipGetPathData) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE6CA4)
    [Address] EAT @explorer.exe (GdipGetPathFillMode) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE6B4A)
    [Address] EAT @explorer.exe (GdipGetPathGradientBlend) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEFBA0)
    [Address] EAT @explorer.exe (GdipGetPathGradientBlendCount) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEE6B1)
    [Address] EAT @explorer.exe (GdipGetPathGradientCenterColor) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEF067)
    [Address] EAT @explorer.exe (GdipGetPathGradientCenterPoint) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEF500)
    [Address] EAT @explorer.exe (GdipGetPathGradientCenterPointI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEF5BA)
    [Address] EAT @explorer.exe (GdipGetPathGradientFocusScales) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF0744)
    [Address] EAT @explorer.exe (GdipGetPathGradientGammaCorrection) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEFAED)
    [Address] EAT @explorer.exe (GdipGetPathGradientPath) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEF4BD)
    [Address] EAT @explorer.exe (GdipGetPathGradientPointCount) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEF776)
    [Address] EAT @explorer.exe (GdipGetPathGradientPresetBlend) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEFD2E)
    [Address] EAT @explorer.exe (GdipGetPathGradientPresetBlendCount) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEFC74)
    [Address] EAT @explorer.exe (GdipGetPathGradientRect) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEF8E3)
    [Address] EAT @explorer.exe (GdipGetPathGradientRectI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEF998)
    [Address] EAT @explorer.exe (GdipGetPathGradientSurroundColorCount) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEF829)
    [Address] EAT @explorer.exe (GdipGetPathGradientSurroundColorsWithCount) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEF1D3)
    [Address] EAT @explorer.exe (GdipGetPathGradientTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF01D0)
    [Address] EAT @explorer.exe (GdipGetPathGradientWrapMode) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF011D)
    [Address] EAT @explorer.exe (GdipGetPathLastPoint) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE711A)
    [Address] EAT @explorer.exe (GdipGetPathPoints) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE68FA)
    [Address] EAT @explorer.exe (GdipGetPathPointsI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE6A06)
    [Address] EAT @explorer.exe (GdipGetPathTypes) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE67F1)
    [Address] EAT @explorer.exe (GdipGetPathWorldBounds) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE92AF)
    [Address] EAT @explorer.exe (GdipGetPathWorldBoundsI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE947B)
    [Address] EAT @explorer.exe (GdipGetPenBrushFill) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF2462)
    [Address] EAT @explorer.exe (GdipGetPenColor) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF2297)
    [Address] EAT @explorer.exe (GdipGetPenCompoundArray) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF2C11)
    [Address] EAT @explorer.exe (GdipGetPenCompoundCount) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF2AA7)
    [Address] EAT @explorer.exe (GdipGetPenCustomEndCap) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF1856)
    [Address] EAT @explorer.exe (GdipGetPenCustomStartCap) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF1697)
    [Address] EAT @explorer.exe (GdipGetPenDashArray) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF29ED)
    [Address] EAT @explorer.exe (GdipGetPenDashCap197819) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF138A)
    [Address] EAT @explorer.exe (GdipGetPenDashCount) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF2883)
    [Address] EAT @explorer.exe (GdipGetPenDashOffset) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF2735)
    [Address] EAT @explorer.exe (GdipGetPenDashStyle) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF25E4)
    [Address] EAT @explorer.exe (GdipGetPenEndCap) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF12DA)
    [Address] EAT @explorer.exe (GdipGetPenFillType) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF2527)
    [Address] EAT @explorer.exe (GdipGetPenLineJoin) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF14DF)
    [Address] EAT @explorer.exe (GdipGetPenMiterLimit) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF19B2)
    [Address] EAT @explorer.exe (GdipGetPenMode) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF1B05)
    [Address] EAT @explorer.exe (GdipGetPenStartCap) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF122A)
    [Address] EAT @explorer.exe (GdipGetPenTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF1CBB)
    [Address] EAT @explorer.exe (GdipGetPenUnit) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF0EF0)
    [Address] EAT @explorer.exe (GdipGetPenWidth) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF0D81)
    [Address] EAT @explorer.exe (GdipGetPixelOffsetMode) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF8D3E)
    [Address] EAT @explorer.exe (GdipGetPointCount) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE673E)
    [Address] EAT @explorer.exe (GdipGetPropertyCount) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF479D)
    [Address] EAT @explorer.exe (GdipGetPropertyIdList) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF4838)
    [Address] EAT @explorer.exe (GdipGetPropertyItem) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF4974)
    [Address] EAT @explorer.exe (GdipGetPropertyItemSize) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF48D6)
    [Address] EAT @explorer.exe (GdipGetPropertySize) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF4A15)
    [Address] EAT @explorer.exe (GdipGetRegionBounds) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEC754)
    [Address] EAT @explorer.exe (GdipGetRegionBoundsI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEC876)
    [Address] EAT @explorer.exe (GdipGetRegionData) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EED062)
    [Address] EAT @explorer.exe (GdipGetRegionDataSize) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EECF89)
    [Address] EAT @explorer.exe (GdipGetRegionHRgn) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEC9F1)
    [Address] EAT @explorer.exe (GdipGetRegionScans) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EED62C)
    [Address] EAT @explorer.exe (GdipGetRegionScansCount) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EED504)
    [Address] EAT @explorer.exe (GdipGetRegionScansI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EED755)
    [Address] EAT @explorer.exe (GdipGetRenderingOrigin) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF877D)
    [Address] EAT @explorer.exe (GdipGetSmoothingMode) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF8BAF)
    [Address] EAT @explorer.exe (GdipGetSolidFillColor) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEDF44)
    [Address] EAT @explorer.exe (GdipGetStringFormatAlign) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F02ABB)
    [Address] EAT @explorer.exe (GdipGetStringFormatDigitSubstitution) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F048AF)
    [Address] EAT @explorer.exe (GdipGetStringFormatFlags) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F04140)
    [Address] EAT @explorer.exe (GdipGetStringFormatHotkeyPrefix) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F04469)
    [Address] EAT @explorer.exe (GdipGetStringFormatLineAlign) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F0432A)
    [Address] EAT @explorer.exe (GdipGetStringFormatMeasurableCharacterRangeCount) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F04704)
    [Address] EAT @explorer.exe (GdipGetStringFormatTabStopCount) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F045B7)
    [Address] EAT @explorer.exe (GdipGetStringFormatTabStops) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F04659)
    [Address] EAT @explorer.exe (GdipGetStringFormatTrimming) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d
     
  11. needhelp51

    needhelp51 TS Enthusiast Topic Starter Posts: 218

    Here is delete log part 4 (last):

