Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Search Engine Redirect

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Search Engine Redirect

Unread postby Sliktor » March 1st, 2011, 12:08 am

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:58:04 PM, on 2/28/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\notepad.exe
C:\Users\Sliktor\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [TrendSecure Remote File Lock] C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe /lock
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDow ... rtScan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B16E5AE7-A3FC-4605-B4F7-CC32513D576F}: NameServer = 24.116.2.50,24.116.2.34
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 7337 bytes


Uninstall List

µTorrent
7-Zip 4.65
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop CS5
Adobe Reader 8.2.5
Akamai NetSession Interface
AnswerWorks 5.0 English Runtime
Armagetron Advanced 0.2.8.3.1.gcc
Atlantica
Autodesk 3ds Max 2010 32-bit
Autodesk 3ds Max 2010 32-bit Components
Autodesk 3ds Max 2010 Tutorials Files
Autodesk Backburner 2008.1
Autodesk FBX Plugin 2009.4 - 3ds Max 2010
AutoRun Pro Enterprise II version 4.0.0.60
Broadcom Gigabit Integrated Controller
Build Your Own Net Dream (remove only)
Context Free
ConvertXtoDVD 3.0.0.1
ConvertXtoDVD 4.0.12.327
Driver Detective
Driver Detective
Driver Sweeper 2.1.0
DX Studio Player v3.2.77
DX Studio v3.0.29
DX Studio v3.2.77
Epson Event Manager
EPSON Scan
EPSON WorkForce 600 Series Printer Uninstall
EpsonNet Config V3
Fraps
GraphicsGale version 1.93.13
Guitar Hero III
ImgBurn
Intel PROSet Wireless
Intel(R) PROSet/Wireless WiFi Software
Java DB 10.5.3.0
Java(TM) 6 Update 21
Java(TM) SE Development Kit 6 Update 21
K-Lite Codec Pack 5.7.0 (Full)
LibUSB-Win32-0.1.10.1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Choice Guard
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Help Viewer 1.0
Microsoft Help Viewer 1.0
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 Express - ENU
Microsoft Visual C++ 2010 Express - ENU
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MotioninJoy ds3 driver version 0.5.0000
Mozilla Firefox (3.6.13)
Mozilla Firefox 4.0b12 (x86 en-US)
Mozilla Thunderbird (3.1.8)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NCsoft Launcher
Network Magic
NVIDIA 3D Vision Driver 260.99
NVIDIA Drivers
NVIDIA GAME System Software 2.8.1
NVIDIA Graphics Driver 260.99
NVIDIA PhysX
NVIDIA PhysX System Software 260.99
NVIDIA Stereoscopic 3D Driver
Pando Media Booster
PDF Settings CS5
PowerISO
Project64 1.6
Quicken 2011
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.57.01
Rosetta Stone Version 3
RPG Maker VX
RPG Maker VX RTP
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Service Pack 1 for SQL Server 2008 (KB968369)
SPORE™
SPORE™ Creepy & Cute Parts Pack
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
SwapXT 1.0
System Requirements Lab
Trend Micro Internet Security Pro
Trend Micro Internet Security Pro
TuneUp Utilities 2009
Ubisoft Game Launcher
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2410711)
VLC media player 0.9.9
WIDCOMM Bluetooth Software 6.0.1.5100
Winbond CIR Device Drivers
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
WinRAR archiver
Xfire (remove only)



Hello,

For the past couple of days my browser has been redirecting from google. On one occasion the redirect failed and left "expand-search-goals" website open on a blank page. I've updated and run Trend Micro Internet Security and Malwarebyte's Anti-Malware with no success. Today, I tried to search for windows updates, and received the message below:

Windows could not search for new updates.
An error occurred while checking for new updates to your computer.
Error Code 80072EFE. Windows update encountered an unknown error.

I'm unsure whether or not this is a problem as I just noticed it today. I had a previous version of HiJackThis installed, I uninstalled before downloading and running the one provided.

I appreciate any help you're willing to give.
Sliktor
Regular Member
 
Posts: 16
Joined: February 28th, 2011, 11:44 pm
Advertisement
Register to Remove

Re: Search Engine Redirect

Unread postby Cypher » March 1st, 2011, 8:02 am

Hi checking your logs now be back soon.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Search Engine Redirect

Unread postby Cypher » March 1st, 2011, 8:21 am

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • The instructions being given are for YOUR computer and system only!.
    Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Absence of symptoms does not mean that everything is clear.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Backup Made Easy - XP
Backup your data - Vista
Backup your data - windows 7


Windows 7 Advice:
  • All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.
  • Your Operating System in use comes with a inbuilt utility called User Access Control(UAC).
  • When prompted by this with anything I ask you to do carry out please select the option Allow.

Remove P2P Programs

  • I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
    µTorrent
  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
  • Click on Start > All programs > Accessories > Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the programs listed above (in red) and any other P2P you have installed NOW.
  • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.
While you are in Add/remove programs uninstall the following also.
Java(TM) SE Development Kit 6 Update 21

Next.

Run CKScanner

  • Please download CKScanner from Here
  • Important: - Save it to your desktop.
  • Right-click CKScanner.exe > select " Run as administrator " then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Next.

Download DDS

Please download DDS by sUBs from one of the links below and save it to your desktop.

Link1
Link2

Please disable any anti-malware program that will block scripts from running before running DDS.

  • Right-Click on dds.scr And select " Run as administrator "... and a command window will appear. This is normal.
  • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

Next.

Please download GMER Rootkit Scanner from Here.
  • Right click the .exe file and chose Run as Administrator. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All << (don't miss this one)
    See image below, Click the image to enlarge it
    Image

  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.


Logs/Information to Post in your Next Reply

  • CKFiles.txt.
  • DDS.txt and Attach.txt contents.
  • Gmer.txt.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Search Engine Redirect

Unread postby Sliktor » March 1st, 2011, 12:13 pm

Hello Cypher. Thank you for helping. Trend Micro performed an automatic scan this morning. It did not fix, remove, or quarantine any items. I've turned off automatic scans for the time being.

Here are the logs you asked for.


CKScanner - Additional Security Risks - These are not necessarily bad
c:\ndoors\atlantica\nchar3d\char\nutcrackerf1\nutcrackerf1.ac
c:\ndoors\atlantica\nchar3d\char\nutcrackerf1\nutcrackerf1.kf
c:\ndoors\atlantica\nchar3d\char\nutcrackerf1\nutcrackerf1.kfm
c:\ndoors\atlantica\nchar3d\char\nutcrackerf1\nutcrackerf1.nif
c:\ndoors\atlantica\nchar3d\char\nutcrackerf1\nutcrackerf1_root_nbsattack1.kf
c:\ndoors\atlantica\nchar3d\char\nutcrackerf1\nutcrackerf1_root_nbsattack2.kf
c:\ndoors\atlantica\nchar3d\char\nutcrackerf1\nutcrackerf1_root_nbsbwait1.kf
c:\ndoors\atlantica\nchar3d\char\nutcrackerf1\nutcrackerf1_root_nbscridamage1.kf
c:\ndoors\atlantica\nchar3d\char\nutcrackerf1\nutcrackerf1_root_nbsdamage1.kf
c:\ndoors\atlantica\nchar3d\char\nutcrackerf1\nutcrackerf1_root_nbsdie1.kf
c:\ndoors\atlantica\nchar3d\char\nutcrackerf1\nutcrackerf1_root_nbsmagic1.kf
c:\ndoors\atlantica\nchar3d\char\nutcrackerf1\nutcrackerf1_root_nbstired1.kf
c:\ndoors\atlantica\nchar3d\char\nutcrackerf1\nutcrackerf1_root_nbswait1.kf
c:\ndoors\atlantica\nchar3d\char\nutcrackerf1\nutcrackerf1_root_nbswalk1.kf
c:\ndoors\atlantica\nchar3d\char\nutcrackerf2\nutcrackerf2.ac
c:\ndoors\atlantica\nchar3d\char\nutcrackerf2\nutcrackerf2.kf
c:\ndoors\atlantica\nchar3d\char\nutcrackerf2\nutcrackerf2.kfm
c:\ndoors\atlantica\nchar3d\char\nutcrackerf2\nutcrackerf2.nif
c:\ndoors\atlantica\nchar3d\char\nutcrackerf2\nutcrackerf2_root_nbsattack1.kf
c:\ndoors\atlantica\nchar3d\char\nutcrackerf2\nutcrackerf2_root_nbsattack2.kf
c:\ndoors\atlantica\nchar3d\char\nutcrackerf2\nutcrackerf2_root_nbsbwait1.kf
c:\ndoors\atlantica\nchar3d\char\nutcrackerf2\nutcrackerf2_root_nbscridamage1.kf
c:\ndoors\atlantica\nchar3d\char\nutcrackerf2\nutcrackerf2_root_nbsdamage1.kf
c:\ndoors\atlantica\nchar3d\char\nutcrackerf2\nutcrackerf2_root_nbsdie1.kf
c:\ndoors\atlantica\nchar3d\char\nutcrackerf2\nutcrackerf2_root_nbsmagic1.kf
c:\ndoors\atlantica\nchar3d\char\nutcrackerf2\nutcrackerf2_root_nbstired1.kf
c:\ndoors\atlantica\nchar3d\char\nutcrackerf2\nutcrackerf2_root_nbswait1.kf
c:\ndoors\atlantica\nchar3d\char\nutcrackerf2\nutcrackerf2_root_nbswalk1.kf
c:\ndoors\atlantica\nchar3d\preset\nutcrackerf1.xml
c:\ndoors\atlantica\nchar3d\preset\nutcrackerf2.xml
c:\ndoors\atlantica\nchar3d\preset\nutcrackerf3.xml
c:\ndoors\atlantica\nchar3d\preset\nutcrackerf4.xml
c:\ndoors\atlantica\nchar3d\preset\nutcrackerf5.xml
c:\ndoors\atlantica\nchar3d\preset\nutcrackerf6.xml
c:\ndoors\atlantica\nchar3d\preset\nutcrackerf7.xml
c:\ndoors\atlantica\nchar3d\preset\nutcrackerf8.xml
c:\ndoors\atlantica\nchar3d\texture\monster\nutcrackerf1_map00.dds
c:\ndoors\atlantica\nchar3d\texture\monster\nutcrackerf1_map01.dds
c:\ndoors\atlantica\nchar3d\texture\monster\nutcrackerf1_map02.dds
c:\ndoors\atlantica\nchar3d\texture\monster\nutcrackerf2_map00.dds
c:\ndoors\atlantica\nchar3d\texture\monster\nutcrackerf2_map01.dds
c:\ndoors\atlantica\nchar3d\texture\monster\nutcrackerf2_map02.dds
c:\ndoors\atlantica\nmap\hwangho1\defaulttexture\dun_hwangho1_crack.dds
c:\ndoors\atlantica\nmap\hwangho1\lowertexture\dun_hwangho1_crack.dds
c:\ndoors\atlantica\nmap\hwangho2_1\defaulttexture\dun_hwangho1_crack.dds
c:\ndoors\atlantica\nmap\hwangho2_1\lowertexture\dun_hwangho1_crack.dds
c:\ndoors\atlantica\nmap\hwangho3\defaulttexture\dun_hwangho3_crack.dds
c:\ndoors\atlantica\nmap\hwangho3\lowertexture\dun_hwangho3_crack.dds
hosts 127.0.0.1 activate.adobe.com
hosts 127.0.0.1 practivate.adobe.com
hosts 127.0.0.1 ereg.adobe.com
hosts 127.0.0.1 activate.wip3.adobe.com
hosts 127.0.0.1 wip3.adobe.com
hosts 127.0.0.1 3dns-3.adobe.com
hosts 127.0.0.1 3dns-2.adobe.com
hosts 127.0.0.1 adobe-dns.adobe.com
hosts 127.0.0.1 adobe-dns-2.adobe.com
hosts 127.0.0.1 adobe-dns-3.adobe.com
hosts 127.0.0.1 ereg.wip3.adobe.com
hosts 127.0.0.1 activate-sea.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com
hosts 127.0.0.1 activate-sjc0.adobe.com
hosts 127.0.0.1 adobe.activate.com
hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com
scanner sequence 3.ZZ.11
----- EOF -----





DDS (Ver_10-12-12.02) - NTFSx86
Run by Sliktor at 8:43:16.31 on Tue 03/01/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2046.882 [GMT -7:00]

AV: Trend Micro Internet Security Pro *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Internet Security Pro *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Personal Firewall *Enabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\libusbd-nt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugin-container.exe
C:\Windows\system32\msiexec.exe
C:\Users\Sliktor\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [TrendSecure Remote File Lock] c:\program files\trend micro\trendsecure\remotefilelock\FLMain.exe /lock
uRun: [OE] "c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe"
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDow ... ab_nvd.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDow ... rtScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: {B16E5AE7-A3FC-4605-B4F7-CC32513D576F} = 24.116.2.50,24.116.2.34
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\sliktor\appdata\roaming\mozilla\firefox\profiles\f2n48t6l.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\byond\bin\npbyond.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50917.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npDXStudioPlugin.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\sliktor\appdata\roaming\kalydo\kalydoplayer\npkalydo.dll
FF - plugin: c:\users\sliktor\appdata\roaming\mozilla\plugins\npDXStudioPlugin.DLL

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000

============= SERVICES / DRIVERS ===============

R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2010-5-15 146448]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-3-12 86016]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-10-16 369256]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2010-9-28 36432]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2010-5-15 283152]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-7-22 180736]
R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2007-8-8 12032]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2010-9-6 33792]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-9-15 6000640]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-9-7 51792]
R3 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2010-5-15 497008]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2010-5-15 689416]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-3-28 43008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2010-9-6 58368]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]

=============== Created Last 30 ================

2011-03-01 15:32:53 -------- dc----w- c:\users\sliktor\appdata\local\MigWiz
2011-03-01 03:23:24 -------- d-----w- c:\windows\system32\Service
2011-02-24 07:34:47 1242552 ----a-w- c:\windows\system32\NMSDVDXU.dll
2011-02-24 07:34:38 -------- d-----w- c:\program files\Longtion
2011-02-24 07:11:20 -------- d-----w- c:\users\sliktor\appdata\roaming\KS-SW
2011-02-24 07:10:37 -------- d-----w- c:\program files\KS-SW
2011-02-24 07:10:07 -------- d-----w- c:\progra~2\{2E96D8C1-4066-4663-859A-826B03299C56}
2011-02-24 06:56:39 -------- d-----w- C:\My CD Images
2011-02-24 06:56:17 -------- d-----w- c:\program files\7Bear Software
2011-02-21 17:15:40 -------- d-----w- c:\users\sliktor\appdata\local\Aspyr
2011-02-21 17:03:37 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-02-21 16:54:18 -------- d-----w- c:\program files\Aspyr
2011-02-16 17:02:08 73728 ----a-w- c:\windows\system\vdremote.dll
2011-02-16 17:02:08 65536 ----a-w- c:\windows\system\vdsvrlnk.dll
2011-02-11 21:53:54 204288 ----a-w- c:\windows\system32\upnp.dll
2011-02-07 02:07:28 -------- d-----w- c:\users\sliktor\appdata\roaming\Kalydo
2011-02-06 23:25:17 1645320 ----a-w- c:\windows\gdiplus.dll

==================== Find3M ====================

2011-02-02 03:33:07 1890 --sha-w- c:\progra~2\KGyGaAvL.sys
2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys
2010-12-21 05:38:24 73728 ----a-w- c:\windows\system32\wscsvc.dll
2010-12-21 05:38:24 51200 ----a-w- c:\windows\system32\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- c:\windows\system32\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- c:\windows\system32\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- c:\windows\system32\WebClnt.dll
2010-12-21 05:38:16 14336 ----a-w- c:\windows\system32\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- c:\windows\system32\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- c:\windows\system32\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- c:\windows\system32\davclnt.dll
2010-12-18 05:29:40 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 05:29:31 541184 ----a-w- c:\windows\system32\kerberos.dll
2010-12-18 04:20:55 386048 ----a-w- c:\windows\system32\html.iec
2010-12-18 03:47:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-16 19:09:37 111960 ----a-w- c:\windows\dxsdkuninst.exe

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: ST9320421ASG rev.DE12 -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-4

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x862AA735]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x862b0990]; MOV EAX, [0x862b0a0c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x83292448] -> \Device\Harddisk0\DR0[0x8628F250]
3 CLASSPNP[0x8939C59E] -> ntkrnlpa!IofCallDriver[0x83292448] -> [0x85D9D980]
\Driver\atapi[0x86296D28] -> IRP_MJ_CREATE -> 0x862AA735
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP2T0L0-4 -> \??\IDE#DiskST9320421ASG____________________________DE12____#5&2787c923&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 8:44:23.82 ===============




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 2/24/2010 12:41:05 AM
System Uptime: 2/28/2011 8:22:51 PM (12 hours ago)

Motherboard: Alienware | | m15x
Processor: Intel(R) Core(TM)2 Duo CPU T8100 @ 2.10GHz | U2E1 | 2100/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 298 GiB total, 33.979 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: adfs
Device ID: ROOT\LEGACY_ADFS\0000
Manufacturer:
Name: adfs
PNP Device ID: ROOT\LEGACY_ADFS\0000
Service: adfs

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

7-Zip 4.65
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop CS5
Adobe Reader 8.2.5
Aion
Akamai NetSession Interface
AnswerWorks 5.0 English Runtime
Armagetron Advanced 0.2.8.3.1.gcc
Atlantica
Autodesk 3ds Max 2010 32-bit
Autodesk 3ds Max 2010 32-bit Components
Autodesk 3ds Max 2010 Tutorials Files
Autodesk Backburner 2008.1
Autodesk FBX Plugin 2009.4 - 3ds Max 2010
AutoRun Pro Enterprise II version 4.0.0.60
Broadcom Gigabit Integrated Controller
Build Your Own Net Dream (remove only)
Cisco Network Magic
Context Free
ConvertXtoDVD 3.0.0.1
ConvertXtoDVD 4.0.12.327
Deadly Sin
Driver Detective
Driver Sweeper 2.1.0
DX Studio Player v3.2.77
DX Studio v3.0.29
DX Studio v3.2.77
Epson Event Manager
EPSON Scan
EPSON WorkForce 600 Series Printer Uninstall
EpsonNet Config V3
Fraps
GraphicsGale version 1.93.13
Guitar Hero III
ImgBurn
Intel PROSet Wireless
Intel(R) PROSet/Wireless WiFi Software
Java Auto Updater
Java DB 10.5.3.0
Java(TM) 6 Update 21
K-Lite Codec Pack 5.7.0 (Full)
Kalydo Player 3.09.00
L3DT Standard v2.9.0.0 (remove only)
LibUSB-Win32-0.1.10.1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Help Viewer 1.0
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 Express - ENU
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MotioninJoy ds3 driver version 0.5.0000
Mozilla Firefox (3.6.13)
Mozilla Firefox 4.0b12 (x86 en-US)
Mozilla Thunderbird (3.1.8)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NCsoft Launcher
Network Magic
NVIDIA 3D Vision Driver 260.99
NVIDIA Control Panel 260.99
NVIDIA Drivers
NVIDIA GAME System Software 2.8.1
NVIDIA Graphics Driver 260.99
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 260.99
NVIDIA Stereoscopic 3D Driver
Pando Media Booster
PDF Settings CS5
PowerISO
Project64 1.6
Pure Networks Platform
Quicken 2011
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.57.01
Rosetta Stone Version 3
RPG Maker VX
RPG Maker VX RTP
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Service Pack 1 for SQL Server 2008 (KB968369)
SPORE™
SPORE™ Creepy & Cute Parts Pack
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
SwapXT 1.0
System Requirements Lab
Trend Micro Internet Security Pro
TuneUp Utilities 2009
Ubisoft Game Launcher
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2410711)
VLC media player 0.9.9
WIDCOMM Bluetooth Software 6.0.1.5100
Winbond CIR Device Drivers
Windows Live Communications Platform
Windows Live Essentials
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
WinRAR archiver
Xfire (remove only)

==== Event Viewer Messages From Past Week ========

2/28/2011 8:24:24 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
2/28/2011 8:23:17 PM, Error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
2/28/2011 8:23:16 PM, Error: Service Control Manager [7023] - The TuneUp Theme Extension service terminated with the following error: The specified procedure could not be found.
2/28/2011 8:22:56 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort2.
2/24/2011 12:17:51 AM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
2/23/2011 11:58:08 PM, Error: Service Control Manager [7000] - The Windows Connect Now - Config Registrar service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
2/23/2011 11:48:57 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom

==== End Of File ===========================



GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-03-01 09:10:18
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdePort2 ST9320421ASG rev.DE12
Running: g6j12dfc.exe; Driver: C:\Users\Sliktor\AppData\Local\Temp\fxldrfoc.sys


---- System - GMER 1.0.15 ----

SSDT 888110A0 ZwCreateKey
SSDT 888123E0 ZwCreateMutant
SSDT 888102E0 ZwCreateProcess
SSDT 888105A0 ZwCreateProcessEx
SSDT 88811F00 ZwCreateThread
SSDT 888120A0 ZwCreateThreadEx
SSDT 88810860 ZwCreateUserProcess
SSDT 88811620 ZwDeleteKey
SSDT 888118E0 ZwDeleteValueKey
SSDT 88812240 ZwLoadDriver
SSDT 88810B20 ZwOpenProcess
SSDT 88812580 ZwSetSystemInformation
SSDT 88811360 ZwSetValueKey
SSDT 88810DE0 ZwTerminateProcess
SSDT 88811D60 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 83299589 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 832BE092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 308 832C5918 4 Bytes [A0, 10, 81, 88]
.text ntkrnlpa.exe!RtlSidHashLookup + 318 832C5928 4 Bytes [E0, 23, 81, 88]
.text ntkrnlpa.exe!RtlSidHashLookup + 32C 832C593C 8 Bytes [E0, 02, 81, 88, A0, 05, 81, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 34C 832C595C 8 Bytes [00, 1F, 81, 88, A0, 20, 81, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 364 832C5974 4 Bytes [60, 08, 81, 88]
.text ...
? System32\drivers\poqulnn.sys The system cannot find the path specified. !
? C:\Users\Sliktor\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe[380] ntdll.dll!NtProtectVirtualMemory 76E751C0 5 Bytes JMP 0045000A
.text C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe[380] ntdll.dll!NtWriteVirtualMemory 76E75D40 5 Bytes JMP 004E000A
.text C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe[380] ntdll.dll!KiUserExceptionDispatcher 76E76298 5 Bytes JMP 003C000A
.text C:\Windows\system32\svchost.exe[1096] ntdll.dll!NtProtectVirtualMemory 76E751C0 5 Bytes JMP 0021000A
.text C:\Windows\system32\svchost.exe[1096] ntdll.dll!NtWriteVirtualMemory 76E75D40 5 Bytes JMP 0022000A
.text C:\Windows\system32\svchost.exe[1096] ntdll.dll!KiUserExceptionDispatcher 76E76298 5 Bytes JMP 0020000A
.text C:\Windows\system32\svchost.exe[1096] ole32.dll!CoCreateInstance 75C0590C 5 Bytes JMP 0030000A
.text C:\Windows\system32\svchost.exe[1096] USER32.dll!GetCursorPos 7581C198 5 Bytes JMP 00BB000A
.text C:\Windows\system32\wuauclt.exe[1632] ntdll.dll!NtProtectVirtualMemory 76E751C0 5 Bytes JMP 0050000A
.text C:\Windows\system32\wuauclt.exe[1632] ntdll.dll!NtWriteVirtualMemory 76E75D40 5 Bytes JMP 0051000A
.text C:\Windows\system32\wuauclt.exe[1632] ntdll.dll!KiUserExceptionDispatcher 76E76298 5 Bytes JMP 002D000A
.text C:\Windows\Explorer.EXE[2756] ntdll.dll!NtProtectVirtualMemory 76E751C0 5 Bytes JMP 00A7000A
.text C:\Windows\Explorer.EXE[2756] ntdll.dll!NtWriteVirtualMemory 76E75D40 5 Bytes JMP 01A2000A
.text C:\Windows\Explorer.EXE[2756] ntdll.dll!KiUserExceptionDispatcher 76E76298 5 Bytes JMP 00A2000A
.text C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugin-container.exe[4188] USER32.dll!SetWindowLongA 7581B1E3 5 Bytes JMP 67148A3E C:\Program Files\Mozilla Firefox 4.0 Beta 8\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugin-container.exe[4188] USER32.dll!SetWindowLongW 75826614 5 Bytes JMP 671489D0 C:\Program Files\Mozilla Firefox 4.0 Beta 8\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugin-container.exe[4188] USER32.dll!GetWindowInfo 75826A82 5 Bytes JMP 66F72D69 C:\Program Files\Mozilla Firefox 4.0 Beta 8\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugin-container.exe[4188] USER32.dll!TrackPopupMenu 75844B3B 5 Bytes JMP 66F73375 C:\Program Files\Mozilla Firefox 4.0 Beta 8\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000005a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

Device \Device\Ide\IdeDeviceP2T0L0-4 -> \??\IDE#DiskST9320421ASG____________________________DE12____#5&2787c923&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe1f7fded
Reg HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application@Sources MSDMine?DfSdk
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe1f7fded (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\eventlog\Application@Sources MSDMine?DfSdk

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 02: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 03: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 04: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 05: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 06: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 07: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;

---- Files - GMER 1.0.15 ----

File C:\Users\Sliktor\AppData\Roaming\Mozilla\Firefox\Profiles\f2n48t6l.default\sessionstore-1.js 0 bytes 47492 bytes

---- EOF - GMER 1.0.15 ----
Sliktor
Regular Member
 
Posts: 16
Joined: February 28th, 2011, 11:44 pm

Re: Search Engine Redirect

Unread postby Cypher » March 1st, 2011, 12:44 pm

Hi Sliktor.
Hello Cypher. Thank you for helping.

You're welcome.

Cracked/Keygen related software detected!!!

While going through your logs I found out that you have downloaded keygen/cracked software and that you are actively using it.
Our forum policy Here says we will not help people who use cracked or pirated software.
You likely got infected by using cracked software or visiting crack sites.
Hence, i would like you to remove all the crack/keygen applications that are present on your system, then run CKScanner again.
Post the new log in your next reply.

NOTE: If you give me advice that the software/Keygens have been removed & I find it has not (the tools we use can & will detect it) then I will have no choice but to closed this topic.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Search Engine Redirect

Unread postby Sliktor » March 1st, 2011, 4:56 pm

Here is the new log. I believe I got everything. This computer used to be shared with a few other people so I'm not entirely sure what has been put on here.

CKScanner - Additional Security Risks - These are not necessarily bad
hosts 127.0.0.1 activate.adobe.com
hosts 127.0.0.1 practivate.adobe.com
hosts 127.0.0.1 ereg.adobe.com
hosts 127.0.0.1 activate.wip3.adobe.com
hosts 127.0.0.1 wip3.adobe.com
hosts 127.0.0.1 3dns-3.adobe.com
hosts 127.0.0.1 3dns-2.adobe.com
hosts 127.0.0.1 adobe-dns.adobe.com
hosts 127.0.0.1 adobe-dns-2.adobe.com
hosts 127.0.0.1 adobe-dns-3.adobe.com
hosts 127.0.0.1 ereg.wip3.adobe.com
hosts 127.0.0.1 activate-sea.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com
hosts 127.0.0.1 activate-sjc0.adobe.com
hosts 127.0.0.1 adobe.activate.com
hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com
scanner sequence 3.HH.11
----- EOF -----
Sliktor
Regular Member
 
Posts: 16
Joined: February 28th, 2011, 11:44 pm

Re: Search Engine Redirect

Unread postby Cypher » March 2nd, 2011, 6:17 am

Hi Sliktor.
Here is the new log. I believe I got everything.

Your logs indicate that your copy of Adobe Photoshop CS5 is cracked so i would like you to remove it.
Once you have done so post a new uninstall list then we can continue.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Search Engine Redirect

Unread postby Sliktor » March 2nd, 2011, 1:05 pm

Here is the new uninstall list. I had uninstalled Abode Photoshop CS5 prior to posting the previous CKScanner log. I went through program files and deleted the folders that were left behind.

7-Zip 4.65
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.5
Akamai NetSession Interface
AnswerWorks 5.0 English Runtime
Armagetron Advanced 0.2.8.3.1.gcc
Autodesk 3ds Max 2010 32-bit
Autodesk 3ds Max 2010 32-bit Components
Autodesk 3ds Max 2010 Tutorials Files
Autodesk Backburner 2008.1
Autodesk FBX Plugin 2009.4 - 3ds Max 2010
AutoRun Pro Enterprise II version 4.0.0.60
Broadcom Gigabit Integrated Controller
Build Your Own Net Dream (remove only)
Context Free
ConvertXtoDVD 3.0.0.1
ConvertXtoDVD 4.0.12.327
Driver Detective
Driver Detective
Driver Sweeper 2.1.0
DX Studio Player v3.2.77
DX Studio v3.0.29
DX Studio v3.2.77
Epson Event Manager
EPSON Scan
EPSON WorkForce 600 Series Printer Uninstall
EpsonNet Config V3
Fraps
GraphicsGale version 1.93.13
Guitar Hero III
ImgBurn
Intel PROSet Wireless
Intel(R) PROSet/Wireless WiFi Software
Java DB 10.5.3.0
Java(TM) 6 Update 21
K-Lite Codec Pack 5.7.0 (Full)
LibUSB-Win32-0.1.10.1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Choice Guard
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Help Viewer 1.0
Microsoft Help Viewer 1.0
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 Express - ENU
Microsoft Visual C++ 2010 Express - ENU
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MotioninJoy ds3 driver version 0.5.0000
Mozilla Firefox (3.6.13)
Mozilla Firefox 4.0b12 (x86 en-US)
Mozilla Thunderbird (3.1.8)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NCsoft Launcher
Network Magic
NVIDIA 3D Vision Driver 260.99
NVIDIA Drivers
NVIDIA GAME System Software 2.8.1
NVIDIA Graphics Driver 260.99
NVIDIA PhysX
NVIDIA PhysX System Software 260.99
NVIDIA Stereoscopic 3D Driver
Pando Media Booster
PowerISO
Project64 1.6
Quicken 2011
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.57.01
RPG Maker VX
RPG Maker VX RTP
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Service Pack 1 for SQL Server 2008 (KB968369)
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
SwapXT 1.0
System Requirements Lab
Trend Micro Internet Security Pro
Trend Micro Internet Security Pro
TuneUp Utilities 2009
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2410711)
VLC media player 0.9.9
WIDCOMM Bluetooth Software 6.0.1.5100
Winbond CIR Device Drivers
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
WinRAR archiver
Xfire (remove only)
Sliktor
Regular Member
 
Posts: 16
Joined: February 28th, 2011, 11:44 pm

Re: Search Engine Redirect

Unread postby Cypher » March 2nd, 2011, 1:20 pm

Hi Sliktor.

Ok continue with the instructions below please.

Download DDS

Please download DDS by sUBs from one of the links below and save it to your desktop.

Link1
Link2

Please disable any anti-malware program that will block scripts from running before running DDS.

  • Right-Click on dds.scr And select " Run as administrator "... and a command window will appear. This is normal.
  • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

Next.

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now right-click on RKUnhookerLE.exe and select "Run As Administrator" to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • * This can take a while. Please be patient *.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of this log in you're next reply.
  • This log can be lengthy you may have to post it in separate replies.
  • Note: You may get the following warning - it is ok - just ignore it:
    "Rootkit Unhooker has detected a parasite inside itself!
    It is recommended to remove parasite, okay?"


Logs/Information to Post in your Next Reply

  • DDS.txt and Attach.txt contents.
  • RKUnHooker log.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Search Engine Redirect

Unread postby Sliktor » March 2nd, 2011, 9:36 pm

Here are the new logs.


