I actually did a memory dump of the rouge paint process, and you should see all the random things it hooks into. I think we've stumbled onto the DoD backdoor into Windows. It was Paint all along.