    2e82386681b36\gdiplus.dll @ 0x73F049DF)
    [Address] EAT @explorer.exe (GdipGetTextContrast) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF8F4F)
    [Address] EAT @explorer.exe (GdipGetTextRenderingHint) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF9000)
    [Address] EAT @explorer.exe (GdipGetTextureImage) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEDD6E)
    [Address] EAT @explorer.exe (GdipGetTextureTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF01D0)
    [Address] EAT @explorer.exe (GdipGetTextureWrapMode) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF011D)
    [Address] EAT @explorer.exe (GdipGetVisibleClipBounds) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F00837)
    [Address] EAT @explorer.exe (GdipGetVisibleClipBoundsI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F008EA)
    [Address] EAT @explorer.exe (GdipGetWorldTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF9782)
    [Address] EAT @explorer.exe (GdipGraphicsClear) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFC10D)
    [Address] EAT @explorer.exe (GdipGraphicsSetAbort) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF7590)
    [Address] EAT @explorer.exe (GdipImageForceValidation) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF5CAC)
    [Address] EAT @explorer.exe (GdipImageGetFrameCount) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF45B5)
    [Address] EAT @explorer.exe (GdipImageGetFrameDimensionsCount) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF4482)
    [Address] EAT @explorer.exe (GdipImageGetFrameDimensionsList) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF451A)
    [Address] EAT @explorer.exe (GdipImageRotateFlip) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF4705)
    [Address] EAT @explorer.exe (GdipImageSelectActiveFrame) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF4650)
    [Address] EAT @explorer.exe (GdipImageSetAbort) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF74EA)
    [Address] EAT @explorer.exe (GdipInitializePalette) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF718C)
    [Address] EAT @explorer.exe (GdipInvertMatrix) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEB0F4)
    [Address] EAT @explorer.exe (GdipIsClipEmpty) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F00782)
    [Address] EAT @explorer.exe (GdipIsEmptyRegion) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EECB35)
    [Address] EAT @explorer.exe (GdipIsEqualRegion) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EECDC5)
    [Address] EAT @explorer.exe (GdipIsInfiniteRegion) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EECC7D)
    [Address] EAT @explorer.exe (GdipIsMatrixEqual) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEB899)
    [Address] EAT @explorer.exe (GdipIsMatrixIdentity) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEB7E6)
    [Address] EAT @explorer.exe (GdipIsMatrixInvertible) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEB731)
    [Address] EAT @explorer.exe (GdipIsOutlineVisiblePathPoint) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE982D)
    [Address] EAT @explorer.exe (GdipIsOutlineVisiblePathPointI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE9A55)
    [Address] EAT @explorer.exe (GdipIsStyleAvailable) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F03317)
    [Address] EAT @explorer.exe (GdipIsVisibleClipEmpty) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F009F5)
    [Address] EAT @explorer.exe (GdipIsVisiblePathPoint) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE9647)
    [Address] EAT @explorer.exe (GdipIsVisiblePathPointI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE97CE)
    [Address] EAT @explorer.exe (GdipIsVisiblePoint) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F00AAA)
    [Address] EAT @explorer.exe (GdipIsVisiblePointI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F00B6F)
    [Address] EAT @explorer.exe (GdipIsVisibleRect) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F00BCB)
    [Address] EAT @explorer.exe (GdipIsVisibleRectI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F00C9F)
    [Address] EAT @explorer.exe (GdipIsVisibleRegionPoint) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EED155)
    [Address] EAT @explorer.exe (GdipIsVisibleRegionPointI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EED2C0)
    [Address] EAT @explorer.exe (GdipIsVisibleRegionRect) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EED31F)
    [Address] EAT @explorer.exe (GdipIsVisibleRegionRectI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EED496)
    [Address] EAT @explorer.exe (GdipLoadImageFromFile) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF3E2B)
    [Address] EAT @explorer.exe (GdipLoadImageFromFileICM) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF3FD1)
    [Address] EAT @explorer.exe (GdipLoadImageFromStream) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF3D58)
    [Address] EAT @explorer.exe (GdipLoadImageFromStreamICM) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF3EFE)
    [Address] EAT @explorer.exe (GdipMeasureCharacterRanges) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFD896)
    [Address] EAT @explorer.exe (GdipMeasureDriverString) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFDC8D)
    [Address] EAT @explorer.exe (GdipMeasureString) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFD6FB)
    [Address] EAT @explorer.exe (GdipMultiplyLineTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF0485)
    [Address] EAT @explorer.exe (GdipMultiplyMatrix) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEAC7D)
    [Address] EAT @explorer.exe (GdipMultiplyPathGradientTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF0485)
    [Address] EAT @explorer.exe (GdipMultiplyPenTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF1E61)
    [Address] EAT @explorer.exe (GdipMultiplyTextureTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF0485)
    [Address] EAT @explorer.exe (GdipMultiplyWorldTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF93D4)
    [Address] EAT @explorer.exe (GdipNewInstalledFontCollection) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F03936)
    [Address] EAT @explorer.exe (GdipNewPrivateFontCollection) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F039B9)
    [Address] EAT @explorer.exe (GdipPathIterCopyData) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEA586)
    [Address] EAT @explorer.exe (GdipPathIterEnumerate) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEA481)
    [Address] EAT @explorer.exe (GdipPathIterGetCount) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEA0EA)
    [Address] EAT @explorer.exe (GdipPathIterGetSubpathCount) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEA1A7)
    [Address] EAT @explorer.exe (GdipPathIterHasCurve) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEA321)
    [Address] EAT @explorer.exe (GdipPathIterIsValid) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEA264)
    [Address] EAT @explorer.exe (GdipPathIterNextMarker) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE9F2B)
    [Address] EAT @explorer.exe (GdipPathIterNextMarkerPath) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEA02A)
    [Address] EAT @explorer.exe (GdipPathIterNextPathType) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE9E0D)
    [Address] EAT @explorer.exe (GdipPathIterNextSubpath) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE9C0A)
    [Address] EAT @explorer.exe (GdipPathIterNextSubpathPath) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE9D28)
    [Address] EAT @explorer.exe (GdipPathIterRewind) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEA3D2)
    [Address] EAT @explorer.exe (GdipPlayMetafileRecord) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFFC76)
    [Address] EAT @explorer.exe (GdipPlayTSClientRecord) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F051D7)
    [Address] EAT @explorer.exe (GdipPrivateAddFontFile) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F03C82)
    [Address] EAT @explorer.exe (GdipPrivateAddMemoryFont) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F03D20)
    [Address] EAT @explorer.exe (GdipRecordMetafile) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F01898)
    [Address] EAT @explorer.exe (GdipRecordMetafileFileName) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F01A6D)
    [Address] EAT @explorer.exe (GdipRecordMetafileFileNameI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F01BA5)
    [Address] EAT @explorer.exe (GdipRecordMetafileI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F019B7)
    [Address] EAT @explorer.exe (GdipRecordMetafileStream) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F01C5E)
    [Address] EAT @explorer.exe (GdipRecordMetafileStreamI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F01D96)
    [Address] EAT @explorer.exe (GdipReleaseDC) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F031A4)
    [Address] EAT @explorer.exe (GdipRemovePropertyItem) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF4B54)
    [Address] EAT @explorer.exe (GdipResetClip) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F00328)
    [Address] EAT @explorer.exe (GdipResetImageAttributes) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF79D5)
    [Address] EAT @explorer.exe (GdipResetLineTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF03E2)
    [Address] EAT @explorer.exe (GdipResetPageTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF9878)
    [Address] EAT @explorer.exe (GdipResetPath) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE669B)
    [Address] EAT @explorer.exe (GdipResetPathGradientTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF03E2)
    [Address] EAT @explorer.exe (GdipResetPenTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF1DC1)
    [Address] EAT @explorer.exe (GdipResetTextureTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF03E2)
    [Address] EAT @explorer.exe (GdipResetWorldTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF9336)
    [Address] EAT @explorer.exe (GdipRestoreGraphics) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F00DBF)
    [Address] EAT @explorer.exe (GdipReversePath) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE7077)
    [Address] EAT @explorer.exe (GdipRotateLineTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF0677)
    [Address] EAT @explorer.exe (GdipRotateMatrix) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEAF5C)
    [Address] EAT @explorer.exe (GdipRotatePathGradientTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF0677)
    [Address] EAT @explorer.exe (GdipRotatePenTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF2123)
    [Address] EAT @explorer.exe (GdipRotateTextureTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF0677)
    [Address] EAT @explorer.exe (GdipRotateWorldTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF96BA)
    [Address] EAT @explorer.exe (GdipSaveAdd) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF433D)
    [Address] EAT @explorer.exe (GdipSaveAddImage) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF43DB)
    [Address] EAT @explorer.exe (GdipSaveGraphics) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F00D0A)
    [Address] EAT @explorer.exe (GdipSaveImageToFile) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF4293)
    [Address] EAT @explorer.exe (GdipSaveImageToStream) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF41E9)
    [Address] EAT @explorer.exe (GdipScaleLineTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF059E)
    [Address] EAT @explorer.exe (GdipScaleMatrix) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEAE8A)
    [Address] EAT @explorer.exe (GdipScalePathGradientTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF059E)
    [Address] EAT @explorer.exe (GdipScalePenTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF204D)
    [Address] EAT @explorer.exe (GdipScaleTextureTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF059E)
    [Address] EAT @explorer.exe (GdipScaleWorldTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF95E6)
    [Address] EAT @explorer.exe (GdipSetAdjustableArrowCapFillState) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF3C01)
    [Address] EAT @explorer.exe (GdipSetAdjustableArrowCapHeight) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF37F0)
    [Address] EAT @explorer.exe (GdipSetAdjustableArrowCapMiddleInset) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF3AA6)
    [Address] EAT @explorer.exe (GdipSetAdjustableArrowCapWidth) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF394B)
    [Address] EAT @explorer.exe (GdipSetClipGraphics) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFFD64)
    [Address] EAT @explorer.exe (GdipSetClipHrgn) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F0023B)
    [Address] EAT @explorer.exe (GdipSetClipPath) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFFFDA)
    [Address] EAT @explorer.exe (GdipSetClipRect) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFFE90)
    [Address] EAT @explorer.exe (GdipSetClipRectI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EFFF6F)
    [Address] EAT @explorer.exe (GdipSetClipRegion) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F0010D)
    [Address] EAT @explorer.exe (GdipSetCompositingMode) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF8850)
    [Address] EAT @explorer.exe (GdipSetCompositingQuality) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF89A0)
    [Address] EAT @explorer.exe (GdipSetCustomLineCapBaseCap) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF33E2)
    [Address] EAT @explorer.exe (GdipSetCustomLineCapBaseInset) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF3542)
    [Address] EAT @explorer.exe (GdipSetCustomLineCapStrokeCaps) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF3103)
    [Address] EAT @explorer.exe (GdipSetCustomLineCapStrokeJoin) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF328B)
    [Address] EAT @explorer.exe (GdipSetCustomLineCapWidthScale) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF3699)
    [Address] EAT @explorer.exe (GdipSetEffectParameters) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF6F65)
    [Address] EAT @explorer.exe (GdipSetEmpty) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEC11E)
    [Address] EAT @explorer.exe (GdipSetImageAttributesCachedBackground) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF80CD)
    [Address] EAT @explorer.exe (GdipSetImageAttributesColorKeys) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF7DA9)
    [Address] EAT @explorer.exe (GdipSetImageAttributesColorMatrix) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF7A92)
    [Address] EAT @explorer.exe (GdipSetImageAttributesGamma) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF7C22)
    [Address] EAT @explorer.exe (GdipSetImageAttributesNoOp) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF7CE9)
    [Address] EAT @explorer.exe (GdipSetImageAttributesOutputChannel) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF7E81)
    [Address] EAT @explorer.exe (GdipSetImageAttributesOutputChannelColorProfile) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF7F44)
    [Address] EAT @explorer.exe (GdipSetImageAttributesRemapTable) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF8007)
    [Address] EAT @explorer.exe (GdipSetImageAttributesThreshold) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF7B5B)
    [Address] EAT @explorer.exe (GdipSetImageAttributesToIdentity) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF7918)
    [Address] EAT @explorer.exe (GdipSetImageAttributesWrapMode) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF8170)
    [Address] EAT @explorer.exe (GdipSetImagePalette) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF5796)
    [Address] EAT @explorer.exe (GdipSetInfinite) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEC080)
    [Address] EAT @explorer.exe (GdipSetInterpolationMode) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF90B1)
    [Address] EAT @explorer.exe (GdipSetLineBlend) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEE83B)
    [Address] EAT @explorer.exe (GdipSetLineColors) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEE53D)
    [Address] EAT @explorer.exe (GdipSetLineGammaCorrection) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE5793)
    [Address] EAT @explorer.exe (GdipSetLineLinearBlend) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEEE2A)
    [Address] EAT @explorer.exe (GdipSetLinePresetBlend) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEEB24)
    [Address] EAT @explorer.exe (GdipSetLineSigmaBlend) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEED78)
    [Address] EAT @explorer.exe (GdipSetLineTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF02D9)
    [Address] EAT @explorer.exe (GdipSetLineWrapMode) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEEEDC)
    [Address] EAT @explorer.exe (GdipSetMatrixElements) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEABB9)
    [Address] EAT @explorer.exe (GdipSetMetafileDownLevelRasterizationLimit) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F01E4F)
    [Address] EAT @explorer.exe (GdipSetPageScale) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF9B3E)
    [Address] EAT @explorer.exe (GdipSetPageUnit) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF99CF)
    [Address] EAT @explorer.exe (GdipSetPathFillMode) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE6C00)
    [Address] EAT @explorer.exe (GdipSetPathGradientBlend) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEE83B)
    [Address] EAT @explorer.exe (GdipSetPathGradientCenterColor) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEF12F)
    [Address] EAT @explorer.exe (GdipSetPathGradientCenterPoint) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEF64E)
    [Address] EAT @explorer.exe (GdipSetPathGradientCenterPointI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEF708)
    [Address] EAT @explorer.exe (GdipSetPathGradientFocusScales) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF0829)
    [Address] EAT @explorer.exe (GdipSetPathGradientGammaCorrection) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEFA50)
    [Address] EAT @explorer.exe (GdipSetPathGradientLinearBlend) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEEE2A)
    [Address] EAT @explorer.exe (GdipSetPathGradientPath) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEF4BD)
    [Address] EAT @explorer.exe (GdipSetPathGradientPresetBlend) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEFEDA)
    [Address] EAT @explorer.exe (GdipSetPathGradientSigmaBlend) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEED78)
    [Address] EAT @explorer.exe (GdipSetPathGradientSurroundColorsWithCount) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEF301)
    [Address] EAT @explorer.exe (GdipSetPathGradientTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF02D9)
    [Address] EAT @explorer.exe (GdipSetPathGradientWrapMode) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEDCCA)
    [Address] EAT @explorer.exe (GdipSetPathMarker) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE6F31)
    [Address] EAT @explorer.exe (GdipSetPenBrushFill) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF2357)
    [Address] EAT @explorer.exe (GdipSetPenColor) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF21ED)
    [Address] EAT @explorer.exe (GdipSetPenCompoundArray) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF2B57)
    [Address] EAT @explorer.exe (GdipSetPenCustomEndCap) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF174E)
    [Address] EAT @explorer.exe (GdipSetPenCustomStartCap) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF158F)
    [Address] EAT @explorer.exe (GdipSetPenDashArray) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF2933)
    [Address] EAT @explorer.exe (GdipSetPenDashCap197819) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF1189)
    [Address] EAT @explorer.exe (GdipSetPenDashOffset) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF27E5)
    [Address] EAT @explorer.exe (GdipSetPenDashStyle) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF2694)
    [Address] EAT @explorer.exe (GdipSetPenEndCap) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF10E8)
    [Address] EAT @explorer.exe (GdipSetPenLineCap197819) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF0FA0)
    [Address] EAT @explorer.exe (GdipSetPenLineJoin) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF1441)
    [Address] EAT @explorer.exe (GdipSetPenMiterLimit) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF190D)
    [Address] EAT @explorer.exe (GdipSetPenMode) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF1A62)
    [Address] EAT @explorer.exe (GdipSetPenStartCap) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF1047)
    [Address] EAT @explorer.exe (GdipSetPenTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF1BB5)
    [Address] EAT @explorer.exe (GdipSetPenUnit) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF0E31)
    [Address] EAT @explorer.exe (GdipSetPenWidth) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF0CE3)
    [Address] EAT @explorer.exe (GdipSetPixelOffsetMode) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF8C85)
    [Address] EAT @explorer.exe (GdipSetPropertyItem) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF4BEF)
    [Address] EAT @explorer.exe (GdipSetRenderingOrigin) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF86DB)
    [Address] EAT @explorer.exe (GdipSetSmoothingMode) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF8AF0)
    [Address] EAT @explorer.exe (GdipSetSolidFillColor) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEDEA1)
    [Address] EAT @explorer.exe (GdipSetStringFormatAlign) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F041DE)
    [Address] EAT @explorer.exe (GdipSetStringFormatDigitSubstitution) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F0481E)
    [Address] EAT @explorer.exe (GdipSetStringFormatFlags) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F040B4)
    [Address] EAT @explorer.exe (GdipSetStringFormatHotkeyPrefix) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F043C8)
    [Address] EAT @explorer.exe (GdipSetStringFormatLineAlign) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F04284)
    [Address] EAT @explorer.exe (GdipSetStringFormatMeasurableCharacterRanges) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F04786)
    [Address] EAT @explorer.exe (GdipSetStringFormatTabStops) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F0450B)
    [Address] EAT @explorer.exe (GdipSetStringFormatTrimming) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F04940)
    [Address] EAT @explorer.exe (GdipSetTextContrast) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF8EAE)
    [Address] EAT @explorer.exe (GdipSetTextRenderingHint) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF8DEF)
    [Address] EAT @explorer.exe (GdipSetTextureTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF02D9)
    [Address] EAT @explorer.exe (GdipSetTextureWrapMode) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEDCCA)
    [Address] EAT @explorer.exe (GdipSetWorldTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF9232)
    [Address] EAT @explorer.exe (GdipShearMatrix) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEB022)
    [Address] EAT @explorer.exe (GdipStartPathFigure) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE6D4A)
    [Address] EAT @explorer.exe (GdipStringFormatGetGenericDefault) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F03E91)
    [Address] EAT @explorer.exe (GdipStringFormatGetGenericTypographic) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F03F14)
    [Address] EAT @explorer.exe (GdipTestControl) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F04E42)
    [Address] EAT @explorer.exe (GdipTransformMatrixPoints) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEB192)
    [Address] EAT @explorer.exe (GdipTransformMatrixPointsI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEB24B)
    [Address] EAT @explorer.exe (GdipTransformPath) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE91A8)
    [Address] EAT @explorer.exe (GdipTransformPoints) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF9D45)
    [Address] EAT @explorer.exe (GdipTransformPointsI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF9E06)
    [Address] EAT @explorer.exe (GdipTransformRegion) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEC64E)
    [Address] EAT @explorer.exe (GdipTranslateClip) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F003C6)
    [Address] EAT @explorer.exe (GdipTranslateClipI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73F00473)
    [Address] EAT @explorer.exe (GdipTranslateLineTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEEF8E)
    [Address] EAT @explorer.exe (GdipTranslateMatrix) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEADB8)
    [Address] EAT @explorer.exe (GdipTranslatePathGradientTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEEF8E)
    [Address] EAT @explorer.exe (GdipTranslatePenTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF1F77)
    [Address] EAT @explorer.exe (GdipTranslateRegion) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEC56E)
    [Address] EAT @explorer.exe (GdipTranslateRegionI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEC5F5)
    [Address] EAT @explorer.exe (GdipTranslateTextureTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEEF8E)
    [Address] EAT @explorer.exe (GdipTranslateWorldTransform) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EF9512)
    [Address] EAT @explorer.exe (GdipVectorTransformMatrixPoints) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEB3C1)
    [Address] EAT @explorer.exe (GdipVectorTransformMatrixPointsI) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EEB47A)
    [Address] EAT @explorer.exe (GdipWarpPath) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE9048)
    [Address] EAT @explorer.exe (GdipWidenPath) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE8EC5)
    [Address] EAT @explorer.exe (GdipWindingModeOutline) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE8DAB)
    [Address] EAT @explorer.exe (GdiplusNotificationHook) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE6189)
    [Address] EAT @explorer.exe (GdiplusNotificationUnhook) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE6205)
    [Address] EAT @explorer.exe (GdiplusShutdown) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE56EC)
    [Address] EAT @explorer.exe (GdiplusStartup) : OLEACC.dll -> HOOKED (C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll @ 0x73EE562E)
    ¤¤¤ Ruches Externes: ¤¤¤
    ¤¤¤ Infection : ¤¤¤
    ¤¤¤ Fichier HOSTS: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts
    ¤¤¤ MBR Verif: ¤¤¤
    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MQ01ABD100 ATA Device +++++
    --- User ---
    [MBR] 66b391a23e756908897a22067406417e
    [BSP] 66b9074cfe339a50f6f3163c89590255 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 MB
    User = LL1 ... OK!
    User = LL2 ... OK!
    Termine : << RKreport[0]_S_07012006_031723.txt >>
     