DDS (Ver_10-12-12.02) - NTFSx86
Run by Sliktor at 15:55:34.06 on Wed 03/02/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2046.909 [GMT -7:00]

AV: Trend Micro Internet Security Pro *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Internet Security Pro *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Personal Firewall *Enabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\libusbd-nt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\PlatformDependent\ProToolbarComm.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugin-container.exe
C:\Users\Sliktor\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [TrendSecure Remote File Lock] c:\program files\trend micro\trendsecure\remotefilelock\FLMain.exe /lock
uRun: [OE] "c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe"
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDow ... ab_nvd.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDow ... rtScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: {B16E5AE7-A3FC-4605-B4F7-CC32513D576F} = 24.116.2.50,24.116.2.34
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\sliktor\appdata\roaming\mozilla\firefox\profiles\f2n48t6l.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\byond\bin\npbyond.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50917.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npDXStudioPlugin.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\sliktor\appdata\roaming\kalydo\kalydoplayer\npkalydo.dll
FF - plugin: c:\users\sliktor\appdata\roaming\mozilla\plugins\npDXStudioPlugin.DLL

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000

============= SERVICES / DRIVERS ===============

R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2010-5-15 146448]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2010-9-28 36432]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2010-5-15 283152]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-7-22 180736]
R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2007-8-8 12032]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2010-9-6 33792]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-9-15 6000640]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-9-7 51792]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-3-28 43008]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2010-9-6 58368]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]

=============== Created Last 30 ================

2011-03-01 15:32:53 -------- dc----w- c:\users\sliktor\appdata\local\MigWiz
2011-03-01 03:23:24 -------- d-----w- c:\windows\system32\Service
2011-02-24 07:34:47 1242552 ----a-w- c:\windows\system32\NMSDVDXU.dll
2011-02-24 07:34:38 -------- d-----w- c:\program files\Longtion
2011-02-24 07:11:20 -------- d-----w- c:\users\sliktor\appdata\roaming\KS-SW
2011-02-24 07:10:37 -------- d-----w- c:\program files\KS-SW
2011-02-24 07:10:07 -------- d-----w- c:\progra~2\{2E96D8C1-4066-4663-859A-826B03299C56}
2011-02-24 06:56:39 -------- d-----w- C:\My CD Images
2011-02-24 06:56:17 -------- d-----w- c:\program files\7Bear Software
2011-02-21 17:15:40 -------- d-----w- c:\users\sliktor\appdata\local\Aspyr
2011-02-21 17:03:37 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-02-21 16:54:18 -------- d-----w- c:\program files\Aspyr
2011-02-16 17:02:08 73728 ----a-w- c:\windows\system\vdremote.dll
2011-02-16 17:02:08 65536 ----a-w- c:\windows\system\vdsvrlnk.dll
2011-02-11 21:53:54 204288 ----a-w- c:\windows\system32\upnp.dll
2011-02-07 02:07:28 -------- d-----w- c:\users\sliktor\appdata\roaming\Kalydo
2011-02-06 23:25:17 1645320 ----a-w- c:\windows\gdiplus.dll

==================== Find3M ====================

2011-02-02 03:33:07 1890 --sha-w- c:\progra~2\KGyGaAvL.sys
2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys
2010-12-21 05:38:24 73728 ----a-w- c:\windows\system32\wscsvc.dll
2010-12-21 05:38:24 51200 ----a-w- c:\windows\system32\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- c:\windows\system32\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- c:\windows\system32\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- c:\windows\system32\WebClnt.dll
2010-12-21 05:38:16 14336 ----a-w- c:\windows\system32\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- c:\windows\system32\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- c:\windows\system32\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- c:\windows\system32\davclnt.dll
2010-12-18 05:29:40 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 05:29:31 541184 ----a-w- c:\windows\system32\kerberos.dll
2010-12-18 04:20:55 386048 ----a-w- c:\windows\system32\html.iec
2010-12-18 03:47:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-16 19:09:37 111960 ----a-w- c:\windows\dxsdkuninst.exe

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: ST9320421ASG rev.DE12 -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-4

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x862AA735]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x862b0990]; MOV EAX, [0x862b0a0c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x83292448] -> \Device\Harddisk0\DR0[0x8628F250]
3 CLASSPNP[0x8939C59E] -> ntkrnlpa!IofCallDriver[0x83292448] -> [0x85D9D980]
\Driver\atapi[0x86296D28] -> IRP_MJ_CREATE -> 0x862AA735
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP2T0L0-4 -> \??\IDE#DiskST9320421ASG____________________________DE12____#5&2787c923&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 15:56:48.52 ===============




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 2/24/2010 12:41:05 AM
System Uptime: 2/28/2011 8:22:51 PM (43 hours ago)

Motherboard: Alienware | | m15x
Processor: Intel(R) Core(TM)2 Duo CPU T8100 @ 2.10GHz | U2E1 | 2100/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 298 GiB total, 53.964 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: adfs
Device ID: ROOT\LEGACY_ADFS\0000
Manufacturer:
Name: adfs
PNP Device ID: ROOT\LEGACY_ADFS\0000
Service: adfs

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

7-Zip 4.65
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.5
Aion
Akamai NetSession Interface
AnswerWorks 5.0 English Runtime
Armagetron Advanced 0.2.8.3.1.gcc
Autodesk 3ds Max 2010 32-bit
Autodesk 3ds Max 2010 32-bit Components
Autodesk 3ds Max 2010 Tutorials Files
Autodesk Backburner 2008.1
Autodesk FBX Plugin 2009.4 - 3ds Max 2010
AutoRun Pro Enterprise II version 4.0.0.60
Broadcom Gigabit Integrated Controller
Build Your Own Net Dream (remove only)
Cisco Network Magic
Context Free
ConvertXtoDVD 3.0.0.1
ConvertXtoDVD 4.0.12.327
Deadly Sin
Driver Detective
Driver Sweeper 2.1.0
DX Studio Player v3.2.77
DX Studio v3.0.29
DX Studio v3.2.77
Epson Event Manager
EPSON Scan
EPSON WorkForce 600 Series Printer Uninstall
EpsonNet Config V3
Fraps
GraphicsGale version 1.93.13
Guitar Hero III
ImgBurn
Intel PROSet Wireless
Intel(R) PROSet/Wireless WiFi Software
Java Auto Updater
Java DB 10.5.3.0
Java(TM) 6 Update 21
K-Lite Codec Pack 5.7.0 (Full)
Kalydo Player 3.09.00
L3DT Standard v2.9.0.0 (remove only)
LibUSB-Win32-0.1.10.1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Help Viewer 1.0
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 Express - ENU
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MotioninJoy ds3 driver version 0.5.0000
Mozilla Firefox (3.6.13)
Mozilla Firefox 4.0b12 (x86 en-US)
Mozilla Thunderbird (3.1.8)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NCsoft Launcher
Network Magic
NVIDIA 3D Vision Driver 260.99
NVIDIA Control Panel 260.99
NVIDIA Drivers
NVIDIA GAME System Software 2.8.1
NVIDIA Graphics Driver 260.99
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 260.99
NVIDIA Stereoscopic 3D Driver
Pando Media Booster
PowerISO
Project64 1.6
Pure Networks Platform
Quicken 2011
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.57.01
RPG Maker VX
RPG Maker VX RTP
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Service Pack 1 for SQL Server 2008 (KB968369)
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
SwapXT 1.0
System Requirements Lab
Trend Micro Internet Security Pro
TuneUp Utilities 2009
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2410711)
VLC media player 0.9.9
WIDCOMM Bluetooth Software 6.0.1.5100
Winbond CIR Device Drivers
Windows Live Communications Platform
Windows Live Essentials
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
WinRAR archiver
Xfire (remove only)

==== Event Viewer Messages From Past Week ========

2/28/2011 8:24:24 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
2/28/2011 8:23:17 PM, Error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
2/28/2011 8:23:16 PM, Error: Service Control Manager [7023] - The TuneUp Theme Extension service terminated with the following error: The specified procedure could not be found.
2/28/2011 8:22:56 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort2.
2/24/2011 12:17:51 AM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
2/23/2011 11:58:08 PM, Error: Service Control Manager [7000] - The Windows Connect Now - Config Registrar service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
2/23/2011 11:48:57 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom

==== End Of File ===========================



RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #2
==============================================
>Drivers
==============================================
0x8F431000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 9850880 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 186.03 )
0x90223000 C:\Windows\system32\DRIVERS\netw5v32.sys 6041600 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x83256000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x93A90000 C:\Windows\System32\win32k.sys 2404352 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x92C1B000 C:\Windows\system32\drivers\RTKVHDA.sys 1957888 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0x9BA07000 C:\Windows\system32\DRIVERS\tmwfp.sys 1744896 bytes (Trend Micro Inc., Trend Micro WFP callout Driver (i386-fre))
0x8942B000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x8F20B000 C:\Windows\system32\DRIVERS\vsapint.sys 1327104 bytes (Trend Micro Inc., VsapiNT )
0x89004000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x8E8E9000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8921F000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x838EA000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0x99C09000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x98A7E000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x83817000 C:\Windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x83A1E000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x8E82C000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x89171000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x8E2C1000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8D870000 C:\Windows\system32\DRIVERS\rixdptsk.sys 335872 bytes (REDC, RICOH XD SM Driver)
0x99D42000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
0x9BBB1000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x93D40000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x8F34F000 C:\Windows\system32\DRIVERS\tmxpflt.sys 311296 bytes (Trend Micro Inc., Post Filter For XP)
0x8E9A0000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x83B5F000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x83A9D000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x98A01000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x91AA6000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x838A8000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x8E3BB000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x895AE000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x892D6000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x98B51000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8FD98000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x8321F000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x839C6000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x91A56000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x89366000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x8E28F000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x89574000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8D802000 C:\Windows\system32\DRIVERS\b57nd60x.sys 196608 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS6.0 Driver.)
0x91B0B000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x89339000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x98BBF000 C:\Windows\system32\DRIVERS\tmcomm.sys 184320 bytes (Trend Micro Inc., TrendMicro Common Module)
0x8E800000 C:\Windows\system32\DRIVERS\1394ohci.sys 180224 bytes (Microsoft Corporation, 1394 OpenHCI Driver)
0x89133000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x83AF6000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x91A2E000 C:\Windows\system32\DRIVERS\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x8E341000 C:\Windows\system32\DRIVERS\tmlwf.sys 155648 bytes (Trend Micro Inc., Trend Micro NDIS 6.0 Filter Driver (i386-fre))
0x89398000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x89314000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x91BC7000 C:\Windows\System32\Drivers\usbvideo.sys 147456 bytes (Microsoft Corporation, USB Video Class Driver)
0x839A3000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x98B2E000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8D958000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x99D14000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x8E8B6000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8E20E000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x89200000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8F400000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8E322000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x93D20000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x8D9D6000 C:\Windows\system32\DRIVERS\mcdbus.sys 118784 bytes (MagicISO, Inc., MagicISO SCSI Host Controller)
0x91A0E000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x98B8C000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8F39B000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x98B03000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x92C00000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x8D832000 C:\Windows\system32\DRIVERS\sdbus.sys 102400 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0x8E890000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x99DB8000 C:\Users\Sliktor\AppData\Local\Temp\fxldrfoc.sys 98304 bytes
0x8D8D7000 C:\Windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x8D935000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8D97A000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8D992000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8D9A9000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8E26D000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x91BB0000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x83BBF000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x99DA2000 C:\Windows\system32\DRIVERS\tmactmon.sys 90112 bytes (Trend Micro Inc., TrendMicro Activity Monitor Module)
0x8E388000 C:\Windows\system32\DRIVERS\tmtdi.sys 86016 bytes (Trend Micro Inc., Trend Micro TDI Driver (i386-fre))
0x8D8C2000 C:\Windows\system32\DRIVERS\winbondcir.sys 86016 bytes (Winbond Electronics Corporation, Winbond MCE CIR Port Driver)
0x8D85C000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0x91B49000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x8915E000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x98A6B000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8E375000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8D923000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x8E8D7000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x98B1C000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x89418000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x91B9F000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x83A00000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x91AFA000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x83B2B000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x8388F000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8D84B000 C:\Windows\system32\DRIVERS\rimmptsk.sys 69632 bytes (REDC, RICOH SD/MMC Driver)
0x8F3B5000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x89400000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x98A47000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8E39D000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x83B4F000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x91B3A000 C:\Windows\system32\DRIVERS\hidir.sys 61440 bytes (Microsoft Corporation, Infrared Miniport Driver for Input Devices)
0x99D93000 C:\Windows\system32\DRIVERS\tmevtmgr.sys 61440 bytes (Trend Micro Inc., TrendMicro Event Management Module)
0x8FDDC000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8E8A8000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x91A8A000 C:\Windows\system32\DRIVERS\circlass.sys 57344 bytes (Microsoft Corporation, Consumer IR Class Driver for eHome)
0x91AEA000 C:\Windows\system32\drivers\libusb0.sys 57344 bytes
0x8E367000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8E25F000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x83BB1000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x891CE000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x83995000 C:\Windows\System32\drivers\poqulnn.sys 57344 bytes
0x8E3AD000 C:\Windows\System32\Drivers\SCDEmu.SYS 57344 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive)
0x91A98000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x83A8F000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x8D916000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x91B7D000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8D8EF000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8D8FC000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0x99D35000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8D9F3000 C:\Windows\system32\DRIVERS\tmpreflt.sys 53248 bytes (Trend Micro Inc., Pre-Filter For XP)
0x8E22F000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x891EF000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x91B5C000 C:\Windows\system32\DRIVERS\kbdhid.sys 49152 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x8D9C0000 C:\Windows\System32\Drivers\pcouffin.sys 49152 bytes (VSO Software, low level access layer for CD/DVD/BD devices)
0x893F3000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x83B44000 C:\Windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x91B8A000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x91A00000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x91BEB000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x91B68000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x8E254000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8D94D000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8E284000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8FDD1000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x83B20000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x91B95000 C:\Windows\System32\Drivers\dump_msahci.sys 40960 bytes
0x91B73000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x83BDE000 C:\Windows\system32\DRIVERS\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x891E5000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8E200000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x98A57000 C:\Windows\system32\DRIVERS\pnarp.sys 40960 bytes (Cisco Systems, Inc., Address Resolution Protocol Driver)
0x98A61000 C:\Windows\system32\DRIVERS\purendis.sys 40960 bytes (Cisco Systems, Inc., NDIS Relay Driver)
0x8D9CC000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0x99CA0000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x83BE8000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x83BD5000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x891DC000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x99DD0000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x93CF0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x895A5000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x8D90D000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x83AE5000 C:\Windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x838A0000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x83B3C000 C:\Windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x89410000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x83AEE000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8E23C000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8E244000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x8E24C000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x895ED000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x893EC000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x92DF9000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x83BAA000 C:\Windows\system32\DRIVERS\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x9BA00000 C:\Users\Sliktor\AppData\Local\Temp\mbr.sys 28672 bytes
0x893E5000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8E31B000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x8D909000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x86602000 C:\Windows\system32\kdcom.dll 12288 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x91A0B000 C:\Windows\system32\drivers\Lachesis.sys 12288 bytes (Razer (Asia-Pacific) Pte Ltd, Lachesis USB Optical Mouse Driver)
0x8FD96000 C:\Windows\system32\DRIVERS\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 186.03 )
0x91A54000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x91AF8000 C:\Windows\system32\drivers\usbd.sys 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x10000000 Hidden Image-->UfSeAgnt.exe.mui [ EPROCESS 0x868CD8C8 ] PID: 3552, 114688 bytes
0x99CD4F2E Unknown thread object [ ETHREAD 0x8893CD48 ] , 600 bytes
==============================================
>Files
==============================================
!-->[Hidden] C:\Client\Client\~Absence\~Absence.opensdf
!-->[Hidden] C:\Client\Client\~Absence\~Absence\Debug\link.5944.read.1.tlog
!-->[Hidden] C:\Client\Client\~Absence\~Absence\Debug\link.5944.write.1.tlog
!-->[Hidden] C:\Program Files\Common Files\Akamai\Logs\debug.log.110302_233823.sent
!-->[Hidden] C:\Program Files\Trend Micro\BM\TMBMSRV.exe::$DATA
!-->[Hidden] C:\Program Files\Trend Micro\Internet Security\detect.s::$DATA
!-->[Hidden] C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe::$DATA
!-->[Hidden] C:\Program Files\Trend Micro\Internet Security\Temp\tmfbe\.inuse::$DATA
!-->[Hidden] C:\Program Files\Trend Micro\Internet Security\TmPfw.exe::$DATA
!-->[Hidden] C:\Program Files\Trend Micro\Internet Security\TmProxy.exe::$DATA
!-->[Hidden] C:\Program Files\Trend Micro\Internet Security\UfNavi.exe::$DATA
!-->[Hidden] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe::$DATA
!-->[Hidden] C:\Program Files\Trend Micro\Internet Security\UfUpdUi.exe::$DATA
!-->[Hidden] C:\Program Files\Trend Micro\Internet Security\update.s::$DATA
!-->[Hidden] C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe::$DATA
!-->[Hidden] C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe::$DATA
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_72D7BA91.exe_a33537eb98e2ee9ad251b2a1e41225bdb2eb23e_cab_1c0754a6\Report.wer
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_72D7BA91.exe_a33537eb98e2ee9ad251b2a1e41225bdb2eb23e_cab_1c0754a6\WER517B.tmp.appcompat.txt
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_72D7BA91.exe_a33537eb98e2ee9ad251b2a1e41225bdb2eb23e_cab_1c0754a6\WER5276.tmp.WERInternalMetadata.xml
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_72D7BA91.exe_a33537eb98e2ee9ad251b2a1e41225bdb2eb23e_cab_1c0754a6\WER5296.tmp.hdmp
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_72D7BA91.exe_a33537eb98e2ee9ad251b2a1e41225bdb2eb23e_cab_1c0754a6\WER542C.tmp.mdmp
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SfCtlCom.exe_2f6257ac7eaec1b91effe6aa540aab2caf3f827_cab_0b7c34d7\Report.wer
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SfCtlCom.exe_2f6257ac7eaec1b91effe6aa540aab2caf3f827_cab_0b7c34d7\WER30B5.tmp.mdmp
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SfCtlCom.exe_2f6257ac7eaec1b91effe6aa540aab2caf3f827_cab_0b7c34d7\WER955D.tmp.appcompat.txt
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SfCtlCom.exe_2f6257ac7eaec1b91effe6aa540aab2caf3f827_cab_0b7c34d7\WERDB34.tmp.WERInternalMetadata.xml
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SfCtlCom.exe_2f6257ac7eaec1b91effe6aa540aab2caf3f827_cab_0b7c34d7\WERDB64.tmp.hdmp
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_7.3.7600.16385_83d89db3bee8694b325a46ad46dd6fefb24c93ab_02270012\Report.wer
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_7.3.7600.16385_83d89db3bee8694b325a46ad46dd6fefb24c93ab_02e74b24\Report.wer
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_7.3.7600.16385_83d89db3bee8694b325a46ad46dd6fefb24c93ab_0c666894\Report.wer
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_7.3.7600.16385_83d89db3bee8694b325a46ad46dd6fefb24c93ab_0d17e418\Report.wer
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_7.3.7600.16385_83d89db3bee8694b325a46ad46dd6fefb24c93ab_0de6560d\Report.wer
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_7.3.7600.16385_83d89db3bee8694b325a46ad46dd6fefb24c93ab_0f4b7c04\Report.wer
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_7.3.7600.16385_83d89db3bee8694b325a46ad46dd6fefb24c93ab_18edae97\Report.wer
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_7.3.7600.16385_83d89db3bee8694b325a46ad46dd6fefb24c93ab_19241324\Report.wer
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_7.3.7600.16385_83d89db3bee8694b325a46ad46dd6fefb24c93ab_1a651758\Report.wer
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_7.3.7600.16385_83d89db3bee8694b325a46ad46dd6fefb24c93ab_1b787c90\Report.wer
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_7.3.7600.16385_83d89db3bee8694b325a46ad46dd6fefb24c93ab_1b92e2b2\Report.wer
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_7.3.7600.16385_83d89db3bee8694b325a46ad46dd6fefb24c93ab_1f094451\Report.wer
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_7.3.7600.16385_83d89db3bee8694b325a46ad46dd6fefb24c93ab_1f1cb6e1\Report.wer
!-->[Hidden] C:\Users\Sliktor\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_~Absence.exe_6e724aadee2e8d82d34683b523949ba7cdb14c_1c15317d\Report.wer
!-->[Hidden] C:\Users\Sliktor\AppData\Local\Mozilla\Firefox\Profiles\f2n48t6l.default\Cache\0\C0\8BAD9d01
!-->[Hidden] C:\Users\Sliktor\AppData\Local\Mozilla\Firefox\Profiles\f2n48t6l.default\Cache\1\4E\00369d01
!-->[Hidden] C:\Users\Sliktor\AppData\Local\Mozilla\Firefox\Profiles\f2n48t6l.default\Cache\1\8B\84303d01
!-->[Hidden] C:\Users\Sliktor\AppData\Local\Mozilla\Firefox\Profiles\f2n48t6l.default\Cache\4\1C\73E2Bd01
!-->[Hidden] C:\Users\Sliktor\AppData\Local\Mozilla\Firefox\Profiles\f2n48t6l.default\Cache\6\A3\CE09Fd01
!-->[Hidden] C:\Users\Sliktor\AppData\Local\Mozilla\Firefox\Profiles\f2n48t6l.default\Cache\6\DB\862D2d01
!-->[Hidden] C:\Users\Sliktor\AppData\Local\Mozilla\Firefox\Profiles\f2n48t6l.default\Cache\7\AC\BB7C3d01
!-->[Hidden] C:\Users\Sliktor\AppData\Local\Mozilla\Firefox\Profiles\f2n48t6l.default\Cache\8\35\2379Fd01
!-->[Hidden] C:\Users\Sliktor\AppData\Local\Mozilla\Firefox\Profiles\f2n48t6l.default\Cache\9\BC\7206Ed01
!-->[Hidden] C:\Users\Sliktor\AppData\Local\Mozilla\Firefox\Profiles\f2n48t6l.default\Cache\A\9F\032F9d01
!-->[Hidden] C:\Users\Sliktor\AppData\Local\Mozilla\Firefox\Profiles\f2n48t6l.default\Cache\A\D4\DF55Dd01
!-->[Hidden] C:\Users\Sliktor\AppData\Local\Mozilla\Firefox\Profiles\f2n48t6l.default\Cache\B\68\101CAd01
!-->[Hidden] C:\Users\Sliktor\AppData\Local\Mozilla\Firefox\Profiles\f2n48t6l.default\Cache\C\C2\08DC5d01
!-->[Hidden] C:\Users\Sliktor\AppData\Local\Mozilla\Firefox\Profiles\f2n48t6l.default\Cache\D\0E\CDFE8d01
!-->[Hidden] C:\Users\Sliktor\AppData\Local\Mozilla\Firefox\Profiles\f2n48t6l.default\Cache\D\60\3C0C2d01
!-->[Hidden] C:\Users\Sliktor\AppData\Local\Mozilla\Firefox\Profiles\f2n48t6l.default\Cache\D\87\F75D7d01
!-->[Hidden] C:\Users\Sliktor\AppData\Local\Mozilla\Firefox\Profiles\f2n48t6l.default\Cache\D\C1\F5EF9d01
!-->[Hidden] C:\Users\Sliktor\AppData\Local\Mozilla\Firefox\Profiles\f2n48t6l.default\Cache\F\5C\CA095d01
!-->[Hidden] C:\Users\Sliktor\AppData\Local\Temp\edgE5A8.tmp
!-->[Hidden] C:\Users\Sliktor\AppData\Roaming\Microsoft\VCExpress\10.0\AutoRecoverDat\5460.dat
!-->[Hidden] C:\Users\Sliktor\AppData\Roaming\Microsoft\VCExpress\10.0\AutoRecoverDat\5460.suodat
!-->[Hidden] C:\Users\Sliktor\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\a0d547eb728e7690.customDestinations-ms~RF98f5f21.TMP
!-->[Hidden] C:\Users\Sliktor\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\a0d547eb728e7690.customDestinations-ms~RF99c30b2.TMP
!-->[Hidden] C:\Users\Sliktor\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\KUWKQR8KFXE02Y7BTCY7.temp
!-->[Hidden] C:\Windows\Prefetch\EXCEL.EXE-C6BEF51C.pf
!-->[Hidden] C:\Windows\Prefetch\MSBUILD.EXE-5BDC72E1.pf
!-->[Hidden] C:\Windows\Prefetch\MSPDBSRV.EXE-10AE4182.pf
!-->[Hidden] C:\Windows\Prefetch\WERFAULT.EXE-E69F695A.pf
!-->[Hidden] C:\Windows\System32\drivers\tmactmon.sys::$DATA
!-->[Hidden] C:\Windows\System32\drivers\tmcomm.sys::$DATA
!-->[Hidden] C:\Windows\System32\drivers\tmevtmgr.sys::$DATA
!-->[Hidden] C:\Windows\System32\Interactive\02032011_TIS17_PccScan_S-1-5-21-2837653202-1832965304-623251185-1001.log
==============================================
>Hooks
==============================================
ntkrnlpa.exe-->AlpcGetHeaderSize, Type: EAT modification 0x835A61A0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->AlpcGetMessageAttribute, Type: EAT modification 0x835A61A4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->AlpcInitializeMessageAttribute, Type: EAT modification 0x835A61A8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->atoi, Type: EAT modification 0x835A8124-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->atol, Type: EAT modification 0x835A8128-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->bsearch, Type: EAT modification 0x835A812C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcCanIWrite, Type: EAT modification 0x835A61AC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcCoherencyFlushAndPurgeCache, Type: EAT modification 0x835A61B0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcCopyRead, Type: EAT modification 0x835A61B4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcCopyWrite, Type: EAT modification 0x835A61B8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcCopyWriteWontFlush, Type: EAT modification 0x835A61BC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcDeferWrite, Type: EAT modification 0x835A61C0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcFastCopyRead, Type: EAT modification 0x835A61C4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcFastCopyWrite, Type: EAT modification 0x835A61C8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcFastMdlReadWait, Type: EAT modification 0x835A61CC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcFlushCache, Type: EAT modification 0x835A61D0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcGetDirtyPages, Type: EAT modification 0x835A61D4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcGetFileObjectFromBcb, Type: EAT modification 0x835A61D8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcGetFileObjectFromSectionPtrs, Type: EAT modification 0x835A61DC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcGetFileObjectFromSectionPtrsRef, Type: EAT modification 0x835A61E0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcGetFlushedValidData, Type: EAT modification 0x835A61E4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcGetLsnForFileObject, Type: EAT modification 0x835A61E8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcInitializeCacheMap, Type: EAT modification 0x835A61EC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcIsThereDirtyData, Type: EAT modification 0x835A61F0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcIsThereDirtyDataEx, Type: EAT modification 0x835A61F4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcMapData, Type: EAT modification 0x835A61F8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcMdlRead, Type: EAT modification 0x835A61FC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcMdlReadComplete, Type: EAT modification 0x835A6200-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcMdlWriteAbort, Type: EAT modification 0x835A6204-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcMdlWriteComplete, Type: EAT modification 0x835A6208-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcPinMappedData, Type: EAT modification 0x835A620C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcPinRead, Type: EAT modification 0x835A6210-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcPrepareMdlWrite, Type: EAT modification 0x835A6214-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcPreparePinWrite, Type: EAT modification 0x835A6218-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcPurgeCacheSection, Type: EAT modification 0x835A621C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcRemapBcb, Type: EAT modification 0x835A6220-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcRepinBcb, Type: EAT modification 0x835A6224-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcScheduleReadAhead, Type: EAT modification 0x835A6228-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcSetAdditionalCacheAttributes, Type: EAT modification 0x835A622C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcSetBcbOwnerPointer, Type: EAT modification 0x835A6230-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcSetDirtyPageThreshold, Type: EAT modification 0x835A6234-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcSetDirtyPinnedData, Type: EAT modification 0x835A6238-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcSetFileSizes, Type: EAT modification 0x835A623C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcSetFileSizesEx, Type: EAT modification 0x835A6240-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcSetLogHandleForFile, Type: EAT modification 0x835A6244-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcSetParallelFlushFile, Type: EAT modification 0x835A6248-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcSetReadAheadGranularity, Type: EAT modification 0x835A624C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcTestControl, Type: EAT modification 0x835A6250-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcUninitializeCacheMap, Type: EAT modification 0x835A6254-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcUnpinData, Type: EAT modification 0x835A6258-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcUnpinDataForThread, Type: EAT modification 0x835A625C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcUnpinRepinnedBcb, Type: EAT modification 0x835A6260-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcWaitForCurrentLazyWriterActivity, Type: EAT modification 0x835A6264-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcZeroData, Type: EAT modification 0x835A6268-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CmCallbackGetKeyObjectID, Type: EAT modification 0x835A626C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CmGetBoundTransaction, Type: EAT modification 0x835A6270-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CmGetCallbackVersion, Type: EAT modification 0x835A6274-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CmKeyObjectType, Type: EAT modification 0x835A6278-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CmRegisterCallback, Type: EAT modification 0x835A627C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CmRegisterCallbackEx, Type: EAT modification 0x835A6280-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CmSetCallbackObjectContext, Type: EAT modification 0x835A6284-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CmUnRegisterCallback, Type: EAT modification 0x835A6288-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->DbgBreakPoint, Type: EAT modification 0x835A628C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->DbgBreakPointWithStatus, Type: EAT modification 0x835A6290-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->DbgCommandString, Type: EAT modification 0x835A6294-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->DbgkLkmdRegisterCallback, Type: EAT modification 0x835A62B8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->DbgkLkmdUnregisterCallback, Type: EAT modification 0x835A62BC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->DbgLoadImageSymbols, Type: EAT modification 0x835A6298-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->DbgPrint, Type: EAT modification 0x835A629C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->DbgPrintEx, Type: EAT modification 0x835A62A0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->DbgPrintReturnControlC, Type: EAT modification 0x835A62A4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->DbgPrompt, Type: EAT modification 0x835A62A8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->DbgQueryDebugFilterState, Type: EAT modification 0x835A62AC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->DbgSetDebugFilterState, Type: EAT modification 0x835A62B0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->DbgSetDebugPrintCallback, Type: EAT modification 0x835A62B4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EmClientQueryRuleState, Type: EAT modification 0x835A62C0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EmClientRuleDeregisterNotification, Type: EAT modification 0x835A62C4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EmClientRuleEvaluate, Type: EAT modification 0x835A62C8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EmClientRuleRegisterNotification, Type: EAT modification 0x835A62CC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EmpProviderRegister, Type: EAT modification 0x835A62E0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EmProviderDeregister, Type: EAT modification 0x835A62D0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EmProviderDeregisterEntry, Type: EAT modification 0x835A62D4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EmProviderRegister, Type: EAT modification 0x835A62D8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EmProviderRegisterEntry, Type: EAT modification 0x835A62DC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EtwActivityIdControl, Type: EAT modification 0x835A62E4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EtwEnableTrace, Type: EAT modification 0x835A62E8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EtwEventEnabled, Type: EAT modification 0x835A62EC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EtwProviderEnabled, Type: EAT modification 0x835A62F0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EtwRegister, Type: EAT modification 0x835A62F4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EtwRegisterClassicProvider, Type: EAT modification 0x835A62F8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EtwSendTraceBuffer, Type: EAT modification 0x835A62FC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EtwUnregister, Type: EAT modification 0x835A6300-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EtwWrite, Type: EAT modification 0x835A6304-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EtwWriteEndScenario, Type: EAT modification 0x835A6308-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EtwWriteEx, Type: EAT modification 0x835A630C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EtwWriteStartScenario, Type: EAT modification 0x835A6310-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EtwWriteString, Type: EAT modification 0x835A6314-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EtwWriteTransfer, Type: EAT modification 0x835A6318-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAcquireCacheAwarePushLockExclusive, Type: EAT modification 0x835A631C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAcquireFastMutexUnsafe, Type: EAT modification 0x835A6028-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAcquireResourceExclusiveLite, Type: EAT modification 0x835A6320-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAcquireResourceSharedLite, Type: EAT modification 0x835A6324-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAcquireRundownProtection, Type: EAT modification 0x835A602C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAcquireRundownProtectionCacheAware, Type: EAT modification 0x835A6030-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAcquireRundownProtectionCacheAwareEx, Type: EAT modification 0x835A6034-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAcquireRundownProtectionEx, Type: EAT modification 0x835A6038-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAcquireSharedStarveExclusive, Type: EAT modification 0x835A6328-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAcquireSharedWaitForExclusive, Type: EAT modification 0x835A632C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAcquireSpinLockExclusive, Type: EAT modification 0x835A6330-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAcquireSpinLockExclusiveAtDpcLevel, Type: EAT modification 0x835A6334-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAcquireSpinLockShared, Type: EAT modification 0x835A6338-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAcquireSpinLockSharedAtDpcLevel, Type: EAT modification 0x835A633C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAllocateCacheAwarePushLock, Type: EAT modification 0x835A6340-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAllocateCacheAwareRundownProtection, Type: EAT modification 0x835A6344-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAllocateFromPagedLookasideList, Type: EAT modification 0x835A6348-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAllocatePool, Type: EAT modification 0x835A634C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAllocatePoolWithQuota, Type: EAT modification 0x835A6350-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAllocatePoolWithQuotaTag, Type: EAT modification 0x835A6354-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAllocatePoolWithTag, Type: EAT modification 0x835A6358-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAllocatePoolWithTagPriority, Type: EAT modification 0x835A635C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExConvertExclusiveToSharedLite, Type: EAT modification 0x835A6360-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExCreateCallback, Type: EAT modification 0x835A6364-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExDeleteLookasideListEx, Type: EAT modification 0x835A6368-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExDeleteNPagedLookasideList, Type: EAT modification 0x835A636C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExDeletePagedLookasideList, Type: EAT modification 0x835A6370-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExDeleteResourceLite, Type: EAT modification 0x835A6374-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExDesktopObjectType, Type: EAT modification 0x835A6378-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExDisableResourceBoostLite, Type: EAT modification 0x835A637C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExEnterCriticalRegionAndAcquireFastMutexUnsafe, Type: EAT modification 0x835A603C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExEnterCriticalRegionAndAcquireResourceExclusive, Type: EAT modification 0x835A6380-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExEnterCriticalRegionAndAcquireResourceShared, Type: EAT modification 0x835A6384-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExEnterCriticalRegionAndAcquireSharedWaitForExclusive, Type: EAT modification 0x835A6388-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExEnterPriorityRegionAndAcquireResourceExclusive, Type: EAT modification 0x835A638C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExEnterPriorityRegionAndAcquireResourceShared, Type: EAT modification 0x835A6390-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExEnumHandleTable, Type: EAT modification 0x835A6394-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExEventObjectType, Type: EAT modification 0x835A6398-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExExtendZone, Type: EAT modification 0x835A639C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfAcquirePushLockExclusive, Type: EAT modification 0x835A6094-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfAcquirePushLockShared, Type: EAT modification 0x835A6098-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExFetchLicenseData, Type: EAT modification 0x835A63A0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->Exfi386InterlockedDecrementLong, Type: EAT modification 0x835A60D0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->Exfi386InterlockedExchangeUlong, Type: EAT modification 0x835A60D4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->Exfi386InterlockedIncrementLong, Type: EAT modification 0x835A60D8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfInterlockedAddUlong, Type: EAT modification 0x835A609C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfInterlockedCompareExchange64, Type: EAT modification 0x835A60A0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfInterlockedInsertHeadList, Type: EAT modification 0x835A60A4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfInterlockedInsertTailList, Type: EAT modification 0x835A60A8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfInterlockedPopEntryList, Type: EAT modification 0x835A60AC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfInterlockedPushEntryList, Type: EAT modification 0x835A60B0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfInterlockedRemoveHeadList, Type: EAT modification 0x835A60B4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExFlushLookasideListEx, Type: EAT modification 0x835A63A4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExFreeCacheAwarePushLock, Type: EAT modification 0x835A63A8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExFreeCacheAwareRundownProtection, Type: EAT modification 0x835A63AC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExFreePool, Type: EAT modification 0x835A63B0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExFreePoolWithTag, Type: EAT modification 0x835A63B4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExFreeToPagedLookasideList, Type: EAT modification 0x835A63B8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfReleasePushLock, Type: EAT modification 0x835A60B8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfReleasePushLockExclusive, Type: EAT modification 0x835A60BC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfReleasePushLockShared, Type: EAT modification 0x835A60C0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfTryAcquirePushLockShared, Type: EAT modification 0x835A60C4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfTryToWakePushLock, Type: EAT modification 0x835A60C8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfUnblockPushLock, Type: EAT modification 0x835A60CC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExGetCurrentProcessorCounts, Type: EAT modification 0x835A63BC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExGetCurrentProcessorCpuUsage, Type: EAT modification 0x835A63C0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExGetExclusiveWaiterCount, Type: EAT modification 0x835A63C4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExGetLicenseTamperState, Type: EAT modification 0x835A63C8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExGetPreviousMode, Type: EAT modification 0x835A63CC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExGetSharedWaiterCount, Type: EAT modification 0x835A63D0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->Exi386InterlockedDecrementLong, Type: EAT modification 0x835A64B8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->Exi386InterlockedExchangeUlong, Type: EAT modification 0x835A64BC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->Exi386InterlockedIncrementLong, Type: EAT modification 0x835A64C0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExiAcquireFastMutex, Type: EAT modification 0x835A60DC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInitializeLookasideListEx, Type: EAT modification 0x835A63D4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInitializeNPagedLookasideList, Type: EAT modification 0x835A63D8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInitializePagedLookasideList, Type: EAT modification 0x835A63DC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInitializePushLock, Type: EAT modification 0x835A63E0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInitializeResourceLite, Type: EAT modification 0x835A63E4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInitializeRundownProtection, Type: EAT modification 0x835A6040-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInitializeRundownProtectionCacheAware, Type: EAT modification 0x835A63E8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInitializeZone, Type: EAT modification 0x835A63EC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedAddLargeInteger, Type: EAT modification 0x835A63F0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedAddLargeStatistic, Type: EAT modification 0x835A6044-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedAddUlong, Type: EAT modification 0x835A63F4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedCompareExchange64, Type: EAT modification 0x835A6048-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedDecrementLong, Type: EAT modification 0x835A63F8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedExchangeUlong, Type: EAT modification 0x835A63FC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedExtendZone, Type: EAT modification 0x835A6400-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedFlushSList, Type: EAT modification 0x835A604C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedIncrementLong, Type: EAT modification 0x835A6404-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedInsertHeadList, Type: EAT modification 0x835A6408-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedInsertTailList, Type: EAT modification 0x835A640C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedPopEntryList, Type: EAT modification 0x835A6410-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedPopEntrySList, Type: EAT modification 0x835A6050-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedPushEntryList, Type: EAT modification 0x835A6414-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedPushEntrySList, Type: EAT modification 0x835A6054-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedRemoveHeadList, Type: EAT modification 0x835A6418-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExiReleaseFastMutex, Type: EAT modification 0x835A60E0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExIsProcessorFeaturePresent, Type: EAT modification 0x835A641C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExIsResourceAcquiredExclusiveLite, Type: EAT modification 0x835A6420-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExIsResourceAcquiredSharedLite, Type: EAT modification 0x835A6424-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExiTryToAcquireFastMutex, Type: EAT modification 0x835A60E4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExLocalTimeToSystemTime, Type: EAT modification 0x835A6428-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExNotifyCallback, Type: EAT modification 0x835A642C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExQueryAttributeInformation, Type: EAT modification 0x835A6430-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExQueryPoolBlockSize, Type: EAT modification 0x835A6434-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExQueueWorkItem, Type: EAT modification 0x835A6438-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExRaiseAccessViolation, Type: EAT modification 0x835A643C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExRaiseDatatypeMisalignment, Type: EAT modification 0x835A6440-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExRaiseException, Type: EAT modification 0x835A6444-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExRaiseHardError, Type: EAT modification 0x835A6448-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExRaiseStatus, Type: EAT modification 0x835A644C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExRegisterAttributeInformationCallback, Type: EAT modification 0x835A6450-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExRegisterCallback, Type: EAT modification 0x835A6454-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExRegisterExtension, Type: EAT modification 0x835A6458-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReinitializeResourceLite, Type: EAT modification 0x835A645C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReInitializeRundownProtection, Type: EAT modification 0x835A6058-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReInitializeRundownProtectionCacheAware, Type: EAT modification 0x835A605C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReleaseCacheAwarePushLockExclusive, Type: EAT modification 0x835A6460-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReleaseFastMutexUnsafe, Type: EAT modification 0x835A6060-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReleaseFastMutexUnsafeAndLeaveCriticalRegion, Type: EAT modification 0x835A6064-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReleaseResourceAndLeaveCriticalRegion, Type: EAT modification 0x835A6068-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReleaseResourceAndLeavePriorityRegion, Type: EAT modification 0x835A606C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReleaseResourceForThreadLite, Type: EAT modification 0x835A6464-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReleaseResourceLite, Type: EAT modification 0x835A6070-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReleaseRundownProtection, Type: EAT modification 0x835A6074-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReleaseRundownProtectionCacheAware, Type: EAT modification 0x835A6078-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReleaseRundownProtectionCacheAwareEx, Type: EAT modification 0x835A607C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReleaseRundownProtectionEx, Type: EAT modification 0x835A6080-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReleaseSpinLockExclusive, Type: EAT modification 0x835A6468-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReleaseSpinLockExclusiveFromDpcLevel, Type: EAT modification 0x835A646C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReleaseSpinLockShared, Type: EAT modification 0x835A6470-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReleaseSpinLockSharedFromDpcLevel, Type: EAT modification 0x835A6474-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExRundownCompleted, Type: EAT modification 0x835A6084-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExRundownCompletedCacheAware, Type: EAT modification 0x835A6088-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExSemaphoreObjectType, Type: EAT modification 0x835A6478-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExSetLicenseTamperState, Type: EAT modification 0x835A647C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExSetResourceOwnerPointer, Type: EAT modification 0x835A6480-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExSetResourceOwnerPointerEx, Type: EAT modification 0x835A6484-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExSetTimerResolution, Type: EAT modification 0x835A6488-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExSizeOfRundownProtectionCacheAware, Type: EAT modification 0x835A648C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExSystemExceptionFilter, Type: EAT modification 0x835A6490-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExSystemTimeToLocalTime, Type: EAT modification 0x835A6494-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExTryConvertSharedSpinLockExclusive, Type: EAT modification 0x835A6498-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExUnregisterAttributeInformationCallback, Type: EAT modification 0x835A649C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExUnregisterCallback, Type: EAT modification 0x835A64A0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExUnregisterExtension, Type: EAT modification 0x835A64A4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExUpdateLicenseData, Type: EAT modification 0x835A64A8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExUuidCreate, Type: EAT modification 0x835A64AC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExVerifySuite, Type: EAT modification 0x835A64B0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExWaitForRundownProtectionRelease, Type: EAT modification 0x835A608C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExWaitForRundownProtectionReleaseCacheAware, Type: EAT modification 0x835A6090-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExWindowStationObjectType, Type: EAT modification 0x835A64B4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FirstEntrySList, Type: EAT modification 0x835A64C4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlAcknowledgeEcp, Type: EAT modification 0x835A64C8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlAcquireFileExclusive, Type: EAT modification 0x835A64CC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlAddBaseMcbEntry, Type: EAT modification 0x835A64D0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlAddBaseMcbEntryEx, Type: EAT modification 0x835A64D4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlAddLargeMcbEntry, Type: EAT modification 0x835A64D8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlAddMcbEntry, Type: EAT modification 0x835A64DC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlAddToTunnelCache, Type: EAT modification 0x835A64E0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlAllocateExtraCreateParameter, Type: EAT modification 0x835A64E4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlAllocateExtraCreateParameterFromLookasideList, Type: EAT modification 0x835A64E8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlAllocateExtraCreateParameterList, Type: EAT modification 0x835A64EC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlAllocateFileLock, Type: EAT modification 0x835A64F0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlAllocatePool, Type: EAT modification 0x835A64F4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlAllocatePoolWithQuota, Type: EAT modification 0x835A64F8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlAllocatePoolWithQuotaTag, Type: EAT modification 0x835A64FC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlAllocatePoolWithTag, Type: EAT modification 0x835A6500-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlAllocateResource, Type: EAT modification 0x835A6504-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlAreNamesEqual, Type: EAT modification 0x835A6508-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlAreThereCurrentOrInProgressFileLocks, Type: EAT modification 0x835A650C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlAreVolumeStartupApplicationsComplete, Type: EAT modification 0x835A6510-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlBalanceReads, Type: EAT modification 0x835A6514-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlCancellableWaitForMultipleObjects, Type: EAT modification 0x835A6518-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlCancellableWaitForSingleObject, Type: EAT modification 0x835A651C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlChangeBackingFileObject, Type: EAT modification 0x835A6520-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlCheckLockForReadAccess, Type: EAT modification 0x835A6524-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlCheckLockForWriteAccess, Type: EAT modification 0x835A6528-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlCheckOplock, Type: EAT modification 0x835A652C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlCheckOplockEx, Type: EAT modification 0x835A6530-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlCopyRead, Type: EAT modification 0x835A6534-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlCopyWrite, Type: EAT modification 0x835A6538-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlCreateSectionForDataScan, Type: EAT modification 0x835A653C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlCurrentBatchOplock, Type: EAT modification 0x835A6540-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlCurrentOplock, Type: EAT modification 0x835A6544-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlCurrentOplockH, Type: EAT modification 0x835A6548-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlDeleteExtraCreateParameterLookasideList, Type: EAT modification 0x835A654C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlDeleteKeyFromTunnelCache, Type: EAT modification 0x835A6550-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlDeleteTunnelCache, Type: EAT modification 0x835A6554-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlDeregisterUncProvider, Type: EAT modification 0x835A6558-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlDissectDbcs, Type: EAT modification 0x835A655C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlDissectName, Type: EAT modification 0x835A6560-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlDoesDbcsContainWildCards, Type: EAT modification 0x835A6564-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlDoesNameContainWildCards, Type: EAT modification 0x835A6568-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlFastCheckLockForRead, Type: EAT modification 0x835A656C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlFastCheckLockForWrite, Type: EAT modification 0x835A6570-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlFastUnlockAll, Type: EAT modification 0x835A6574-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlFastUnlockAllByKey, Type: EAT modification 0x835A6578-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlFastUnlockSingle, Type: EAT modification 0x835A657C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlFindExtraCreateParameter, Type: EAT modification 0x835A6580-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlFindInTunnelCache, Type: EAT modification 0x835A6584-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlFreeExtraCreateParameter, Type: EAT modification 0x835A6588-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlFreeExtraCreateParameterList, Type: EAT modification 0x835A658C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlFreeFileLock, Type: EAT modification 0x835A6590-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlGetEcpListFromIrp, Type: EAT modification 0x835A6594-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlGetFileSize, Type: EAT modification 0x835A6598-->83256000 [ntkrnlpa.exe]
Sliktor
Regular Member
 