     
  12. needhelp51

    needhelp51 TS Enthusiast Topic Starter Posts: 218

    Here are MBR logs:

    Malwarebytes Anti-Rootkit BETA 1.07.0.1009
    www.malwarebytes.org
    Database version: v2014.04.06.10
    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 11.0.9600.16521
    Admin :: ADMIN-PC [administrator]
    2006-07-01 03:21:43
    mbar-log-2006-07-01 (03-21-43).txt
    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 210495
    Time elapsed: 24 minute(s), 30 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    Physical Sectors Detected: 0
    (No malicious items detected)
    (end)
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1009
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.1.7601 Windows 7 Service Pack 1 x86
    Account is Administrative
    Internet Explorer version: 11.0.9600.16521
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 1.839000 GHz
    Memory total: 3219316736, free: 2165690368
    Downloaded database version: v2014.04.06.10
    Downloaded database version: v2014.03.27.01
    =======================================
    Initializing...
    ------------ Kernel report ------------
    07/01/2006 03:21:21
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\halmacpi.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\BOOTVID.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\drivers\intelide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\system32\DRIVERS\pcmcia.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\vmstorfl.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\System32\Drivers\aswVmm.sys
    \SystemRoot\System32\Drivers\aswRvrt.sys
    \SystemRoot\System32\DRIVERS\cmderd.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\drivers\aswSnx.sys
    \SystemRoot\system32\DRIVERS\cmdguard.sys
    \SystemRoot\system32\drivers\aswSP.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\System32\DRIVERS\cmdhlp.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\drivers\aswRdr2.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\inspect.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\system32\drivers\csc.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\e1e6032.sys
    \SystemRoot\system32\DRIVERS\netw5v32.sys
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\1394ohci.sys
    \SystemRoot\system32\DRIVERS\sdbus.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\tdcmdpst.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\rdpbus.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\CHDAud.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
    \SystemRoot\system32\DRIVERS\HSF_DPV.sys
    \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
    \SystemRoot\system32\drivers\modem.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\DRIVERS\cdfs.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_dumpata.sys
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\drivers\aswMonFlt.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \??\C:\Users\Admin\AppData\Local\Temp\mbr.sys
    \??\C:\Windows\system32\TrueSight.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\kernel32.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\lpk.dll
    \Windows\System32\nsi.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\wininet.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\ole32.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\imm32.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\sechost.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\shell32.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\msctf.dll
    \Windows\System32\psapi.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\user32.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\usp10.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    \Windows\System32\devobj.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\msasn1.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff8606c7f0
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
    Lower Device Object: 0xffffffff85bc9908
    Lower Device Driver Name: \Driver\atapi\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff8606c7f0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8606c428, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffffff8606c7f0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff85b8c910, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff85bc9908, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 90199019
    Partition information:
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 1953520002
    Partition file system is NTFS
    Partition is bootable
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 1000204886016 bytes
    Sector size: 512 bytes
    Scanning physical sectors of unpartitioned space on drive 0 (1-62-1953505168-1953525168)...
    Done!
    Scan finished
    =======================================
    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removal finished
     
  13. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    Did you correct it?

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  14. needhelp51

    needhelp51 TS Enthusiast Topic Starter Posts: 218

    Seems my BIOS time was also in 2006. I corrected in BIOS and time was ok in windows upon reboot, I'll run COmbofix and come back with results.
     
  15. Broni

    Broni Malware Annihilator Posts: 47,048   +256

  16. needhelp51

    needhelp51 TS Enthusiast Topic Starter Posts: 218

    Here is Rkill because Combofix would not load at first:

    Rkill 2.6.5 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2014 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 04/06/2014 07:03:19 AM in x86 mode. (Safe Mode)
    Windows Version: Windows 7 Professional Service Pack 1

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:

    * No malware processes found to kill.

    Checking Registry for malware related settings:

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

    * Windows Firewall Disabled

    [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = dword:00000000

    Checking Windows Service Integrity:

    * Système d’événement COM+ (EventSystem) is not Running.
    Startup Type set to: Automatic

    * Centre de sécurité (wscsvc) is not Running.
    Startup Type set to: Automatic (Delayed Start)

    * Windows Update (wuauserv) is not Running.
    Startup Type set to: Automatic (Delayed Start)

    Searching for Missing Digital Signatures:

    * No issues found.

    Checking HOSTS File:

    * No issues found.

    Program finished at: 04/06/2014 07:04:41 AM
    Execution time: 0 hours(s), 1 minute(s), and 22 seconds(s)

    Here is Combofix:

    ComboFix 14-04-06.01 - Admin 2014-04-06 7:07.1.2 - x86 NETWORK
    Microsoft Windows 7 Professionnel 6.1.7601.1.1252.1.1036.18.3070.2190 [GMT -4:00]
    Lancé depuis: c:\users\Admin\Desktop\NotCF.exe
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    FW: COMODO Firewall *Disabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Un nouveau point de restauration a été créé
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\AVAST Software\Avast\setup\d6490987-5cf9-4c81-a5fd-6e3adb4dac10.exe
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2014-03-06 au 2014-04-06 ))))))))))))))))))))))))))))))))))))
    .
    .
    2014-04-06 13:53 . 1999-10-12 22:47 24576 ----a-w- c:\windows\system32\TSCI.dll
    2014-04-06 13:53 . 1999-10-12 22:45 24576 ----a-w- c:\windows\system32\THCI.dll
    2014-04-06 11:13 . 2014-04-06 11:13 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-04-05 17:03 . 2014-04-05 17:03 -------- d-----w- c:\program files\EA GAMES
    2014-04-05 14:19 . 2006-07-01 07:21 107224 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-04-05 14:19 . 2014-04-05 14:19 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2014-04-05 14:19 . 2014-04-05 14:19 -------- d-----w- c:\programdata\Malwarebytes
    2014-04-05 14:19 . 2014-04-03 13:51 51416 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-04-05 14:19 . 2014-04-03 13:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-04-05 14:19 . 2006-07-01 07:19 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-04-05 13:47 . 2014-04-05 13:47 -------- d-----w- c:\programdata\Auslogics
    2014-04-05 13:46 . 2014-04-05 13:46 -------- d-----w- c:\program files\Auslogics
    2014-04-05 13:36 . 2014-04-05 13:36 -------- d-----w- c:\program files\Audacity
    2014-04-05 13:31 . 2014-04-05 13:31 -------- d-----w- c:\programdata\Oracle
    2014-04-05 13:26 . 2014-04-05 13:26 -------- d-----w- c:\program files\Common Files\Java
    2014-04-05 13:25 . 2014-04-05 13:24 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2014-04-05 13:24 . 2014-04-05 13:24 -------- d-----w- c:\program files\Java
    2014-04-05 02:47 . 2014-04-05 02:47 -------- d-----w- c:\programdata\DonationCoder
    2014-04-05 02:47 . 2014-04-05 02:47 -------- d-----w- c:\program files\ScreenshotCaptor
    2014-04-04 23:17 . 2014-04-04 23:17 -------- d-----w- c:\program files\Synaptics
    2014-04-04 23:14 . 2006-11-14 15:26 430080 ----a-w- c:\windows\system32\TOSCDSPD.cpl
    2014-04-04 23:14 . 2014-04-06 14:00 -------- d--h--w- c:\program files\InstallShield Installation Information
    2014-04-04 23:12 . 2014-04-05 17:01 -------- d-----w- c:\program files\Common Files\InstallShield
    2014-04-04 23:00 . 2009-07-28 19:43 128344 ----a-w- c:\windows\system32\TODDSrv.exe
    2014-04-04 23:00 . 2014-04-06 13:58 -------- d-----w- c:\program files\TOSHIBA
    2014-04-04 22:17 . 2014-04-04 22:19 -------- d-s---w- c:\programdata\Shared Space
    2014-04-04 22:17 . 2014-04-04 22:17 -------- d-----w- c:\program files\COMODO
    2014-04-04 22:16 . 2014-04-04 22:16 -------- d-----w- c:\programdata\Comodo Downloader
    2014-04-04 22:13 . 2014-04-04 22:19 -------- d-----w- c:\programdata\Comodo
    2014-04-04 22:01 . 2014-04-04 22:01 67264 ----a-w- c:\windows\system32\drivers\aswStm.sys
    2014-04-04 22:01 . 2014-04-04 22:01 180760 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2014-04-04 22:01 . 2014-04-04 22:01 776976 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2014-04-04 22:01 . 2014-04-04 22:01 411552 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2014-04-04 22:01 . 2014-04-04 22:01 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2014-04-04 22:01 . 2014-04-04 22:01 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2014-04-04 22:01 . 2014-04-04 22:01 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2014-04-04 22:01 . 2014-04-04 22:01 271264 ----a-w- c:\windows\system32\aswBoot.exe
    2014-04-04 22:01 . 2014-04-04 22:01 43152 ----a-w- c:\windows\avastSS.scr
    2014-04-04 21:58 . 2014-04-04 21:58 -------- d-----w- c:\program files\AVAST Software
    2014-04-04 21:57 . 2014-04-04 21:57 -------- d-----w- c:\programdata\AVAST Software
    2014-04-04 21:50 . 2014-04-04 21:50 -------- d-----w- c:\program files\Secunia
    2014-04-04 21:49 . 2014-03-17 14:16 7969936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{86F4A052-CDEA-46B7-88E4-279EC55A6DB8}\mpengine.dll
    2014-04-04 03:44 . 2014-04-04 03:44 -------- d-----w- c:\program files\IrfanView
    2014-04-04 03:44 . 2014-04-04 03:44 -------- d-----w- c:\program files\Common Files\Adobe
    2014-04-04 03:41 . 2014-04-04 03:41 -------- d-----w- c:\program files\VideoLAN
    2014-04-04 03:28 . 2013-12-21 08:56 454656 ----a-w- c:\windows\system32\vbscript.dll
    2014-04-04 03:23 . 2013-11-23 18:26 417792 ----a-w- c:\windows\system32\WMPhoto.dll
    2014-04-04 03:23 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
    2014-04-04 03:23 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\system32\d2d1.dll
    2014-04-04 03:15 . 2014-04-04 03:18 -------- d-----w- c:\windows\system32\MRT
    2014-04-04 03:07 . 2013-10-01 23:45 32256 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
    2014-04-04 03:07 . 2013-10-02 00:32 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
    2014-04-04 03:07 . 2013-10-02 00:42 49152 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
    2014-04-04 03:07 . 2013-10-02 00:30 14336 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
    2014-04-04 03:07 . 2013-10-02 00:14 50176 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
    2014-04-04 03:07 . 2013-10-02 00:14 17920 ----a-w- c:\windows\system32\wksprtPS.dll
    2014-04-04 03:07 . 2013-10-01 23:58 53248 ----a-w- c:\windows\system32\tsgqec.dll
    2014-04-04 03:07 . 2013-10-01 23:08 855552 ----a-w- c:\windows\system32\rdvidcrl.dll
    2014-04-04 03:07 . 2013-10-01 23:00 76288 ----a-w- c:\windows\system32\TSWbPrxy.exe
    2014-04-04 03:07 . 2013-10-01 22:53 350208 ----a-w- c:\windows\system32\wksprt.exe
    2014-04-04 03:07 . 2013-10-01 22:34 1068544 ----a-w- c:\windows\system32\mstsc.exe
    2014-04-04 03:06 . 2014-04-04 22:56 -------- d-----w- c:\program files\CONEXANT
    2014-04-04 03:05 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
    2014-04-04 03:05 . 2013-09-25 01:57 792576 ----a-w- c:\windows\system32\TSWorkspace.dll
    2014-04-04 02:58 . 2014-04-04 02:58 -------- d-----w- c:\program files\Microsoft.NET
    2014-04-04 02:58 . 2014-04-04 02:58 -------- d-----w- c:\windows\Migration
    2014-04-04 02:48 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
    2014-04-04 02:48 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
    2014-04-04 02:47 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
    2014-04-04 02:47 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
    2014-04-04 02:47 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
    2014-04-04 02:47 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
    2014-04-04 02:47 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
    2014-04-04 02:41 . 2014-04-04 02:41 -------- d-----w- c:\windows\system32\Wat
    2014-04-04 02:29 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\system32\wmploc.DLL
    2014-04-04 02:29 . 2013-05-10 03:48 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
    2014-04-04 02:02 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2014-04-04 02:02 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
    2014-04-04 01:59 . 2014-04-04 01:59 -------- d-----w- c:\program files\Common Files\Skype
    2014-04-04 01:59 . 2014-04-04 01:59 -------- d-----r- c:\program files\Skype
    2014-04-04 01:59 . 2014-04-04 01:59 -------- d-----w- c:\programdata\Skype
    2014-04-04 01:53 . 2014-04-04 01:55 -------- d-----w- c:\program files\Mozilla Maintenance Service
    2014-04-04 01:50 . 2013-04-10 05:04 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
    2014-04-04 01:50 . 2013-04-10 05:03 936448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
    2014-04-04 01:50 . 2013-04-10 05:03 988672 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
    2014-04-04 01:50 . 2013-04-10 05:03 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
    2014-04-04 01:50 . 2011-06-15 08:55 86016 ----a-w- c:\windows\system32\odbccu32.dll
    2014-04-04 01:50 . 2011-06-15 08:55 81920 ----a-w- c:\windows\system32\odbccr32.dll
    2014-04-04 01:50 . 2011-06-15 08:55 319488 ----a-w- c:\windows\system32\odbcjt32.dll
    2014-04-04 01:50 . 2011-06-15 08:55 122880 ----a-w- c:\windows\system32\odbccp32.dll
    2014-04-04 01:50 . 2011-06-15 08:54 94208 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll
    2014-04-04 01:50 . 2011-06-15 08:55 163840 ----a-w- c:\windows\system32\odbctrac.dll
    2014-04-04 01:41 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll
    2014-04-04 01:41 . 2014-02-07 01:07 2349056 ----a-w- c:\windows\system32\win32k.sys
    2014-04-04 01:41 . 2011-02-12 05:35 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
    2014-04-04 01:41 . 2013-07-04 11:50 530432 ----a-w- c:\windows\system32\comctl32.dll
    2014-04-04 01:41 . 2012-11-22 04:45 626688 ----a-w- c:\windows\system32\usp10.dll
    2014-04-04 01:41 . 2013-04-12 13:45 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2014-04-04 01:41 . 2013-07-03 03:36 55808 ----a-w- c:\windows\system32\drivers\hidclass.sys
    2014-04-04 01:41 . 2013-07-03 03:36 25728 ----a-w- c:\windows\system32\drivers\hidparse.sys
    2014-04-04 01:41 . 2013-07-09 04:50 652800 ----a-w- c:\windows\system32\rpcrt4.dll
    2014-04-04 01:41 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
    2014-04-04 01:41 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
    2014-04-04 01:40 . 2013-07-09 04:52 175104 ----a-w- c:\windows\system32\wintrust.dll
    2014-04-04 01:40 . 2013-10-04 01:56 1796096 ----a-w- c:\windows\system32\authui.dll
    2014-04-04 01:40 . 2013-10-04 01:58 152576 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
    2014-04-04 01:40 . 2013-10-04 01:56 168960 ----a-w- c:\windows\system32\credui.dll
    2014-04-04 01:40 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
    2014-04-04 01:39 . 2011-04-29 02:46 311808 ----a-w- c:\windows\system32\drivers\srv.sys
    2014-04-04 01:39 . 2011-04-29 02:46 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
    2014-04-04 01:39 . 2011-04-29 02:46 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2014-04-04 01:39 . 2012-11-02 05:11 376832 ----a-w- c:\windows\system32\dpnet.dll
    2014-04-04 01:39 . 2014-02-04 02:04 509440 ----a-w- c:\windows\system32\qedit.dll
    2014-04-04 01:39 . 2013-10-30 02:19 301568 ----a-w- c:\windows\system32\msieftp.dll
    2014-04-04 01:39 . 2013-01-24 04:47 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys
    2014-04-04 01:37 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
    2014-04-04 01:37 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll
    2014-04-04 01:37 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax
    2014-04-04 01:37 . 2013-08-01 11:03 729024 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2014-04-04 01:37 . 2013-04-10 05:18 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2014-04-04 01:36 . 2013-05-10 03:20 24576 ----a-w- c:\windows\system32\cryptdlg.dll
    2014-04-04 01:36 . 2013-11-12 02:07 2048 ----a-w- c:\windows\system32\tzres.dll
    2014-04-04 01:34 . 2014-01-28 02:07 185344 ----a-w- c:\windows\system32\wwansvc.dll
    2014-04-04 01:34 . 2013-03-19 03:33 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
    2014-04-04 01:34 . 2013-04-26 04:55 492544 ----a-w- c:\windows\system32\win32spl.dll
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-04-04 23:15 . 2006-03-09 14:58 1060424 ----a-w- c:\windows\system32\WdfCoInstaller01000.dll
    2014-04-04 23:15 . 2006-10-27 18:11 110592 ----a-w- c:\windows\system32\SynTPCo4.dll
    2014-04-04 23:15 . 2006-10-27 17:24 143360 ----a-w- c:\windows\system32\SynTPAPI.dll
    2014-04-04 23:15 . 2006-10-27 18:14 179896 ----a-w- c:\windows\system32\drivers\SynTP.sys
    2014-04-04 23:15 . 2006-10-27 17:14 196608 ----a-w- c:\windows\system32\SynCtrl.dll
    2014-04-04 23:15 . 2006-10-27 17:13 163840 ----a-w- c:\windows\system32\SynCOM.dll
    2014-04-04 22:54 . 2006-11-07 13:54 172032 ----a-w- c:\windows\system32\UCI32114.dll
    2014-04-04 22:54 . 2006-03-23 19:45 61952 ----a-w- c:\windows\system32\CHDAudPropShortcut.exe
    2014-04-04 22:54 . 2006-03-23 19:45 5120 ----a-w- c:\windows\system32\CHdAudPropres.dll
    2014-04-04 22:54 . 2006-03-23 19:45 24064 ----a-w- c:\windows\system32\CHdAudprop.dll
    2014-04-04 22:54 . 2006-03-23 19:45 566272 ----a-w- c:\windows\system32\drivers\CHDAud.sys
    .
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2014-04-04 22:01 260976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2006-11-13 413696]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-04 3854640]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2014-03-26 1225944]
    "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2014-04-04 61952]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2014-04-04 815104]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
    "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-21 476512]
    "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
    "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2013-12-6 565464]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    R0 aswRvrt;avast! Revert; [x]
    R0 aswVmm;avast! VM Monitor; [x]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-04-04 776976]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-04-04 411552]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2014-03-26 607168]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-04-04 67824]
    R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2013-12-06 1229528]
    R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
    R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-04-04 67264]
    R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [2014-03-26 1663192]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-01 108032]
    R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_x86.sys [2013-12-06 16024]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
    R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2014-04-04 1343400]
    S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2014-03-26 20072]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2014-03-26 43728]
    S3 netw5v32;Pilote de carte de liaison WiFi sans fil Intel(R) 5000 Series pour Windows Vista 32 bits;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-04-03 23:40 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2014-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2014-04-03 23:34]
    .
    2014-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2014-04-03 23:34]
    .
    .
    ------- Examen supplémentaire -------
    .
    TCP: DhcpNameServer = 47.55.55.55 142.166.166.166
    FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yk8py79e.default\
    .
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Configurations]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Data]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Options]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Cam]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
    .
    Heure de fin: 2014-04-06 07:15:05
    ComboFix-quarantined-files.txt 2014-04-06 11:15
    .
    Avant-CF: 760 783 863 808 octets libres
    Après-CF: 760 733 167 616 octets libres
    .
    - - End Of File - - 661F9419A95493C24992F4FCBF3B6A6F
    A36C5E4F47E84449FF07ED3517B43A31
     