Posts: 16
Joined: February 28th, 2011, 11:44 pm

Re: Search Engine Redirect

Unread postby Sliktor » March 2nd, 2011, 9:39 pm

ntkrnlpa.exe-->FsRtlGetNextBaseMcbEntry, Type: EAT modification 0x835A659C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlGetNextExtraCreateParameter, Type: EAT modification 0x835A65A0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlGetNextFileLock, Type: EAT modification 0x835A65A4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlGetNextLargeMcbEntry, Type: EAT modification 0x835A65A8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlGetNextMcbEntry, Type: EAT modification 0x835A65AC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlGetVirtualDiskNestingLevel, Type: EAT modification 0x835A65B0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlIncrementCcFastMdlReadWait, Type: EAT modification 0x835A65B4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlIncrementCcFastReadNotPossible, Type: EAT modification 0x835A65BC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlIncrementCcFastReadNoWait, Type: EAT modification 0x835A65B8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlIncrementCcFastReadResourceMiss, Type: EAT modification 0x835A65C0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlIncrementCcFastReadWait, Type: EAT modification 0x835A65C4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlInitExtraCreateParameterLookasideList, Type: EAT modification 0x835A65C8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlInitializeBaseMcb, Type: EAT modification 0x835A65CC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlInitializeBaseMcbEx, Type: EAT modification 0x835A65D0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlInitializeExtraCreateParameter, Type: EAT modification 0x835A65D4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlInitializeExtraCreateParameterList, Type: EAT modification 0x835A65D8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlInitializeFileLock, Type: EAT modification 0x835A65DC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlInitializeLargeMcb, Type: EAT modification 0x835A65E0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlInitializeMcb, Type: EAT modification 0x835A65E4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlInitializeOplock, Type: EAT modification 0x835A65E8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlInitializeTunnelCache, Type: EAT modification 0x835A65EC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlInsertExtraCreateParameter, Type: EAT modification 0x835A65F0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlInsertPerFileContext, Type: EAT modification 0x835A65F4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlInsertPerFileObjectContext, Type: EAT modification 0x835A65F8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlInsertPerStreamContext, Type: EAT modification 0x835A65FC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlIsDbcsInExpression, Type: EAT modification 0x835A6600-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlIsEcpAcknowledged, Type: EAT modification 0x835A6604-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlIsEcpFromUserMode, Type: EAT modification 0x835A6608-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlIsFatDbcsLegal, Type: EAT modification 0x835A660C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlIsHpfsDbcsLegal, Type: EAT modification 0x835A6610-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlIsNameInExpression, Type: EAT modification 0x835A6614-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlIsNtstatusExpected, Type: EAT modification 0x835A6618-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlIsPagingFile, Type: EAT modification 0x835A661C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlIsTotalDeviceFailure, Type: EAT modification 0x835A6620-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlLegalAnsiCharacterArray, Type: EAT modification 0x835A6624-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlLogCcFlushError, Type: EAT modification 0x835A6628-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlLookupBaseMcbEntry, Type: EAT modification 0x835A662C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlLookupLargeMcbEntry, Type: EAT modification 0x835A6630-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlLookupLastBaseMcbEntry, Type: EAT modification 0x835A6634-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlLookupLastBaseMcbEntryAndIndex, Type: EAT modification 0x835A6638-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlLookupLastLargeMcbEntry, Type: EAT modification 0x835A663C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlLookupLastLargeMcbEntryAndIndex, Type: EAT modification 0x835A6640-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlLookupLastMcbEntry, Type: EAT modification 0x835A6644-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlLookupMcbEntry, Type: EAT modification 0x835A6648-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlLookupPerFileContext, Type: EAT modification 0x835A664C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlLookupPerFileObjectContext, Type: EAT modification 0x835A6650-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlLookupPerStreamContextInternal, Type: EAT modification 0x835A6654-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlMdlRead, Type: EAT modification 0x835A6658-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlMdlReadComplete, Type: EAT modification 0x835A665C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlMdlReadCompleteDev, Type: EAT modification 0x835A6660-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlMdlReadDev, Type: EAT modification 0x835A6664-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlMdlWriteComplete, Type: EAT modification 0x835A6668-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlMdlWriteCompleteDev, Type: EAT modification 0x835A666C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlMupGetProviderIdFromName, Type: EAT modification 0x835A6670-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlMupGetProviderInfoFromFileObject, Type: EAT modification 0x835A6674-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlNormalizeNtstatus, Type: EAT modification 0x835A6678-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlNotifyChangeDirectory, Type: EAT modification 0x835A667C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlNotifyCleanup, Type: EAT modification 0x835A6680-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlNotifyCleanupAll, Type: EAT modification 0x835A6684-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlNotifyFilterChangeDirectory, Type: EAT modification 0x835A6688-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlNotifyFilterReportChange, Type: EAT modification 0x835A668C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlNotifyFullChangeDirectory, Type: EAT modification 0x835A6690-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlNotifyFullReportChange, Type: EAT modification 0x835A6694-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlNotifyInitializeSync, Type: EAT modification 0x835A6698-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlNotifyReportChange, Type: EAT modification 0x835A669C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlNotifyUninitializeSync, Type: EAT modification 0x835A66A0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlNotifyVolumeEvent, Type: EAT modification 0x835A66A4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlNotifyVolumeEventEx, Type: EAT modification 0x835A66A8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlNumberOfRunsInBaseMcb, Type: EAT modification 0x835A66AC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlNumberOfRunsInLargeMcb, Type: EAT modification 0x835A66B0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlNumberOfRunsInMcb, Type: EAT modification 0x835A66B4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlOplockBreakH, Type: EAT modification 0x835A66B8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlOplockBreakToNone, Type: EAT modification 0x835A66BC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlOplockBreakToNoneEx, Type: EAT modification 0x835A66C0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlOplockFsctrl, Type: EAT modification 0x835A66C4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlOplockFsctrlEx, Type: EAT modification 0x835A66C8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlOplockIsFastIoPossible, Type: EAT modification 0x835A66CC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlOplockIsSharedRequest, Type: EAT modification 0x835A66D0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlOplockKeysEqual, Type: EAT modification 0x835A66D4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlPostPagingFileStackOverflow, Type: EAT modification 0x835A66D8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlPostStackOverflow, Type: EAT modification 0x835A66DC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlPrepareMdlWrite, Type: EAT modification 0x835A66E0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlPrepareMdlWriteDev, Type: EAT modification 0x835A66E4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlPrivateLock, Type: EAT modification 0x835A66E8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlProcessFileLock, Type: EAT modification 0x835A66EC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlQueryMaximumVirtualDiskNestingLevel, Type: EAT modification 0x835A66F0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlRegisterFileSystemFilterCallbacks, Type: EAT modification 0x835A66F4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlRegisterFltMgrCalls, Type: EAT modification 0x835A66F8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlRegisterMupCalls, Type: EAT modification 0x835A66FC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlRegisterUncProvider, Type: EAT modification 0x835A6700-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlRegisterUncProviderEx, Type: EAT modification 0x835A6704-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlReleaseFile, Type: EAT modification 0x835A6708-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlRemoveBaseMcbEntry, Type: EAT modification 0x835A670C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlRemoveDotsFromPath, Type: EAT modification 0x835A6710-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlRemoveExtraCreateParameter, Type: EAT modification 0x835A6714-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlRemoveLargeMcbEntry, Type: EAT modification 0x835A6718-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlRemoveMcbEntry, Type: EAT modification 0x835A671C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlRemovePerFileContext, Type: EAT modification 0x835A6720-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlRemovePerFileObjectContext, Type: EAT modification 0x835A6724-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlRemovePerStreamContext, Type: EAT modification 0x835A6728-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlResetBaseMcb, Type: EAT modification 0x835A672C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlResetLargeMcb, Type: EAT modification 0x835A6730-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlSetEcpListIntoIrp, Type: EAT modification 0x835A6734-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlSplitBaseMcb, Type: EAT modification 0x835A6738-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlSplitLargeMcb, Type: EAT modification 0x835A673C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlSyncVolumes, Type: EAT modification 0x835A6740-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlTeardownPerFileContexts, Type: EAT modification 0x835A6744-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlTeardownPerStreamContexts, Type: EAT modification 0x835A6748-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlTruncateBaseMcb, Type: EAT modification 0x835A674C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlTruncateLargeMcb, Type: EAT modification 0x835A6750-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlTruncateMcb, Type: EAT modification 0x835A6754-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlUninitializeBaseMcb, Type: EAT modification 0x835A6758-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlUninitializeFileLock, Type: EAT modification 0x835A675C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlUninitializeLargeMcb, Type: EAT modification 0x835A6760-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlUninitializeMcb, Type: EAT modification 0x835A6764-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlUninitializeOplock, Type: EAT modification 0x835A6768-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlValidateReparsePointBuffer, Type: EAT modification 0x835A676C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->HalDispatchTable, Type: EAT modification 0x835A6770-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->HalExamineMBR, Type: EAT modification 0x835A60E8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->HalPrivateDispatchTable, Type: EAT modification 0x835A6774-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->HeadlessDispatch, Type: EAT modification 0x835A6778-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->HvlQueryConnection, Type: EAT modification 0x835A677C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->InbvAcquireDisplayOwnership, Type: EAT modification 0x835A6780-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->InbvCheckDisplayOwnership, Type: EAT modification 0x835A6784-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->InbvDisplayString, Type: EAT modification 0x835A6788-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->InbvEnableBootDriver, Type: EAT modification 0x835A678C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->InbvEnableDisplayString, Type: EAT modification 0x835A6790-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->InbvInstallDisplayStringFilter, Type: EAT modification 0x835A6794-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->InbvIsBootDriverInstalled, Type: EAT modification 0x835A6798-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->InbvNotifyDisplayOwnershipLost, Type: EAT modification 0x835A679C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->InbvResetDisplay, Type: EAT modification 0x835A67A0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->InbvSetScrollRegion, Type: EAT modification 0x835A67A4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->InbvSetTextColor, Type: EAT modification 0x835A67A8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->InbvSolidColorFill, Type: EAT modification 0x835A67AC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->InitSafeBootMode, Type: EAT modification 0x835A67B0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->InterlockedCompareExchange, Type: EAT modification 0x835A60EC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->InterlockedDecrement, Type: EAT modification 0x835A60F0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->InterlockedExchange, Type: EAT modification 0x835A60F4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->InterlockedExchangeAdd, Type: EAT modification 0x835A60F8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->InterlockedIncrement, Type: EAT modification 0x835A60FC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->InterlockedPopEntrySList, Type: EAT modification 0x835A6100-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->InterlockedPushEntrySList, Type: EAT modification 0x835A6104-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoAcquireCancelSpinLock, Type: EAT modification 0x835A67B4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoAcquireRemoveLockEx, Type: EAT modification 0x835A67B8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoAcquireVpbSpinLock, Type: EAT modification 0x835A67BC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoAdapterObjectType, Type: EAT modification 0x835A67C0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoAdjustStackSizeForRedirection, Type: EAT modification 0x835A67C4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoAllocateAdapterChannel, Type: EAT modification 0x835A67C8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoAllocateController, Type: EAT modification 0x835A67CC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoAllocateDriverObjectExtension, Type: EAT modification 0x835A67D0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoAllocateErrorLogEntry, Type: EAT modification 0x835A67D4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoAllocateIrp, Type: EAT modification 0x835A67D8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoAllocateMdl, Type: EAT modification 0x835A67DC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoAllocateMiniCompletionPacket, Type: EAT modification 0x835A67E0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoAllocateSfioStreamIdentifier, Type: EAT modification 0x835A67E4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoAllocateWorkItem, Type: EAT modification 0x835A67E8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoApplyPriorityInfoThread, Type: EAT modification 0x835A67EC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoAssignResources, Type: EAT modification 0x835A67F0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoAttachDevice, Type: EAT modification 0x835A67F4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoAttachDeviceByPointer, Type: EAT modification 0x835A67F8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoAttachDeviceToDeviceStack, Type: EAT modification 0x835A67FC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoAttachDeviceToDeviceStackSafe, Type: EAT modification 0x835A6800-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoBuildAsynchronousFsdRequest, Type: EAT modification 0x835A6804-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoBuildDeviceIoControlRequest, Type: EAT modification 0x835A6808-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoBuildPartialMdl, Type: EAT modification 0x835A680C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoBuildSynchronousFsdRequest, Type: EAT modification 0x835A6810-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCallDriver, Type: EAT modification 0x835A6814-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCancelFileOpen, Type: EAT modification 0x835A6818-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCancelIrp, Type: EAT modification 0x835A681C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCheckDesiredAccess, Type: EAT modification 0x835A6820-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCheckEaBufferValidity, Type: EAT modification 0x835A6824-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCheckFunctionAccess, Type: EAT modification 0x835A6828-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCheckQuerySetFileInformation, Type: EAT modification 0x835A682C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCheckQuerySetVolumeInformation, Type: EAT modification 0x835A6830-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCheckQuotaBufferValidity, Type: EAT modification 0x835A6834-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCheckShareAccess, Type: EAT modification 0x835A6838-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCheckShareAccessEx, Type: EAT modification 0x835A683C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoClearDependency, Type: EAT modification 0x835A6840-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoClearIrpExtraCreateParameter, Type: EAT modification 0x835A6844-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCompleteRequest, Type: EAT modification 0x835A6848-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoConnectInterrupt, Type: EAT modification 0x835A684C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoConnectInterruptEx, Type: EAT modification 0x835A6850-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCreateArcName, Type: EAT modification 0x835A6854-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCreateController, Type: EAT modification 0x835A6858-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCreateDevice, Type: EAT modification 0x835A685C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCreateDisk, Type: EAT modification 0x835A6860-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCreateDriver, Type: EAT modification 0x835A6864-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCreateFile, Type: EAT modification 0x835A6868-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCreateFileEx, Type: EAT modification 0x835A686C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCreateFileSpecifyDeviceObjectHint, Type: EAT modification 0x835A6870-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCreateNotificationEvent, Type: EAT modification 0x835A6874-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCreateStreamFileObject, Type: EAT modification 0x835A6878-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCreateStreamFileObjectEx, Type: EAT modification 0x835A687C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCreateStreamFileObjectLite, Type: EAT modification 0x835A6880-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCreateSymbolicLink, Type: EAT modification 0x835A6884-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCreateSynchronizationEvent, Type: EAT modification 0x835A6888-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCreateUnprotectedSymbolicLink, Type: EAT modification 0x835A688C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCsqInitialize, Type: EAT modification 0x835A6890-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCsqInitializeEx, Type: EAT modification 0x835A6894-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCsqInsertIrp, Type: EAT modification 0x835A6898-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCsqInsertIrpEx, Type: EAT modification 0x835A689C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCsqRemoveIrp, Type: EAT modification 0x835A68A0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoCsqRemoveNextIrp, Type: EAT modification 0x835A68A4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoDeleteAllDependencyRelations, Type: EAT modification 0x835A68A8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoDeleteController, Type: EAT modification 0x835A68AC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoDeleteDevice, Type: EAT modification 0x835A68B0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoDeleteDriver, Type: EAT modification 0x835A68B4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoDeleteSymbolicLink, Type: EAT modification 0x835A68B8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoDetachDevice, Type: EAT modification 0x835A68BC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoDeviceHandlerObjectSize, Type: EAT modification 0x835A68C0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoDeviceHandlerObjectType, Type: EAT modification 0x835A68C4-->84F7734C [unknown_code_page]
ntkrnlpa.exe-->IoDeviceObjectType, Type: EAT modification 0x835A68C8-->985FFFAC [unknown_code_page]
ntkrnlpa.exe-->IoDisconnectInterrupt, Type: EAT modification 0x835A68CC-->8F26F3DC [vsapint.sys]
ntkrnlpa.exe-->IoDisconnectInterruptEx, Type: EAT modification 0x835A68D0-->86EA3D58 [unknown_code_page]
ntkrnlpa.exe-->IoDriverObjectType, Type: EAT modification 0x835A68D4-->84F76C34 [unknown_code_page]
ntkrnlpa.exe-->IoDuplicateDependency, Type: EAT modification 0x835A68D8-->83256003 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoEnqueueIrp, Type: EAT modification 0x835A68DC-->83256400 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoEnumerateDeviceObjectList, Type: EAT modification 0x835A68E0-->83256063 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoEnumerateRegisteredFiltersList, Type: EAT modification 0x835A68E4-->86EA3548 [unknown_code_page]
ntkrnlpa.exe-->IoFastQueryNetworkAttributes, Type: EAT modification 0x835A68E8-->84F76C2C [unknown_code_page]
ntkrnlpa.exe-->IofCallDriver, Type: EAT modification 0x835A6118-->835F6043 [ntkrnlpa.exe]
ntkrnlpa.exe-->IofCompleteRequest, Type: EAT modification 0x835A611C-->837C605C [unknown_code_page]
ntkrnlpa.exe-->IoFileObjectType, Type: EAT modification 0x835A68EC-->83256003 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoForwardAndCatchIrp, Type: EAT modification 0x835A68F0-->83256200 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoForwardIrpSynchronously, Type: EAT modification 0x835A68F4-->832560D2 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoFreeController, Type: EAT modification 0x835A68F8-->86EA2F08 [unknown_code_page]
ntkrnlpa.exe-->IoFreeErrorLogEntry, Type: EAT modification 0x835A68FC-->D7616A0D [unknown_code_page]
ntkrnlpa.exe-->IoFreeIrp, Type: EAT modification 0x835A6900-->985FFFAC [unknown_code_page]
ntkrnlpa.exe-->IoFreeMdl, Type: EAT modification 0x835A6904-->8F26F2D9 [vsapint.sys]
ntkrnlpa.exe-->IoFreeMiniCompletionPacket, Type: EAT modification 0x835A6908-->86EA4FB8 [unknown_code_page]
ntkrnlpa.exe-->IoFreeSfioStreamIdentifier, Type: EAT modification 0x835A690C-->84F76C24 [unknown_code_page]
ntkrnlpa.exe-->IoFreeWorkItem, Type: EAT modification 0x835A6910-->83256003 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoGetAffinityInterrupt, Type: EAT modification 0x835A6914-->83256400 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoGetAttachedDevice, Type: EAT modification 0x835A6918-->8325605C [ntkrnlpa.exe]
ntkrnlpa.exe-->IoGetAttachedDeviceReference, Type: EAT modification 0x835A691C-->86EA47A8 [unknown_code_page]
ntkrnlpa.exe-->IoGetBaseFileSystemDeviceObject, Type: EAT modification 0x835A6920-->84F76C1C [unknown_code_page]
ntkrnlpa.exe-->IoGetBootDiskInformation, Type: EAT modification 0x835A6924-->83256003 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoGetBootDiskInformationLite, Type: EAT modification 0x835A6928-->83256200 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoGetConfigurationInformation, Type: EAT modification 0x835A692C-->832560D3 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoGetContainerInformation, Type: EAT modification 0x835A6930-->86EA4168 [unknown_code_page]
ntkrnlpa.exe-->IoGetCurrentProcess, Type: EAT modification 0x835A6934-->EA878059 [unknown_code_page]
ntkrnlpa.exe-->IoGetDeviceAttachmentBaseRef, Type: EAT modification 0x835A6938-->985FFFAC [unknown_code_page]
ntkrnlpa.exe-->IoGetDeviceInterfaceAlias, Type: EAT modification 0x835A693C-->8F26F2D9 [vsapint.sys]
ntkrnlpa.exe-->IoGetDeviceInterfaces, Type: EAT modification 0x835A6940-->86EA6218 [unknown_code_page]
ntkrnlpa.exe-->IoGetDeviceNumaNode, Type: EAT modification 0x835A6944-->84F76C14 [unknown_code_page]
ntkrnlpa.exe-->IoGetDeviceObjectPointer, Type: EAT modification 0x835A6948-->83256003 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoGetDeviceProperty, Type: EAT modification 0x835A694C-->83256400 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoGetDevicePropertyData, Type: EAT modification 0x835A6950-->8325606B [ntkrnlpa.exe]
ntkrnlpa.exe-->IoGetDeviceToVerify, Type: EAT modification 0x835A6954-->86EA5A08 [unknown_code_page]
ntkrnlpa.exe-->IoGetDiskDeviceObject, Type: EAT modification 0x835A6958-->84F76C0C [unknown_code_page]
ntkrnlpa.exe-->IoGetDmaAdapter, Type: EAT modification 0x835A695C-->83256003 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoGetDriverObjectExtension, Type: EAT modification 0x835A6960-->83256200 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoGetFileObjectGenericMapping, Type: EAT modification 0x835A6964-->832560D4 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoGetInitialStack, Type: EAT modification 0x835A6968-->86EA53C8 [unknown_code_page]
ntkrnlpa.exe-->IoGetIoPriorityHint, Type: EAT modification 0x835A696C-->BB8B8322 [unknown_code_page]
ntkrnlpa.exe-->IoGetIrpExtraCreateParameter, Type: EAT modification 0x835A6970-->985FFFAC [unknown_code_page]
ntkrnlpa.exe-->IoGetLowerDeviceObject, Type: EAT modification 0x835A6974-->8F26F2D9 [vsapint.sys]
ntkrnlpa.exe-->IoGetOplockKeyContext, Type: EAT modification 0x835A6978-->86EA7478 [unknown_code_page]
ntkrnlpa.exe-->IoGetPagingIoPriority, Type: EAT modification 0x835A6108-->84F76C04 [unknown_code_page]
ntkrnlpa.exe-->IoGetRelatedDeviceObject, Type: EAT modification 0x835A697C-->83256003 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoGetRequestorProcess, Type: EAT modification 0x835A6980-->83256400 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoGetRequestorProcessId, Type: EAT modification 0x835A6984-->8325605F [ntkrnlpa.exe]