  17. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    Looks good.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  18. needhelp51

    needhelp51 TS Enthusiast Topic Starter Posts: 218

    Here is adwcleaner log:

    # AdwCleaner v3.023 - Rapport créé le 06/04/2014 à 08:00:55
    # Mis à jour le 01/04/2014 par Xplode
    # Système d'exploitation : Windows 7 Professional Service Pack 1 (32 bits)
    # Nom d'utilisateur : Admin - ADMIN-PC
    # Exécuté depuis : C:\Users\Admin\Desktop\adwcleaner.exe
    # Option : Nettoyer

    ***** [ Services ] *****


    ***** [ Fichiers / Dossiers ] *****


    ***** [ Raccourcis ] *****


    ***** [ Registre ] *****


    ***** [ Navigateurs ] *****

    -\\ Internet Explorer v11.0.9600.16521


    -\\ Mozilla Firefox v28.0 (fr)

    [ Fichier : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yk8py79e.default\prefs.js ]


    -\\ Google Chrome v33.0.1750.154

    [ Fichier : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [934 octets] - [06/04/2014 07:56:07]
    AdwCleaner[S0].txt - [856 octets] - [06/04/2014 08:00:55]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [915 octets] ##########

    Here is JRT log:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.4 (04.06.2014:1)
    OS: Windows 7 Professional x86
    Ran by Admin on 2014-04-06 at 8:08:42,90
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 2014-04-06 at 8:41:57,31
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Here is extra log

    OTL Extras logfile created on: 06/04/2014 08:42:36 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admin\Desktop
    Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.16521)
    Locale: 0000040c | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

    3,00 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 78,51% Memory free
    5,99 Gb Paging File | 5,19 Gb Available in Paging File | 86,61% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 931,51 Gb Total Space | 708,59 Gb Free Space | 76,07% Space Free | Partition Type: NTFS
    Drive D: | 626,03 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

    Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-811221372-2198457851-1441504835-1000\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{20D8E360-26EF-4DB8-B9E0-1CE127362ED0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{264B5290-64C5-49E2-A03D-B025AEF1A5E9}" = lport=445 | protocol=6 | dir=in | app=system |
    "{304A2530-2E3D-44A2-A1E5-C766BF75FD63}" = lport=138 | protocol=17 | dir=in | app=system |
    "{56955EDD-6598-4B6C-A388-41345EBF3B82}" = lport=139 | protocol=6 | dir=in | app=system |
    "{5D64E515-2228-4D24-AC60-D669D2CED137}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{5F83D034-070F-4DBE-9F1F-6580B8AA50F6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{732FBBC7-B516-492B-83F1-EDA4B98A4343}" = rport=139 | protocol=6 | dir=out | app=system |
    "{7F993FCC-F60D-4F73-8EEA-B5315EA1A296}" = rport=137 | protocol=17 | dir=out | app=system |
    "{8366369E-758F-4DD7-9C0E-6CBFC17BAE6C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{8BA6E21F-B110-4B1B-8F9B-45978029DBD8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{969FE27B-05B6-4A57-A717-F4D888486CD9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{9A1D3C90-C157-4EAE-A4AA-9EF998A92790}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{9AEC5953-FC10-4F88-B19D-9502A67F5F4E}" = rport=445 | protocol=6 | dir=out | app=system |
    "{A34983BE-C905-4D47-BB7C-6629E6981401}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{AE7FAF1D-1570-4DF7-B363-2AC0640236FB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{BABB0199-C8C2-4356-8A78-124F416973DE}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C39BB5E8-DC51-47EB-83F7-725AD01143A1}" = rport=138 | protocol=17 | dir=out | app=system |
    "{DAD462DA-C63B-45F0-A744-9AEBADBD8990}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{DD38138C-C32E-45D9-87B9-9337376B6D3C}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{E8CC1F15-A826-4603-A77D-9873F50F4DDD}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{ED25AE5E-B536-4CBE-8BAB-FBE8AE715F0F}" = lport=10243 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00029821-A688-4B93-876A-AC7792EBF01D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{203523BA-BA86-4B95-AD16-106A4AC4FB68}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{4C8FEBEA-86AE-4434-B641-BF29E85A5EFD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{506CBBD0-B872-4D45-AFD0-FCD96CD9D533}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{5317ED17-DD00-488F-A940-8C5292699720}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{6A4639D9-067B-4A1A-8144-BF235939A9D0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{6B0C452F-9995-4C34-9BB0-3BA64DD5EBF8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{74E9D70C-90ED-4003-8A54-93C5C2162AB7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{77ADD751-59A0-495E-8668-B8AA556FCCD6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{884E0973-6B40-46BF-818E-34DB8A4C8F44}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{96F4D021-9378-4644-A781-09D11DC08465}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{B7D1FF4A-C760-4A38-98DC-83294967B184}" = protocol=6 | dir=out | app=system |
    "{C87ED231-6A6E-4848-8740-01A18A73B91B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{D51E337D-B1CE-40C5-8062-7A8AC4AEE315}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{F6600C86-55E2-45B8-8EF1-6DAC3B58DDF3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{FC3BE086-4360-422D-8A82-14E3DD7ACF5F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{FD738DDA-7FE8-4655-BCAA-F2E4D67AF94C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
    "{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 51
    "{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
    "{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
    "{8D5D54B8-3D29-4AB4-8DA8-1868DAF941D8}" = OpenOffice 4.0.1
    "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
    "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036" = Microsoft .NET Framework 4.5.1 (Français)
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = Réducteur de bruit lect. CD/DVD
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1036-7B44-AB0000000001}" = Adobe Reader XI (11.0.06) - Français
    "{C507986C-A83D-3F09-9099-5E1AF20BE648}" = Microsoft .NET Framework 4.5.1 (FRA)
    "{D32EF4F9-1506-434E-A813-3D4C0AA50300}" = COMODO Firewall
    "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics DiskDefrag
    "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
    "Audacity_is1" = Audacity 2.0.5
    "Avast" = avast! Free Antivirus
    "CCleaner" = CCleaner
    "CNXT_HDAUDIO" = Conexant HD Audio
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5047&SUBSYS_1179FF31" = HDAUDIO Soft Data Fax Modem with SmartCP
    "Google Chrome" = Google Chrome
    "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
    "IrfanView" = IrfanView (remove only)
    "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
    "Mozilla Firefox 28.0 (x86 fr)" = Mozilla Firefox 28.0 (x86 fr)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NVIDIA Drivers" = NVIDIA Drivers
    "ScreenshotCaptor_is1" = Screenshot Captor 4.8
    "Secunia PSI" = Secunia PSI (3.0.0.9016)
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "VLC media player" = VLC media player 2.1.3

    < End of report >
     
  19. needhelp51

    needhelp51 TS Enthusiast Topic Starter Posts: 218

    Here is OTL:
    OTL logfile created on: 06/04/2014 08:42:36 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admin\Desktop
    Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.16521)
    Locale: 0000040c | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

    3,00 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 78,51% Memory free
    5,99 Gb Paging File | 5,19 Gb Available in Paging File | 86,61% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 931,51 Gb Total Space | 708,59 Gb Free Space | 76,07% Space Free | Partition Type: NTFS
    Drive D: | 626,03 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

    Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/04/06 07:52:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
    PRC - [2014/04/04 18:01:17 | 003,854,640 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2014/04/04 18:01:17 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2014/04/03 20:33:04 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2014/03/25 20:22:40 | 005,302,384 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    PRC - [2014/03/25 20:22:16 | 001,864,408 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
    PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2013/12/06 10:47:20 | 001,229,528 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\PSIA.exe
    PRC - [2013/12/06 10:47:18 | 000,565,464 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
    PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/08/21 09:29:40 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    PRC - [2009/08/21 09:29:20 | 000,476,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    PRC - [2009/08/05 14:04:54 | 000,738,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    PRC - [2009/07/28 15:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
    PRC - [2009/07/28 14:00:10 | 000,460,088 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    PRC - [2006/11/13 13:01:34 | 000,413,696 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe


    ========== Modules (No Company Name) ==========

    MOD - [2014/04/04 18:01:18 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
    MOD - [2009/07/25 11:07:12 | 000,058,704 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
    MOD - [2009/07/16 15:27:48 | 000,052,536 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
    MOD - [2009/07/16 15:27:44 | 007,263,544 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
    MOD - [2009/03/12 19:08:04 | 000,049,152 | ---- | M] () -- C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll


    ========== Services (SafeList) ==========

    SRV - [2014/04/04 18:01:17 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2014/04/03 22:29:17 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2014/03/25 20:22:40 | 005,302,384 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (CmdAgent)
    SRV - [2014/03/25 20:22:16 | 001,663,192 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
    SRV - [2014/03/15 04:40:31 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2014/02/28 23:38:23 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013/12/06 10:47:20 | 001,229,528 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
    SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013/05/27 00:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
    SRV - [2009/08/21 09:29:40 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
    SRV - [2009/07/28 15:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
    SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
    SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Admin\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2014/04/04 18:54:26 | 000,566,272 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDAud.sys -- (HdAudAddService)
    DRV - [2014/04/04 18:01:19 | 000,776,976 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2014/04/04 18:01:19 | 000,411,552 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2014/04/04 18:01:19 | 000,180,760 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
    DRV - [2014/04/04 18:01:19 | 000,081,768 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
    DRV - [2014/04/04 18:01:19 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2014/04/04 18:01:19 | 000,067,264 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aswStm.sys -- (aswStm)
    DRV - [2014/04/04 18:01:19 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
    DRV - [2014/03/25 20:22:50 | 000,092,656 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
    DRV - [2014/03/25 20:22:50 | 000,043,728 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
    DRV - [2014/03/25 20:22:48 | 000,607,168 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard)
    DRV - [2014/03/25 20:22:48 | 000,020,072 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmderd.sys -- (cmderd)
    DRV - [2013/12/06 10:47:12 | 000,016,024 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf_x86.sys -- (PSI)
    DRV - [2013/10/01 20:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 17:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
    DRV - [2010/11/20 17:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
    DRV - [2010/11/20 17:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
    DRV - [2010/11/20 17:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
    DRV - [2010/11/20 17:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV - [2010/11/20 17:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
    DRV - [2010/11/20 17:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
    DRV - [2009/07/30 17:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV - [2009/07/14 15:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
    DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
    DRV - [2009/07/13 18:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
    DRV - [2009/07/13 18:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
    DRV - [2009/03/06 11:52:00 | 007,545,088 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2005/11/08 15:12:00 | 000,997,376 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2005/11/08 15:11:00 | 000,723,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2005/11/08 15:11:00 | 000,202,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSFHWAZL.sys -- (HSFHWAZL)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-811221372-2198457851-1441504835-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-CA
    IE - HKU\S-1-5-21-811221372-2198457851-1441504835-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EC F5 63 36 9A 4F CF 01 [binary data]
    IE - HKU\S-1-5-21-811221372-2198457851-1441504835-1000\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-811221372-2198457851-1441504835-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
    IE - HKU\S-1-5-21-811221372-2198457851-1441504835-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2016.82
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/04/04 18:01:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