ntkrnlpa.exe-->IoGetRequestorSessionId, Type: EAT modification 0x835A6988-->86EA6C68 [unknown_code_page]
ntkrnlpa.exe-->IoGetSfioStreamIdentifier, Type: EAT modification 0x835A698C-->84F76BFC [unknown_code_page]
ntkrnlpa.exe-->IoGetStackLimits, Type: EAT modification 0x835A6990-->83256003 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoGetSymlinkSupportInformation, Type: EAT modification 0x835A6994-->83256200 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoGetTopLevelIrp, Type: EAT modification 0x835A6998-->832560D5 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoGetTransactionParameterBlock, Type: EAT modification 0x835A699C-->86EA6628 [unknown_code_page]
ntkrnlpa.exe-->IoInitializeIrp, Type: EAT modification 0x835A69A0-->EC8CD261 [unknown_code_page]
ntkrnlpa.exe-->IoInitializeRemoveLockEx, Type: EAT modification 0x835A69A4-->985FFFAC [unknown_code_page]
ntkrnlpa.exe-->IoInitializeTimer, Type: EAT modification 0x835A69A8-->8F26F2D9 [vsapint.sys]
ntkrnlpa.exe-->IoInitializeWorkItem, Type: EAT modification 0x835A69AC-->86EA9970 [unknown_code_page]
ntkrnlpa.exe-->IoInvalidateDeviceRelations, Type: EAT modification 0x835A69B0-->84F76BE4 [unknown_code_page]
ntkrnlpa.exe-->IoInvalidateDeviceState, Type: EAT modification 0x835A69B4-->83256003 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoIsFileObjectIgnoringSharing, Type: EAT modification 0x835A69B8-->83256400 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoIsFileOriginRemote, Type: EAT modification 0x835A69BC-->8325606B [ntkrnlpa.exe]
ntkrnlpa.exe-->IoIsOperationSynchronous, Type: EAT modification 0x835A69C0-->86EA9160 [unknown_code_page]
ntkrnlpa.exe-->IoIsSystemThread, Type: EAT modification 0x835A69C4-->84F76BDC [unknown_code_page]
ntkrnlpa.exe-->IoIsValidNameGraftingBuffer, Type: EAT modification 0x835A69C8-->83256003 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoIsWdmVersionAvailable, Type: EAT modification 0x835A69CC-->83256200 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoMakeAssociatedIrp, Type: EAT modification 0x835A69D0-->832560D7 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoOpenDeviceInterfaceRegistryKey, Type: EAT modification 0x835A69D4-->86EA8B20 [unknown_code_page]
ntkrnlpa.exe-->IoOpenDeviceRegistryKey, Type: EAT modification 0x835A69D8-->A562C874 [unknown_code_page]
ntkrnlpa.exe-->IoPageRead, Type: EAT modification 0x835A69DC-->985FFFAC [unknown_code_page]
ntkrnlpa.exe-->IoQueryDeviceDescription, Type: EAT modification 0x835A69E0-->8F26F2D9 [vsapint.sys]
ntkrnlpa.exe-->IoQueryFileDosDeviceName, Type: EAT modification 0x835A69E4-->86EAABD0 [unknown_code_page]
ntkrnlpa.exe-->IoQueryFileInformation, Type: EAT modification 0x835A69E8-->84F76BD4 [unknown_code_page]
ntkrnlpa.exe-->IoQueryVolumeInformation, Type: EAT modification 0x835A69EC-->83256003 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoQueueThreadIrp, Type: EAT modification 0x835A69F0-->83256400 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoQueueWorkItem, Type: EAT modification 0x835A69F4-->83256070 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoQueueWorkItemEx, Type: EAT modification 0x835A69F8-->86EAA3C0 [unknown_code_page]
ntkrnlpa.exe-->IoRaiseHardError, Type: EAT modification 0x835A69FC-->84F76BCC [unknown_code_page]
ntkrnlpa.exe-->IoRaiseInformationalHardError, Type: EAT modification 0x835A6A00-->83256003 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoReadDiskSignature, Type: EAT modification 0x835A6A04-->83256200 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoReadOperationCount, Type: EAT modification 0x835A6A08-->832560D8 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoReadPartitionTable, Type: EAT modification 0x835A610C-->86EA9D80 [unknown_code_page]
ntkrnlpa.exe-->IoReadPartitionTableEx, Type: EAT modification 0x835A6A0C-->E891823D [unknown_code_page]
ntkrnlpa.exe-->IoReadTransferCount, Type: EAT modification 0x835A6A10-->985FFFAC [unknown_code_page]
ntkrnlpa.exe-->IoRegisterBootDriverReinitialization, Type: EAT modification 0x835A6A14-->8F26F2D9 [vsapint.sys]
ntkrnlpa.exe-->IoRegisterContainerNotification, Type: EAT modification 0x835A6A18-->86EABE38 [unknown_code_page]
ntkrnlpa.exe-->IoRegisterDeviceInterface, Type: EAT modification 0x835A6A1C-->84F76BC4 [unknown_code_page]
ntkrnlpa.exe-->IoRegisterDriverReinitialization, Type: EAT modification 0x835A6A20-->83256003 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoRegisterFileSystem, Type: EAT modification 0x835A6A24-->83256400 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoRegisterFsRegistrationChange, Type: EAT modification 0x835A6A28-->8325605C [ntkrnlpa.exe]
ntkrnlpa.exe-->IoRegisterFsRegistrationChangeMountAware, Type: EAT modification 0x835A6A2C-->86EAB628 [unknown_code_page]
ntkrnlpa.exe-->IoRegisterLastChanceShutdownNotification, Type: EAT modification 0x835A6A30-->84F76BBC [unknown_code_page]
ntkrnlpa.exe-->IoRegisterPlugPlayNotification, Type: EAT modification 0x835A6A34-->83256003 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoRegisterPriorityCallback, Type: EAT modification 0x835A6A38-->83256200 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoRegisterShutdownNotification, Type: EAT modification 0x835A6A3C-->832560D9 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoReleaseCancelSpinLock, Type: EAT modification 0x835A6A40-->86EAAFE8 [unknown_code_page]
ntkrnlpa.exe-->IoReleaseRemoveLockAndWaitEx, Type: EAT modification 0x835A6A44-->F186C472 [unknown_code_page]
ntkrnlpa.exe-->IoReleaseRemoveLockEx, Type: EAT modification 0x835A6A48-->985FFFAC [unknown_code_page]
ntkrnlpa.exe-->IoReleaseVpbSpinLock, Type: EAT modification 0x835A6A4C-->8F26F2D9 [vsapint.sys]
ntkrnlpa.exe-->IoRemoveShareAccess, Type: EAT modification 0x835A6A50-->86EAD098 [unknown_code_page]
ntkrnlpa.exe-->IoReplaceFileObjectName, Type: EAT modification 0x835A6A54-->84F76BB4 [unknown_code_page]
ntkrnlpa.exe-->IoReplacePartitionUnit, Type: EAT modification 0x835A6A58-->83256003 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoReportDetectedDevice, Type: EAT modification 0x835A6A5C-->83256400 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoReportHalResourceUsage, Type: EAT modification 0x835A6A60-->8325605D [ntkrnlpa.exe]
ntkrnlpa.exe-->IoReportResourceForDetection, Type: EAT modification 0x835A6A64-->86EAC888 [unknown_code_page]
ntkrnlpa.exe-->IoReportResourceUsage, Type: EAT modification 0x835A6A68-->84F76BAC [unknown_code_page]
ntkrnlpa.exe-->IoReportRootDevice, Type: EAT modification 0x835A6A6C-->83256003 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoReportTargetDeviceChange, Type: EAT modification 0x835A6A70-->83256200 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoReportTargetDeviceChangeAsynchronous, Type: EAT modification 0x835A6A74-->832560DA [ntkrnlpa.exe]
ntkrnlpa.exe-->IoRequestDeviceEject, Type: EAT modification 0x835A6A78-->86EAC248 [unknown_code_page]
ntkrnlpa.exe-->IoRequestDeviceEjectEx, Type: EAT modification 0x835A6A7C-->CB616A0D [unknown_code_page]
ntkrnlpa.exe-->IoRetrievePriorityInfo, Type: EAT modification 0x835A6A80-->985FFFAC [unknown_code_page]
ntkrnlpa.exe-->IoReuseIrp, Type: EAT modification 0x835A6A84-->8F26F2D9 [vsapint.sys]
ntkrnlpa.exe-->IoSetCompletionRoutineEx, Type: EAT modification 0x835A6A88-->86EAE2F8 [unknown_code_page]
ntkrnlpa.exe-->IoSetDependency, Type: EAT modification 0x835A6A8C-->84F76BA4 [unknown_code_page]
ntkrnlpa.exe-->IoSetDeviceInterfaceState, Type: EAT modification 0x835A6A90-->83256003 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoSetDevicePropertyData, Type: EAT modification 0x835A6A94-->83256400 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoSetDeviceToVerify, Type: EAT modification 0x835A6A98-->8325605B [ntkrnlpa.exe]
ntkrnlpa.exe-->IoSetFileObjectIgnoreSharing, Type: EAT modification 0x835A6A9C-->86EADAE8 [unknown_code_page]
ntkrnlpa.exe-->IoSetFileOrigin, Type: EAT modification 0x835A6AA0-->84F76B9C [unknown_code_page]
ntkrnlpa.exe-->IoSetHardErrorOrVerifyDevice, Type: EAT modification 0x835A6AA4-->83256003 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoSetInformation, Type: EAT modification 0x835A6AA8-->83256200 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoSetIoCompletion, Type: EAT modification 0x835A6AAC-->832560DB [ntkrnlpa.exe]
ntkrnlpa.exe-->IoSetIoCompletionEx, Type: EAT modification 0x835A6AB0-->86EAD4A8 [unknown_code_page]
ntkrnlpa.exe-->IoSetIoPriorityHint, Type: EAT modification 0x835A6AB4-->E953D777 [unknown_code_page]
ntkrnlpa.exe-->IoSetIoPriorityHintIntoFileObject, Type: EAT modification 0x835A6AB8-->985FFFAC [unknown_code_page]
ntkrnlpa.exe-->IoSetIoPriorityHintIntoThread, Type: EAT modification 0x835A6ABC-->8F26F2D9 [vsapint.sys]
ntkrnlpa.exe-->IoSetIrpExtraCreateParameter, Type: EAT modification 0x835A6AC0-->86EAF558 [unknown_code_page]
ntkrnlpa.exe-->IoSetOplockKeyContext, Type: EAT modification 0x835A6AC4-->84F76B94 [unknown_code_page]
ntkrnlpa.exe-->IoSetPartitionInformation, Type: EAT modification 0x835A6110-->83256003 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoSetPartitionInformationEx, Type: EAT modification 0x835A6AC8-->83256400 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoSetShareAccess, Type: EAT modification 0x835A6ACC-->83256054 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoSetShareAccessEx, Type: EAT modification 0x835A6AD0-->86EAED48 [unknown_code_page]
ntkrnlpa.exe-->IoSetStartIoAttributes, Type: EAT modification 0x835A6AD4-->84F76B8C [unknown_code_page]
ntkrnlpa.exe-->IoSetSystemPartition, Type: EAT modification 0x835A6AD8-->83256003 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoSetThreadHardErrorMode, Type: EAT modification 0x835A6ADC-->83256200 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoSetTopLevelIrp, Type: EAT modification 0x835A6AE0-->832560DC [ntkrnlpa.exe]
ntkrnlpa.exe-->IoSizeofWorkItem, Type: EAT modification 0x835A6AE4-->86EAE708 [unknown_code_page]
ntkrnlpa.exe-->IoStartNextPacket, Type: EAT modification 0x835A6AE8-->B2616A0D [unknown_code_page]
ntkrnlpa.exe-->IoStartNextPacketByKey, Type: EAT modification 0x835A6AEC-->985FFFAC [unknown_code_page]
ntkrnlpa.exe-->IoStartPacket, Type: EAT modification 0x835A6AF0-->8F26F2D9 [vsapint.sys]
ntkrnlpa.exe-->IoStartTimer, Type: EAT modification 0x835A6AF4-->86EB1A58 [unknown_code_page]
ntkrnlpa.exe-->IoStatisticsLock, Type: EAT modification 0x835A6AF8-->84F76B74 [unknown_code_page]
ntkrnlpa.exe-->IoStopTimer, Type: EAT modification 0x835A6AFC-->83256003 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoSynchronousInvalidateDeviceRelations, Type: EAT modification 0x835A6B00-->83256400 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoSynchronousPageWrite, Type: EAT modification 0x835A6B04-->83256069 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoThreadToProcess, Type: EAT modification 0x835A6B08-->86EB1248 [unknown_code_page]
ntkrnlpa.exe-->IoTranslateBusAddress, Type: EAT modification 0x835A6B0C-->84F76B6C [unknown_code_page]
ntkrnlpa.exe-->IoUninitializeWorkItem, Type: EAT modification 0x835A6B10-->83256003 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoUnregisterContainerNotification, Type: EAT modification 0x835A6B14-->83256200 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoUnregisterFileSystem, Type: EAT modification 0x835A6B18-->832560DE [ntkrnlpa.exe]
ntkrnlpa.exe-->IoUnregisterFsRegistrationChange, Type: EAT modification 0x835A6B1C-->86EB0C08 [unknown_code_page]
ntkrnlpa.exe-->IoUnregisterPlugPlayNotification, Type: EAT modification 0x835A6B20-->85C735C8 [unknown_code_page]
ntkrnlpa.exe-->IoUnregisterPlugPlayNotificationEx, Type: EAT modification 0x835A6B24-->9D5FFFA3 [unknown_code_page]
ntkrnlpa.exe-->IoUnregisterPriorityCallback, Type: EAT modification 0x835A6B28-->9726F2D9 [unknown_code_page]
ntkrnlpa.exe-->IoUnregisterShutdownNotification, Type: EAT modification 0x835A6B2C-->86EB2CB8 [unknown_code_page]
ntkrnlpa.exe-->IoUpdateShareAccess, Type: EAT modification 0x835A6B30-->84F76B64 [unknown_code_page]
ntkrnlpa.exe-->IoValidateDeviceIoControlAccess, Type: EAT modification 0x835A6B34-->83256003 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoVerifyPartitionTable, Type: EAT modification 0x835A6B38-->83256400 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoVerifyVolume, Type: EAT modification 0x835A6B3C-->83256073 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoVolumeDeviceToDosName, Type: EAT modification 0x835A6B40-->86EB24A8 [unknown_code_page]
ntkrnlpa.exe-->IoWithinStackLimits, Type: EAT modification 0x835A6B80-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoWMIAllocateInstanceIds, Type: EAT modification 0x835A6B44-->84F76B5C [unknown_code_page]
ntkrnlpa.exe-->IoWMIDeviceObjectToInstanceName, Type: EAT modification 0x835A6B48-->83256003 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoWMIExecuteMethod, Type: EAT modification 0x835A6B4C-->83256200 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoWMIHandleToInstanceName, Type: EAT modification 0x835A6B50-->832560DF [ntkrnlpa.exe]
ntkrnlpa.exe-->IoWMIOpenBlock, Type: EAT modification 0x835A6B54-->86EB1E68 [unknown_code_page]
ntkrnlpa.exe-->IoWMIQueryAllData, Type: EAT modification 0x835A6B58-->83256002 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoWMIQuerySingleInstanceMultiple, Type: EAT modification 0x835A6B64-->855FFFBB [unknown_code_page]
ntkrnlpa.exe-->IoWMIRegistrationControl, Type: EAT modification 0x835A6B68-->9926F2D6 [unknown_code_page]
ntkrnlpa.exe-->IoWMISetNotificationCallback, Type: EAT modification 0x835A6B6C-->83256003 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoWMISetSingleInstance, Type: EAT modification 0x835A6B70-->832F6DB0 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoWMISetSingleItem, Type: EAT modification 0x835A6B74-->85BC6F94 [unknown_code_page]
ntkrnlpa.exe-->IoWMISuggestInstanceName, Type: EAT modification 0x835A6B78-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoWMIWriteEvent, Type: EAT modification 0x835A6B7C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoWriteErrorLogEntry, Type: EAT modification 0x835A6B84-->872D0998 [unknown_code_page]
ntkrnlpa.exe-->IoWriteOperationCount, Type: EAT modification 0x835A6B88-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoWritePartitionTable, Type: EAT modification 0x835A6114-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoWritePartitionTableEx, Type: EAT modification 0x835A6B8C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoWriteTransferCount, Type: EAT modification 0x835A6B90-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->isdigit, Type: EAT modification 0x835A8130-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->islower, Type: EAT modification 0x835A8134-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->isprint, Type: EAT modification 0x835A8138-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->isspace, Type: EAT modification 0x835A813C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->isupper, Type: EAT modification 0x835A8140-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->isxdigit, Type: EAT modification 0x835A8144-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KdChangeOption, Type: EAT modification 0x835A6B94-->83936069 [CI.dll]
ntkrnlpa.exe-->KdDebuggerEnabled, Type: EAT modification 0x835A6B98-->83946064 [CI.dll]
ntkrnlpa.exe-->KdDebuggerNotPresent, Type: EAT modification 0x835A6B9C-->83986077 [CI.dll]
ntkrnlpa.exe-->KdDisableDebugger, Type: EAT modification 0x835A6BA0-->8398605C [CI.dll]
ntkrnlpa.exe-->KdEnableDebugger, Type: EAT modification 0x835A6BA4-->83986079 [CI.dll]
ntkrnlpa.exe-->KdEnteredDebugger, Type: EAT modification 0x835A6BA8-->838A6074 [BOOTVID.dll]
ntkrnlpa.exe-->KdPollBreakIn, Type: EAT modification 0x835A6BAC-->8358606D [ntkrnlpa.exe]
ntkrnlpa.exe-->KdPowerTransition, Type: EAT modification 0x835A6BB0-->83816032 [unknown_code_page]
ntkrnlpa.exe-->KdRefreshDebuggerNotPresent, Type: EAT modification 0x835A6BB4-->83986077 [CI.dll]
ntkrnlpa.exe-->KdSystemDebugControl, Type: EAT modification 0x835A6BB8-->838A6068 [BOOTVID.dll]
ntkrnlpa.exe-->Ke386CallBios, Type: EAT modification 0x835A6BBC-->83996078 [poqulnn.sys]
ntkrnlpa.exe-->Ke386IoSetAccessProcess, Type: EAT modification 0x835A6BC0-->8389602E [PSHED.dll]
ntkrnlpa.exe-->Ke386QueryIoAccessMap, Type: EAT modification 0x835A6BC4-->8391606C [CI.dll]
ntkrnlpa.exe-->Ke386SetIoAccessMap, Type: EAT modification 0x835A6BC8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeAcquireGuardedMutex, Type: EAT modification 0x835A6120-->83256001 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeAcquireGuardedMutexUnsafe, Type: EAT modification 0x835A6124-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeAcquireInStackQueuedSpinLockAtDpcLevel, Type: EAT modification 0x835A6128-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->KeAcquireInStackQueuedSpinLockForDpc, Type: EAT modification 0x835A612C-->B33DFDA9 [unknown_code_page]
ntkrnlpa.exe-->KeAcquireInterruptSpinLock, Type: EAT modification 0x835A6BCC-->9326F2CE [unknown_code_page]
ntkrnlpa.exe-->KeAcquireSpinLockAtDpcLevel, Type: EAT modification 0x835A6BD0-->85BEA798 [unknown_code_page]
ntkrnlpa.exe-->KeAcquireSpinLockForDpc, Type: EAT modification 0x835A6130-->85BEA7B4 [unknown_code_page]
ntkrnlpa.exe-->KeAddGroupAffinityEx, Type: EAT modification 0x835A6BD4-->85BEA7CC [unknown_code_page]
ntkrnlpa.exe-->KeAddProcessorAffinityEx, Type: EAT modification 0x835A6BD8-->85BEA7EC [unknown_code_page]
ntkrnlpa.exe-->KeAddProcessorGroupAffinity, Type: EAT modification 0x835A6BDC-->85BEA7F2 [unknown_code_page]
ntkrnlpa.exe-->KeAddSystemServiceTable, Type: EAT modification 0x835A6BE0-->85BEA854 [unknown_code_page]
ntkrnlpa.exe-->KeAlertThread, Type: EAT modification 0x835A6BE4-->85BEA87A [unknown_code_page]
ntkrnlpa.exe-->KeAllocateCalloutStack, Type: EAT modification 0x835A6BE8-->85BEA880 [unknown_code_page]
ntkrnlpa.exe-->KeAllocateCalloutStackEx, Type: EAT modification 0x835A6BEC-->85BEA8D4 [unknown_code_page]
ntkrnlpa.exe-->KeAndAffinityEx, Type: EAT modification 0x835A6BF0-->85BEA8DA [unknown_code_page]
ntkrnlpa.exe-->KeAndGroupAffinityEx, Type: EAT modification 0x835A6BF4-->85BEA93C [unknown_code_page]
ntkrnlpa.exe-->KeAreAllApcsDisabled, Type: EAT modification 0x835A6BF8-->85BEA94E [unknown_code_page]
ntkrnlpa.exe-->KeAreApcsDisabled, Type: EAT modification 0x835A6BFC-->85BEA954 [unknown_code_page]
ntkrnlpa.exe-->KeAttachProcess, Type: EAT modification 0x835A6C00-->85BEA9B6 [unknown_code_page]
ntkrnlpa.exe-->KeBugCheck, Type: EAT modification 0x835A6C04-->85BEAACC [unknown_code_page]
ntkrnlpa.exe-->KeBugCheckEx, Type: EAT modification 0x835A6C08-->85BEAAD2 [unknown_code_page]
ntkrnlpa.exe-->KeCancelTimer, Type: EAT modification 0x835A6C0C-->85BEABC2 [unknown_code_page]
ntkrnlpa.exe-->KeCapturePersistentThreadState, Type: EAT modification 0x835A6C10-->85BEABC8 [unknown_code_page]
ntkrnlpa.exe-->KeCheckProcessorAffinityEx, Type: EAT modification 0x835A6C14-->85BEAC94 [unknown_code_page]
ntkrnlpa.exe-->KeCheckProcessorGroupAffinity, Type: EAT modification 0x835A6C18-->85BEAC9A [unknown_code_page]
ntkrnlpa.exe-->KeClearEvent, Type: EAT modification 0x835A6C1C-->85BEAD6C [unknown_code_page]
ntkrnlpa.exe-->KeComplementAffinityEx, Type: EAT modification 0x835A6C20-->85BEAD72 [unknown_code_page]
ntkrnlpa.exe-->KeCopyAffinityEx, Type: EAT modification 0x835A6C24-->85BEAE94 [unknown_code_page]
ntkrnlpa.exe-->KeCountSetBitsAffinityEx, Type: EAT modification 0x835A6C28-->85BEAE9A [unknown_code_page]
ntkrnlpa.exe-->KeCountSetBitsGroupAffinity, Type: EAT modification 0x835A6C2C-->85BEAF94 [unknown_code_page]
ntkrnlpa.exe-->KeDelayExecutionThread, Type: EAT modification 0x835A6C30-->85BEAF9A [unknown_code_page]
ntkrnlpa.exe-->KeDeregisterBugCheckCallback, Type: EAT modification 0x835A6C34-->85BEB066 [unknown_code_page]
ntkrnlpa.exe-->KeDeregisterBugCheckReasonCallback, Type: EAT modification 0x835A6C38-->85BEB06C [unknown_code_page]
ntkrnlpa.exe-->KeDeregisterNmiCallback, Type: EAT modification 0x835A6C3C-->85BEB128 [unknown_code_page]
ntkrnlpa.exe-->KeDeregisterProcessorChangeCallback, Type: EAT modification 0x835A6C40-->85BEB12E [unknown_code_page]
ntkrnlpa.exe-->KeDetachProcess, Type: EAT modification 0x835A6C44-->85BEB208 [unknown_code_page]
ntkrnlpa.exe-->KeEnterCriticalRegion, Type: EAT modification 0x835A6C48-->85BEB20E [unknown_code_page]
ntkrnlpa.exe-->KeEnterGuardedRegion, Type: EAT modification 0x835A6C4C-->85BEB2F0 [unknown_code_page]
ntkrnlpa.exe-->KeEnterKernelDebugger, Type: EAT modification 0x835A6C50-->85BEB2F6 [unknown_code_page]
ntkrnlpa.exe-->KeEnumerateNextProcessor, Type: EAT modification 0x835A6C54-->85BEB3C4 [unknown_code_page]
ntkrnlpa.exe-->KeExpandKernelStackAndCallout, Type: EAT modification 0x835A6C58-->85BEB3CA [unknown_code_page]
ntkrnlpa.exe-->KeExpandKernelStackAndCalloutEx, Type: EAT modification 0x835A6C5C-->85BEB48E [unknown_code_page]
ntkrnlpa.exe-->KefAcquireSpinLockAtDpcLevel, Type: EAT modification 0x835A6160-->85BF081C [unknown_code_page]
ntkrnlpa.exe-->KeFindConfigurationEntry, Type: EAT modification 0x835A6C60-->85BEB494 [unknown_code_page]
ntkrnlpa.exe-->KeFindConfigurationNextEntry, Type: EAT modification 0x835A6C64-->85BEB5CE [unknown_code_page]
ntkrnlpa.exe-->KeFindFirstSetLeftAffinityEx, Type: EAT modification 0x835A6C68-->85BEB5D4 [unknown_code_page]
ntkrnlpa.exe-->KeFindFirstSetLeftGroupAffinity, Type: EAT modification 0x835A6C6C-->85BEB6A8 [unknown_code_page]
ntkrnlpa.exe-->KeFindFirstSetRightGroupAffinity, Type: EAT modification 0x835A6C70-->85BEB6AE [unknown_code_page]
ntkrnlpa.exe-->KeFirstGroupAffinityEx, Type: EAT modification 0x835A6C74-->85BEB7AA [unknown_code_page]
ntkrnlpa.exe-->KeFlushEntireTb, Type: EAT modification 0x835A6C78-->85BEB7B0 [unknown_code_page]
ntkrnlpa.exe-->KeFlushQueuedDpcs, Type: EAT modification 0x835A6C7C-->85BEB8AE [unknown_code_page]
ntkrnlpa.exe-->KeFreeCalloutStack, Type: EAT modification 0x835A6C80-->85BEB8B4 [unknown_code_page]
ntkrnlpa.exe-->KefReleaseSpinLockFromDpcLevel, Type: EAT modification 0x835A6164-->85BF0822 [unknown_code_page]
ntkrnlpa.exe-->KeGenericCallDpc, Type: EAT modification 0x835A6C84-->85BEB9A4 [unknown_code_page]
ntkrnlpa.exe-->KeGetCurrentNodeNumber, Type: EAT modification 0x835A6C88-->85BEB9AA [unknown_code_page]
ntkrnlpa.exe-->KeGetCurrentProcessorNumberEx, Type: EAT modification 0x835A6C8C-->85BEBA9E [unknown_code_page]
ntkrnlpa.exe-->KeGetCurrentThread, Type: EAT modification 0x835A6C90-->85BEBAA4 [unknown_code_page]
ntkrnlpa.exe-->KeGetPreviousMode, Type: EAT modification 0x835A6C94-->85BEBB9A [unknown_code_page]
ntkrnlpa.exe-->KeGetProcessorIndexFromNumber, Type: EAT modification 0x835A6C98-->85BEBBA0 [unknown_code_page]
ntkrnlpa.exe-->KeGetProcessorNumberFromIndex, Type: EAT modification 0x835A6C9C-->85BEBC58 [unknown_code_page]
ntkrnlpa.exe-->KeGetRecommendedSharedDataAlignment, Type: EAT modification 0x835A6CA0-->85BEBC5E [unknown_code_page]
ntkrnlpa.exe-->KeGetXSaveFeatureFlags, Type: EAT modification 0x835A6CA4-->85BEBD24 [unknown_code_page]
ntkrnlpa.exe-->KeI386AbiosCall, Type: EAT modification 0x835A6CA8-->85BEBD2A [unknown_code_page]
ntkrnlpa.exe-->KeI386AllocateGdtSelectors, Type: EAT modification 0x835A6CAC-->85BEBE02 [unknown_code_page]
ntkrnlpa.exe-->KeI386Call16BitCStyleFunction, Type: EAT modification 0x835A6CB0-->85BEBE08 [unknown_code_page]
ntkrnlpa.exe-->KeI386Call16BitFunction, Type: EAT modification 0x835A6CB4-->85BEBEFE [unknown_code_page]
ntkrnlpa.exe-->Kei386EoiHelper, Type: EAT modification 0x835A619C-->85BF08FC [unknown_code_page]
ntkrnlpa.exe-->KeI386FlatToGdtSelector, Type: EAT modification 0x835A6CB8-->85BEBF04 [unknown_code_page]
ntkrnlpa.exe-->KeI386GetLid, Type: EAT modification 0x835A6CBC-->85BEBFD2 [unknown_code_page]
ntkrnlpa.exe-->KeI386MachineType, Type: EAT modification 0x835A6CC0-->85BEBFD8 [unknown_code_page]
ntkrnlpa.exe-->KeI386ReleaseGdtSelectors, Type: EAT modification 0x835A6CC4-->85BEC0BE [unknown_code_page]
ntkrnlpa.exe-->KeI386ReleaseLid, Type: EAT modification 0x835A6CC8-->85BEC0C4 [unknown_code_page]
ntkrnlpa.exe-->KeI386SetGdtSelector, Type: EAT modification 0x835A6CCC-->85BEC1B6 [unknown_code_page]
ntkrnlpa.exe-->KeInitializeAffinityEx, Type: EAT modification 0x835A6CD0-->85BEC1BC [unknown_code_page]
ntkrnlpa.exe-->KeInitializeApc, Type: EAT modification 0x835A6CD4-->85BEC28E [unknown_code_page]
ntkrnlpa.exe-->KeInitializeCrashDumpHeader, Type: EAT modification 0x835A6CD8-->85BEC294 [unknown_code_page]
ntkrnlpa.exe-->KeInitializeDeviceQueue, Type: EAT modification 0x835A6CDC-->85BEC378 [unknown_code_page]
ntkrnlpa.exe-->KeInitializeDpc, Type: EAT modification 0x835A6CE0-->85BEC37E [unknown_code_page]
ntkrnlpa.exe-->KeInitializeEnumerationContext, Type: EAT modification 0x835A6CE4-->85BEC464 [unknown_code_page]
ntkrnlpa.exe-->KeInitializeEnumerationContextFromGroup, Type: EAT modification 0x835A6CE8-->85BEC46A [unknown_code_page]
ntkrnlpa.exe-->KeInitializeEvent, Type: EAT modification 0x835A6CEC-->85BEC542 [unknown_code_page]
ntkrnlpa.exe-->KeInitializeGuardedMutex, Type: EAT modification 0x835A6134-->85BEC548 [unknown_code_page]
ntkrnlpa.exe-->KeInitializeInterrupt, Type: EAT modification 0x835A6CF0-->85BEC64E [unknown_code_page]
ntkrnlpa.exe-->KeInitializeMutant, Type: EAT modification 0x835A6CF4-->85BEC654 [unknown_code_page]
ntkrnlpa.exe-->KeInitializeMutex, Type: EAT modification 0x835A6CF8-->85BEC73A [unknown_code_page]
ntkrnlpa.exe-->KeInitializeQueue, Type: EAT modification 0x835A6CFC-->85BEC740 [unknown_code_page]
ntkrnlpa.exe-->KeInitializeSemaphore, Type: EAT modification 0x835A6D00-->85BEC81A [unknown_code_page]
ntkrnlpa.exe-->KeInitializeSpinLock, Type: EAT modification 0x835A6D04-->85BEC820 [unknown_code_page]
ntkrnlpa.exe-->KeInitializeThreadedDpc, Type: EAT modification 0x835A6D08-->85BEC910 [unknown_code_page]
ntkrnlpa.exe-->KeInitializeTimer, Type: EAT modification 0x835A6D0C-->85BEC916 [unknown_code_page]
ntkrnlpa.exe-->KeInitializeTimerEx, Type: EAT modification 0x835A6D10-->85BEC9F2 [unknown_code_page]
ntkrnlpa.exe-->KeInsertByKeyDeviceQueue, Type: EAT modification 0x835A6D14-->85BEC9F8 [unknown_code_page]
ntkrnlpa.exe-->KeInsertDeviceQueue, Type: EAT modification 0x835A6D18-->85BECADA [unknown_code_page]
ntkrnlpa.exe-->KeInsertHeadQueue, Type: EAT modification 0x835A6D1C-->85BECAE0 [unknown_code_page]
ntkrnlpa.exe-->KeInsertQueue, Type: EAT modification 0x835A6D20-->85BECBD8 [unknown_code_page]
ntkrnlpa.exe-->KeInsertQueueApc, Type: EAT modification 0x835A6D24-->85BECBDE [unknown_code_page]
ntkrnlpa.exe-->KeInsertQueueDpc, Type: EAT modification 0x835A6D28-->85BECCAC [unknown_code_page]
ntkrnlpa.exe-->KeInterlockedClearProcessorAffinityEx, Type: EAT modification 0x835A6D2C-->85BECCB2 [unknown_code_page]
ntkrnlpa.exe-->KeInterlockedSetProcessorAffinityEx, Type: EAT modification 0x835A6D30-->85BECDA6 [unknown_code_page]
ntkrnlpa.exe-->KeInvalidateAllCaches, Type: EAT modification 0x835A6D34-->85BECDAC [unknown_code_page]
ntkrnlpa.exe-->KeInvalidateRangeAllCaches, Type: EAT modification 0x835A6138-->85BECE84 [unknown_code_page]
ntkrnlpa.exe-->KeIpiGenericCall, Type: EAT modification 0x835A6D38-->85BECE8A [unknown_code_page]
ntkrnlpa.exe-->KeIsAttachedProcess, Type: EAT modification 0x835A6D3C-->85BECF72 [unknown_code_page]
ntkrnlpa.exe-->KeIsEmptyAffinityEx, Type: EAT modification 0x835A6D40-->85BECF78 [unknown_code_page]
ntkrnlpa.exe-->KeIsEqualAffinityEx, Type: EAT modification 0x835A6D44-->85BED092 [unknown_code_page]
ntkrnlpa.exe-->KeIsExecutingDpc, Type: EAT modification 0x835A6D48-->85BED098 [unknown_code_page]
ntkrnlpa.exe-->KeIsSingleGroupAffinityEx, Type: EAT modification 0x835A6D4C-->85BED1B2 [unknown_code_page]
ntkrnlpa.exe-->KeIsSubsetAffinityEx, Type: EAT modification 0x835A6D50-->85BED1B8 [unknown_code_page]
ntkrnlpa.exe-->KeIsWaitListEmpty, Type: EAT modification 0x835A6D54-->85BED290 [unknown_code_page]
ntkrnlpa.exe-->KeLeaveCriticalRegion, Type: EAT modification 0x835A6D58-->85BED296 [unknown_code_page]
ntkrnlpa.exe-->KeLeaveGuardedRegion, Type: EAT modification 0x835A6D5C-->85BED36E [unknown_code_page]
ntkrnlpa.exe-->KeLoaderBlock, Type: EAT modification 0x835A6D60-->85BED374 [unknown_code_page]
ntkrnlpa.exe-->KeNumberProcessors, Type: EAT modification 0x835A6D64-->85BED450 [unknown_code_page]
ntkrnlpa.exe-->KeOrAffinityEx, Type: EAT modification 0x835A6D68-->85BED456 [unknown_code_page]
ntkrnlpa.exe-->KePollFreezeExecution, Type: EAT modification 0x835A6D6C-->85BED550 [unknown_code_page]
ntkrnlpa.exe-->KeProcessorGroupAffinity, Type: EAT modification 0x835A6D70-->85BED556 [unknown_code_page]