    [2014/04/03 21:53:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
    [2014/04/04 19:29:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\yk8py79e.default\extensions
    [2014/04/03 21:55:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\browser\extensions
    [2014/04/03 21:55:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2014/04/04 18:01:19 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:eek:mniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
    CHR - plugin: Error reading preferences file
    CHR - Extension: Google Drive = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Recherche Google = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: avast! Online Security = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2016.82_0\
    CHR - Extension: Google Wallet = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
    CHR - Extension: Gmail = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2014/04/06 07:13:35 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (COMODO)
    O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\Windows\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
    O4 - HKU\S-1-5-21-811221372-2198457851-1441504835-1000..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-811221372-2198457851-1441504835-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-811221372-2198457851-1441504835-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 47.55.55.55 142.166.166.166
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83A967BC-B179-4662-BC85-2206CCDD72C9}: DhcpNameServer = 47.55.55.55 142.166.166.166
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2001/12/15 01:21:26 | 000,765,952 | R--- | M] (Quarium, Inc.) - D:\Autorun.exe -- [ CDFS ]
    O32 - AutoRun File - [2001/11/22 00:59:50 | 000,000,053 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/04/06 09:59:19 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\toshiba
    [2014/04/06 08:08:39 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2014/04/06 07:56:04 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014/04/06 07:52:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
    [2014/04/06 07:52:11 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Admin\Desktop\JRT.exe
    [2014/04/06 07:15:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2014/04/06 07:15:08 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2014/04/06 07:15:08 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\temp
    [2014/04/06 07:06:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2014/04/06 07:06:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2014/04/06 07:06:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2014/04/06 07:05:52 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2014/04/06 07:05:39 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2014/04/06 06:56:11 | 005,195,663 | R--- | C] (Swearware) -- C:\Users\Admin\Desktop\NotCF.exe
    [2014/04/06 06:24:03 | 001,933,048 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Admin\Desktop\iExplore.exe
    [2014/04/06 06:23:31 | 001,933,048 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Admin\Desktop\rkill.exe
    [2014/04/05 15:49:01 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\OpenOffice
    [2014/04/05 13:03:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
    [2014/04/05 13:03:10 | 000,000,000 | ---D | C] -- C:\Program Files\EA GAMES
    [2014/04/05 10:19:56 | 000,107,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    [2014/04/05 10:19:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    [2014/04/05 10:19:30 | 000,075,480 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
    [2014/04/05 10:19:30 | 000,051,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
    [2014/04/05 10:19:30 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2014/04/05 10:19:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
    [2014/04/05 10:19:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2014/04/05 09:47:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Auslogics
    [2014/04/05 09:46:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
    [2014/04/05 09:46:50 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
    [2014/04/05 09:36:47 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Audacity
    [2014/04/05 09:36:06 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity
    [2014/04/05 09:31:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
    [2014/04/05 09:26:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2014/04/05 09:26:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2014/04/05 09:25:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    [2014/04/05 09:24:40 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2014/04/04 23:27:25 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\DonationCoder
    [2014/04/04 23:27:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\DonationCoder
    [2014/04/04 22:47:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScreenshotCaptor
    [2014/04/04 22:47:04 | 000,000,000 | ---D | C] -- C:\ProgramData\DonationCoder
    [2014/04/04 22:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\ScreenshotCaptor
    [2014/04/04 22:46:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Programs
    [2014/04/04 19:17:06 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
    [2014/04/04 19:14:15 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
    [2014/04/04 19:12:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
    [2014/04/04 19:00:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
    [2014/04/04 19:00:39 | 000,000,000 | ---D | C] -- C:\Program Files\TOSHIBA
    [2014/04/04 18:59:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\WinBatch
    [2014/04/04 18:19:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
    [2014/04/04 18:17:22 | 000,000,000 | --SD | C] -- C:\ProgramData\Shared Space
    [2014/04/04 18:17:01 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
    [2014/04/04 18:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
    [2014/04/04 18:13:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
    [2014/04/04 18:02:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\AVAST Software
    [2014/04/04 18:02:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
    [2014/04/04 18:01:49 | 000,067,264 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswStm.sys
    [2014/04/04 18:01:40 | 000,776,976 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2014/04/04 18:01:39 | 000,411,552 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2014/04/04 18:01:34 | 000,067,824 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2014/04/04 18:01:32 | 000,081,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
    [2014/04/04 18:01:21 | 000,271,264 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2014/04/04 18:01:19 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2014/04/04 17:58:34 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2014/04/04 17:57:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2014/04/04 17:51:12 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Secunia PSI
    [2014/04/04 17:50:58 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
    [2014/04/03 23:44:57 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\IrfanView
    [2014/04/03 23:44:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
    [2014/04/03 23:44:56 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView
    [2014/04/03 23:44:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
    [2014/04/03 23:44:48 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
    [2014/04/03 23:44:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
    [2014/04/03 23:43:54 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\vlc
    [2014/04/03 23:42:12 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Adobe
    [2014/04/03 23:41:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    [2014/04/03 23:41:29 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
    [2014/04/03 23:15:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
    [2014/04/03 23:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
    [2014/04/03 22:58:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
    [2014/04/03 22:58:09 | 000,000,000 | ---D | C] -- C:\Windows\Migration
    [2014/04/03 22:41:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
    [2014/04/03 22:00:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Skype
    [2014/04/03 22:00:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Skype
    [2014/04/03 21:59:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2014/04/03 21:59:52 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
    [2014/04/03 21:59:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
    [2014/04/03 21:59:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
    [2014/04/03 21:53:34 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Mozilla
    [2014/04/03 21:53:34 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Mozilla
    [2014/04/03 21:53:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
    [2014/04/03 21:53:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
    [2014/04/03 21:52:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2014/04/03 20:46:57 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Adobe
    [2014/04/03 20:35:11 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
    [2014/04/03 20:34:24 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice 4
    [2014/04/03 20:03:15 | 000,000,000 | ---D | C] -- C:\Program Files\mp3DirectCut
    [2014/04/03 20:00:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2014/04/03 20:00:12 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2014/04/03 19:50:42 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
    [2014/04/03 19:40:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2014/04/03 19:40:12 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
    [2014/04/03 19:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\Google
    [2014/04/03 19:34:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Google
    [2014/04/03 19:33:40 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Apps
    [2014/04/03 19:33:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Deployment
    [2014/04/02 23:25:32 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    [2014/04/02 23:25:32 | 000,000,000 | R--D | C] -- C:\Users\Admin\Searches
    [2014/04/02 23:25:32 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    [2014/04/02 23:25:32 | 000,000,000 | -H-D | C] -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
    [2014/04/02 23:25:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Identities
    [2014/04/02 23:25:14 | 000,000,000 | R--D | C] -- C:\Users\Admin\Contacts
    [2014/04/02 23:24:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\VirtualStore
    [2014/04/02 23:24:53 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Voisinage réseau
    [2014/04/02 23:24:53 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Voisinage d'impression
    [2014/04/02 23:24:53 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\Temporary Internet Files
    [2014/04/02 23:24:53 | 000,000,000 | -HSD | C] -- C:\Users\Admin\SendTo
    [2014/04/02 23:24:53 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Recent
    [2014/04/02 23:24:53 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Modèles
    [2014/04/02 23:24:53 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Documents\Mes vidéos
    [2014/04/02 23:24:53 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Menu Démarrer
    [2014/04/02 23:24:53 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Local Settings
    [2014/04/02 23:24:53 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\Historique
    [2014/04/02 23:24:53 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Cookies
    [2014/04/02 23:24:53 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Application Data
    [2014/04/02 23:24:53 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\Application Data
    [2014/04/02 23:24:52 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Documents\Mes images
    [2014/04/02 23:24:52 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Mes documents
    [2014/04/02 23:24:52 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Documents\Ma musique
    [2014/04/02 23:24:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Microsoft
    [2014/04/02 23:24:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Media Center Programs
    [2014/04/02 23:24:51 | 000,000,000 | --SD | C] -- C:\Users\Admin\AppData\Roaming\Microsoft
    [2014/04/02 23:24:51 | 000,000,000 | R--D | C] -- C:\Users\Admin\Videos
    [2014/04/02 23:24:51 | 000,000,000 | R--D | C] -- C:\Users\Admin\Saved Games
    [2014/04/02 23:24:51 | 000,000,000 | R--D | C] -- C:\Users\Admin\Pictures
    [2014/04/02 23:24:51 | 000,000,000 | R--D | C] -- C:\Users\Admin\Music
    [2014/04/02 23:24:51 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    [2014/04/02 23:24:51 | 000,000,000 | R--D | C] -- C:\Users\Admin\Links
    [2014/04/02 23:24:51 | 000,000,000 | R--D | C] -- C:\Users\Admin\Favorites
    [2014/04/02 23:24:51 | 000,000,000 | R--D | C] -- C:\Users\Admin\Downloads
    [2014/04/02 23:24:51 | 000,000,000 | R--D | C] -- C:\Users\Admin\Documents
    [2014/04/02 23:24:51 | 000,000,000 | R--D | C] -- C:\Users\Admin\Desktop
    [2014/04/02 23:24:51 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    [2014/04/02 23:24:51 | 000,000,000 | -H-D | C] -- C:\Users\Admin\AppData
    [2014/04/02 23:24:31 | 000,000,000 | -HSD | C] -- C:\ProgramData\Modèles
    [2014/04/02 23:24:31 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Mes vidéos
    [2014/04/02 23:24:31 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Mes images
    [2014/04/02 23:24:31 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Démarrer
    [2014/04/02 23:24:31 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Ma musique
    [2014/04/02 23:24:31 | 000,000,000 | -HSD | C] -- C:\Program Files\Fichiers communs
    [2014/04/02 23:24:31 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoris
    [2014/04/02 23:24:31 | 000,000,000 | -HSD | C] -- C:\ProgramData\Bureau
    [2014/04/02 23:24:31 | 000,000,000 | ---D | C] -- C:\Recovery
    [2014/04/02 22:35:23 | 000,000,000 | ---D | C] -- C:\Boot
    [2014/04/02 19:21:03 | 000,000,000 | ---D | C] -- C:\Bureau2014
    [2014/04/02 17:54:03 | 000,000,000 | ---D | C] -- C:\Windows\Panther
    [2014/04/02 17:40:01 | 000,000,000 | ---D | C] -- C:\Windows.old
    [2014/04/02 16:59:19 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
    [2014/04/02 16:56:48 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
    [2014/03/25 20:22:50 | 000,092,656 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
    [2014/03/25 20:22:50 | 000,043,728 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
    [2014/03/25 20:22:48 | 000,607,168 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys
    [2014/03/25 20:22:48 | 000,020,072 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmderd.sys
    [2014/03/25 20:22:38 | 000,363,504 | ---- | C] (COMODO) -- C:\Windows\System32\guard32.dll
    [2014/03/25 20:22:38 | 000,036,000 | ---- | C] (COMODO) -- C:\Windows\System32\cmdcsr.dll
    [2014/03/25 20:22:26 | 000,284,888 | ---- | C] (COMODO) -- C:\Windows\System32\cmdvrt32.dll
    [2014/03/25 20:22:24 | 000,040,664 | ---- | C] (COMODO) -- C:\Windows\System32\cmdkbd32.dll
    [2014/03/12 14:38:02 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2014/03/07 20:51:40 | 000,000,000 | ---D | C] -- C:\Intel

    ========== Files - Modified Within 30 Days ==========

    [2014/04/06 10:08:44 | 000,747,154 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
    [2014/04/06 10:08:44 | 000,653,724 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2014/04/06 10:08:44 | 000,149,646 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
    [2014/04/06 10:08:44 | 000,121,596 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2014/04/06 08:47:00 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/04/06 08:10:56 | 000,031,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/04/06 08:10:56 | 000,031,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/04/06 08:03:50 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/04/06 08:03:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/04/06 08:03:25 | 2414,485,504 | -HS- | M] () -- C:\hiberfil.sys
    [2014/04/06 07:52:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
    [2014/04/06 07:52:26 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Admin\Desktop\JRT.exe
    [2014/04/06 07:51:42 | 001,426,178 | ---- | M] () -- C:\Users\Admin\Desktop\adwcleaner.exe
    [2014/04/06 07:13:35 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2014/04/06 07:05:35 | 005,195,663 | R--- | M] (Swearware) -- C:\Users\Admin\Desktop\NotCF.exe
    [2014/04/06 06:24:01 | 001,933,048 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Admin\Desktop\iExplore.exe
    [2014/04/06 06:23:37 | 001,933,048 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Admin\Desktop\rkill.exe
    [2014/04/05 13:14:18 | 000,001,915 | ---- | M] () -- C:\Users\Public\Desktop\Medal of Honor Allied Assault.lnk
    [2014/04/05 11:24:38 | 000,000,432 | ---- | M] () -- C:\Users\Admin\Desktop\Connexion réseau sans fil - Raccourci.lnk
    [2014/04/05 11:24:17 | 000,002,197 | ---- | M] () -- C:\Users\Admin\Desktop\Connexion réseau.lnk
    [2014/04/05 10:19:38 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/04/05 09:46:54 | 000,001,138 | ---- | M] () -- C:\Users\Admin\Desktop\Auslogics DiskDefrag.lnk
    [2014/04/05 09:36:29 | 000,000,976 | ---- | M] () -- C:\Users\Public\Desktop\Audacity.lnk
    [2014/04/04 23:27:25 | 000,000,058 | ---- | M] () -- C:\Users\Admin\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
    [2014/04/04 22:47:23 | 000,001,072 | ---- | M] () -- C:\Users\Admin\Desktop\Screenshot Captor.lnk
    [2014/04/04 19:17:20 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
    [2014/04/04 19:15:55 | 001,060,424 | ---- | M] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2014/04/04 18:19:08 | 000,001,870 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
    [2014/04/04 18:02:23 | 000,002,130 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2014/04/04 18:01:19 | 000,776,976 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2014/04/04 18:01:19 | 000,411,552 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2014/04/04 18:01:19 | 000,271,264 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2014/04/04 18:01:19 | 000,180,760 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
    [2014/04/04 18:01:19 | 000,081,768 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
    [2014/04/04 18:01:19 | 000,067,824 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2014/04/04 18:01:19 | 000,067,264 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswStm.sys
    [2014/04/04 18:01:19 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
    [2014/04/04 18:01:19 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2014/04/04 17:51:03 | 000,001,075 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
    [2014/04/03 23:45:04 | 000,002,000 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
    [2014/04/03 23:44:57 | 000,001,859 | ---- | M] () -- C:\Users\Public\Desktop\IrfanView Thumbnails.lnk
    [2014/04/03 23:44:57 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\IrfanView.lnk
    [2014/04/03 23:41:51 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
    [2014/04/03 22:43:05 | 000,295,200 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2014/04/03 21:59:53 | 000,002,685 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2014/04/03 21:55:28 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2014/04/03 21:08:32 | 000,016,284 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
    [2014/04/03 20:35:12 | 000,001,034 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
    [2014/04/03 20:07:20 | 000,001,434 | ---- | M] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2014/04/03 20:03:15 | 000,001,024 | ---- | M] () -- C:\Users\Admin\Desktop\mp3DirectCut.lnk
    [2014/04/03 20:00:15 | 000,000,976 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2014/04/03 19:50:42 | 000,002,234 | ---- | M] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2014/04/03 19:40:47 | 000,002,210 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2014/04/03 09:51:14 | 000,051,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
    [2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2014/04/02 23:30:55 | 000,376,332 | RHS- | M] () -- C:\IGJDZ
    [2014/04/02 17:53:49 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2014/04/02 17:04:48 | 000,206,497 | ---- | M] () -- C:\Windows\System32\license.rtf
    [2014/04/02 17:04:48 | 000,000,197 | RHS- | M] () -- C:\BOOT.INI
    [2014/03/25 20:22:50 | 000,092,656 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
    [2014/03/25 20:22:50 | 000,043,728 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
    [2014/03/25 20:22:48 | 000,607,168 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys
    [2014/03/25 20:22:48 | 000,020,072 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmderd.sys
    [2014/03/25 20:22:38 | 000,363,504 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll
    [2014/03/25 20:22:38 | 000,036,000 | ---- | M] (COMODO) -- C:\Windows\System32\cmdcsr.dll
    [2014/03/25 20:22:26 | 000,284,888 | ---- | M] (COMODO) -- C:\Windows\System32\cmdvrt32.dll
    [2014/03/25 20:22:24 | 000,040,664 | ---- | M] (COMODO) -- C:\Windows\System32\cmdkbd32.dll