ntkrnlpa.exe-->KeProfileInterrupt, Type: EAT modification 0x835A6D74-->85BED640 [unknown_code_page]
ntkrnlpa.exe-->KeProfileInterruptWithSource, Type: EAT modification 0x835A6D78-->85BED646 [unknown_code_page]
ntkrnlpa.exe-->KePulseEvent, Type: EAT modification 0x835A6D7C-->85BED71C [unknown_code_page]
ntkrnlpa.exe-->KeQueryActiveGroupCount, Type: EAT modification 0x835A6D80-->85BED722 [unknown_code_page]
ntkrnlpa.exe-->KeQueryActiveProcessorAffinity, Type: EAT modification 0x835A6D84-->85BED822 [unknown_code_page]
ntkrnlpa.exe-->KeQueryActiveProcessorCount, Type: EAT modification 0x835A6D88-->85BED828 [unknown_code_page]
ntkrnlpa.exe-->KeQueryActiveProcessorCountEx, Type: EAT modification 0x835A6D8C-->85BED908 [unknown_code_page]
ntkrnlpa.exe-->KeQueryActiveProcessors, Type: EAT modification 0x835A6D90-->85BED90E [unknown_code_page]
ntkrnlpa.exe-->KeQueryDpcWatchdogInformation, Type: EAT modification 0x835A6D94-->85BEDA28 [unknown_code_page]
ntkrnlpa.exe-->KeQueryGroupAffinity, Type: EAT modification 0x835A6D98-->85BEDA2E [unknown_code_page]
ntkrnlpa.exe-->KeQueryGroupAffinityEx, Type: EAT modification 0x835A6D9C-->85BEDB10 [unknown_code_page]
ntkrnlpa.exe-->KeQueryHardwareCounterConfiguration, Type: EAT modification 0x835A6DA0-->85BEDB16 [unknown_code_page]
ntkrnlpa.exe-->KeQueryHighestNodeNumber, Type: EAT modification 0x835A6DA4-->85BEDBF6 [unknown_code_page]
ntkrnlpa.exe-->KeQueryInterruptTime, Type: EAT modification 0x835A6DA8-->85BEDBFC [unknown_code_page]
ntkrnlpa.exe-->KeQueryLogicalProcessorRelationship, Type: EAT modification 0x835A6DAC-->85BEDCDA [unknown_code_page]
ntkrnlpa.exe-->KeQueryMaximumGroupCount, Type: EAT modification 0x835A6DB0-->85BEDCE0 [unknown_code_page]
ntkrnlpa.exe-->KeQueryMaximumProcessorCount, Type: EAT modification 0x835A6DB4-->85BEDDE6 [unknown_code_page]
ntkrnlpa.exe-->KeQueryMaximumProcessorCountEx, Type: EAT modification 0x835A6DB8-->85BEDDEC [unknown_code_page]
ntkrnlpa.exe-->KeQueryNodeActiveAffinity, Type: EAT modification 0x835A6DBC-->85BEDEC8 [unknown_code_page]
ntkrnlpa.exe-->KeQueryNodeMaximumProcessorCount, Type: EAT modification 0x835A6DC0-->85BEDECE [unknown_code_page]
ntkrnlpa.exe-->KeQueryPriorityThread, Type: EAT modification 0x835A6DC4-->85BEDFC2 [unknown_code_page]
ntkrnlpa.exe-->KeQueryRuntimeThread, Type: EAT modification 0x835A6DC8-->85BEDFC8 [unknown_code_page]
ntkrnlpa.exe-->KeQuerySystemTime, Type: EAT modification 0x835A6DCC-->85BEE0A0 [unknown_code_page]
ntkrnlpa.exe-->KeQueryTickCount, Type: EAT modification 0x835A6DD0-->85BEE0A6 [unknown_code_page]
ntkrnlpa.exe-->KeQueryTimeIncrement, Type: EAT modification 0x835A6DD4-->85BEE17A [unknown_code_page]
ntkrnlpa.exe-->KeQueryUnbiasedInterruptTime, Type: EAT modification 0x835A6DD8-->85BEE180 [unknown_code_page]
ntkrnlpa.exe-->KeRaiseUserException, Type: EAT modification 0x835A6DDC-->85BEE276 [unknown_code_page]
ntkrnlpa.exe-->KeReadStateEvent, Type: EAT modification 0x835A6DE0-->85BEE27C [unknown_code_page]
ntkrnlpa.exe-->KeReadStateMutant, Type: EAT modification 0x835A6DE4-->85BEE354 [unknown_code_page]
ntkrnlpa.exe-->KeReadStateMutex, Type: EAT modification 0x835A6DE8-->85BEE35A [unknown_code_page]
ntkrnlpa.exe-->KeReadStateQueue, Type: EAT modification 0x835A6DEC-->85BEE426 [unknown_code_page]
ntkrnlpa.exe-->KeReadStateSemaphore, Type: EAT modification 0x835A6DF0-->85BEE42C [unknown_code_page]
ntkrnlpa.exe-->KeReadStateTimer, Type: EAT modification 0x835A6DF4-->85BEE50A [unknown_code_page]
ntkrnlpa.exe-->KeRegisterBugCheckCallback, Type: EAT modification 0x835A6DF8-->85BEE510 [unknown_code_page]
ntkrnlpa.exe-->KeRegisterBugCheckReasonCallback, Type: EAT modification 0x835A6DFC-->85BEE60A [unknown_code_page]
ntkrnlpa.exe-->KeRegisterNmiCallback, Type: EAT modification 0x835A6E00-->85BEE610 [unknown_code_page]
ntkrnlpa.exe-->KeRegisterProcessorChangeCallback, Type: EAT modification 0x835A6E04-->85BEE6FC [unknown_code_page]
ntkrnlpa.exe-->KeReleaseGuardedMutex, Type: EAT modification 0x835A613C-->85BEE702 [unknown_code_page]
ntkrnlpa.exe-->KeReleaseGuardedMutexUnsafe, Type: EAT modification 0x835A6140-->85BEE840 [unknown_code_page]
ntkrnlpa.exe-->KeReleaseInStackQueuedSpinLockForDpc, Type: EAT modification 0x835A6144-->85BEE846 [unknown_code_page]
ntkrnlpa.exe-->KeReleaseInStackQueuedSpinLockFromDpcLevel, Type: EAT modification 0x835A6148-->85BEE946 [unknown_code_page]
ntkrnlpa.exe-->KeReleaseInterruptSpinLock, Type: EAT modification 0x835A6E08-->85BEE94C [unknown_code_page]
ntkrnlpa.exe-->KeReleaseMutant, Type: EAT modification 0x835A6E0C-->85BEEA38 [unknown_code_page]
ntkrnlpa.exe-->KeReleaseMutex, Type: EAT modification 0x835A6E10-->85BEEA3E [unknown_code_page]
ntkrnlpa.exe-->KeReleaseSemaphore, Type: EAT modification 0x835A6E14-->85BEEB1E [unknown_code_page]
ntkrnlpa.exe-->KeReleaseSpinLockForDpc, Type: EAT modification 0x835A614C-->85BEEB24 [unknown_code_page]
ntkrnlpa.exe-->KeReleaseSpinLockFromDpcLevel, Type: EAT modification 0x835A6E18-->85BEEC06 [unknown_code_page]
ntkrnlpa.exe-->KeRemoveByKeyDeviceQueue, Type: EAT modification 0x835A6E1C-->85BEEC0C [unknown_code_page]
ntkrnlpa.exe-->KeRemoveByKeyDeviceQueueIfBusy, Type: EAT modification 0x835A6E20-->85BEEC9C [unknown_code_page]
ntkrnlpa.exe-->KeRemoveDeviceQueue, Type: EAT modification 0x835A6E24-->85BEECA2 [unknown_code_page]
ntkrnlpa.exe-->KeRemoveEntryDeviceQueue, Type: EAT modification 0x835A6E28-->85BEED78 [unknown_code_page]
ntkrnlpa.exe-->KeRemoveGroupAffinityEx, Type: EAT modification 0x835A6E2C-->85BEED7E [unknown_code_page]
ntkrnlpa.exe-->KeRemoveProcessorAffinityEx, Type: EAT modification 0x835A6E30-->85BEEE7C [unknown_code_page]
ntkrnlpa.exe-->KeRemoveProcessorGroupAffinity, Type: EAT modification 0x835A6E34-->85BEEE82 [unknown_code_page]
ntkrnlpa.exe-->KeRemoveQueue, Type: EAT modification 0x835A6E38-->85BEEF84 [unknown_code_page]
ntkrnlpa.exe-->KeRemoveQueueDpc, Type: EAT modification 0x835A6E3C-->85BEEF8A [unknown_code_page]
ntkrnlpa.exe-->KeRemoveQueueEx, Type: EAT modification 0x835A6E40-->85BEF07A [unknown_code_page]
ntkrnlpa.exe-->KeRemoveSystemServiceTable, Type: EAT modification 0x835A6E44-->85BEF080 [unknown_code_page]
ntkrnlpa.exe-->KeResetEvent, Type: EAT modification 0x835A6E48-->85BEF16E [unknown_code_page]
ntkrnlpa.exe-->KeRestoreExtendedProcessorState, Type: EAT modification 0x835A6E4C-->85BEF174 [unknown_code_page]
ntkrnlpa.exe-->KeRestoreFloatingPointState, Type: EAT modification 0x835A6E50-->85BEF24A [unknown_code_page]
ntkrnlpa.exe-->KeRevertToUserAffinityThread, Type: EAT modification 0x835A6E54-->85BEF250 [unknown_code_page]
ntkrnlpa.exe-->KeRevertToUserAffinityThreadEx, Type: EAT modification 0x835A6E58-->85BEF34E [unknown_code_page]
ntkrnlpa.exe-->KeRevertToUserGroupAffinityThread, Type: EAT modification 0x835A6E5C-->85BEF354 [unknown_code_page]
ntkrnlpa.exe-->KeRundownQueue, Type: EAT modification 0x835A6E60-->85BEF42E [unknown_code_page]
ntkrnlpa.exe-->KeSaveExtendedProcessorState, Type: EAT modification 0x835A6E64-->85BEF434 [unknown_code_page]
ntkrnlpa.exe-->KeSaveFloatingPointState, Type: EAT modification 0x835A6E68-->85BEF522 [unknown_code_page]
ntkrnlpa.exe-->KeSaveStateForHibernate, Type: EAT modification 0x835A6E6C-->85BEF528 [unknown_code_page]
ntkrnlpa.exe-->KeServiceDescriptorTable, Type: EAT modification 0x835A6E70-->85BEF60E [unknown_code_page]
ntkrnlpa.exe-->KeSetActualBasePriorityThread, Type: EAT modification 0x835A6E74-->85BEF614 [unknown_code_page]
ntkrnlpa.exe-->KeSetAffinityThread, Type: EAT modification 0x835A6E78-->85BEF716 [unknown_code_page]
ntkrnlpa.exe-->KeSetBasePriorityThread, Type: EAT modification 0x835A6E7C-->85BEF71C [unknown_code_page]
ntkrnlpa.exe-->KeSetCoalescableTimer, Type: EAT modification 0x835A6E80-->85BEF7CC [unknown_code_page]
ntkrnlpa.exe-->KeSetDmaIoCoherency, Type: EAT modification 0x835A6E84-->85BEF7D2 [unknown_code_page]
ntkrnlpa.exe-->KeSetEvent, Type: EAT modification 0x835A6E88-->85BEF8A8 [unknown_code_page]
ntkrnlpa.exe-->KeSetEventBoostPriority, Type: EAT modification 0x835A6E8C-->85BEF8AE [unknown_code_page]
ntkrnlpa.exe-->KeSetHardwareCounterConfiguration, Type: EAT modification 0x835A6E90-->85BEF9B2 [unknown_code_page]
ntkrnlpa.exe-->KeSetIdealProcessorThread, Type: EAT modification 0x835A6E94-->85BEF9B8 [unknown_code_page]
ntkrnlpa.exe-->KeSetImportanceDpc, Type: EAT modification 0x835A6E98-->85BEFAC6 [unknown_code_page]
ntkrnlpa.exe-->KeSetKernelStackSwapEnable, Type: EAT modification 0x835A6E9C-->85BEFACC [unknown_code_page]
ntkrnlpa.exe-->KeSetPriorityThread, Type: EAT modification 0x835A6EA0-->85BEFBCA [unknown_code_page]
ntkrnlpa.exe-->KeSetProfileIrql, Type: EAT modification 0x835A6EA4-->85BEFBD0 [unknown_code_page]
ntkrnlpa.exe-->KeSetSystemAffinityThread, Type: EAT modification 0x835A6EA8-->85BEFCCA [unknown_code_page]
ntkrnlpa.exe-->KeSetSystemAffinityThreadEx, Type: EAT modification 0x835A6EAC-->85BEFCD0 [unknown_code_page]
ntkrnlpa.exe-->KeSetSystemGroupAffinityThread, Type: EAT modification 0x835A6EB0-->85BEFDB2 [unknown_code_page]
ntkrnlpa.exe-->KeSetTargetProcessorDpc, Type: EAT modification 0x835A6EB4-->85BEFDB8 [unknown_code_page]
ntkrnlpa.exe-->KeSetTargetProcessorDpcEx, Type: EAT modification 0x835A6EB8-->85BEFEAE [unknown_code_page]
ntkrnlpa.exe-->KeSetTimeIncrement, Type: EAT modification 0x835A6EBC-->85BEFEB4 [unknown_code_page]
ntkrnlpa.exe-->KeSetTimer, Type: EAT modification 0x835A6EC0-->85BEFF7E [unknown_code_page]
ntkrnlpa.exe-->KeSetTimerEx, Type: EAT modification 0x835A6EC4-->85BEFF84 [unknown_code_page]
ntkrnlpa.exe-->KeSignalCallDpcDone, Type: EAT modification 0x835A6EC8-->85BF000C [unknown_code_page]
ntkrnlpa.exe-->KeSignalCallDpcSynchronize, Type: EAT modification 0x835A6ECC-->85BF0012 [unknown_code_page]
ntkrnlpa.exe-->KeStackAttachProcess, Type: EAT modification 0x835A6ED0-->85BF00F2 [unknown_code_page]
ntkrnlpa.exe-->KeStartDynamicProcessor, Type: EAT modification 0x835A6ED4-->85BF00F8 [unknown_code_page]
ntkrnlpa.exe-->KeSubtractAffinityEx, Type: EAT modification 0x835A6ED8-->85BF01BE [unknown_code_page]
ntkrnlpa.exe-->KeSynchronizeExecution, Type: EAT modification 0x835A6EDC-->85BF01C4 [unknown_code_page]
ntkrnlpa.exe-->KeTestAlertThread, Type: EAT modification 0x835A6EE0-->85BF02AC [unknown_code_page]
ntkrnlpa.exe-->KeTestSpinLock, Type: EAT modification 0x835A6150-->85BF02B2 [unknown_code_page]
ntkrnlpa.exe-->KeTickCount, Type: EAT modification 0x835A6EE4-->85BF039E [unknown_code_page]
ntkrnlpa.exe-->KeTryToAcquireGuardedMutex, Type: EAT modification 0x835A6154-->85BF03A4 [unknown_code_page]
ntkrnlpa.exe-->KeTryToAcquireSpinLockAtDpcLevel, Type: EAT modification 0x835A6158-->85BF045C [unknown_code_page]
ntkrnlpa.exe-->KeUnstackDetachProcess, Type: EAT modification 0x835A6EE8-->85BF0462 [unknown_code_page]
ntkrnlpa.exe-->KeUpdateRunTime, Type: EAT modification 0x835A615C-->85BF055C [unknown_code_page]
ntkrnlpa.exe-->KeUpdateSystemTime, Type: EAT modification 0x835A6EEC-->85BF0562 [unknown_code_page]
ntkrnlpa.exe-->KeUserModeCallback, Type: EAT modification 0x835A6EF0-->85BF0644 [unknown_code_page]
ntkrnlpa.exe-->KeWaitForMultipleObjects, Type: EAT modification 0x835A6EF4-->85BF064A [unknown_code_page]
ntkrnlpa.exe-->KeWaitForMutexObject, Type: EAT modification 0x835A6EF8-->85BF072E [unknown_code_page]
ntkrnlpa.exe-->KeWaitForSingleObject, Type: EAT modification 0x835A6EFC-->85BF0734 [unknown_code_page]
ntkrnlpa.exe-->KiAcquireSpinLock, Type: EAT modification 0x835A6168-->85BF0902 [unknown_code_page]
ntkrnlpa.exe-->KiBugCheckData, Type: EAT modification 0x835A6F00-->85BF0A04 [unknown_code_page]
ntkrnlpa.exe-->KiCheckForKernelApcDelivery, Type: EAT modification 0x835A6F04-->85BF0A0A [unknown_code_page]
ntkrnlpa.exe-->KiCheckForSListAddress, Type: EAT modification 0x835A616C-->85BF0AF8 [unknown_code_page]
ntkrnlpa.exe-->KiCoprocessorError, Type: EAT modification 0x835A6F08-->85BF0AFE [unknown_code_page]
ntkrnlpa.exe-->KiDeliverApc, Type: EAT modification 0x835A6F0C-->85BF0BE2 [unknown_code_page]
ntkrnlpa.exe-->KiDispatchInterrupt, Type: EAT modification 0x835A6F10-->85BF0BE8 [unknown_code_page]
ntkrnlpa.exe-->KiIpiServiceRoutine, Type: EAT modification 0x835A6F14-->85BF0CBC [unknown_code_page]
ntkrnlpa.exe-->KiReleaseSpinLock, Type: EAT modification 0x835A6170-->85BF0CC2 [unknown_code_page]
ntkrnlpa.exe-->KiUnexpectedInterrupt, Type: EAT modification 0x835A6F18-->85BF0DBA [unknown_code_page]
ntkrnlpa.exe-->LdrAccessResource, Type: EAT modification 0x835A6F1C-->85BF0DC0 [unknown_code_page]
ntkrnlpa.exe-->LdrEnumResources, Type: EAT modification 0x835A6F20-->85BF0E3E [unknown_code_page]
ntkrnlpa.exe-->LdrFindResourceDirectory_U, Type: EAT modification 0x835A6F24-->85BF0E44 [unknown_code_page]
ntkrnlpa.exe-->LdrFindResourceEx_U, Type: EAT modification 0x835A6F28-->85BF0F26 [unknown_code_page]
ntkrnlpa.exe-->LdrFindResource_U, Type: EAT modification 0x835A6F2C-->85BF0F2C [unknown_code_page]
ntkrnlpa.exe-->LdrResFindResource, Type: EAT modification 0x835A6F30-->85BF0FEE [unknown_code_page]
ntkrnlpa.exe-->LdrResFindResourceDirectory, Type: EAT modification 0x835A6F34-->85BF0FF4 [unknown_code_page]
ntkrnlpa.exe-->LdrResSearchResource, Type: EAT modification 0x835A6F38-->85BF10DE [unknown_code_page]
ntkrnlpa.exe-->LpcPortObjectType, Type: EAT modification 0x835A6F3C-->85BF10E4 [unknown_code_page]
ntkrnlpa.exe-->LpcReplyWaitReplyPort, Type: EAT modification 0x835A6F40-->85BF11DC [unknown_code_page]
ntkrnlpa.exe-->LpcRequestPort, Type: EAT modification 0x835A6F44-->85BF11E2 [unknown_code_page]
ntkrnlpa.exe-->LpcRequestWaitReplyPort, Type: EAT modification 0x835A6F48-->85BF1260 [unknown_code_page]
ntkrnlpa.exe-->LpcRequestWaitReplyPortEx, Type: EAT modification 0x835A6F4C-->85BF1266 [unknown_code_page]
ntkrnlpa.exe-->LpcSendWaitReceivePort, Type: EAT modification 0x835A6F50-->85BF1348 [unknown_code_page]
ntkrnlpa.exe-->LsaCallAuthenticationPackage, Type: EAT modification 0x835A6F54-->85BF134E [unknown_code_page]
ntkrnlpa.exe-->LsaDeregisterLogonProcess, Type: EAT modification 0x835A6F58-->85BF142C [unknown_code_page]
ntkrnlpa.exe-->LsaFreeReturnBuffer, Type: EAT modification 0x835A6F5C-->85BF1432 [unknown_code_page]
ntkrnlpa.exe-->LsaLogonUser, Type: EAT modification 0x835A6F60-->85BF1528 [unknown_code_page]
ntkrnlpa.exe-->LsaLookupAuthenticationPackage, Type: EAT modification 0x835A6F64-->85BF152E [unknown_code_page]
ntkrnlpa.exe-->LsaRegisterLogonProcess, Type: EAT modification 0x835A6F68-->85BF163A [unknown_code_page]
ntkrnlpa.exe-->mbstowcs, Type: EAT modification 0x835A8148-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->mbtowc, Type: EAT modification 0x835A814C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->memchr, Type: EAT modification 0x835A8150-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->memcpy, Type: EAT modification 0x835A8154-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->memcpy_s, Type: EAT modification 0x835A8158-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->memmove, Type: EAT modification 0x835A815C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->memmove_s, Type: EAT modification 0x835A8160-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->memset, Type: EAT modification 0x835A8164-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->Mm64BitPhysicalAddress, Type: EAT modification 0x835A6F6C-->85BF1640 [unknown_code_page]
ntkrnlpa.exe-->MmAddPhysicalMemory, Type: EAT modification 0x835A6F70-->85BF1716 [unknown_code_page]
ntkrnlpa.exe-->MmAddVerifierThunks, Type: EAT modification 0x835A6F74-->85BF171C [unknown_code_page]
ntkrnlpa.exe-->MmAdjustWorkingSetSize, Type: EAT modification 0x835A6F78-->85BF17FA [unknown_code_page]
ntkrnlpa.exe-->MmAdvanceMdl, Type: EAT modification 0x835A6F7C-->85BF1800 [unknown_code_page]
ntkrnlpa.exe-->MmAllocateContiguousMemory, Type: EAT modification 0x835A6F80-->85BF18D8 [unknown_code_page]
ntkrnlpa.exe-->MmAllocateContiguousMemorySpecifyCache, Type: EAT modification 0x835A6F84-->85BF18DE [unknown_code_page]
ntkrnlpa.exe-->MmAllocateContiguousMemorySpecifyCacheNode, Type: EAT modification 0x835A6F88-->85BF19DA [unknown_code_page]
ntkrnlpa.exe-->MmAllocateMappingAddress, Type: EAT modification 0x835A6F8C-->85BF19E0 [unknown_code_page]
ntkrnlpa.exe-->MmAllocateNonCachedMemory, Type: EAT modification 0x835A6F90-->85BF1AAC [unknown_code_page]
ntkrnlpa.exe-->MmAllocatePagesForMdl, Type: EAT modification 0x835A6F94-->85BF1AB2 [unknown_code_page]
ntkrnlpa.exe-->MmAllocatePagesForMdlEx, Type: EAT modification 0x835A6F98-->85BF1B84 [unknown_code_page]
ntkrnlpa.exe-->MmBadPointer, Type: EAT modification 0x835A6F9C-->85BF1B8A [unknown_code_page]
ntkrnlpa.exe-->MmBuildMdlForNonPagedPool, Type: EAT modification 0x835A6FA0-->85BF1C74 [unknown_code_page]
ntkrnlpa.exe-->MmCanFileBeTruncated, Type: EAT modification 0x835A6FA4-->85BF1C7A [unknown_code_page]
ntkrnlpa.exe-->MmCommitSessionMappedView, Type: EAT modification 0x835A6FA8-->85BF1D5E [unknown_code_page]
ntkrnlpa.exe-->MmCopyVirtualMemory, Type: EAT modification 0x835A6FAC-->85BF1D64 [unknown_code_page]
ntkrnlpa.exe-->MmCreateMdl, Type: EAT modification 0x835A6FB0-->85BF1E5E [unknown_code_page]
ntkrnlpa.exe-->MmCreateMirror, Type: EAT modification 0x835A6FB4-->85BF1E64 [unknown_code_page]
ntkrnlpa.exe-->MmCreateSection, Type: EAT modification 0x835A6FB8-->85BF1F42 [unknown_code_page]
ntkrnlpa.exe-->MmDisableModifiedWriteOfSection, Type: EAT modification 0x835A6FBC-->85BF1F48 [unknown_code_page]
ntkrnlpa.exe-->MmDoesFileHaveUserWritableReferences, Type: EAT modification 0x835A6FC0-->85BF201E [unknown_code_page]
ntkrnlpa.exe-->MmFlushImageSection, Type: EAT modification 0x835A6FC4-->85BF2024 [unknown_code_page]
ntkrnlpa.exe-->MmForceSectionClosed, Type: EAT modification 0x835A6FC8-->85BF20AC [unknown_code_page]
ntkrnlpa.exe-->MmFreeContiguousMemory, Type: EAT modification 0x835A6FCC-->85BF20B2 [unknown_code_page]
ntkrnlpa.exe-->MmFreeContiguousMemorySpecifyCache, Type: EAT modification 0x835A6FD0-->85BF21AC [unknown_code_page]
ntkrnlpa.exe-->MmFreeMappingAddress, Type: EAT modification 0x835A6FD4-->85BF21B2 [unknown_code_page]
ntkrnlpa.exe-->MmFreeNonCachedMemory, Type: EAT modification 0x835A6FD8-->85BF2280 [unknown_code_page]
ntkrnlpa.exe-->MmFreePagesFromMdl, Type: EAT modification 0x835A6FDC-->85BF2286 [unknown_code_page]
ntkrnlpa.exe-->MmGetPhysicalAddress, Type: EAT modification 0x835A6FE0-->85BF2364 [unknown_code_page]
ntkrnlpa.exe-->MmGetPhysicalMemoryRanges, Type: EAT modification 0x835A6FE4-->85BF236A [unknown_code_page]
ntkrnlpa.exe-->MmGetSystemRoutineAddress, Type: EAT modification 0x835A6FE8-->85BF2434 [unknown_code_page]
ntkrnlpa.exe-->MmGetVirtualForPhysical, Type: EAT modification 0x835A6FEC-->85BF243A [unknown_code_page]
ntkrnlpa.exe-->MmGrowKernelStack, Type: EAT modification 0x835A6FF0-->85BF2532 [unknown_code_page]
ntkrnlpa.exe-->MmHighestUserAddress, Type: EAT modification 0x835A6FF4-->85BF2538 [unknown_code_page]
ntkrnlpa.exe-->MmIsAddressValid, Type: EAT modification 0x835A6FF8-->85BF25F8 [unknown_code_page]
ntkrnlpa.exe-->MmIsDriverVerifying, Type: EAT modification 0x835A6FFC-->85BF25FE [unknown_code_page]
ntkrnlpa.exe-->MmIsDriverVerifyingByAddress, Type: EAT modification 0x835A7000-->85BF26E0 [unknown_code_page]
ntkrnlpa.exe-->MmIsIoSpaceActive, Type: EAT modification 0x835A7004-->85BF26E6 [unknown_code_page]
ntkrnlpa.exe-->MmIsNonPagedSystemAddressValid, Type: EAT modification 0x835A7008-->85BF27D4 [unknown_code_page]
ntkrnlpa.exe-->MmIsRecursiveIoFault, Type: EAT modification 0x835A700C-->85BF27DA [unknown_code_page]
ntkrnlpa.exe-->MmIsThisAnNtAsSystem, Type: EAT modification 0x835A7010-->85BF2860 [unknown_code_page]
ntkrnlpa.exe-->MmIsVerifierEnabled, Type: EAT modification 0x835A7014-->85BF2866 [unknown_code_page]
ntkrnlpa.exe-->MmLockPagableDataSection, Type: EAT modification 0x835A7018-->85BF2938 [unknown_code_page]
ntkrnlpa.exe-->MmLockPagableImageSection, Type: EAT modification 0x835A701C-->85BF293E [unknown_code_page]
ntkrnlpa.exe-->MmLockPagableSectionByHandle, Type: EAT modification 0x835A7020-->85BF2A24 [unknown_code_page]
ntkrnlpa.exe-->MmMapIoSpace, Type: EAT modification 0x835A7024-->85BF2A2A [unknown_code_page]
ntkrnlpa.exe-->MmMapLockedPages, Type: EAT modification 0x835A7028-->85BF2B18 [unknown_code_page]
ntkrnlpa.exe-->MmMapLockedPagesSpecifyCache, Type: EAT modification 0x835A702C-->85BF2B1E [unknown_code_page]
ntkrnlpa.exe-->MmMapLockedPagesWithReservedMapping, Type: EAT modification 0x835A7030-->85BF2BE4 [unknown_code_page]
ntkrnlpa.exe-->MmMapMemoryDumpMdl, Type: EAT modification 0x835A7034-->85BF2BEA [unknown_code_page]
ntkrnlpa.exe-->MmMapUserAddressesToPage, Type: EAT modification 0x835A7038-->85BF2CD8 [unknown_code_page]
ntkrnlpa.exe-->MmMapVideoDisplay, Type: EAT modification 0x835A703C-->85BF2CDE [unknown_code_page]
ntkrnlpa.exe-->MmMapViewInSessionSpace, Type: EAT modification 0x835A7040-->85BF2DB0 [unknown_code_page]
ntkrnlpa.exe-->MmMapViewInSystemSpace, Type: EAT modification 0x835A7044-->85BF2DB6 [unknown_code_page]
ntkrnlpa.exe-->MmMapViewOfSection, Type: EAT modification 0x835A7048-->85BF2EA4 [unknown_code_page]
ntkrnlpa.exe-->MmMarkPhysicalMemoryAsBad, Type: EAT modification 0x835A704C-->85BF2EAA [unknown_code_page]
ntkrnlpa.exe-->MmMarkPhysicalMemoryAsGood, Type: EAT modification 0x835A7050-->85BF3016 [unknown_code_page]
ntkrnlpa.exe-->MmPageEntireDriver, Type: EAT modification 0x835A7054-->85BF301C [unknown_code_page]
ntkrnlpa.exe-->MmPrefetchPages, Type: EAT modification 0x835A7058-->85BF30FA [unknown_code_page]
ntkrnlpa.exe-->MmProbeAndLockPages, Type: EAT modification 0x835A705C-->85BF3100 [unknown_code_page]
ntkrnlpa.exe-->MmProbeAndLockProcessPages, Type: EAT modification 0x835A7060-->85BF31E0 [unknown_code_page]
ntkrnlpa.exe-->MmProbeAndLockSelectedPages, Type: EAT modification 0x835A7064-->85BF31E6 [unknown_code_page]
ntkrnlpa.exe-->MmProtectMdlSystemAddress, Type: EAT modification 0x835A7068-->85BF32D0 [unknown_code_page]
ntkrnlpa.exe-->MmQuerySystemSize, Type: EAT modification 0x835A706C-->85BF32D6 [unknown_code_page]
ntkrnlpa.exe-->MmRemovePhysicalMemory, Type: EAT modification 0x835A7070-->85BF3370 [unknown_code_page]
ntkrnlpa.exe-->MmResetDriverPaging, Type: EAT modification 0x835A7074-->85BF3376 [unknown_code_page]
ntkrnlpa.exe-->MmRotatePhysicalView, Type: EAT modification 0x835A7078-->85BF3448 [unknown_code_page]
ntkrnlpa.exe-->MmSectionObjectType, Type: EAT modification 0x835A707C-->85BF344E [unknown_code_page]
ntkrnlpa.exe-->MmSecureVirtualMemory, Type: EAT modification 0x835A7080-->85BF353C [unknown_code_page]
ntkrnlpa.exe-->MmSetAddressRangeModified, Type: EAT modification 0x835A7084-->85BF3542 [unknown_code_page]
ntkrnlpa.exe-->MmSetBankedSection, Type: EAT modification 0x835A7088-->85BF363E [unknown_code_page]
ntkrnlpa.exe-->MmSizeOfMdl, Type: EAT modification 0x835A708C-->85BF3644 [unknown_code_page]
ntkrnlpa.exe-->MmSystemRangeStart, Type: EAT modification 0x835A7090-->85BF3730 [unknown_code_page]
ntkrnlpa.exe-->MmTrimAllSystemPagableMemory, Type: EAT modification 0x835A7094-->85BF3736 [unknown_code_page]
ntkrnlpa.exe-->MmUnlockPagableImageSection, Type: EAT modification 0x835A7098-->85BF37F6 [unknown_code_page]
ntkrnlpa.exe-->MmUnlockPages, Type: EAT modification 0x835A709C-->85BF37FC [unknown_code_page]
ntkrnlpa.exe-->MmUnmapIoSpace, Type: EAT modification 0x835A70A0-->85BF38E0 [unknown_code_page]
ntkrnlpa.exe-->MmUnmapLockedPages, Type: EAT modification 0x835A70A4-->85BF38E6 [unknown_code_page]
ntkrnlpa.exe-->MmUnmapReservedMapping, Type: EAT modification 0x835A70A8-->85BF39C6 [unknown_code_page]
ntkrnlpa.exe-->MmUnmapVideoDisplay, Type: EAT modification 0x835A70AC-->85BF39CC [unknown_code_page]
ntkrnlpa.exe-->MmUnmapViewInSessionSpace, Type: EAT modification 0x835A70B0-->85BF3A94 [unknown_code_page]
ntkrnlpa.exe-->MmUnmapViewInSystemSpace, Type: EAT modification 0x835A70B4-->85BF3A9A [unknown_code_page]
ntkrnlpa.exe-->MmUnmapViewOfSection, Type: EAT modification 0x835A70B8-->85BF3B62 [unknown_code_page]
ntkrnlpa.exe-->MmUnsecureVirtualMemory, Type: EAT modification 0x835A70BC-->85BF3B68 [unknown_code_page]
ntkrnlpa.exe-->MmUserProbeAddress, Type: EAT modification 0x835A70C0-->85BF3C44 [unknown_code_page]
ntkrnlpa.exe-->NlsAnsiCodePage, Type: EAT modification 0x835A70C4-->85BF3C4A [unknown_code_page]
ntkrnlpa.exe-->NlsLeadByteInfo, Type: EAT modification 0x835A70C8-->85BF3D38 [unknown_code_page]
ntkrnlpa.exe-->NlsMbCodePageTag, Type: EAT modification 0x835A70CC-->85BF3D3E [unknown_code_page]
ntkrnlpa.exe-->NlsMbOemCodePageTag, Type: EAT modification 0x835A70D0-->85BF3E26 [unknown_code_page]
ntkrnlpa.exe-->NlsOemCodePage, Type: EAT modification 0x835A70D4-->85BF3E2C [unknown_code_page]
ntkrnlpa.exe-->NlsOemLeadByteInfo, Type: EAT modification 0x835A70D8-->85BF3EEE [unknown_code_page]
ntkrnlpa.exe-->NtAddAtom, Type: EAT modification 0x835A70DC-->85BF3EF4 [unknown_code_page]
ntkrnlpa.exe-->NtAdjustPrivilegesToken, Type: EAT modification 0x835A70E0-->85BF3FCE [unknown_code_page]
ntkrnlpa.exe-->NtAllocateLocallyUniqueId, Type: EAT modification 0x835A70E4-->85BF3FD4 [unknown_code_page]
ntkrnlpa.exe-->NtAllocateUuids, Type: EAT modification 0x835A70E8-->85BF40B0 [unknown_code_page]
ntkrnlpa.exe-->NtAllocateVirtualMemory, Type: EAT modification 0x835A70EC-->85BF40B6 [unknown_code_page]
ntkrnlpa.exe-->NtBuildGUID, Type: EAT modification 0x835A70F0-->85BF413C [unknown_code_page]
ntkrnlpa.exe-->NtBuildLab, Type: EAT modification 0x835A70F4-->85BF4142 [unknown_code_page]
ntkrnlpa.exe-->NtBuildNumber, Type: EAT modification 0x835A70F8-->85BF4204 [unknown_code_page]
ntkrnlpa.exe-->NtClose, Type: EAT modification 0x835A70FC-->85BF420A [unknown_code_page]
ntkrnlpa.exe-->NtCommitComplete, Type: EAT modification 0x835A7100-->85BF4308 [unknown_code_page]
ntkrnlpa.exe-->NtCommitEnlistment, Type: EAT modification 0x835A7104-->85BF430E [unknown_code_page]
ntkrnlpa.exe-->NtCommitTransaction, Type: EAT modification 0x835A7108-->85BF43F8 [unknown_code_page]
ntkrnlpa.exe-->NtConnectPort, Type: EAT modification 0x835A710C-->85BF43FE [unknown_code_page]
ntkrnlpa.exe-->NtCreateEnlistment, Type: EAT modification 0x835A7110-->85BF44C8 [unknown_code_page]
ntkrnlpa.exe-->NtCreateEvent, Type: EAT modification 0x835A7114-->85BF44CE [unknown_code_page]
ntkrnlpa.exe-->NtCreateFile, Type: EAT modification 0x835A7118-->85BF45D2 [unknown_code_page]
ntkrnlpa.exe-->NtCreateResourceManager, Type: EAT modification 0x835A711C-->85BF45D8 [unknown_code_page]
ntkrnlpa.exe-->NtCreateSection, Type: EAT modification 0x835A7120-->85BF470A [unknown_code_page]
ntkrnlpa.exe-->NtCreateTransaction, Type: EAT modification 0x835A7124-->85BF4710 [unknown_code_page]
ntkrnlpa.exe-->NtCreateTransactionManager, Type: EAT modification 0x835A7128-->85BF480E [unknown_code_page]
ntkrnlpa.exe-->NtDeleteAtom, Type: EAT modification 0x835A712C-->85BF4814 [unknown_code_page]
ntkrnlpa.exe-->NtDeleteFile, Type: EAT modification 0x835A7130-->85BF48F4 [unknown_code_page]
ntkrnlpa.exe-->NtDeviceIoControlFile, Type: EAT modification 0x835A7134-->85BF48FA [unknown_code_page]
ntkrnlpa.exe-->NtDuplicateObject, Type: EAT modification 0x835A7138-->85BF495C [unknown_code_page]
ntkrnlpa.exe-->NtDuplicateToken, Type: EAT modification 0x835A713C-->85BF496E [unknown_code_page]
ntkrnlpa.exe-->NtEnumerateTransactionObject, Type: EAT modification 0x835A7140-->85BF4974 [unknown_code_page]
ntkrnlpa.exe-->NtFindAtom, Type: EAT modification 0x835A7144-->85BF49D6 [unknown_code_page]
ntkrnlpa.exe-->NtFreeVirtualMemory, Type: EAT modification 0x835A7148-->85BF4A8C [unknown_code_page]
ntkrnlpa.exe-->NtFreezeTransactions, Type: EAT modification 0x835A714C-->85BF4A92 [unknown_code_page]
ntkrnlpa.exe-->NtFsControlFile, Type: EAT modification 0x835A7150-->85BF4B1A [unknown_code_page]
ntkrnlpa.exe-->NtGetEnvironmentVariableEx, Type: EAT modification 0x835A7154-->85BF4B20 [unknown_code_page]
ntkrnlpa.exe-->NtGetNotificationResourceManager, Type: EAT modification 0x835A7158-->85BF4B82 [unknown_code_page]
ntkrnlpa.exe-->NtGlobalFlag, Type: EAT modification 0x835A715C-->85BF4B90 [unknown_code_page]
ntkrnlpa.exe-->NtLockFile, Type: EAT modification 0x835A7160-->85BF4B96 [unknown_code_page]
ntkrnlpa.exe-->NtMakePermanentObject, Type: EAT modification 0x835A7164-->85BF4BF8 [unknown_code_page]
ntkrnlpa.exe-->NtMapViewOfSection, Type: EAT modification 0x835A7168-->85BF4C68 [unknown_code_page]
ntkrnlpa.exe-->NtNotifyChangeDirectoryFile, Type: EAT modification 0x835A716C-->85BF4C6E [unknown_code_page]
ntkrnlpa.exe-->NtOpenEnlistment, Type: EAT modification 0x835A7170-->85BF4D06 [unknown_code_page]
ntkrnlpa.exe-->NtOpenFile, Type: EAT modification 0x835A7174-->85BF4D0C [unknown_code_page]
ntkrnlpa.exe-->NtOpenProcess, Type: EAT modification 0x835A7178-->85BF4DA6 [unknown_code_page]
Sliktor
Regular Member
 