    ========== Files Created - No Company Name ==========

    [2014/04/06 07:51:28 | 001,426,178 | ---- | C] () -- C:\Users\Admin\Desktop\adwcleaner.exe
    [2014/04/06 07:06:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2014/04/06 07:06:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2014/04/06 07:06:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2014/04/06 07:06:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2014/04/06 07:06:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2014/04/05 13:14:18 | 000,001,915 | ---- | C] () -- C:\Users\Public\Desktop\Medal of Honor Allied Assault.lnk
    [2014/04/05 11:24:38 | 000,000,432 | ---- | C] () -- C:\Users\Admin\Desktop\Connexion réseau sans fil - Raccourci.lnk
    [2014/04/05 11:20:58 | 000,002,197 | ---- | C] () -- C:\Users\Admin\Desktop\Connexion réseau.lnk
    [2014/04/05 10:19:38 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/04/05 09:46:54 | 000,001,138 | ---- | C] () -- C:\Users\Admin\Desktop\Auslogics DiskDefrag.lnk
    [2014/04/05 09:36:29 | 000,000,988 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
    [2014/04/05 09:36:29 | 000,000,976 | ---- | C] () -- C:\Users\Public\Desktop\Audacity.lnk
    [2014/04/04 23:27:25 | 000,000,058 | ---- | C] () -- C:\Users\Admin\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
    [2014/04/04 22:47:23 | 000,001,072 | ---- | C] () -- C:\Users\Admin\Desktop\Screenshot Captor.lnk
    [2014/04/04 19:17:20 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
    [2014/04/04 19:14:16 | 000,430,080 | ---- | C] () -- C:\Windows\System32\TOSCDSPD.cpl
    [2014/04/04 18:19:08 | 000,001,870 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
    [2014/04/04 18:02:23 | 000,002,130 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2014/04/04 18:01:44 | 000,180,760 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
    [2014/04/04 18:01:37 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
    [2014/04/04 17:51:03 | 000,001,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
    [2014/04/04 17:51:02 | 000,001,038 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
    [2014/04/03 23:45:04 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    [2014/04/03 23:45:04 | 000,002,000 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
    [2014/04/03 23:44:57 | 000,001,859 | ---- | C] () -- C:\Users\Public\Desktop\IrfanView Thumbnails.lnk
    [2014/04/03 23:44:57 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\IrfanView.lnk
    [2014/04/03 23:41:51 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
    [2014/04/03 22:47:51 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    [2014/04/03 21:59:53 | 000,002,685 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
    [2014/04/03 21:53:26 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2014/04/03 21:53:25 | 000,001,128 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2014/04/03 21:08:32 | 000,016,284 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
    [2014/04/03 20:35:12 | 000,001,034 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
    [2014/04/03 20:12:18 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    [2014/04/03 20:03:15 | 000,001,024 | ---- | C] () -- C:\Users\Admin\Desktop\mp3DirectCut.lnk
    [2014/04/03 20:00:15 | 000,000,976 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2014/04/03 19:40:47 | 000,002,234 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2014/04/03 19:40:47 | 000,002,210 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2014/04/03 19:35:01 | 000,001,054 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/04/03 19:34:57 | 000,001,050 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/04/03 19:21:34 | 000,001,434 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2014/04/02 23:30:55 | 000,376,332 | RHS- | C] () -- C:\IGJDZ
    [2014/04/02 23:25:34 | 000,001,440 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    [2014/04/02 23:24:52 | 000,000,290 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
    [2014/04/02 23:24:52 | 000,000,272 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
    [2014/04/02 22:35:39 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
    [2014/04/02 22:35:24 | 000,383,786 | RHS- | C] () -- C:\bootmgr
    [2014/04/02 17:04:03 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
    [2014/04/02 17:03:34 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    [2014/04/02 16:55:00 | 2414,485,504 | -HS- | C] () -- C:\hiberfil.sys

    ========== ZeroAccess Check ==========

    [2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 17:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2014/04/05 09:37:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Audacity
    [2014/04/04 18:02:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\AVAST Software
    [2014/04/04 23:27:25 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DonationCoder
    [2014/04/03 23:44:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IrfanView
    [2014/04/05 15:49:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenOffice
    [2014/04/06 09:59:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\toshiba
    [2014/04/04 18:59:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WinBatch

    ========== Purity Check ==========



    < End of report >
     
  20. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    [​IMG] Did certificates issues get solved after correcting your computer date?

    [​IMG] OTL logs are clean.

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Click on "Run ESET Online Scanner" button.
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  21. needhelp51

    needhelp51 TS Enthusiast Topic Starter Posts: 218

    Tempcleaner seemed to worked but sadly it crashed after the words 'completed' appeared, desktop was not restored, computer did not ask for reboot, I waited a long time, eventually tried 'exit', waited again, and nothing, had to reboot manually.

    Certificates problem were indeed solved by changing computer time in BIOS. In retrospect, I guess I must have accidently reset my CMOS/BIOS or something cause I did open up my laptop for dust cleanup on that day. Never figured it was possible, lol. Sorry for the false alarm on this particular matter.

    However two drivers loaded at boot still show as 'unknown signature' (sorry for potentially incorrect translation) and I get a pop-up at each boot. I got them from Toshiba, and when I look in device manager, those drivers seem properly 'signed'. Do you think it's an issue? The two files are chdaudpropshortcut.exe (seemingly related to audio driver) and syntpenh.exe (seemingly related to Synaptics pointer device).

    Here is securitycheck log:

    Results of screen317's Security Check version 0.99.81
    Windows 7 Service Pack 1 x86 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Secunia PSI (3.0.0.9016)
    CCleaner
    Java 7 Update 51
    Adobe Reader XI
    Mozilla Firefox (28.0)
    Google Chrome 33.0.1750.154
    ````````Process Check: objlist.exe by Laurent````````
    Comodo Firewall cmdagent.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:
    ````````````````````End of Log``````````````````````


    Here is Farbar log:

    Farbar Service Scanner Version: 25-02-2014
    Ran by Admin (administrator) on 08-04-2014 at 08:12:53
    Running from "C:\Users\Admin\Desktop"
    Microsoft Windows 7 Professionnel Service Pack 1 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcore.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys
    [2014-04-03 21:05] - [2014-04-03 21:05] - 0338944 ____A (Microsoft Corporation) F81BB7E487EDCEAB630A7EE66CF23913

    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys
    [2014-04-03 21:05] - [2014-04-03 21:05] - 1294272 ____A (Microsoft Corporation) CA59F7C570AF70BC174F477CFE2D9EE3

    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll
    [2014-04-03 21:03] - [2013-07-09 00:46] - 0140288 ____A (Microsoft Corporation) 7CA1BECEA5DE2643ADDAD32670E7A4C9

    C:\Program Files\Windows Defender\MpSvc.dll
    [2014-04-03 21:29] - [2013-05-27 00:57] - 0680960 ____A (Microsoft Corporation) 082CF481F659FAE0DE51AD060881EB47

    C:\Windows\system32\ipnathlp.dll => MD5 is legit
    C:\Windows\system32\iphlpsvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****

    Eset came out ok, thus, no log.
     
  22. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    What is the exact message about those two drivers?
    They look legit.
     
  23. needhelp51

    needhelp51 TS Enthusiast Topic Starter Posts: 218

    My pop-ups are in french, so I don't think they would ring a bell. So by googling, I found the english equivalent of those kind of pop-ups and put my info in there. Here's how they go:

    Open File - Security Warning
    The Publisher could not be verified. Are you sure you want to run this software?
    Name: c:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    Publisher: Unknown publisher
    Type: Application
    De C:\App.exe

    RUN / CANCEL (choice buttons)

    (checkbox) Always ask before opening this file

    ...

    And same message for c:\Program Files\Synaptics\SynTP\SynTPEnh.exe
     
    Last edited: Apr 10, 2014
  24. Broni

    Broni Malware Annihilator Posts: 47,048   +256

  25. needhelp51

    needhelp51 TS Enthusiast Topic Starter Posts: 218

    I used technique #2 and I no longer get the alarm for any of them. If they are legit, everything is fine.

    Is my computer clean now? Do I need to clean up some tools?
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.