Posts: 16
Joined: February 28th, 2011, 11:44 pm

Re: Search Engine Redirect

Unread postby Sliktor » March 2nd, 2011, 9:40 pm

ntkrnlpa.exe-->NtOpenProcessToken, Type: EAT modification 0x835A717C-->85BF4DAC [unknown_code_page]
ntkrnlpa.exe-->NtOpenProcessTokenEx, Type: EAT modification 0x835A7180-->85BF4E54 [unknown_code_page]
ntkrnlpa.exe-->NtOpenResourceManager, Type: EAT modification 0x835A7184-->85BF4E5A [unknown_code_page]
ntkrnlpa.exe-->NtOpenThread, Type: EAT modification 0x835A7188-->85BF4EDA [unknown_code_page]
ntkrnlpa.exe-->NtOpenThreadToken, Type: EAT modification 0x835A718C-->85BF4EE0 [unknown_code_page]
ntkrnlpa.exe-->NtOpenThreadTokenEx, Type: EAT modification 0x835A7190-->85BF4F78 [unknown_code_page]
ntkrnlpa.exe-->NtOpenTransaction, Type: EAT modification 0x835A7194-->85BF4F7E [unknown_code_page]
ntkrnlpa.exe-->NtOpenTransactionManager, Type: EAT modification 0x835A7198-->85BF501E [unknown_code_page]
ntkrnlpa.exe-->NtPrepareComplete, Type: EAT modification 0x835A71A4-->85BF50D4 [unknown_code_page]
ntkrnlpa.exe-->NtPrepareEnlistment, Type: EAT modification 0x835A71A8-->85BF516E [unknown_code_page]
ntkrnlpa.exe-->NtPrePrepareComplete, Type: EAT modification 0x835A719C-->85BF5024 [unknown_code_page]
ntkrnlpa.exe-->NtPrePrepareEnlistment, Type: EAT modification 0x835A71A0-->85BF50CE [unknown_code_page]
ntkrnlpa.exe-->NtPropagationComplete, Type: EAT modification 0x835A71AC-->85BF5174 [unknown_code_page]
ntkrnlpa.exe-->NtPropagationFailed, Type: EAT modification 0x835A71B0-->85BF5212 [unknown_code_page]
ntkrnlpa.exe-->NtQueryDirectoryFile, Type: EAT modification 0x835A71B4-->85BF5218 [unknown_code_page]
ntkrnlpa.exe-->NtQueryEaFile, Type: EAT modification 0x835A71B8-->85BF52B4 [unknown_code_page]
ntkrnlpa.exe-->NtQueryEnvironmentVariableInfoEx, Type: EAT modification 0x835A71BC-->85BF52BA [unknown_code_page]
ntkrnlpa.exe-->NtQueryInformationAtom, Type: EAT modification 0x835A71C0-->85BF535A [unknown_code_page]
ntkrnlpa.exe-->NtQueryInformationEnlistment, Type: EAT modification 0x835A71C4-->85BF5360 [unknown_code_page]
ntkrnlpa.exe-->NtQueryInformationFile, Type: EAT modification 0x835A71C8-->85BF53FE [unknown_code_page]
ntkrnlpa.exe-->NtQueryInformationProcess, Type: EAT modification 0x835A71CC-->85BF5404 [unknown_code_page]
ntkrnlpa.exe-->NtQueryInformationResourceManager, Type: EAT modification 0x835A71D0-->85BF549C [unknown_code_page]
ntkrnlpa.exe-->NtQueryInformationThread, Type: EAT modification 0x835A71D4-->85BF54A2 [unknown_code_page]
ntkrnlpa.exe-->NtQueryInformationToken, Type: EAT modification 0x835A71D8-->85BF5562 [unknown_code_page]
ntkrnlpa.exe-->NtQueryInformationTransaction, Type: EAT modification 0x835A71DC-->85BF5568 [unknown_code_page]
ntkrnlpa.exe-->NtQueryInformationTransactionManager, Type: EAT modification 0x835A71E0-->85BF5606 [unknown_code_page]
ntkrnlpa.exe-->NtQueryQuotaInformationFile, Type: EAT modification 0x835A71E4-->85BF560C [unknown_code_page]
ntkrnlpa.exe-->NtQuerySecurityAttributesToken, Type: EAT modification 0x835A71E8-->85BF5734 [unknown_code_page]
ntkrnlpa.exe-->NtQuerySecurityObject, Type: EAT modification 0x835A71EC-->85BF573A [unknown_code_page]
ntkrnlpa.exe-->NtQuerySystemInformation, Type: EAT modification 0x835A71F0-->85BF5880 [unknown_code_page]
ntkrnlpa.exe-->NtQuerySystemInformationEx, Type: EAT modification 0x835A71F4-->85BF5886 [unknown_code_page]
ntkrnlpa.exe-->NtQueryVolumeInformationFile, Type: EAT modification 0x835A71F8-->85BF59E0 [unknown_code_page]
ntkrnlpa.exe-->NtReadFile, Type: EAT modification 0x835A71FC-->85BF59E6 [unknown_code_page]
ntkrnlpa.exe-->NtReadOnlyEnlistment, Type: EAT modification 0x835A7200-->85BF5B1A [unknown_code_page]
ntkrnlpa.exe-->NtRecoverEnlistment, Type: EAT modification 0x835A7204-->85BF5B20 [unknown_code_page]
ntkrnlpa.exe-->NtRecoverResourceManager, Type: EAT modification 0x835A7208-->85BF5C54 [unknown_code_page]
ntkrnlpa.exe-->NtRecoverTransactionManager, Type: EAT modification 0x835A720C-->85BF5C5A [unknown_code_page]
ntkrnlpa.exe-->NtRequestPort, Type: EAT modification 0x835A7210-->85BF5D82 [unknown_code_page]
ntkrnlpa.exe-->NtRequestWaitReplyPort, Type: EAT modification 0x835A7214-->85BF5D88 [unknown_code_page]
ntkrnlpa.exe-->NtRollbackComplete, Type: EAT modification 0x835A7218-->85BF5EBC [unknown_code_page]
ntkrnlpa.exe-->NtRollbackEnlistment, Type: EAT modification 0x835A721C-->85BF5EC2 [unknown_code_page]
ntkrnlpa.exe-->NtRollbackTransaction, Type: EAT modification 0x835A7220-->85BF6008 [unknown_code_page]
ntkrnlpa.exe-->NtSetEaFile, Type: EAT modification 0x835A7224-->85BF600E [unknown_code_page]
ntkrnlpa.exe-->NtSetEvent, Type: EAT modification 0x835A7228-->85BF6168 [unknown_code_page]
ntkrnlpa.exe-->NtSetInformationEnlistment, Type: EAT modification 0x835A722C-->85BF616E [unknown_code_page]
ntkrnlpa.exe-->NtSetInformationFile, Type: EAT modification 0x835A7230-->85BF62A2 [unknown_code_page]
ntkrnlpa.exe-->NtSetInformationProcess, Type: EAT modification 0x835A7234-->85BF62A8 [unknown_code_page]
ntkrnlpa.exe-->NtSetInformationResourceManager, Type: EAT modification 0x835A7238-->85BF63D4 [unknown_code_page]
ntkrnlpa.exe-->NtSetInformationThread, Type: EAT modification 0x835A723C-->85BF63DA [unknown_code_page]
ntkrnlpa.exe-->NtSetInformationToken, Type: EAT modification 0x835A7240-->85BF6506 [unknown_code_page]
ntkrnlpa.exe-->NtSetInformationTransaction, Type: EAT modification 0x835A7244-->85BF650C [unknown_code_page]
ntkrnlpa.exe-->NtSetQuotaInformationFile, Type: EAT modification 0x835A7248-->85BF6638 [unknown_code_page]
ntkrnlpa.exe-->NtSetSecurityObject, Type: EAT modification 0x835A724C-->85BF663E [unknown_code_page]
ntkrnlpa.exe-->NtSetVolumeInformationFile, Type: EAT modification 0x835A7250-->85BF676A [unknown_code_page]
ntkrnlpa.exe-->NtShutdownSystem, Type: EAT modification 0x835A7254-->85BF6770 [unknown_code_page]
ntkrnlpa.exe-->NtThawTransactions, Type: EAT modification 0x835A7258-->85BF689C [unknown_code_page]
ntkrnlpa.exe-->NtTraceControl, Type: EAT modification 0x835A725C-->85BF68A2 [unknown_code_page]
ntkrnlpa.exe-->NtTraceEvent, Type: EAT modification 0x835A7260-->85BF69CE [unknown_code_page]
ntkrnlpa.exe-->NtUnlockFile, Type: EAT modification 0x835A7264-->85BF69D4 [unknown_code_page]
ntkrnlpa.exe-->NtVdmControl, Type: EAT modification 0x835A7268-->85BF6B00 [unknown_code_page]
ntkrnlpa.exe-->NtWaitForSingleObject, Type: EAT modification 0x835A726C-->85BF6B06 [unknown_code_page]
ntkrnlpa.exe-->NtWriteFile, Type: EAT modification 0x835A7270-->85BF6C32 [unknown_code_page]
ntkrnlpa.exe-->ObAssignSecurity, Type: EAT modification 0x835A7274-->85BF6C38 [unknown_code_page]
ntkrnlpa.exe-->ObCheckCreateObjectAccess, Type: EAT modification 0x835A7278-->85BF6D64 [unknown_code_page]
ntkrnlpa.exe-->ObCheckObjectAccess, Type: EAT modification 0x835A727C-->85BF6D6A [unknown_code_page]
ntkrnlpa.exe-->ObCloseHandle, Type: EAT modification 0x835A7280-->85BF6E96 [unknown_code_page]
ntkrnlpa.exe-->ObCreateObject, Type: EAT modification 0x835A7284-->85BF6E9C [unknown_code_page]
ntkrnlpa.exe-->ObCreateObjectType, Type: EAT modification 0x835A7288-->85BF6FC8 [unknown_code_page]
ntkrnlpa.exe-->ObDeleteCapturedInsertInfo, Type: EAT modification 0x835A728C-->85BF6FCE [unknown_code_page]
ntkrnlpa.exe-->ObDereferenceObject, Type: EAT modification 0x835A7290-->85BF70FA [unknown_code_page]
ntkrnlpa.exe-->ObDereferenceObjectDeferDelete, Type: EAT modification 0x835A7294-->85BF7100 [unknown_code_page]
ntkrnlpa.exe-->ObDereferenceObjectDeferDeleteWithTag, Type: EAT modification 0x835A7298-->85BF722C [unknown_code_page]
ntkrnlpa.exe-->ObDereferenceSecurityDescriptor, Type: EAT modification 0x835A729C-->85BF7232 [unknown_code_page]
ntkrnlpa.exe-->ObfDereferenceObject, Type: EAT modification 0x835A6174-->85BF7E8C [unknown_code_page]
ntkrnlpa.exe-->ObfDereferenceObjectWithTag, Type: EAT modification 0x835A6178-->85BF7F60 [unknown_code_page]
ntkrnlpa.exe-->ObFindHandleForObject, Type: EAT modification 0x835A72A0-->85BF7374 [unknown_code_page]
ntkrnlpa.exe-->ObfReferenceObject, Type: EAT modification 0x835A617C-->85BF7F66 [unknown_code_page]
ntkrnlpa.exe-->ObfReferenceObjectWithTag, Type: EAT modification 0x835A6180-->85BF803A [unknown_code_page]
ntkrnlpa.exe-->ObGetFilterVersion, Type: EAT modification 0x835A72A4-->85BF737A [unknown_code_page]
ntkrnlpa.exe-->ObGetObjectSecurity, Type: EAT modification 0x835A72A8-->85BF744E [unknown_code_page]
ntkrnlpa.exe-->ObGetObjectType, Type: EAT modification 0x835A72AC-->85BF7454 [unknown_code_page]
ntkrnlpa.exe-->ObInsertObject, Type: EAT modification 0x835A72B0-->85BF7528 [unknown_code_page]
ntkrnlpa.exe-->ObIsDosDeviceLocallyMapped, Type: EAT modification 0x835A72B4-->85BF752E [unknown_code_page]
ntkrnlpa.exe-->ObIsKernelHandle, Type: EAT modification 0x835A72B8-->85BF7602 [unknown_code_page]
ntkrnlpa.exe-->ObLogSecurityDescriptor, Type: EAT modification 0x835A72BC-->85BF7608 [unknown_code_page]
ntkrnlpa.exe-->ObMakeTemporaryObject, Type: EAT modification 0x835A72C0-->85BF76DC [unknown_code_page]
ntkrnlpa.exe-->ObOpenObjectByName, Type: EAT modification 0x835A72C4-->85BF76E2 [unknown_code_page]
ntkrnlpa.exe-->ObOpenObjectByPointer, Type: EAT modification 0x835A72C8-->85BF77B6 [unknown_code_page]
ntkrnlpa.exe-->ObOpenObjectByPointerWithTag, Type: EAT modification 0x835A72CC-->85BF77BC [unknown_code_page]
ntkrnlpa.exe-->ObQueryNameInfo, Type: EAT modification 0x835A72D0-->85BF7890 [unknown_code_page]
ntkrnlpa.exe-->ObQueryNameString, Type: EAT modification 0x835A72D4-->85BF7896 [unknown_code_page]
ntkrnlpa.exe-->ObQueryObjectAuditingByHandle, Type: EAT modification 0x835A72D8-->85BF796A [unknown_code_page]
ntkrnlpa.exe-->ObReferenceObjectByHandle, Type: EAT modification 0x835A72DC-->85BF7970 [unknown_code_page]
ntkrnlpa.exe-->ObReferenceObjectByHandleWithTag, Type: EAT modification 0x835A72E0-->85BF7A44 [unknown_code_page]
ntkrnlpa.exe-->ObReferenceObjectByName, Type: EAT modification 0x835A72E4-->85BF7A4A [unknown_code_page]
ntkrnlpa.exe-->ObReferenceObjectByPointer, Type: EAT modification 0x835A72E8-->85BF7B1E [unknown_code_page]
ntkrnlpa.exe-->ObReferenceObjectByPointerWithTag, Type: EAT modification 0x835A72EC-->85BF7B24 [unknown_code_page]
ntkrnlpa.exe-->ObReferenceSecurityDescriptor, Type: EAT modification 0x835A72F0-->85BF7BF8 [unknown_code_page]
ntkrnlpa.exe-->ObRegisterCallbacks, Type: EAT modification 0x835A72F4-->85BF7BFE [unknown_code_page]
ntkrnlpa.exe-->ObReleaseObjectSecurity, Type: EAT modification 0x835A72F8-->85BF7CD2 [unknown_code_page]
ntkrnlpa.exe-->ObSetHandleAttributes, Type: EAT modification 0x835A72FC-->85BF7CD8 [unknown_code_page]
ntkrnlpa.exe-->ObSetSecurityDescriptorInfo, Type: EAT modification 0x835A7300-->85BF7DAC [unknown_code_page]
ntkrnlpa.exe-->ObSetSecurityObjectByPointer, Type: EAT modification 0x835A7304-->85BF7DB2 [unknown_code_page]
ntkrnlpa.exe-->ObUnRegisterCallbacks, Type: EAT modification 0x835A7308-->85BF7E86 [unknown_code_page]
ntkrnlpa.exe-->PcwAddInstance, Type: EAT modification 0x835A7310-->85BF8114 [unknown_code_page]
ntkrnlpa.exe-->PcwCloseInstance, Type: EAT modification 0x835A7314-->85BF811A [unknown_code_page]
ntkrnlpa.exe-->PcwCreateInstance, Type: EAT modification 0x835A7318-->85BF81EE [unknown_code_page]
ntkrnlpa.exe-->PcwRegister, Type: EAT modification 0x835A731C-->85BF81F4 [unknown_code_page]
ntkrnlpa.exe-->PcwUnregister, Type: EAT modification 0x835A7320-->85BF82C8 [unknown_code_page]
ntkrnlpa.exe-->PfFileInfoNotify, Type: EAT modification 0x835A7324-->85BF82CE [unknown_code_page]
ntkrnlpa.exe-->PfxFindPrefix, Type: EAT modification 0x835A7328-->85BF8348 [unknown_code_page]
ntkrnlpa.exe-->PfxInitialize, Type: EAT modification 0x835A732C-->85BF834E [unknown_code_page]
ntkrnlpa.exe-->PfxInsertPrefix, Type: EAT modification 0x835A7330-->85BF840C [unknown_code_page]
ntkrnlpa.exe-->PfxRemovePrefix, Type: EAT modification 0x835A7334-->85BF8412 [unknown_code_page]
ntkrnlpa.exe-->PoCallDriver, Type: EAT modification 0x835A7338-->85BF84D6 [unknown_code_page]
ntkrnlpa.exe-->PoCancelDeviceNotify, Type: EAT modification 0x835A733C-->85BF84DC [unknown_code_page]
ntkrnlpa.exe-->PoClearPowerRequest, Type: EAT modification 0x835A7340-->85BF85FA [unknown_code_page]
ntkrnlpa.exe-->PoCreatePowerRequest, Type: EAT modification 0x835A7344-->85BF8600 [unknown_code_page]
ntkrnlpa.exe-->PoDeletePowerRequest, Type: EAT modification 0x835A7348-->85BF871E [unknown_code_page]
ntkrnlpa.exe-->PoDisableSleepStates, Type: EAT modification 0x835A734C-->85BF8724 [unknown_code_page]
ntkrnlpa.exe-->PoEndDeviceBusy, Type: EAT modification 0x835A7350-->85BF880C [unknown_code_page]
ntkrnlpa.exe-->PoGetSystemWake, Type: EAT modification 0x835A7354-->85BF8812 [unknown_code_page]
ntkrnlpa.exe-->POGOBuffer, Type: EAT modification 0x835A730C-->85BF8040 [unknown_code_page]
ntkrnlpa.exe-->PoQueryWatchdogTime, Type: EAT modification 0x835A7358-->85BF8880 [unknown_code_page]
ntkrnlpa.exe-->PoQueueShutdownWorkItem, Type: EAT modification 0x835A735C-->85BF8886 [unknown_code_page]
ntkrnlpa.exe-->PoReenableSleepStates, Type: EAT modification 0x835A7360-->85BF88F8 [unknown_code_page]
ntkrnlpa.exe-->PoRegisterDeviceForIdleDetection, Type: EAT modification 0x835A7364-->85BF88FE [unknown_code_page]
ntkrnlpa.exe-->PoRegisterDeviceNotify, Type: EAT modification 0x835A7368-->85BF8972 [unknown_code_page]
ntkrnlpa.exe-->PoRegisterPowerSettingCallback, Type: EAT modification 0x835A736C-->85BF8978 [unknown_code_page]
ntkrnlpa.exe-->PoRegisterSystemState, Type: EAT modification 0x835A7370-->85BF89EC [unknown_code_page]
ntkrnlpa.exe-->PoRequestPowerIrp, Type: EAT modification 0x835A7374-->85BF89F2 [unknown_code_page]
ntkrnlpa.exe-->PoRequestShutdownEvent, Type: EAT modification 0x835A7378-->85BF8A6C [unknown_code_page]
ntkrnlpa.exe-->PoSetDeviceBusyEx, Type: EAT modification 0x835A737C-->85BF8A72 [unknown_code_page]
ntkrnlpa.exe-->PoSetFixedWakeSource, Type: EAT modification 0x835A7380-->85BF8AE8 [unknown_code_page]
ntkrnlpa.exe-->PoSetHiberRange, Type: EAT modification 0x835A7384-->85BF8AEE [unknown_code_page]
ntkrnlpa.exe-->PoSetPowerRequest, Type: EAT modification 0x835A7388-->85BF8B68 [unknown_code_page]
ntkrnlpa.exe-->PoSetPowerState, Type: EAT modification 0x835A738C-->85BF8B6E [unknown_code_page]
ntkrnlpa.exe-->PoSetSystemState, Type: EAT modification 0x835A7390-->85BF8C5A [unknown_code_page]
ntkrnlpa.exe-->PoSetSystemWake, Type: EAT modification 0x835A7394-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PoShutdownBugCheck, Type: EAT modification 0x835A7398-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PoStartDeviceBusy, Type: EAT modification 0x835A739C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PoStartNextPowerIrp, Type: EAT modification 0x835A73A0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PoUnregisterPowerSettingCallback, Type: EAT modification 0x835A73A4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PoUnregisterSystemState, Type: EAT modification 0x835A73A8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PoUserShutdownInitiated, Type: EAT modification 0x835A73AC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ProbeForRead, Type: EAT modification 0x835A73B0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ProbeForWrite, Type: EAT modification 0x835A73B4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsAcquireProcessExitSynchronization, Type: EAT modification 0x835A73B8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsAssignImpersonationToken, Type: EAT modification 0x835A73BC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsChargePoolQuota, Type: EAT modification 0x835A73C0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsChargeProcessCpuCycles, Type: EAT modification 0x835A73C4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsChargeProcessNonPagedPoolQuota, Type: EAT modification 0x835A73C8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsChargeProcessPagedPoolQuota, Type: EAT modification 0x835A73CC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsChargeProcessPoolQuota, Type: EAT modification 0x835A73D0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsCreateSystemThread, Type: EAT modification 0x835A73D4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsDereferenceImpersonationToken, Type: EAT modification 0x835A73D8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsDereferencePrimaryToken, Type: EAT modification 0x835A73DC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsDisableImpersonation, Type: EAT modification 0x835A73E0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsEnterPriorityRegion, Type: EAT modification 0x835A73E4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsEstablishWin32Callouts, Type: EAT modification 0x835A73E8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetContextThread, Type: EAT modification 0x835A73EC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetCurrentProcess, Type: EAT modification 0x835A73F0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetCurrentProcessId, Type: EAT modification 0x835A73F4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetCurrentProcessSessionId, Type: EAT modification 0x835A73F8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetCurrentProcessWin32Process, Type: EAT modification 0x835A73FC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetCurrentThread, Type: EAT modification 0x835A7400-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetCurrentThreadId, Type: EAT modification 0x835A7404-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetCurrentThreadPreviousMode, Type: EAT modification 0x835A7408-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetCurrentThreadProcess, Type: EAT modification 0x835A740C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetCurrentThreadProcessId, Type: EAT modification 0x835A7410-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetCurrentThreadStackBase, Type: EAT modification 0x835A7414-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetCurrentThreadStackLimit, Type: EAT modification 0x835A7418-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetCurrentThreadTeb, Type: EAT modification 0x835A741C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetCurrentThreadWin32Thread, Type: EAT modification 0x835A7420-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetCurrentThreadWin32ThreadAndEnterCriticalRegion, Type: EAT modification 0x835A7424-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetJobLock, Type: EAT modification 0x835A7428-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetJobSessionId, Type: EAT modification 0x835A742C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetJobUIRestrictionsClass, Type: EAT modification 0x835A7430-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetProcessCreateTimeQuadPart, Type: EAT modification 0x835A7434-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetProcessDebugPort, Type: EAT modification 0x835A7438-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetProcessExitProcessCalled, Type: EAT modification 0x835A743C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetProcessExitStatus, Type: EAT modification 0x835A7440-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetProcessExitTime, Type: EAT modification 0x835A7444-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetProcessId, Type: EAT modification 0x835A7448-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetProcessImageFileName, Type: EAT modification 0x835A744C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetProcessInheritedFromUniqueProcessId, Type: EAT modification 0x835A7450-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetProcessJob, Type: EAT modification 0x835A7454-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetProcessPeb, Type: EAT modification 0x835A7458-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetProcessPriorityClass, Type: EAT modification 0x835A745C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetProcessSectionBaseAddress, Type: EAT modification 0x835A7460-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetProcessSecurityPort, Type: EAT modification 0x835A7464-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetProcessSessionId, Type: EAT modification 0x835A7468-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetProcessSessionIdEx, Type: EAT modification 0x835A746C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetProcessWin32Process, Type: EAT modification 0x835A7470-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetProcessWin32WindowStation, Type: EAT modification 0x835A7474-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetThreadFreezeCount, Type: EAT modification 0x835A7478-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetThreadHardErrorsAreDisabled, Type: EAT modification 0x835A747C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetThreadId, Type: EAT modification 0x835A7480-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetThreadProcess, Type: EAT modification 0x835A7484-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetThreadProcessId, Type: EAT modification 0x835A7488-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetThreadSessionId, Type: EAT modification 0x835A748C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetThreadTeb, Type: EAT modification 0x835A7490-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetThreadWin32Thread, Type: EAT modification 0x835A7494-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsGetVersion, Type: EAT modification 0x835A7498-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsImpersonateClient, Type: EAT modification 0x835A749C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsInitialSystemProcess, Type: EAT modification 0x835A74A0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsIsCurrentThreadPrefetching, Type: EAT modification 0x835A74A4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsIsProcessBeingDebugged, Type: EAT modification 0x835A74A8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsIsProtectedProcess, Type: EAT modification 0x835A74AC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsIsSystemProcess, Type: EAT modification 0x835A74B0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsIsSystemThread, Type: EAT modification 0x835A74B4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsIsThreadImpersonating, Type: EAT modification 0x835A74B8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsIsThreadTerminating, Type: EAT modification 0x835A74BC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsJobType, Type: EAT modification 0x835A74C0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsLeavePriorityRegion, Type: EAT modification 0x835A74C4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsLookupProcessByProcessId, Type: EAT modification 0x835A74C8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsLookupProcessThreadByCid, Type: EAT modification 0x835A74CC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsLookupThreadByThreadId, Type: EAT modification 0x835A74D0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->psMUITest, Type: EAT modification 0x835A8168-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsProcessType, Type: EAT modification 0x835A74D4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsQueryProcessExceptionFlags, Type: EAT modification 0x835A74D8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsReferenceImpersonationToken, Type: EAT modification 0x835A74DC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsReferencePrimaryToken, Type: EAT modification 0x835A74E0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsReferenceProcessFilePointer, Type: EAT modification 0x835A74E4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsReleaseProcessExitSynchronization, Type: EAT modification 0x835A74E8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsRemoveCreateThreadNotifyRoutine, Type: EAT modification 0x835A74EC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsRemoveLoadImageNotifyRoutine, Type: EAT modification 0x835A74F0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsRestoreImpersonation, Type: EAT modification 0x835A74F4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsResumeProcess, Type: EAT modification 0x835A74F8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsReturnPoolQuota, Type: EAT modification 0x835A74FC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsReturnProcessNonPagedPoolQuota, Type: EAT modification 0x835A7500-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsReturnProcessPagedPoolQuota, Type: EAT modification 0x835A7504-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsRevertThreadToSelf, Type: EAT modification 0x835A7508-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsRevertToSelf, Type: EAT modification 0x835A750C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsSetContextThread, Type: EAT modification 0x835A7510-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsSetCreateProcessNotifyRoutine, Type: EAT modification 0x835A7514-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsSetCreateProcessNotifyRoutineEx, Type: EAT modification 0x835A7518-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsSetCreateThreadNotifyRoutine, Type: EAT modification 0x835A751C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsSetCurrentThreadPrefetching, Type: EAT modification 0x835A7520-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsSetJobUIRestrictionsClass, Type: EAT modification 0x835A7524-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsSetLegoNotifyRoutine, Type: EAT modification 0x835A7528-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsSetLoadImageNotifyRoutine, Type: EAT modification 0x835A752C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsSetProcessPriorityByClass, Type: EAT modification 0x835A7530-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsSetProcessPriorityClass, Type: EAT modification 0x835A7534-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsSetProcessSecurityPort, Type: EAT modification 0x835A7538-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsSetProcessWin32Process, Type: EAT modification 0x835A753C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsSetProcessWindowStation, Type: EAT modification 0x835A7540-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsSetThreadHardErrorsAreDisabled, Type: EAT modification 0x835A7544-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsSetThreadWin32Thread, Type: EAT modification 0x835A7548-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsSuspendProcess, Type: EAT modification 0x835A754C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsTerminateSystemThread, Type: EAT modification 0x835A7550-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsThreadType, Type: EAT modification 0x835A7554-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsUILanguageComitted, Type: EAT modification 0x835A7558-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->PsWrapApcWow64Thread, Type: EAT modification 0x835A755C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->qsort, Type: EAT modification 0x835A816C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->rand, Type: EAT modification 0x835A8170-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->READ_REGISTER_BUFFER_UCHAR, Type: EAT modification 0x835A7560-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->READ_REGISTER_BUFFER_ULONG, Type: EAT modification 0x835A7564-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->READ_REGISTER_BUFFER_USHORT, Type: EAT modification 0x835A7568-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->READ_REGISTER_UCHAR, Type: EAT modification 0x835A756C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->READ_REGISTER_ULONG, Type: EAT modification 0x835A7570-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->READ_REGISTER_USHORT, Type: EAT modification 0x835A7574-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlAbsoluteToSelfRelativeSD, Type: EAT modification 0x835A7578-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlAddAccessAllowedAce, Type: EAT modification 0x835A757C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlAddAccessAllowedAceEx, Type: EAT modification 0x835A7580-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlAddAce, Type: EAT modification 0x835A7584-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlAddAtomToAtomTable, Type: EAT modification 0x835A7588-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlAddRange, Type: EAT modification 0x835A758C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlAllocateHeap, Type: EAT modification 0x835A7590-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlAnsiCharToUnicodeChar, Type: EAT modification 0x835A7594-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlAnsiStringToUnicodeSize, Type: EAT modification 0x835A7598-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlAnsiStringToUnicodeString, Type: EAT modification 0x835A759C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlAppendAsciizToString, Type: EAT modification 0x835A75A0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlAppendStringToString, Type: EAT modification 0x835A75A4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlAppendUnicodeStringToString, Type: EAT modification 0x835A75A8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlAppendUnicodeToString, Type: EAT modification 0x835A75AC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlAreAllAccessesGranted, Type: EAT modification 0x835A75B0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlAreAnyAccessesGranted, Type: EAT modification 0x835A75B4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlAreBitsClear, Type: EAT modification 0x835A75B8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlAreBitsSet, Type: EAT modification 0x835A75BC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlAssert, Type: EAT modification 0x835A75C0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCaptureContext, Type: EAT modification 0x835A75C4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCaptureStackBackTrace, Type: EAT modification 0x835A75C8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCharToInteger, Type: EAT modification 0x835A75CC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCheckRegistryKey, Type: EAT modification 0x835A75D0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlClearAllBits, Type: EAT modification 0x835A75D4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlClearBit, Type: EAT modification 0x835A75D8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlClearBits, Type: EAT modification 0x835A75DC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCmDecodeMemIoResource, Type: EAT modification 0x835A75E0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCmEncodeMemIoResource, Type: EAT modification 0x835A75E4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCompareAltitudes, Type: EAT modification 0x835A75E8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCompareMemory, Type: EAT modification 0x835A75EC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCompareMemoryUlong, Type: EAT modification 0x835A75F0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCompareString, Type: EAT modification 0x835A75F4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCompareUnicodeString, Type: EAT modification 0x835A75F8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCompareUnicodeStrings, Type: EAT modification 0x835A75FC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCompressBuffer, Type: EAT modification 0x835A7600-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCompressChunks, Type: EAT modification 0x835A7604-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlComputeCrc32, Type: EAT modification 0x835A7608-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlContractHashTable, Type: EAT modification 0x835A760C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlConvertLongToLargeInteger, Type: EAT modification 0x835A7610-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlConvertSidToUnicodeString, Type: EAT modification 0x835A7614-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlConvertUlongToLargeInteger, Type: EAT modification 0x835A7618-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCopyLuid, Type: EAT modification 0x835A761C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCopyLuidAndAttributesArray, Type: EAT modification 0x835A7620-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCopyRangeList, Type: EAT modification 0x835A7624-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCopySid, Type: EAT modification 0x835A7628-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCopySidAndAttributesArray, Type: EAT modification 0x835A762C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCopyString, Type: EAT modification 0x835A7630-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCopyUnicodeString, Type: EAT modification 0x835A7634-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCreateAcl, Type: EAT modification 0x835A7638-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCreateAtomTable, Type: EAT modification 0x835A763C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCreateHashTable, Type: EAT modification 0x835A7640-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCreateHeap, Type: EAT modification 0x835A7644-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCreateRegistryKey, Type: EAT modification 0x835A7648-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCreateSecurityDescriptor, Type: EAT modification 0x835A764C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCreateSystemVolumeInformationFolder, Type: EAT modification 0x835A7650-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCreateUnicodeString, Type: EAT modification 0x835A7654-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlCustomCPToUnicodeN, Type: EAT modification 0x835A7658-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlDecompressBuffer, Type: EAT modification 0x835A765C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlDecompressChunks, Type: EAT modification 0x835A7660-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlDecompressFragment, Type: EAT modification 0x835A7664-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlDelete, Type: EAT modification 0x835A7668-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlDeleteAce, Type: EAT modification 0x835A766C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlDeleteAtomFromAtomTable, Type: EAT modification 0x835A7670-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlDeleteElementGenericTable, Type: EAT modification 0x835A7674-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlDeleteElementGenericTableAvl, Type: EAT modification 0x835A7678-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlDeleteHashTable, Type: EAT modification 0x835A767C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlDeleteNoSplay, Type: EAT modification 0x835A7680-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlDeleteOwnersRanges, Type: EAT modification 0x835A7684-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlDeleteRange, Type: EAT modification 0x835A7688-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlDeleteRegistryValue, Type: EAT modification 0x835A768C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlDescribeChunk, Type: EAT modification 0x835A7690-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlDestroyAtomTable, Type: EAT modification 0x835A7694-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlDestroyHeap, Type: EAT modification 0x835A7698-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlDowncaseUnicodeChar, Type: EAT modification 0x835A769C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlDowncaseUnicodeString, Type: EAT modification 0x835A76A0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlDuplicateUnicodeString, Type: EAT modification 0x835A76A4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlEmptyAtomTable, Type: EAT modification 0x835A76A8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlEndEnumerationHashTable, Type: EAT modification 0x835A76AC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlEndWeakEnumerationHashTable, Type: EAT modification 0x835A76B0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlEnlargedIntegerMultiply, Type: EAT modification 0x835A76B4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlEnlargedUnsignedDivide, Type: EAT modification 0x835A76B8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlEnlargedUnsignedMultiply, Type: EAT modification 0x835A76BC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlEnumerateEntryHashTable, Type: EAT modification 0x835A76C0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlEnumerateGenericTable, Type: EAT modification 0x835A76C4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlEnumerateGenericTableAvl, Type: EAT modification 0x835A76C8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlEnumerateGenericTableLikeADirectory, Type: EAT modification 0x835A76CC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlEnumerateGenericTableWithoutSplaying, Type: EAT modification 0x835A76D0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlEnumerateGenericTableWithoutSplayingAvl, Type: EAT modification 0x835A76D4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlEqualLuid, Type: EAT modification 0x835A76D8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlEqualSid, Type: EAT modification 0x835A76DC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlEqualString, Type: EAT modification 0x835A76E0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlEqualUnicodeString, Type: EAT modification 0x835A76E4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlEthernetAddressToStringA, Type: EAT modification 0x835A76E8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlEthernetAddressToStringW, Type: EAT modification 0x835A76EC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlEthernetStringToAddressA, Type: EAT modification 0x835A76F0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlEthernetStringToAddressW, Type: EAT modification 0x835A76F4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlExpandHashTable, Type: EAT modification 0x835A76F8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlExtendedIntegerMultiply, Type: EAT modification 0x835A76FC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlExtendedLargeIntegerDivide, Type: EAT modification 0x835A7700-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlExtendedMagicDivide, Type: EAT modification 0x835A7704-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlFillMemory, Type: EAT modification 0x835A7708-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlFillMemoryUlong, Type: EAT modification 0x835A770C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlFillMemoryUlonglong, Type: EAT modification 0x835A7710-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlFindAceByType, Type: EAT modification 0x835A7714-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlFindClearBits, Type: EAT modification 0x835A7718-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlFindClearBitsAndSet, Type: EAT modification 0x835A771C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlFindClearRuns, Type: EAT modification 0x835A7720-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlFindClosestEncodableLength, Type: EAT modification 0x835A7724-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlFindFirstRunClear, Type: EAT modification 0x835A7728-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlFindLastBackwardRunClear, Type: EAT modification 0x835A772C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlFindLeastSignificantBit, Type: EAT modification 0x835A7730-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlFindLongestRunClear, Type: EAT modification 0x835A7734-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlFindMessage, Type: EAT modification 0x835A7738-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlFindMostSignificantBit, Type: EAT modification 0x835A773C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlFindNextForwardRunClear, Type: EAT modification 0x835A7740-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlFindRange, Type: EAT modification 0x835A7744-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlFindSetBits, Type: EAT modification 0x835A7748-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlFindSetBitsAndClear, Type: EAT modification 0x835A774C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlFindUnicodePrefix, Type: EAT modification 0x835A7750-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlFormatCurrentUserKeyPath, Type: EAT modification 0x835A7754-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlFormatMessage, Type: EAT modification 0x835A7758-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlFreeAnsiString, Type: EAT modification 0x835A775C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlFreeHeap, Type: EAT modification 0x835A7760-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlFreeOemString, Type: EAT modification 0x835A7764-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlFreeRangeList, Type: EAT modification 0x835A7768-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlFreeUnicodeString, Type: EAT modification 0x835A776C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlGenerate8dot3Name, Type: EAT modification 0x835A7774-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlGetAce, Type: EAT modification 0x835A7778-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlGetCallersAddress, Type: EAT modification 0x835A777C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlGetCompressionWorkSpaceSize, Type: EAT modification 0x835A7780-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlGetDaclSecurityDescriptor, Type: EAT modification 0x835A7784-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlGetDefaultCodePage, Type: EAT modification 0x835A7788-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlGetElementGenericTable, Type: EAT modification 0x835A778C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlGetElementGenericTableAvl, Type: EAT modification 0x835A7790-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlGetEnabledExtendedFeatures, Type: EAT modification 0x835A7794-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlGetFirstRange, Type: EAT modification 0x835A7798-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlGetGroupSecurityDescriptor, Type: EAT modification 0x835A779C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlGetIntegerAtom, Type: EAT modification 0x835A77A0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlGetLastRange, Type: EAT modification 0x835A77A4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlGetNextEntryHashTable, Type: EAT modification 0x835A77A8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlGetNextRange, Type: EAT modification 0x835A77AC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlGetNtGlobalFlags, Type: EAT modification 0x835A77B0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlGetOwnerSecurityDescriptor, Type: EAT modification 0x835A77B4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlGetProductInfo, Type: EAT modification 0x835A77B8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlGetSaclSecurityDescriptor, Type: EAT modification 0x835A77BC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlGetSetBootStatusData, Type: EAT modification 0x835A77C0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlGetThreadLangIdByIndex, Type: EAT modification 0x835A77C4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlGetVersion, Type: EAT modification 0x835A77C8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlGUIDFromString, Type: EAT modification 0x835A7770-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlHashUnicodeString, Type: EAT modification 0x835A77CC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIdnToAscii, Type: EAT modification 0x835A77D0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIdnToNameprepUnicode, Type: EAT modification 0x835A77D4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIdnToUnicode, Type: EAT modification 0x835A77D8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlImageDirectoryEntryToData, Type: EAT modification 0x835A77DC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlImageNtHeader, Type: EAT modification 0x835A77E0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlInitAnsiString, Type: EAT modification 0x835A77E4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlInitAnsiStringEx, Type: EAT modification 0x835A77E8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlInitCodePageTable, Type: EAT modification 0x835A77EC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlInitEnumerationHashTable, Type: EAT modification 0x835A77F0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlInitializeBitMap, Type: EAT modification 0x835A7804-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlInitializeGenericTable, Type: EAT modification 0x835A7808-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlInitializeGenericTableAvl, Type: EAT modification 0x835A780C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlInitializeRangeList, Type: EAT modification 0x835A7810-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlInitializeSid, Type: EAT modification 0x835A7814-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlInitializeUnicodePrefix, Type: EAT modification 0x835A7818-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlInitString, Type: EAT modification 0x835A77F4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlInitUnicodeString, Type: EAT modification 0x835A77F8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlInitUnicodeStringEx, Type: EAT modification 0x835A77FC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlInitWeakEnumerationHashTable, Type: EAT modification 0x835A7800-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlInsertElementGenericTable, Type: EAT modification 0x835A781C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlInsertElementGenericTableAvl, Type: EAT modification 0x835A7820-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlInsertElementGenericTableFull, Type: EAT modification 0x835A7824-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlInsertElementGenericTableFullAvl, Type: EAT modification 0x835A7828-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlInsertEntryHashTable, Type: EAT modification 0x835A782C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlInsertUnicodePrefix, Type: EAT modification 0x835A7830-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlInt64ToUnicodeString, Type: EAT modification 0x835A7834-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIntegerToChar, Type: EAT modification 0x835A7838-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIntegerToUnicode, Type: EAT modification 0x835A783C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIntegerToUnicodeString, Type: EAT modification 0x835A7840-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlInvertRangeList, Type: EAT modification 0x835A7844-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlInvertRangeListEx, Type: EAT modification 0x835A7848-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIoDecodeMemIoResource, Type: EAT modification 0x835A784C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIoEncodeMemIoResource, Type: EAT modification 0x835A7850-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIpv4AddressToStringA, Type: EAT modification 0x835A7854-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIpv4AddressToStringExA, Type: EAT modification 0x835A7858-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIpv4AddressToStringExW, Type: EAT modification 0x835A785C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIpv4AddressToStringW, Type: EAT modification 0x835A7860-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIpv4StringToAddressA, Type: EAT modification 0x835A7864-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIpv4StringToAddressExA, Type: EAT modification 0x835A7868-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIpv4StringToAddressExW, Type: EAT modification 0x835A786C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIpv4StringToAddressW, Type: EAT modification 0x835A7870-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIpv6AddressToStringA, Type: EAT modification 0x835A7874-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIpv6AddressToStringExA, Type: EAT modification 0x835A7878-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIpv6AddressToStringExW, Type: EAT modification 0x835A787C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIpv6AddressToStringW, Type: EAT modification 0x835A7880-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIpv6StringToAddressA, Type: EAT modification 0x835A7884-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIpv6StringToAddressExA, Type: EAT modification 0x835A7888-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIpv6StringToAddressExW, Type: EAT modification 0x835A788C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIpv6StringToAddressW, Type: EAT modification 0x835A7890-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIsGenericTableEmpty, Type: EAT modification 0x835A7894-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIsGenericTableEmptyAvl, Type: EAT modification 0x835A7898-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIsNameLegalDOS8Dot3, Type: EAT modification 0x835A789C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIsNormalizedString, Type: EAT modification 0x835A78A0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIsNtDdiVersionAvailable, Type: EAT modification 0x835A78A4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIsRangeAvailable, Type: EAT modification 0x835A78A8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIsServicePackVersionInstalled, Type: EAT modification 0x835A78AC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlIsValidOemCharacter, Type: EAT modification 0x835A78B0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlLargeIntegerAdd, Type: EAT modification 0x835A78B4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlLargeIntegerArithmeticShift, Type: EAT modification 0x835A78B8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlLargeIntegerDivide, Type: EAT modification 0x835A78BC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlLargeIntegerNegate, Type: EAT modification 0x835A78C0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlLargeIntegerShiftLeft, Type: EAT modification 0x835A78C4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlLargeIntegerShiftRight, Type: EAT modification 0x835A78C8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlLargeIntegerSubtract, Type: EAT modification 0x835A78CC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlLengthRequiredSid, Type: EAT modification 0x835A78D0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlLengthSecurityDescriptor, Type: EAT modification 0x835A78D4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlLengthSid, Type: EAT modification 0x835A78D8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlLoadString, Type: EAT modification 0x835A78DC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlLocalTimeToSystemTime, Type: EAT modification 0x835A78E0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlLockBootStatusData, Type: EAT modification 0x835A78E4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlLookupAtomInAtomTable, Type: EAT modification 0x835A78E8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlLookupElementGenericTable, Type: EAT modification 0x835A78EC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlLookupElementGenericTableAvl, Type: EAT modification 0x835A78F0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlLookupElementGenericTableFull, Type: EAT modification 0x835A78F4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlLookupElementGenericTableFullAvl, Type: EAT modification 0x835A78F8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlLookupEntryHashTable, Type: EAT modification 0x835A78FC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlLookupFirstMatchingElementGenericTableAvl, Type: EAT modification 0x835A7900-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlMapGenericMask, Type: EAT modification 0x835A7904-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlMapSecurityErrorToNtStatus, Type: EAT modification 0x835A7908-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlMergeRangeLists, Type: EAT modification 0x835A790C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlMoveMemory, Type: EAT modification 0x835A7910-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlMultiByteToUnicodeN, Type: EAT modification 0x835A7914-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlMultiByteToUnicodeSize, Type: EAT modification 0x835A7918-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlNextUnicodePrefix, Type: EAT modification 0x835A791C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlNormalizeString, Type: EAT modification 0x835A7920-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlNtStatusToDosError, Type: EAT modification 0x835A7924-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlNtStatusToDosErrorNoTeb, Type: EAT modification 0x835A7928-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlNumberGenericTableElements, Type: EAT modification 0x835A792C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlNumberGenericTableElementsAvl, Type: EAT modification 0x835A7930-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlNumberOfClearBits, Type: EAT modification 0x835A7934-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlNumberOfSetBits, Type: EAT modification 0x835A7938-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlNumberOfSetBitsUlongPtr, Type: EAT modification 0x835A793C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlOemStringToCountedUnicodeString, Type: EAT modification 0x835A7940-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlOemStringToUnicodeSize, Type: EAT modification 0x835A7944-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlOemStringToUnicodeString, Type: EAT modification 0x835A7948-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlOemToUnicodeN, Type: EAT modification 0x835A794C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlOwnerAcesPresent, Type: EAT modification 0x835A7950-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlPinAtomInAtomTable, Type: EAT modification 0x835A7954-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlPrefetchMemoryNonTemporal, Type: EAT modification 0x835A6184-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlPrefixString, Type: EAT modification 0x835A7958-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlPrefixUnicodeString, Type: EAT modification 0x835A795C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlQueryAtomInAtomTable, Type: EAT modification 0x835A7960-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlQueryDynamicTimeZoneInformation, Type: EAT modification 0x835A7964-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlQueryElevationFlags, Type: EAT modification 0x835A7968-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlQueryModuleInformation, Type: EAT modification 0x835A796C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlQueryRegistryValues, Type: EAT modification 0x835A7970-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlQueryTimeZoneInformation, Type: EAT modification 0x835A7974-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlRaiseException, Type: EAT modification 0x835A7978-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlRandom, Type: EAT modification 0x835A797C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlRandomEx, Type: EAT modification 0x835A7980-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlRealPredecessor, Type: EAT modification 0x835A7984-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlRealSuccessor, Type: EAT modification 0x835A7988-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlRemoveEntryHashTable, Type: EAT modification 0x835A798C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlRemoveUnicodePrefix, Type: EAT modification 0x835A7990-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlReplaceSidInSd, Type: EAT modification 0x835A7994-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlReserveChunk, Type: EAT modification 0x835A7998-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlRunOnceBeginInitialize, Type: EAT modification 0x835A799C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlRunOnceComplete, Type: EAT modification 0x835A79A0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlRunOnceExecuteOnce, Type: EAT modification 0x835A79A4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlRunOnceInitialize, Type: EAT modification 0x835A79A8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlSecondsSince1970ToTime, Type: EAT modification 0x835A79AC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlSecondsSince1980ToTime, Type: EAT modification 0x835A79B0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlSelfRelativeToAbsoluteSD, Type: EAT modification 0x835A79B8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlSelfRelativeToAbsoluteSD2, Type: EAT modification 0x835A79B4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlSetAllBits, Type: EAT modification 0x835A79BC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlSetBit, Type: EAT modification 0x835A79C0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlSetBits, Type: EAT modification 0x835A79C4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlSetDaclSecurityDescriptor, Type: EAT modification 0x835A79C8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlSetDynamicTimeZoneInformation, Type: EAT modification 0x835A79CC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlSetGroupSecurityDescriptor, Type: EAT modification 0x835A79D0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlSetOwnerSecurityDescriptor, Type: EAT modification 0x835A79D4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlSetSaclSecurityDescriptor, Type: EAT modification 0x835A79D8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlSetTimeZoneInformation, Type: EAT modification 0x835A79DC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlSidHashInitialize, Type: EAT modification 0x835A79E0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlSidHashLookup, Type: EAT modification 0x835A79E4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlSizeHeap, Type: EAT modification 0x835A79E8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlSplay, Type: EAT modification 0x835A79EC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlStringFromGUID, Type: EAT modification 0x835A79F0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlSubAuthorityCountSid, Type: EAT modification 0x835A79F4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlSubAuthoritySid, Type: EAT modification 0x835A79F8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlSubtreePredecessor, Type: EAT modification 0x835A79FC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlSubtreeSuccessor, Type: EAT modification 0x835A7A00-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlSystemTimeToLocalTime, Type: EAT modification 0x835A7A04-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlTestBit, Type: EAT modification 0x835A7A08-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlTimeFieldsToTime, Type: EAT modification 0x835A7A0C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlTimeToElapsedTimeFields, Type: EAT modification 0x835A7A10-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlTimeToSecondsSince1970, Type: EAT modification 0x835A7A14-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlTimeToSecondsSince1980, Type: EAT modification 0x835A7A18-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlTimeToTimeFields, Type: EAT modification 0x835A7A1C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlTraceDatabaseAdd, Type: EAT modification 0x835A7A20-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlTraceDatabaseCreate, Type: EAT modification 0x835A7A24-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlTraceDatabaseDestroy, Type: EAT modification 0x835A7A28-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlTraceDatabaseEnumerate, Type: EAT modification 0x835A7A2C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlTraceDatabaseFind, Type: EAT modification 0x835A7A30-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlTraceDatabaseLock, Type: EAT modification 0x835A7A34-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlTraceDatabaseUnlock, Type: EAT modification 0x835A7A38-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlTraceDatabaseValidate, Type: EAT modification 0x835A7A3C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUlongByteSwap, Type: EAT modification 0x835A6188-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUlonglongByteSwap, Type: EAT modification 0x835A618C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUnicodeStringToAnsiSize, Type: EAT modification 0x835A7A44-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUnicodeStringToAnsiString, Type: EAT modification 0x835A7A48-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUnicodeStringToCountedOemString, Type: EAT modification 0x835A7A4C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUnicodeStringToInteger, Type: EAT modification 0x835A7A50-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUnicodeStringToOemSize, Type: EAT modification 0x835A7A54-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUnicodeStringToOemString, Type: EAT modification 0x835A7A58-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUnicodeToCustomCPN, Type: EAT modification 0x835A7A5C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUnicodeToMultiByteN, Type: EAT modification 0x835A7A60-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUnicodeToMultiByteSize, Type: EAT modification 0x835A7A64-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUnicodeToOemN, Type: EAT modification 0x835A7A68-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUnicodeToUTF8N, Type: EAT modification 0x835A7A6C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUnlockBootStatusData, Type: EAT modification 0x835A7A70-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUnwind, Type: EAT modification 0x835A7A74-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUpcaseUnicodeChar, Type: EAT modification 0x835A7A78-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUpcaseUnicodeString, Type: EAT modification 0x835A7A7C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUpcaseUnicodeStringToAnsiString, Type: EAT modification 0x835A7A80-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUpcaseUnicodeStringToCountedOemString, Type: EAT modification 0x835A7A84-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUpcaseUnicodeStringToOemString, Type: EAT modification 0x835A7A88-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUpcaseUnicodeToCustomCPN, Type: EAT modification 0x835A7A8C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUpcaseUnicodeToMultiByteN, Type: EAT modification 0x835A7A90-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUpcaseUnicodeToOemN, Type: EAT modification 0x835A7A94-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUpperChar, Type: EAT modification 0x835A7A98-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUpperString, Type: EAT modification 0x835A7A9C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUshortByteSwap, Type: EAT modification 0x835A6190-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlUTF8ToUnicodeN, Type: EAT modification 0x835A7A40-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlValidateUnicodeString, Type: EAT modification 0x835A7AAC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlValidRelativeSecurityDescriptor, Type: EAT modification 0x835A7AA0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlValidSecurityDescriptor, Type: EAT modification 0x835A7AA4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlValidSid, Type: EAT modification 0x835A7AA8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlVerifyVersionInfo, Type: EAT modification 0x835A7AB0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlVolumeDeviceToDosName, Type: EAT modification 0x835A7AB4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlWalkFrameChain, Type: EAT modification 0x835A7AB8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlWeaklyEnumerateEntryHashTable, Type: EAT modification 0x835A7ABC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlWriteRegistryValue, Type: EAT modification 0x835A7AC0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlxAnsiStringToUnicodeSize, Type: EAT modification 0x835A7ACC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlxOemStringToUnicodeSize, Type: EAT modification 0x835A7AD0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlxUnicodeStringToAnsiSize, Type: EAT modification 0x835A7AD4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlxUnicodeStringToOemSize, Type: EAT modification 0x835A7AD8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlZeroHeap, Type: EAT modification 0x835A7AC4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->RtlZeroMemory, Type: EAT modification 0x835A7AC8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeAccessCheck, Type: EAT modification 0x835A7ADC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeAccessCheckEx, Type: EAT modification 0x835A7AE0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeAccessCheckFromState, Type: EAT modification 0x835A7AE4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeAccessCheckWithHint, Type: EAT modification 0x835A7AE8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeAppendPrivileges, Type: EAT modification 0x835A7AEC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeAssignSecurity, Type: EAT modification 0x835A7AF0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeAssignSecurityEx, Type: EAT modification 0x835A7AF4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeAuditHardLinkCreation, Type: EAT modification 0x835A7AF8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeAuditHardLinkCreationWithTransaction, Type: EAT modification 0x835A7AFC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeAuditingAnyFileEventsWithContext, Type: EAT modification 0x835A7B04-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeAuditingFileEvents, Type: EAT modification 0x835A7B08-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeAuditingFileEventsWithContext, Type: EAT modification 0x835A7B0C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeAuditingFileOrGlobalEvents, Type: EAT modification 0x835A7B10-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeAuditingHardLinkEvents, Type: EAT modification 0x835A7B14-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeAuditingHardLinkEventsWithContext, Type: EAT modification 0x835A7B18-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeAuditingWithTokenForSubcategory, Type: EAT modification 0x835A6194-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeAuditTransactionStateChange, Type: EAT modification 0x835A7B00-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeCaptureSecurityDescriptor, Type: EAT modification 0x835A7B1C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeCaptureSubjectContext, Type: EAT modification 0x835A7B20-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeCaptureSubjectContextEx, Type: EAT modification 0x835A7B24-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeCloseObjectAuditAlarm, Type: EAT modification 0x835A7B28-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeCloseObjectAuditAlarmForNonObObject, Type: EAT modification 0x835A7B2C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeComputeAutoInheritByObjectType, Type: EAT modification 0x835A7B30-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeCreateAccessState, Type: EAT modification 0x835A7B34-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeCreateAccessStateEx, Type: EAT modification 0x835A7B38-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeCreateClientSecurity, Type: EAT modification 0x835A7B3C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeCreateClientSecurityFromSubjectContext, Type: EAT modification 0x835A7B40-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeDeassignSecurity, Type: EAT modification 0x835A7B44-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeDeleteAccessState, Type: EAT modification 0x835A7B48-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeDeleteObjectAuditAlarm, Type: EAT modification 0x835A7B4C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeDeleteObjectAuditAlarmWithTransaction, Type: EAT modification 0x835A7B50-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeExamineSacl, Type: EAT modification 0x835A7B54-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeExports, Type: EAT modification 0x835A7B58-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeFilterToken, Type: EAT modification 0x835A7B5C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeFreePrivileges, Type: EAT modification 0x835A7B60-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeGetLinkedToken, Type: EAT modification 0x835A7B64-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeImpersonateClient, Type: EAT modification 0x835A7B68-->84F7604C [unknown_code_page]
ntkrnlpa.exe-->SeImpersonateClientEx, Type: EAT modification 0x835A7B6C-->B63DFEA9 [unknown_code_page]
ntkrnlpa.exe-->SeLocateProcessImageName, Type: EAT modification 0x835A7B70-->9326F0DC [unknown_code_page]
ntkrnlpa.exe-->SeLockSubjectContext, Type: EAT modification 0x835A7B74-->85BE22A0 [unknown_code_page]
ntkrnlpa.exe-->SeMarkLogonSessionForTerminationNotification, Type: EAT modification 0x835A7B78-->85BE22FC [unknown_code_page]
ntkrnlpa.exe-->SeOpenObjectAuditAlarm, Type: EAT modification 0x835A7B7C-->85BE234A [unknown_code_page]
ntkrnlpa.exe-->SeOpenObjectAuditAlarmForNonObObject, Type: EAT modification 0x835A7B80-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeOpenObjectAuditAlarmWithTransaction, Type: EAT modification 0x835A7B84-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeOpenObjectForDeleteAuditAlarm, Type: EAT modification 0x835A7B88-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeOpenObjectForDeleteAuditAlarmWithTransaction, Type: EAT modification 0x835A7B8C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SePrivilegeCheck, Type: EAT modification 0x835A7B90-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SePrivilegeObjectAuditAlarm, Type: EAT modification 0x835A7B94-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SePublicDefaultDacl, Type: EAT modification 0x835A7B98-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeQueryAuthenticationIdToken, Type: EAT modification 0x835A7B9C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeQueryInformationToken, Type: EAT modification 0x835A7BA0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeQuerySecurityAttributesToken, Type: EAT modification 0x835A7BA4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeQuerySecurityDescriptorInfo, Type: EAT modification 0x835A7BA8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeQuerySessionIdToken, Type: EAT modification 0x835A7BAC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeRegisterLogonSessionTerminatedRoutine, Type: EAT modification 0x835A7BB0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeReleaseSecurityDescriptor, Type: EAT modification 0x835A7BB4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeReleaseSubjectContext, Type: EAT modification 0x835A7BB8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeReportSecurityEvent, Type: EAT modification 0x835A7BBC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeReportSecurityEventWithSubCategory, Type: EAT modification 0x835A7BC0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeSetAccessStateGenericMapping, Type: EAT modification 0x835A7BC4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeSetAuditParameter, Type: EAT modification 0x835A7BC8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeSetSecurityAttributesToken, Type: EAT modification 0x835A7BCC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeSetSecurityDescriptorInfo, Type: EAT modification 0x835A7BD0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeSetSecurityDescriptorInfoEx, Type: EAT modification 0x835A7BD4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeSinglePrivilegeCheck, Type: EAT modification 0x835A7BD8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeSrpAccessCheck, Type: EAT modification 0x835A7BDC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeSystemDefaultDacl, Type: EAT modification 0x835A7BE0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeTokenImpersonationLevel, Type: EAT modification 0x835A7BE4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeTokenIsAdmin, Type: EAT modification 0x835A7BE8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeTokenIsRestricted, Type: EAT modification 0x835A7BEC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeTokenIsWriteRestricted, Type: EAT modification 0x835A7BF0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeTokenObjectType, Type: EAT modification 0x835A7BF4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeTokenType, Type: EAT modification 0x835A7BF8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeUnlockSubjectContext, Type: EAT modification 0x835A7BFC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeUnregisterLogonSessionTerminatedRoutine, Type: EAT modification 0x835A7C00-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->SeValidSecurityDescriptor, Type: EAT modification 0x835A7C04-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->sprintf, Type: EAT modification 0x835A8174-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->sprintf_s, Type: EAT modification 0x835A8178-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->srand, Type: EAT modification 0x835A817C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->sscanf_s, Type: EAT modification 0x835A8180-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->strcat, Type: EAT modification 0x835A8184-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->strcat_s, Type: EAT modification 0x835A8188-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->strchr, Type: EAT modification 0x835A818C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->strcmp, Type: EAT modification 0x835A8190-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->strcpy, Type: EAT modification 0x835A8194-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->strcpy_s, Type: EAT modification 0x835A8198-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->strlen, Type: EAT modification 0x835A819C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->strncat, Type: EAT modification 0x835A81A0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->strncat_s, Type: EAT modification 0x835A81A4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->strncmp, Type: EAT modification 0x835A81A8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->strncpy, Type: EAT modification 0x835A81AC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->strncpy_s, Type: EAT modification 0x835A81B0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->strnlen, Type: EAT modification 0x835A81B4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->strrchr, Type: EAT modification 0x835A81B8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->strspn, Type: EAT modification 0x835A81BC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->strstr, Type: EAT modification 0x835A81C0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->strtok_s, Type: EAT modification 0x835A81C4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->swprintf, Type: EAT modification 0x835A81C8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->swprintf_s, Type: EAT modification 0x835A81CC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->swscanf_s, Type: EAT modification 0x835A81D0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->TmCancelPropagationRequest, Type: EAT modification 0x835A7C08-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->TmCommitComplete, Type: EAT modification 0x835A7C0C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->TmCommitEnlistment, Type: EAT modification 0x835A7C10-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->TmCommitTransaction, Type: EAT modification 0x835A7C14-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->TmCreateEnlistment, Type: EAT modification 0x835A7C18-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->TmCurrentTransaction, Type: EAT modification 0x835A7C1C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->TmDereferenceEnlistmentKey, Type: EAT modification 0x835A7C20-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->TmEnableCallbacks, Type: EAT modification 0x835A7C24-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->TmEndPropagationRequest, Type: EAT modification 0x835A7C28-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->TmEnlistmentObjectType, Type: EAT modification 0x835A7C2C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->TmFreezeTransactions, Type: EAT modification 0x835A7C30-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->TmGetTransactionId, Type: EAT modification 0x835A7C34-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->TmInitializeResourceManager, Type: EAT modification 0x835A7C40-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->TmInitializeTransaction, Type: EAT modification 0x835A7C44-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->TmInitSystem, Type: EAT modification 0x835A7C38-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->TmInitSystemPhase2, Type: EAT modification 0x835A7C3C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->TmIsTransactionActive, Type: EAT modification 0x835A7C48-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->TmpIsKTMCommitCoordinator, Type: EAT modification 0x835A7C9C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->TmPrepareComplete, Type: EAT modification 0x835A7C54-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->TmPrepareEnlistment, Type: EAT modification 0x835A7C58-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->TmPrePrepareComplete, Type: EAT modification 0x835A7C4C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->TmPrePrepareEnlistment, Type: EAT modification 0x835A7C50-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->TmPropagationComplete, Type: EAT modification 0x835A7C5C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->TmPropagationFailed, Type: EAT modification 0x835A7C60-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->TmReadOnlyEnlistment, Type: EAT modification 0x835A7C64-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->TmRecoverEnlistment, Type: EAT modification 0x835A7C68-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->TmRecoverResourceManager, Type: EAT modification 0x835A7C6C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->TmRecoverTransactionManager, Type: EAT modification 0x835A7C70-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->TmReferenceEnlistmentKey, Type: EAT modification 0x835A7C74-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->TmRequestOutcomeEnlistment, Type: EAT modification 0x835A7C78-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->TmResourceManagerObjectType, Type: EAT modification 0x835A7C7C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->TmRollbackComplete, Type: EAT modification 0x835A7C80-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->TmRollbackEnlistment, Type: EAT modification 0x835A7C84-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->TmRollbackTransaction, Type: EAT modification 0x835A7C88-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->TmSetCurrentTransaction, Type: EAT modification 0x835A7C8C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->TmThawTransactions, Type: EAT modification 0x835A7C90-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->TmTransactionManagerObjectType, Type: EAT modification 0x835A7C94-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->TmTransactionObjectType, Type: EAT modification 0x835A7C98-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->tolower, Type: EAT modification 0x835A81D4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->toupper, Type: EAT modification 0x835A81D8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->towlower, Type: EAT modification 0x835A81DC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->towupper, Type: EAT modification 0x835A81E0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->vDbgPrintEx, Type: EAT modification 0x835A81E4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->vDbgPrintExWithPrefix, Type: EAT modification 0x835A81E8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->VerSetConditionMask, Type: EAT modification 0x835A7CA0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->VfFailDeviceNode, Type: EAT modification 0x835A7CA4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->VfFailDriver, Type: EAT modification 0x835A7CA8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->VfFailSystemBIOS, Type: EAT modification 0x835A7CAC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->VfIsVerificationEnabled, Type: EAT modification 0x835A7CB0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->vsprintf, Type: EAT modification 0x835A81EC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->vsprintf_s, Type: EAT modification 0x835A81F0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->vswprintf_s, Type: EAT modification 0x835A81F4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->wcscat, Type: EAT modification 0x835A81F8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->wcscat_s, Type: EAT modification 0x835A81FC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->wcschr, Type: EAT modification 0x835A8200-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->wcscmp, Type: EAT modification 0x835A8204-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->wcscpy, Type: EAT modification 0x835A8208-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->wcscpy_s, Type: EAT modification 0x835A820C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->wcscspn, Type: EAT modification 0x835A8210-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->wcslen, Type: EAT modification 0x835A8214-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->wcsncat, Type: EAT modification 0x835A8218-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->wcsncat_s, Type: EAT modification 0x835A821C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->wcsncmp, Type: EAT modification 0x835A8220-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->wcsncpy, Type: EAT modification 0x835A8224-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->wcsncpy_s, Type: EAT modification 0x835A8228-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->wcsnlen, Type: EAT modification 0x835A822C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->wcsrchr, Type: EAT modification 0x835A8230-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->wcsspn, Type: EAT modification 0x835A8234-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->wcsstr, Type: EAT modification 0x835A8238-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->wcstombs, Type: EAT modification 0x835A823C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->wcstoul, Type: EAT modification 0x835A8240-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->wctomb, Type: EAT modification 0x835A8244-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->WheaAddErrorSource, Type: EAT modification 0x835A7CCC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->WheaConfigureErrorSource, Type: EAT modification 0x835A7CD0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->WheaGetErrorSource, Type: EAT modification 0x835A7CD4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->WheaInitializeRecordHeader, Type: EAT modification 0x835A7CD8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->WheaReportHwError, Type: EAT modification 0x835A7CDC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->WmiGetClock, Type: EAT modification 0x835A6198-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->WmiQueryTraceInformation, Type: EAT modification 0x835A7CE0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->WmiTraceMessage, Type: EAT modification 0x835A7CE4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->WmiTraceMessageVa, Type: EAT modification 0x835A7CE8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->WRITE_REGISTER_BUFFER_UCHAR, Type: EAT modification 0x835A7CB4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->WRITE_REGISTER_BUFFER_ULONG, Type: EAT modification 0x835A7CB8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->WRITE_REGISTER_BUFFER_USHORT, Type: EAT modification 0x835A7CBC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->WRITE_REGISTER_UCHAR, Type: EAT modification 0x835A7CC0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->WRITE_REGISTER_ULONG, Type: EAT modification 0x835A7CC4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->WRITE_REGISTER_USHORT, Type: EAT modification 0x835A7CC8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->XIPDispatch, Type: EAT modification 0x835A7CEC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwAccessCheckAndAuditAlarm, Type: EAT modification 0x835A7CF0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwAddBootEntry, Type: EAT modification 0x835A7CF4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwAddDriverEntry, Type: EAT modification 0x835A7CF8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwAdjustPrivilegesToken, Type: EAT modification 0x835A7CFC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwAlertThread, Type: EAT modification 0x835A7D00-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwAllocateLocallyUniqueId, Type: EAT modification 0x835A7D04-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwAllocateVirtualMemory, Type: EAT modification 0x835A7D08-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwAlpcAcceptConnectPort, Type: EAT modification 0x835A7D0C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwAlpcCancelMessage, Type: EAT modification 0x835A7D10-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwAlpcConnectPort, Type: EAT modification 0x835A7D14-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwAlpcCreatePort, Type: EAT modification 0x835A7D18-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwAlpcCreatePortSection, Type: EAT modification 0x835A7D1C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwAlpcCreateResourceReserve, Type: EAT modification 0x835A7D20-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwAlpcCreateSectionView, Type: EAT modification 0x835A7D24-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwAlpcCreateSecurityContext, Type: EAT modification 0x835A7D28-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwAlpcDeletePortSection, Type: EAT modification 0x835A7D2C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwAlpcDeleteResourceReserve, Type: EAT modification 0x835A7D30-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwAlpcDeleteSectionView, Type: EAT modification 0x835A7D34-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwAlpcDeleteSecurityContext, Type: EAT modification 0x835A7D38-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwAlpcDisconnectPort, Type: EAT modification 0x835A7D3C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwAlpcQueryInformation, Type: EAT modification 0x835A7D40-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwAlpcSendWaitReceivePort, Type: EAT modification 0x835A7D44-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwAlpcSetInformation, Type: EAT modification 0x835A7D48-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwAssignProcessToJobObject, Type: EAT modification 0x835A7D4C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwCancelIoFile, Type: EAT modification 0x835A7D50-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwCancelTimer, Type: EAT modification 0x835A7D54-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwClearEvent, Type: EAT modification 0x835A7D58-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwClose, Type: EAT modification 0x835A7D5C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwCloseObjectAuditAlarm, Type: EAT modification 0x835A7D60-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwCommitComplete, Type: EAT modification 0x835A7D64-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwCommitEnlistment, Type: EAT modification 0x835A7D68-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwCommitTransaction, Type: EAT modification 0x835A7D6C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwConnectPort, Type: EAT modification 0x835A7D70-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwCreateDirectoryObject, Type: EAT modification 0x835A7D74-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwCreateEnlistment, Type: EAT modification 0x835A7D78-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwCreateEvent, Type: EAT modification 0x835A7D7C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwCreateFile, Type: EAT modification 0x835A7D80-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwCreateIoCompletion, Type: EAT modification 0x835A7D84-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwCreateJobObject, Type: EAT modification 0x835A7D88-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwCreateKey, Type: EAT modification 0x835A7D8C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwCreateKeyTransacted, Type: EAT modification 0x835A7D90-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwCreateResourceManager, Type: EAT modification 0x835A7D94-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwCreateSection, Type: EAT modification 0x835A7D98-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwCreateSymbolicLinkObject, Type: EAT modification 0x835A7D9C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwCreateTimer, Type: EAT modification 0x835A7DA0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwCreateTransaction, Type: EAT modification 0x835A7DA4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwCreateTransactionManager, Type: EAT modification 0x835A7DA8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwDeleteBootEntry, Type: EAT modification 0x835A7DAC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwDeleteDriverEntry, Type: EAT modification 0x835A7DB0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwDeleteFile, Type: EAT modification 0x835A7DB4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwDeleteKey, Type: EAT modification 0x835A7DB8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwDeleteValueKey, Type: EAT modification 0x835A7DBC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwDeviceIoControlFile, Type: EAT modification 0x835A7DC0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwDisplayString, Type: EAT modification 0x835A7DC4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwDuplicateObject, Type: EAT modification 0x835A7DC8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwDuplicateToken, Type: EAT modification 0x835A7DCC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwEnumerateBootEntries, Type: EAT modification 0x835A7DD0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwEnumerateDriverEntries, Type: EAT modification 0x835A7DD4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwEnumerateKey, Type: EAT modification 0x835A7DD8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwEnumerateTransactionObject, Type: EAT modification 0x835A7DDC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwEnumerateValueKey, Type: EAT modification 0x835A7DE0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwFlushBuffersFile, Type: EAT modification 0x835A7DE4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwFlushInstructionCache, Type: EAT modification 0x835A7DE8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwFlushKey, Type: EAT modification 0x835A7DEC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwFlushVirtualMemory, Type: EAT modification 0x835A7DF0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwFreeVirtualMemory, Type: EAT modification 0x835A7DF4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwFsControlFile, Type: EAT modification 0x835A7DF8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwGetNotificationResourceManager, Type: EAT modification 0x835A7DFC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwImpersonateAnonymousToken, Type: EAT modification 0x835A7E00-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwInitiatePowerAction, Type: EAT modification 0x835A7E04-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwIsProcessInJob, Type: EAT modification 0x835A7E08-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwLoadDriver, Type: EAT modification 0x835A7E0C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwLoadKey, Type: EAT modification 0x835A7E10-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwLoadKeyEx, Type: EAT modification 0x835A7E14-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwLockFile, Type: EAT modification 0x835A7E18-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwLockProductActivationKeys, Type: EAT modification 0x835A7E1C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwMakeTemporaryObject, Type: EAT modification 0x835A7E20-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwMapViewOfSection, Type: EAT modification 0x835A7E24-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwModifyBootEntry, Type: EAT modification 0x835A7E28-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwModifyDriverEntry, Type: EAT modification 0x835A7E2C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwNotifyChangeKey, Type: EAT modification 0x835A7E30-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwNotifyChangeSession, Type: EAT modification 0x835A7E34-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwOpenDirectoryObject, Type: EAT modification 0x835A7E38-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwOpenEnlistment, Type: EAT modification 0x835A7E3C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwOpenEvent, Type: EAT modification 0x835A7E40-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwOpenFile, Type: EAT modification 0x835A7E44-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwOpenJobObject, Type: EAT modification 0x835A7E48-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwOpenKey, Type: EAT modification 0x835A7E4C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwOpenKeyEx, Type: EAT modification 0x835A7E50-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwOpenKeyTransacted, Type: EAT modification 0x835A7E54-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwOpenKeyTransactedEx, Type: EAT modification 0x835A7E58-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwOpenProcess, Type: EAT modification 0x835A7E5C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwOpenProcessToken, Type: EAT modification 0x835A7E60-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwOpenProcessTokenEx, Type: EAT modification 0x835A7E64-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwOpenResourceManager, Type: EAT modification 0x835A7E68-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwOpenSection, Type: EAT modification 0x835A7E6C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwOpenSession, Type: EAT modification 0x835A7E70-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwOpenSymbolicLinkObject, Type: EAT modification 0x835A7E74-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwOpenThread, Type: EAT modification 0x835A7E78-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwOpenThreadToken, Type: EAT modification 0x835A7E7C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwOpenThreadTokenEx, Type: EAT modification 0x835A7E80-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwOpenTimer, Type: EAT modification 0x835A7E84-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwOpenTransaction, Type: EAT modification 0x835A7E88-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwOpenTransactionManager, Type: EAT modification 0x835A7E8C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwPowerInformation, Type: EAT modification 0x835A7E90-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwPrepareComplete, Type: EAT modification 0x835A7E9C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwPrepareEnlistment, Type: EAT modification 0x835A7EA0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwPrePrepareComplete, Type: EAT modification 0x835A7E94-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwPrePrepareEnlistment, Type: EAT modification 0x835A7E98-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwPropagationComplete, Type: EAT modification 0x835A7EA4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwPropagationFailed, Type: EAT modification 0x835A7EA8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwPulseEvent, Type: EAT modification 0x835A7EAC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQueryBootEntryOrder, Type: EAT modification 0x835A7EB0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQueryBootOptions, Type: EAT modification 0x835A7EB4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQueryDefaultLocale, Type: EAT modification 0x835A7EB8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQueryDefaultUILanguage, Type: EAT modification 0x835A7EBC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQueryDirectoryFile, Type: EAT modification 0x835A7EC0-->83256000 [ntkrnlpa.exe]
Sliktor
Regular Member
 
Posts: 16
Joined: February 28th, 2011, 11:44 pm

Re: Search Engine Redirect

Unread postby Sliktor » March 2nd, 2011, 9:41 pm

ntkrnlpa.exe-->ZwQueryDirectoryObject, Type: EAT modification 0x835A7EC4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQueryDriverEntryOrder, Type: EAT modification 0x835A7EC8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQueryEaFile, Type: EAT modification 0x835A7ECC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQueryFullAttributesFile, Type: EAT modification 0x835A7ED0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQueryInformationEnlistment, Type: EAT modification 0x835A7ED4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQueryInformationFile, Type: EAT modification 0x835A7ED8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQueryInformationJobObject, Type: EAT modification 0x835A7EDC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQueryInformationProcess, Type: EAT modification 0x835A7EE0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQueryInformationResourceManager, Type: EAT modification 0x835A7EE4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQueryInformationThread, Type: EAT modification 0x835A7EE8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQueryInformationToken, Type: EAT modification 0x835A7EEC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQueryInformationTransaction, Type: EAT modification 0x835A7EF0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQueryInformationTransactionManager, Type: EAT modification 0x835A7EF4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQueryInstallUILanguage, Type: EAT modification 0x835A7EF8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQueryKey, Type: EAT modification 0x835A7EFC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQueryLicenseValue, Type: EAT modification 0x835A7F00-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQueryObject, Type: EAT modification 0x835A7F04-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQueryQuotaInformationFile, Type: EAT modification 0x835A7F08-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQuerySection, Type: EAT modification 0x835A7F0C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQuerySecurityAttributesToken, Type: EAT modification 0x835A7F10-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQuerySecurityObject, Type: EAT modification 0x835A7F14-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQuerySymbolicLinkObject, Type: EAT modification 0x835A7F18-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQuerySystemInformation, Type: EAT modification 0x835A7F1C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQueryValueKey, Type: EAT modification 0x835A7F20-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQueryVirtualMemory, Type: EAT modification 0x835A7F24-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwQueryVolumeInformationFile, Type: EAT modification 0x835A7F28-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwReadFile, Type: EAT modification 0x835A7F2C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwReadOnlyEnlistment, Type: EAT modification 0x835A7F30-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwRecoverEnlistment, Type: EAT modification 0x835A7F34-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwRecoverResourceManager, Type: EAT modification 0x835A7F38-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwRecoverTransactionManager, Type: EAT modification 0x835A7F3C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwRemoveIoCompletion, Type: EAT modification 0x835A7F40-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwRemoveIoCompletionEx, Type: EAT modification 0x835A7F44-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwReplaceKey, Type: EAT modification 0x835A7F48-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwRequestPort, Type: EAT modification 0x835A7F4C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwRequestWaitReplyPort, Type: EAT modification 0x835A7F50-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwResetEvent, Type: EAT modification 0x835A7F54-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwRestoreKey, Type: EAT modification 0x835A7F58-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwRollbackComplete, Type: EAT modification 0x835A7F5C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwRollbackEnlistment, Type: EAT modification 0x835A7F60-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwRollbackTransaction, Type: EAT modification 0x835A7F64-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwSaveKey, Type: EAT modification 0x835A7F68-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwSaveKeyEx, Type: EAT modification 0x835A7F6C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwSecureConnectPort, Type: EAT modification 0x835A7F70-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwSetBootEntryOrder, Type: EAT modification 0x835A7F74-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwSetBootOptions, Type: EAT modification 0x835A7F78-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwSetDefaultLocale, Type: EAT modification 0x835A7F7C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwSetDefaultUILanguage, Type: EAT modification 0x835A7F80-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwSetDriverEntryOrder, Type: EAT modification 0x835A7F84-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwSetEaFile, Type: EAT modification 0x835A7F88-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwSetEvent, Type: EAT modification 0x835A7F8C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwSetInformationEnlistment, Type: EAT modification 0x835A7F90-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwSetInformationFile, Type: EAT modification 0x835A7F94-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwSetInformationJobObject, Type: EAT modification 0x835A7F98-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwSetInformationObject, Type: EAT modification 0x835A7F9C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwSetInformationProcess, Type: EAT modification 0x835A7FA0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwSetInformationResourceManager, Type: EAT modification 0x835A7FA4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwSetInformationThread, Type: EAT modification 0x835A7FA8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwSetInformationToken, Type: EAT modification 0x835A7FAC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwSetInformationTransaction, Type: EAT modification 0x835A7FB0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwSetQuotaInformationFile, Type: EAT modification 0x835A7FB4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwSetSecurityObject, Type: EAT modification 0x835A7FB8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwSetSystemInformation, Type: EAT modification 0x835A7FBC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwSetSystemTime, Type: EAT modification 0x835A7FC0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwSetTimer, Type: EAT modification 0x835A7FC4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwSetTimerEx, Type: EAT modification 0x835A7FC8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwSetValueKey, Type: EAT modification 0x835A7FCC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwSetVolumeInformationFile, Type: EAT modification 0x835A7FD0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwTerminateJobObject, Type: EAT modification 0x835A7FD4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwTerminateProcess, Type: EAT modification 0x835A7FD8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwTraceEvent, Type: EAT modification 0x835A7FDC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwTranslateFilePath, Type: EAT modification 0x835A7FE0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwUnloadDriver, Type: EAT modification 0x835A7FE4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwUnloadKey, Type: EAT modification 0x835A7FE8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwUnloadKeyEx, Type: EAT modification 0x835A7FEC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwUnlockFile, Type: EAT modification 0x835A7FF0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwUnmapViewOfSection, Type: EAT modification 0x835A7FF4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwWaitForMultipleObjects, Type: EAT modification 0x835A7FF8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwWaitForSingleObject, Type: EAT modification 0x835A7FFC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwWriteFile, Type: EAT modification 0x835A8000-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ZwYieldExecution, Type: EAT modification 0x835A8004-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_abnormal_termination, Type: EAT modification 0x835A8014-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_alldiv, Type: EAT modification 0x835A8018-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_alldvrm, Type: EAT modification 0x835A801C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_allmul, Type: EAT modification 0x835A8020-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_alloca_probe, Type: EAT modification 0x835A8024-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_alloca_probe_16, Type: EAT modification 0x835A8028-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_alloca_probe_8, Type: EAT modification 0x835A802C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_allrem, Type: EAT modification 0x835A8030-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_allshl, Type: EAT modification 0x835A8034-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_allshr, Type: EAT modification 0x835A8038-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_aulldiv, Type: EAT modification 0x835A803C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_aulldvrm, Type: EAT modification 0x835A8040-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_aullrem, Type: EAT modification 0x835A8044-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_aullshr, Type: EAT modification 0x835A8048-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_chkstk, Type: EAT modification 0x835A804C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_CIcos, Type: EAT modification 0x835A8008-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_CIsin, Type: EAT modification 0x835A800C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_CIsqrt, Type: EAT modification 0x835A8010-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_except_handler2, Type: EAT modification 0x835A8050-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_except_handler3, Type: EAT modification 0x835A8054-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_global_unwind2, Type: EAT modification 0x835A8058-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_i64toa_s, Type: EAT modification 0x835A805C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_i64tow_s, Type: EAT modification 0x835A8060-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_itoa, Type: EAT modification 0x835A8064-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_itoa_s, Type: EAT modification 0x835A8068-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_itow, Type: EAT modification 0x835A806C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_itow_s, Type: EAT modification 0x835A8070-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_local_unwind2, Type: EAT modification 0x835A8074-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_ltoa_s, Type: EAT modification 0x835A8078-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_ltow_s, Type: EAT modification 0x835A807C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_makepath_s, Type: EAT modification 0x835A8080-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_purecall, Type: EAT modification 0x835A8084-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_snprintf, Type: EAT modification 0x835A8088-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_snprintf_s, Type: EAT modification 0x835A808C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_snscanf_s, Type: EAT modification 0x835A8090-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_snwprintf, Type: EAT modification 0x835A8094-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_snwprintf_s, Type: EAT modification 0x835A8098-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_snwscanf_s, Type: EAT modification 0x835A809C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_splitpath_s, Type: EAT modification 0x835A80A0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_stricmp, Type: EAT modification 0x835A80A4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_strlwr, Type: EAT modification 0x835A80A8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_strnicmp, Type: EAT modification 0x835A80AC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_strnset, Type: EAT modification 0x835A80B0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_strnset_s, Type: EAT modification 0x835A80B4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_strrev, Type: EAT modification 0x835A80B8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_strset, Type: EAT modification 0x835A80BC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_strset_s, Type: EAT modification 0x835A80C0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_strtoui64, Type: EAT modification 0x835A80C4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_strupr, Type: EAT modification 0x835A80C8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_swprintf, Type: EAT modification 0x835A80CC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_ui64toa_s, Type: EAT modification 0x835A80D0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_ui64tow_s, Type: EAT modification 0x835A80D4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_ultoa_s, Type: EAT modification 0x835A80D8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_ultow_s, Type: EAT modification 0x835A80DC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_vsnprintf, Type: EAT modification 0x835A80E0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_vsnprintf_s, Type: EAT modification 0x835A80E4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_vsnwprintf, Type: EAT modification 0x835A80E8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_vsnwprintf_s, Type: EAT modification 0x835A80EC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_vswprintf, Type: EAT modification 0x835A80F0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_wcsicmp, Type: EAT modification 0x835A80F4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_wcslwr, Type: EAT modification 0x835A80F8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_wcsnicmp, Type: EAT modification 0x835A80FC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_wcsnset, Type: EAT modification 0x835A8100-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_wcsnset_s, Type: EAT modification 0x835A8104-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_wcsrev, Type: EAT modification 0x835A8108-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_wcsset_s, Type: EAT modification 0x835A810C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_wcsupr, Type: EAT modification 0x835A8110-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_wmakepath_s, Type: EAT modification 0x835A8114-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_wsplitpath_s, Type: EAT modification 0x835A8118-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_wtoi, Type: EAT modification 0x835A811C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->_wtol, Type: EAT modification 0x835A8120-->83256000 [ntkrnlpa.exe]
[1096]svchost.exe-->mswsock.dll+0x00002BBC, Type: Inline - RelativeJump 0x749F2BBC-->00000000 [unknown_code_page]
[1096]svchost.exe-->mswsock.dll+0x000044B1, Type: Inline - RelativeJump 0x749F44B1-->00000000 [unknown_code_page]
[1096]svchost.exe-->mswsock.dll+0x000046B7, Type: Inline - RelativeJump 0x749F46B7-->00000000 [unknown_code_page]
[1096]svchost.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x76E76298-->00000000 [unknown_code_page]
[1096]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x76E751C0-->00000000 [unknown_code_page]
[1096]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x76E75D40-->00000000 [unknown_code_page]
[1096]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x7581C198-->00000000 [unknown_code_page]
[1632]wuauclt.exe-->mswsock.dll+0x00002BBC, Type: Inline - RelativeJump 0x749F2BBC-->00000000 [unknown_code_page]
[1632]wuauclt.exe-->mswsock.dll+0x000044B1, Type: Inline - RelativeJump 0x749F44B1-->00000000 [unknown_code_page]
[1632]wuauclt.exe-->mswsock.dll+0x000046B7, Type: Inline - RelativeJump 0x749F46B7-->00000000 [unknown_code_page]
[1632]wuauclt.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x76E76298-->00000000 [unknown_code_page]
[1632]wuauclt.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x76E751C0-->00000000 [unknown_code_page]
[1632]wuauclt.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x76E75D40-->00000000 [unknown_code_page]
[3380]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x76E8F5B5-->00000000 [firefox.exe]
[3504]ProToolbarUpdate.exe-->advapi32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77C6178C-->00000000 [AcGenral.dll]
[3504]ProToolbarUpdate.exe-->advapi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77C617F0-->00000000 [AcGenral.dll]
[3504]ProToolbarUpdate.exe-->advapi32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77C61848-->00000000 [AcGenral.dll]
[3504]ProToolbarUpdate.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C617B8-->00000000 [apphelp.dll]
[3504]ProToolbarUpdate.exe-->advapi32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x77C61844-->00000000 [AcGenral.dll]
[3504]ProToolbarUpdate.exe-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x0040C018-->00000000 [AcGenral.dll]
[3504]ProToolbarUpdate.exe-->gdi32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77B61154-->00000000 [AcGenral.dll]
[3504]ProToolbarUpdate.exe-->gdi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77B611E0-->00000000 [AcGenral.dll]
[3504]ProToolbarUpdate.exe-->gdi32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77B6118C-->00000000 [AcGenral.dll]
[3504]ProToolbarUpdate.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B611B8-->00000000 [apphelp.dll]
[3504]ProToolbarUpdate.exe-->kernel32.dll-->CopyFileW, Type: IAT modification 0x0040C068-->00000000 [AcGenral.dll]
[3504]ProToolbarUpdate.exe-->kernel32.dll-->GetFileAttributesA, Type: IAT modification 0x0040C0C4-->00000000 [AcGenral.dll]
[3504]ProToolbarUpdate.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040C0AC-->00000000 [apphelp.dll]
[3504]ProToolbarUpdate.exe-->kernel32.dll-->MoveFileExW, Type: IAT modification 0x0040C070-->00000000 [AcGenral.dll]
[3504]ProToolbarUpdate.exe-->shell32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x738022C4-->00000000 [AcGenral.dll]
[3504]ProToolbarUpdate.exe-->shell32.dll-->kernel32.dll-->MoveFileExW, Type: IAT modification 0x73802240-->00000000 [AcGenral.dll]
[3504]ProToolbarUpdate.exe-->shell32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x73802298-->00000000 [AcGenral.dll]
[3504]ProToolbarUpdate.exe-->user32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77D11524-->00000000 [AcGenral.dll]
[3504]ProToolbarUpdate.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D114E0-->00000000 [apphelp.dll]
[3504]ProToolbarUpdate.exe-->user32.dll-->kernel32.dll-->RegCreateKeyExW, Type: IAT modification 0x77D114B4-->00000000 [AcGenral.dll]
[3504]ProToolbarUpdate.exe-->user32.dll-->kernel32.dll-->RegOpenKeyExW, Type: IAT modification 0x77D11444-->00000000 [AcGenral.dll]
[3504]ProToolbarUpdate.exe-->user32.dll-->kernel32.dll-->RegSetValueExW, Type: IAT modification 0x77D114AC-->00000000 [AcGenral.dll]
[3504]ProToolbarUpdate.exe-->wininet.dll-->advapi32.dll-->RegCreateKeyExA, Type: IAT modification 0x71201290-->00000000 [AcGenral.dll]
[3504]ProToolbarUpdate.exe-->wininet.dll-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x712011D8-->00000000 [AcGenral.dll]
[3504]ProToolbarUpdate.exe-->wininet.dll-->advapi32.dll-->RegDeleteValueA, Type: IAT modification 0x7120124C-->00000000 [AcGenral.dll]
[3504]ProToolbarUpdate.exe-->wininet.dll-->advapi32.dll-->RegDeleteValueW, Type: IAT modification 0x712011E0-->00000000 [AcGenral.dll]
[3504]ProToolbarUpdate.exe-->wininet.dll-->advapi32.dll-->RegOpenKeyExA, Type: IAT modification 0x71201298-->00000000 [AcGenral.dll]
[3504]ProToolbarUpdate.exe-->wininet.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x71201274-->00000000 [AcGenral.dll]
[3504]ProToolbarUpdate.exe-->wininet.dll-->advapi32.dll-->RegSetValueExA, Type: IAT modification 0x71201294-->00000000 [AcGenral.dll]
[3504]ProToolbarUpdate.exe-->wininet.dll-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x712011E4-->00000000 [AcGenral.dll]
[3504]ProToolbarUpdate.exe-->wininet.dll-->kernel32.dll-->CopyFileA, Type: IAT modification 0x712012E0-->00000000 [AcGenral.dll]
[3504]ProToolbarUpdate.exe-->wininet.dll-->kernel32.dll-->CreateFileA, Type: IAT modification 0x712014D4-->00000000 [AcGenral.dll]
[3504]ProToolbarUpdate.exe-->wininet.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x712014D8-->00000000 [AcGenral.dll]
[3504]ProToolbarUpdate.exe-->wininet.dll-->kernel32.dll-->DeleteFileA, Type: IAT modification 0x71201500-->00000000 [AcGenral.dll]
[3504]ProToolbarUpdate.exe-->wininet.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x71201358-->00000000 [AcGenral.dll]
[3504]ProToolbarUpdate.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71201454-->00000000 [apphelp.dll]
[3504]ProToolbarUpdate.exe-->wininet.dll-->kernel32.dll-->MoveFileA, Type: IAT modification 0x7120131C-->00000000 [AcGenral.dll]
[3504]ProToolbarUpdate.exe-->wininet.dll-->kernel32.dll-->MoveFileExA, Type: IAT modification 0x7120144C-->00000000 [AcGenral.dll]
[3504]ProToolbarUpdate.exe-->wininet.dll-->kernel32.dll-->MoveFileExW, Type: IAT modification 0x71201314-->00000000 [AcGenral.dll]
[3504]ProToolbarUpdate.exe-->wininet.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x71201318-->00000000 [AcGenral.dll]
[3504]ProToolbarUpdate.exe-->wininet.dll-->kernel32.dll-->SetFileAttributesA, Type: IAT modification 0x71201330-->00000000 [AcGenral.dll]
[3504]ProToolbarUpdate.exe-->wininet.dll-->kernel32.dll-->SetFileAttributesW, Type: IAT modification 0x71201404-->00000000 [AcGenral.dll]
[3804]firefox.exe-->mswsock.dll+0x00002BBC, Type: Inline - RelativeJump 0x749F2BBC-->00000000 [unknown_code_page]
[3804]firefox.exe-->mswsock.dll+0x000044B1, Type: Inline - RelativeJump 0x749F44B1-->00000000 [unknown_code_page]
[3804]firefox.exe-->mswsock.dll+0x000046B7, Type: Inline - RelativeJump 0x749F46B7-->00000000 [unknown_code_page]
[3804]firefox.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x76E76298-->00000000 [unknown_code_page]
[3804]firefox.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x76E751C0-->00000000 [unknown_code_page]
[3804]firefox.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x76E75D40-->00000000 [unknown_code_page]
[4024]plugin-container.exe-->user32.dll-->GetWindowInfo, Type: Inline - RelativeJump 0x75826A82-->00000000 [xul.dll]
[4024]plugin-container.exe-->user32.dll-->SetWindowLongA, Type: Inline - RelativeJump 0x7581B1E3-->00000000 [xul.dll]
[4024]plugin-container.exe-->user32.dll-->SetWindowLongW, Type: Inline - RelativeJump 0x75826614-->00000000 [xul.dll]
[4024]plugin-container.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x75844B3B-->00000000 [xul.dll]
[5460]VCExpress.exe-->advapi32.dll-->RegCloseKey, Type: Inline - RelativeJump 0x75ADBED4-->00000000 [VCExpress.exe]
[5460]VCExpress.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x75AD1B71-->00000000 [VCExpress.exe]
[5460]VCExpress.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x75ADB946-->00000000 [VCExpress.exe]
[5460]VCExpress.exe-->advapi32.dll-->RegDeleteValueA, Type: Inline - RelativeJump 0x75AD194E-->00000000 [VCExpress.exe]
[5460]VCExpress.exe-->advapi32.dll-->RegDeleteValueW, Type: Inline - RelativeJump 0x75ACD521-->00000000 [VCExpress.exe]
[5460]VCExpress.exe-->advapi32.dll-->RegEnumKeyExA, Type: Inline - RelativeJump 0x75AD1B89-->00000000 [VCExpress.exe]
[5460]VCExpress.exe-->advapi32.dll-->RegEnumKeyExW, Type: Inline - RelativeJump 0x75ADBB65-->00000000 [VCExpress.exe]
[5460]VCExpress.exe-->advapi32.dll-->RegEnumValueA, Type: Inline - RelativeJump 0x75ACD539-->00000000 [VCExpress.exe]
[5460]VCExpress.exe-->advapi32.dll-->RegEnumValueW, Type: Inline - RelativeJump 0x75ADBB72-->00000000 [VCExpress.exe]
[5460]VCExpress.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x75ADBC0D-->00000000 [VCExpress.exe]
[5460]VCExpress.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x75ADBEC4-->00000000 [VCExpress.exe]
[5460]VCExpress.exe-->advapi32.dll-->RegQueryInfoKeyA, Type: Inline - RelativeJump 0x75AD1966-->00000000 [VCExpress.exe]
[5460]VCExpress.exe-->advapi32.dll-->RegQueryInfoKeyW, Type: Inline - RelativeJump 0x75ADBB42-->00000000 [VCExpress.exe]
[5460]VCExpress.exe-->advapi32.dll-->RegQueryValueExA, Type: Inline - RelativeJump 0x75ADBC25-->00000000 [VCExpress.exe]
[5460]VCExpress.exe-->advapi32.dll-->RegQueryValueExW, Type: Inline - RelativeJump 0x75ADBCD5-->00000000 [VCExpress.exe]
[5752]explorer.exe-->mswsock.dll+0x00002BBC, Type: Inline - RelativeJump 0x749F2BBC-->00000000 [unknown_code_page]
[5752]explorer.exe-->mswsock.dll+0x000044B1, Type: Inline - RelativeJump 0x749F44B1-->00000000 [unknown_code_page]
[5752]explorer.exe-->mswsock.dll+0x000046B7, Type: Inline - RelativeJump 0x749F46B7-->00000000 [unknown_code_page]
[5752]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x76E76298-->00000000 [unknown_code_page]
[5752]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x76E751C0-->00000000 [unknown_code_page]
[5752]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x76E75D40-->00000000 [unknown_code_page]


Man, you were right about that being long!
Sliktor
Regular Member
 
Posts: 16
Joined: February 28th, 2011, 11:44 pm

Re: Search Engine Redirect

Unread postby Cypher » March 3rd, 2011, 6:23 am

Hi Sliktor.
Unfortunately you have an infected (MBR) Master Boot Record.
The (Master Boot Record) tells your computer what to do when it starts up. Without that information, the computer won't start.
We can try to replace your MBR with a standard one but it is not without risk.
A couple of questions before we begin .
Did you install Windows yourself & if so do you have a Windows 7 installation disk? Or did Windows come pre-installed on the machine? If so you would have been prompted to make a set of Recovery Disks. Do you have those?
Due to the nature of the main infection, if Windows was pre-installed you may no longer have access to the Recovery Partition.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Search Engine Redirect

Unread postby Sliktor » March 3rd, 2011, 7:01 pm

Hello again.

I installed windows 7 on my own and I do have an installation disk. It did not come pre-installed and I do not have any recovery disks.
Sliktor
Regular Member
 
Posts: 16
Joined: February 28th, 2011, 11:44 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 44 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware