Here are the new logs.
DDS (Ver_10-12-12.02) - NTFSx86
Run by Sliktor at 15:55:34.06 on Wed 03/02/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2046.909 [GMT -7:00]
AV: Trend Micro Internet Security Pro *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Internet Security Pro *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Personal Firewall *Enabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\libusbd-nt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\PlatformDependent\ProToolbarComm.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugin-container.exe
C:\Users\Sliktor\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [TrendSecure Remote File Lock] c:\program files\trend micro\trendsecure\remotefilelock\FLMain.exe /lock
uRun: [OE] "c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe"
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} -
hxxp://www.nvidia.com/content/DriverDow ... ab_nvd.cabDPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} -
hxxp://www.nvidia.com/content/DriverDow ... rtScan.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabTCP: {B16E5AE7-A3FC-4605-B4F7-CC32513D576F} = 24.116.2.50,24.116.2.34
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\sliktor\appdata\roaming\mozilla\firefox\profiles\f2n48t6l.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.com/FF - plugin: c:\program files\byond\bin\npbyond.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50917.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npDXStudioPlugin.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\sliktor\appdata\roaming\kalydo\kalydoplayer\npkalydo.dll
FF - plugin: c:\users\sliktor\appdata\roaming\mozilla\plugins\npDXStudioPlugin.DLL
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
============= SERVICES / DRIVERS ===============
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2010-5-15 146448]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2010-9-28 36432]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2010-5-15 283152]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-7-22 180736]
R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2007-8-8 12032]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2010-9-6 33792]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-9-15 6000640]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-9-7 51792]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-3-28 43008]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2010-9-6 58368]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
=============== Created Last 30 ================
2011-03-01 15:32:53 -------- dc----w- c:\users\sliktor\appdata\local\MigWiz
2011-03-01 03:23:24 -------- d-----w- c:\windows\system32\Service
2011-02-24 07:34:47 1242552 ----a-w- c:\windows\system32\NMSDVDXU.dll
2011-02-24 07:34:38 -------- d-----w- c:\program files\Longtion
2011-02-24 07:11:20 -------- d-----w- c:\users\sliktor\appdata\roaming\KS-SW
2011-02-24 07:10:37 -------- d-----w- c:\program files\KS-SW
2011-02-24 07:10:07 -------- d-----w- c:\progra~2\{2E96D8C1-4066-4663-859A-826B03299C56}
2011-02-24 06:56:39 -------- d-----w- C:\My CD Images
2011-02-24 06:56:17 -------- d-----w- c:\program files\7Bear Software
2011-02-21 17:15:40 -------- d-----w- c:\users\sliktor\appdata\local\Aspyr
2011-02-21 17:03:37 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-02-21 16:54:18 -------- d-----w- c:\program files\Aspyr
2011-02-16 17:02:08 73728 ----a-w- c:\windows\system\vdremote.dll
2011-02-16 17:02:08 65536 ----a-w- c:\windows\system\vdsvrlnk.dll
2011-02-11 21:53:54 204288 ----a-w- c:\windows\system32\upnp.dll
2011-02-07 02:07:28 -------- d-----w- c:\users\sliktor\appdata\roaming\Kalydo
2011-02-06 23:25:17 1645320 ----a-w- c:\windows\gdiplus.dll
==================== Find3M ====================
2011-02-02 03:33:07 1890 --sha-w- c:\progra~2\KGyGaAvL.sys
2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys
2010-12-21 05:38:24 73728 ----a-w- c:\windows\system32\wscsvc.dll
2010-12-21 05:38:24 51200 ----a-w- c:\windows\system32\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- c:\windows\system32\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- c:\windows\system32\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- c:\windows\system32\WebClnt.dll
2010-12-21 05:38:16 14336 ----a-w- c:\windows\system32\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- c:\windows\system32\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- c:\windows\system32\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- c:\windows\system32\davclnt.dll
2010-12-18 05:29:40 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 05:29:31 541184 ----a-w- c:\windows\system32\kerberos.dll
2010-12-18 04:20:55 386048 ----a-w- c:\windows\system32\html.iec
2010-12-18 03:47:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-16 19:09:37 111960 ----a-w- c:\windows\dxsdkuninst.exe
=================== ROOTKIT ====================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer,
http://www.gmer.netWindows 6.1.7600 Disk: ST9320421ASG rev.DE12 -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-4
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x862AA735]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x862b0990]; MOV EAX, [0x862b0a0c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x83292448] -> \Device\Harddisk0\DR0[0x8628F250]
3 CLASSPNP[0x8939C59E] -> ntkrnlpa!IofCallDriver[0x83292448] -> [0x85D9D980]
\Driver\atapi[0x86296D28] -> IRP_MJ_CREATE -> 0x862AA735
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP2T0L0-4 -> \??\IDE#DiskST9320421ASG____________________________DE12____#5&2787c923&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
============= FINISH: 15:56:48.52 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 2/24/2010 12:41:05 AM
System Uptime: 2/28/2011 8:22:51 PM (43 hours ago)
Motherboard: Alienware | | m15x
Processor: Intel(R) Core(TM)2 Duo CPU T8100 @ 2.10GHz | U2E1 | 2100/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 298 GiB total, 53.964 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: adfs
Device ID: ROOT\LEGACY_ADFS\0000
Manufacturer:
Name: adfs
PNP Device ID: ROOT\LEGACY_ADFS\0000
Service: adfs
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
7-Zip 4.65
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.5
Aion
Akamai NetSession Interface
AnswerWorks 5.0 English Runtime
Armagetron Advanced 0.2.8.3.1.gcc
Autodesk 3ds Max 2010 32-bit
Autodesk 3ds Max 2010 32-bit Components
Autodesk 3ds Max 2010 Tutorials Files
Autodesk Backburner 2008.1
Autodesk FBX Plugin 2009.4 - 3ds Max 2010
AutoRun Pro Enterprise II version 4.0.0.60
Broadcom Gigabit Integrated Controller
Build Your Own Net Dream (remove only)
Cisco Network Magic
Context Free
ConvertXtoDVD 3.0.0.1
ConvertXtoDVD 4.0.12.327
Deadly Sin
Driver Detective
Driver Sweeper 2.1.0
DX Studio Player v3.2.77
DX Studio v3.0.29
DX Studio v3.2.77
Epson Event Manager
EPSON Scan
EPSON WorkForce 600 Series Printer Uninstall
EpsonNet Config V3
Fraps
GraphicsGale version 1.93.13
Guitar Hero III
ImgBurn
Intel PROSet Wireless
Intel(R) PROSet/Wireless WiFi Software
Java Auto Updater
Java DB 10.5.3.0
Java(TM) 6 Update 21
K-Lite Codec Pack 5.7.0 (Full)
Kalydo Player 3.09.00
L3DT Standard v2.9.0.0 (remove only)
LibUSB-Win32-0.1.10.1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Help Viewer 1.0
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 Express - ENU
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MotioninJoy ds3 driver version 0.5.0000
Mozilla Firefox (3.6.13)
Mozilla Firefox 4.0b12 (x86 en-US)
Mozilla Thunderbird (3.1.
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NCsoft Launcher
Network Magic
NVIDIA 3D Vision Driver 260.99
NVIDIA Control Panel 260.99
NVIDIA Drivers
NVIDIA GAME System Software 2.8.1
NVIDIA Graphics Driver 260.99
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 260.99
NVIDIA Stereoscopic 3D Driver
Pando Media Booster
PowerISO
Project64 1.6
Pure Networks Platform
Quicken 2011
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.57.01
RPG Maker VX
RPG Maker VX RTP
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Service Pack 1 for SQL Server 2008 (KB968369)
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
SwapXT 1.0
System Requirements Lab
Trend Micro Internet Security Pro
TuneUp Utilities 2009
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2410711)
VLC media player 0.9.9
WIDCOMM Bluetooth Software 6.0.1.5100
Winbond CIR Device Drivers
Windows Live Communications Platform
Windows Live Essentials
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
WinRAR archiver
Xfire (remove only)
==== Event Viewer Messages From Past Week ========
2/28/2011 8:24:24 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
2/28/2011 8:23:17 PM, Error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
2/28/2011 8:23:16 PM, Error: Service Control Manager [7023] - The TuneUp Theme Extension service terminated with the following error: The specified procedure could not be found.
2/28/2011 8:22:56 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort2.
2/24/2011 12:17:51 AM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
2/23/2011 11:58:08 PM, Error: Service Control Manager [7000] - The Windows Connect Now - Config Registrar service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
2/23/2011 11:48:57 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
==== End Of File ===========================
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #2
==============================================
>Drivers
==============================================
0x8F431000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 9850880 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 186.03 )
0x90223000 C:\Windows\system32\DRIVERS\netw5v32.sys 6041600 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x83256000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x93A90000 C:\Windows\System32\win32k.sys 2404352 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x92C1B000 C:\Windows\system32\drivers\RTKVHDA.sys 1957888 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0x9BA07000 C:\Windows\system32\DRIVERS\tmwfp.sys 1744896 bytes (Trend Micro Inc., Trend Micro WFP callout Driver (i386-fre))
0x8942B000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x8F20B000 C:\Windows\system32\DRIVERS\vsapint.sys 1327104 bytes (Trend Micro Inc., VsapiNT )
0x89004000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x8E8E9000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8921F000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x838EA000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0x99C09000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x98A7E000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x83817000 C:\Windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x83A1E000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x8E82C000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x89171000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x8E2C1000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8D870000 C:\Windows\system32\DRIVERS\rixdptsk.sys 335872 bytes (REDC, RICOH XD SM Driver)
0x99D42000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
0x9BBB1000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x93D40000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x8F34F000 C:\Windows\system32\DRIVERS\tmxpflt.sys 311296 bytes (Trend Micro Inc., Post Filter For XP)
0x8E9A0000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x83B5F000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x83A9D000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x98A01000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x91AA6000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x838A8000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x8E3BB000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x895AE000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x892D6000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x98B51000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8FD98000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x8321F000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x839C6000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x91A56000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x89366000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x8E28F000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x89574000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8D802000 C:\Windows\system32\DRIVERS\b57nd60x.sys 196608 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS6.0 Driver.)
0x91B0B000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x89339000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x98BBF000 C:\Windows\system32\DRIVERS\tmcomm.sys 184320 bytes (Trend Micro Inc., TrendMicro Common Module)
0x8E800000 C:\Windows\system32\DRIVERS\1394ohci.sys 180224 bytes (Microsoft Corporation, 1394 OpenHCI Driver)
0x89133000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x83AF6000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x91A2E000 C:\Windows\system32\DRIVERS\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x8E341000 C:\Windows\system32\DRIVERS\tmlwf.sys 155648 bytes (Trend Micro Inc., Trend Micro NDIS 6.0 Filter Driver (i386-fre))
0x89398000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x89314000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x91BC7000 C:\Windows\System32\Drivers\usbvideo.sys 147456 bytes (Microsoft Corporation, USB Video Class Driver)
0x839A3000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x98B2E000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8D958000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x99D14000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x8E8B6000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8E20E000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x89200000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8F400000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8E322000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x93D20000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x8D9D6000 C:\Windows\system32\DRIVERS\mcdbus.sys 118784 bytes (MagicISO, Inc., MagicISO SCSI Host Controller)
0x91A0E000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x98B8C000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8F39B000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x98B03000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x92C00000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x8D832000 C:\Windows\system32\DRIVERS\sdbus.sys 102400 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0x8E890000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x99DB8000 C:\Users\Sliktor\AppData\Local\Temp\fxldrfoc.sys 98304 bytes
0x8D8D7000 C:\Windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x8D935000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8D97A000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8D992000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8D9A9000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8E26D000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x91BB0000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x83BBF000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x99DA2000 C:\Windows\system32\DRIVERS\tmactmon.sys 90112 bytes (Trend Micro Inc., TrendMicro Activity Monitor Module)
0x8E388000 C:\Windows\system32\DRIVERS\tmtdi.sys 86016 bytes (Trend Micro Inc., Trend Micro TDI Driver (i386-fre))
0x8D8C2000 C:\Windows\system32\DRIVERS\winbondcir.sys 86016 bytes (Winbond Electronics Corporation, Winbond MCE CIR Port Driver)
0x8D85C000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0x91B49000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x8915E000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x98A6B000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8E375000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8D923000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x8E8D7000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x98B1C000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x89418000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x91B9F000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x83A00000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x91AFA000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x83B2B000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x8388F000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8D84B000 C:\Windows\system32\DRIVERS\rimmptsk.sys 69632 bytes (REDC, RICOH SD/MMC Driver)
0x8F3B5000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x89400000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x98A47000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8E39D000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x83B4F000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x91B3A000 C:\Windows\system32\DRIVERS\hidir.sys 61440 bytes (Microsoft Corporation, Infrared Miniport Driver for Input Devices)
0x99D93000 C:\Windows\system32\DRIVERS\tmevtmgr.sys 61440 bytes (Trend Micro Inc., TrendMicro Event Management Module)
0x8FDDC000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8E8A8000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x91A8A000 C:\Windows\system32\DRIVERS\circlass.sys 57344 bytes (Microsoft Corporation, Consumer IR Class Driver for eHome)
0x91AEA000 C:\Windows\system32\drivers\libusb0.sys 57344 bytes
0x8E367000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8E25F000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x83BB1000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x891CE000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x83995000 C:\Windows\System32\drivers\poqulnn.sys 57344 bytes
0x8E3AD000 C:\Windows\System32\Drivers\SCDEmu.SYS 57344 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive)
0x91A98000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x83A8F000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x8D916000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x91B7D000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8D8EF000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8D8FC000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0x99D35000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8D9F3000 C:\Windows\system32\DRIVERS\tmpreflt.sys 53248 bytes (Trend Micro Inc., Pre-Filter For XP)
0x8E22F000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x891EF000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x91B5C000 C:\Windows\system32\DRIVERS\kbdhid.sys 49152 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x8D9C0000 C:\Windows\System32\Drivers\pcouffin.sys 49152 bytes (VSO Software, low level access layer for CD/DVD/BD devices)
0x893F3000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x83B44000 C:\Windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x91B8A000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x91A00000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x91BEB000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x91B68000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x8E254000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8D94D000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8E284000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8FDD1000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x83B20000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x91B95000 C:\Windows\System32\Drivers\dump_msahci.sys 40960 bytes
0x91B73000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x83BDE000 C:\Windows\system32\DRIVERS\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x891E5000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8E200000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x98A57000 C:\Windows\system32\DRIVERS\pnarp.sys 40960 bytes (Cisco Systems, Inc., Address Resolution Protocol Driver)
0x98A61000 C:\Windows\system32\DRIVERS\purendis.sys 40960 bytes (Cisco Systems, Inc., NDIS Relay Driver)
0x8D9CC000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0x99CA0000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x83BE8000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x83BD5000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x891DC000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x99DD0000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x93CF0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x895A5000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x8D90D000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x83AE5000 C:\Windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x838A0000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x83B3C000 C:\Windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x89410000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x83AEE000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8E23C000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8E244000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x8E24C000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x895ED000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x893EC000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x92DF9000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x83BAA000 C:\Windows\system32\DRIVERS\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x9BA00000 C:\Users\Sliktor\AppData\Local\Temp\mbr.sys 28672 bytes
0x893E5000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8E31B000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x8D909000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x86602000 C:\Windows\system32\kdcom.dll 12288 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x91A0B000 C:\Windows\system32\drivers\Lachesis.sys 12288 bytes (Razer (Asia-Pacific) Pte Ltd, Lachesis USB Optical Mouse Driver)
0x8FD96000 C:\Windows\system32\DRIVERS\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 186.03 )
0x91A54000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x91AF8000 C:\Windows\system32\drivers\usbd.sys 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x10000000 Hidden Image-->UfSeAgnt.exe.mui [ EPROCESS 0x868CD8C8 ] PID: 3552, 114688 bytes
0x99CD4F2E Unknown thread object [ ETHREAD 0x8893CD48 ] , 600 bytes
==============================================
>Files
==============================================
!-->[Hidden] C:\Client\Client\~Absence\~Absence.opensdf
!-->[Hidden] C:\Client\Client\~Absence\~Absence\Debug\link.5944.read.1.tlog
!-->[Hidden] C:\Client\Client\~Absence\~Absence\Debug\link.5944.write.1.tlog
!-->[Hidden] C:\Program Files\Common Files\Akamai\Logs\debug.log.110302_233823.sent
!-->[Hidden] C:\Program Files\Trend Micro\BM\TMBMSRV.exe::$DATA
!-->[Hidden] C:\Program Files\Trend Micro\Internet Security\detect.s::$DATA
!-->[Hidden] C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe::$DATA
!-->[Hidden] C:\Program Files\Trend Micro\Internet Security\Temp\tmfbe\.inuse::$DATA
!-->[Hidden] C:\Program Files\Trend Micro\Internet Security\TmPfw.exe::$DATA
!-->[Hidden] C:\Program Files\Trend Micro\Internet Security\TmProxy.exe::$DATA
!-->[Hidden] C:\Program Files\Trend Micro\Internet Security\UfNavi.exe::$DATA
!-->[Hidden] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe::$DATA
!-->[Hidden] C:\Program Files\Trend Micro\Internet Security\UfUpdUi.exe::$DATA
!-->[Hidden] C:\Program Files\Trend Micro\Internet Security\update.s::$DATA
!-->[Hidden] C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe::$DATA
!-->[Hidden] C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe::$DATA
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_72D7BA91.exe_a33537eb98e2ee9ad251b2a1e41225bdb2eb23e_cab_1c0754a6\Report.wer
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_72D7BA91.exe_a33537eb98e2ee9ad251b2a1e41225bdb2eb23e_cab_1c0754a6\WER517B.tmp.appcompat.txt
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_72D7BA91.exe_a33537eb98e2ee9ad251b2a1e41225bdb2eb23e_cab_1c0754a6\WER5276.tmp.WERInternalMetadata.xml
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_72D7BA91.exe_a33537eb98e2ee9ad251b2a1e41225bdb2eb23e_cab_1c0754a6\WER5296.tmp.hdmp
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_72D7BA91.exe_a33537eb98e2ee9ad251b2a1e41225bdb2eb23e_cab_1c0754a6\WER542C.tmp.mdmp
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SfCtlCom.exe_2f6257ac7eaec1b91effe6aa540aab2caf3f827_cab_0b7c34d7\Report.wer
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SfCtlCom.exe_2f6257ac7eaec1b91effe6aa540aab2caf3f827_cab_0b7c34d7\WER30B5.tmp.mdmp
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SfCtlCom.exe_2f6257ac7eaec1b91effe6aa540aab2caf3f827_cab_0b7c34d7\WER955D.tmp.appcompat.txt
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SfCtlCom.exe_2f6257ac7eaec1b91effe6aa540aab2caf3f827_cab_0b7c34d7\WERDB34.tmp.WERInternalMetadata.xml
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SfCtlCom.exe_2f6257ac7eaec1b91effe6aa540aab2caf3f827_cab_0b7c34d7\WERDB64.tmp.hdmp
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_7.3.7600.16385_83d89db3bee8694b325a46ad46dd6fefb24c93ab_02270012\Report.wer
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_7.3.7600.16385_83d89db3bee8694b325a46ad46dd6fefb24c93ab_02e74b24\Report.wer
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_7.3.7600.16385_83d89db3bee8694b325a46ad46dd6fefb24c93ab_0c666894\Report.wer
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_7.3.7600.16385_83d89db3bee8694b325a46ad46dd6fefb24c93ab_0d17e418\Report.wer
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_7.3.7600.16385_83d89db3bee8694b325a46ad46dd6fefb24c93ab_0de6560d\Report.wer
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_7.3.7600.16385_83d89db3bee8694b325a46ad46dd6fefb24c93ab_0f4b7c04\Report.wer
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_7.3.7600.16385_83d89db3bee8694b325a46ad46dd6fefb24c93ab_18edae97\Report.wer
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_7.3.7600.16385_83d89db3bee8694b325a46ad46dd6fefb24c93ab_19241324\Report.wer
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_7.3.7600.16385_83d89db3bee8694b325a46ad46dd6fefb24c93ab_1a651758\Report.wer
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_7.3.7600.16385_83d89db3bee8694b325a46ad46dd6fefb24c93ab_1b787c90\Report.wer
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_7.3.7600.16385_83d89db3bee8694b325a46ad46dd6fefb24c93ab_1b92e2b2\Report.wer
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_7.3.7600.16385_83d89db3bee8694b325a46ad46dd6fefb24c93ab_1f094451\Report.wer
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_7.3.7600.16385_83d89db3bee8694b325a46ad46dd6fefb24c93ab_1f1cb6e1\Report.wer
!-->[Hidden] C:\Users\Sliktor\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_~Absence.exe_6e724aadee2e8d82d34683b523949ba7cdb14c_1c15317d\Report.wer
!-->[Hidden] C:\Users\Sliktor\AppData\Local\Mozilla\Firefox\Profiles\f2n48t6l.default\Cache\0\C0\8BAD9d01
!-->[Hidden] C:\Users\Sliktor\AppData\Local\Mozilla\Firefox\Profiles\f2n48t6l.default\Cache\1\4E\00369d01
!-->[Hidden] C:\Users\Sliktor\AppData\Local\Mozilla\Firefox\Profiles\f2n48t6l.default\Cache\1\8B\84303d01
!-->[Hidden] C:\Users\Sliktor\AppData\Local\Mozilla\Firefox\Profiles\f2n48t6l.default\Cache\4\1C\73E2Bd01
!-->[Hidden] C:\Users\Sliktor\AppData\Local\Mozilla\Firefox\Profiles\f2n48t6l.default\Cache\6\A3\CE09Fd01
!-->[Hidden] C:\Users\Sliktor\AppData\Local\Mozilla\Firefox\Profiles\f2n48t6l.default\Cache\6\DB\862D2d01
!-->[Hidden] C:\Users\Sliktor\AppData\Local\Mozilla\Firefox\Profiles\f2n48t6l.default\Cache\7\AC\BB7C3d01
!-->[Hidden] C:\Users\Sliktor\AppData\Local\Mozilla\Firefox\Profiles\f2n48t6l.default\Cache\8\35\2379Fd01
!-->[Hidden] C:\Users\Sliktor\AppData\Local\Mozilla\Firefox\Profiles\f2n48t6l.default\Cache\9\BC\7206Ed01
!-->[Hidden] C:\Users\Sliktor\AppData\Local\Mozilla\Firefox\Profiles\f2n48t6l.default\Cache\A\9F\032F9d01
!-->[Hidden] C:\Users\Sliktor\AppData\Local\Mozilla\Firefox\Profiles\f2n48t6l.default\Cache\A\D4\DF55Dd01
!-->[Hidden] C:\Users\Sliktor\AppData\Local\Mozilla\Firefox\Profiles\f2n48t6l.default\Cache\B\68\101CAd01
!-->[Hidden] C:\Users\Sliktor\AppData\Local\Mozilla\Firefox\Profiles\f2n48t6l.default\Cache\C\C2\08DC5d01
!-->[Hidden] C:\Users\Sliktor\AppData\Local\Mozilla\Firefox\Profiles\f2n48t6l.default\Cache\D\0E\CDFE8d01
!-->[Hidden] C:\Users\Sliktor\AppData\Local\Mozilla\Firefox\Profiles\f2n48t6l.default\Cache\D\60\3C0C2d01
!-->[Hidden] C:\Users\Sliktor\AppData\Local\Mozilla\Firefox\Profiles\f2n48t6l.default\Cache\D\87\F75D7d01
!-->[Hidden] C:\Users\Sliktor\AppData\Local\Mozilla\Firefox\Profiles\f2n48t6l.default\Cache\D\C1\F5EF9d01
!-->[Hidden] C:\Users\Sliktor\AppData\Local\Mozilla\Firefox\Profiles\f2n48t6l.default\Cache\F\5C\CA095d01
!-->[Hidden] C:\Users\Sliktor\AppData\Local\Temp\edgE5A8.tmp
!-->[Hidden] C:\Users\Sliktor\AppData\Roaming\Microsoft\VCExpress\10.0\AutoRecoverDat\5460.dat
!-->[Hidden] C:\Users\Sliktor\AppData\Roaming\Microsoft\VCExpress\10.0\AutoRecoverDat\5460.suodat
!-->[Hidden] C:\Users\Sliktor\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\a0d547eb728e7690.customDestinations-ms~RF98f5f21.TMP
!-->[Hidden] C:\Users\Sliktor\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\a0d547eb728e7690.customDestinations-ms~RF99c30b2.TMP
!-->[Hidden] C:\Users\Sliktor\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\KUWKQR8KFXE02Y7BTCY7.temp
!-->[Hidden] C:\Windows\Prefetch\EXCEL.EXE-C6BEF51C.pf
!-->[Hidden] C:\Windows\Prefetch\MSBUILD.EXE-5BDC72E1.pf
!-->[Hidden] C:\Windows\Prefetch\MSPDBSRV.EXE-10AE4182.pf
!-->[Hidden] C:\Windows\Prefetch\WERFAULT.EXE-E69F695A.pf
!-->[Hidden] C:\Windows\System32\drivers\tmactmon.sys::$DATA
!-->[Hidden] C:\Windows\System32\drivers\tmcomm.sys::$DATA
!-->[Hidden] C:\Windows\System32\drivers\tmevtmgr.sys::$DATA
!-->[Hidden] C:\Windows\System32\Interactive\02032011_TIS17_PccScan_S-1-5-21-2837653202-1832965304-623251185-1001.log
==============================================
>Hooks
==============================================
ntkrnlpa.exe-->AlpcGetHeaderSize, Type: EAT modification 0x835A61A0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->AlpcGetMessageAttribute, Type: EAT modification 0x835A61A4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->AlpcInitializeMessageAttribute, Type: EAT modification 0x835A61A8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->atoi, Type: EAT modification 0x835A8124-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->atol, Type: EAT modification 0x835A8128-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->bsearch, Type: EAT modification 0x835A812C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcCanIWrite, Type: EAT modification 0x835A61AC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcCoherencyFlushAndPurgeCache, Type: EAT modification 0x835A61B0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcCopyRead, Type: EAT modification 0x835A61B4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcCopyWrite, Type: EAT modification 0x835A61B8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcCopyWriteWontFlush, Type: EAT modification 0x835A61BC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcDeferWrite, Type: EAT modification 0x835A61C0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcFastCopyRead, Type: EAT modification 0x835A61C4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcFastCopyWrite, Type: EAT modification 0x835A61C8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcFastMdlReadWait, Type: EAT modification 0x835A61CC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcFlushCache, Type: EAT modification 0x835A61D0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcGetDirtyPages, Type: EAT modification 0x835A61D4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcGetFileObjectFromBcb, Type: EAT modification 0x835A61D8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcGetFileObjectFromSectionPtrs, Type: EAT modification 0x835A61DC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcGetFileObjectFromSectionPtrsRef, Type: EAT modification 0x835A61E0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcGetFlushedValidData, Type: EAT modification 0x835A61E4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcGetLsnForFileObject, Type: EAT modification 0x835A61E8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcInitializeCacheMap, Type: EAT modification 0x835A61EC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcIsThereDirtyData, Type: EAT modification 0x835A61F0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcIsThereDirtyDataEx, Type: EAT modification 0x835A61F4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcMapData, Type: EAT modification 0x835A61F8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcMdlRead, Type: EAT modification 0x835A61FC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcMdlReadComplete, Type: EAT modification 0x835A6200-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcMdlWriteAbort, Type: EAT modification 0x835A6204-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcMdlWriteComplete, Type: EAT modification 0x835A6208-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcPinMappedData, Type: EAT modification 0x835A620C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcPinRead, Type: EAT modification 0x835A6210-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcPrepareMdlWrite, Type: EAT modification 0x835A6214-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcPreparePinWrite, Type: EAT modification 0x835A6218-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcPurgeCacheSection, Type: EAT modification 0x835A621C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcRemapBcb, Type: EAT modification 0x835A6220-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcRepinBcb, Type: EAT modification 0x835A6224-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcScheduleReadAhead, Type: EAT modification 0x835A6228-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcSetAdditionalCacheAttributes, Type: EAT modification 0x835A622C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcSetBcbOwnerPointer, Type: EAT modification 0x835A6230-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcSetDirtyPageThreshold, Type: EAT modification 0x835A6234-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcSetDirtyPinnedData, Type: EAT modification 0x835A6238-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcSetFileSizes, Type: EAT modification 0x835A623C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcSetFileSizesEx, Type: EAT modification 0x835A6240-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcSetLogHandleForFile, Type: EAT modification 0x835A6244-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcSetParallelFlushFile, Type: EAT modification 0x835A6248-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcSetReadAheadGranularity, Type: EAT modification 0x835A624C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcTestControl, Type: EAT modification 0x835A6250-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcUninitializeCacheMap, Type: EAT modification 0x835A6254-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcUnpinData, Type: EAT modification 0x835A6258-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcUnpinDataForThread, Type: EAT modification 0x835A625C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcUnpinRepinnedBcb, Type: EAT modification 0x835A6260-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcWaitForCurrentLazyWriterActivity, Type: EAT modification 0x835A6264-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CcZeroData, Type: EAT modification 0x835A6268-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CmCallbackGetKeyObjectID, Type: EAT modification 0x835A626C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CmGetBoundTransaction, Type: EAT modification 0x835A6270-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CmGetCallbackVersion, Type: EAT modification 0x835A6274-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CmKeyObjectType, Type: EAT modification 0x835A6278-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CmRegisterCallback, Type: EAT modification 0x835A627C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CmRegisterCallbackEx, Type: EAT modification 0x835A6280-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CmSetCallbackObjectContext, Type: EAT modification 0x835A6284-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->CmUnRegisterCallback, Type: EAT modification 0x835A6288-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->DbgBreakPoint, Type: EAT modification 0x835A628C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->DbgBreakPointWithStatus, Type: EAT modification 0x835A6290-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->DbgCommandString, Type: EAT modification 0x835A6294-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->DbgkLkmdRegisterCallback, Type: EAT modification 0x835A62B8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->DbgkLkmdUnregisterCallback, Type: EAT modification 0x835A62BC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->DbgLoadImageSymbols, Type: EAT modification 0x835A6298-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->DbgPrint, Type: EAT modification 0x835A629C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->DbgPrintEx, Type: EAT modification 0x835A62A0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->DbgPrintReturnControlC, Type: EAT modification 0x835A62A4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->DbgPrompt, Type: EAT modification 0x835A62A8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->DbgQueryDebugFilterState, Type: EAT modification 0x835A62AC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->DbgSetDebugFilterState, Type: EAT modification 0x835A62B0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->DbgSetDebugPrintCallback, Type: EAT modification 0x835A62B4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EmClientQueryRuleState, Type: EAT modification 0x835A62C0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EmClientRuleDeregisterNotification, Type: EAT modification 0x835A62C4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EmClientRuleEvaluate, Type: EAT modification 0x835A62C8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EmClientRuleRegisterNotification, Type: EAT modification 0x835A62CC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EmpProviderRegister, Type: EAT modification 0x835A62E0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EmProviderDeregister, Type: EAT modification 0x835A62D0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EmProviderDeregisterEntry, Type: EAT modification 0x835A62D4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EmProviderRegister, Type: EAT modification 0x835A62D8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EmProviderRegisterEntry, Type: EAT modification 0x835A62DC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EtwActivityIdControl, Type: EAT modification 0x835A62E4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EtwEnableTrace, Type: EAT modification 0x835A62E8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EtwEventEnabled, Type: EAT modification 0x835A62EC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EtwProviderEnabled, Type: EAT modification 0x835A62F0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EtwRegister, Type: EAT modification 0x835A62F4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EtwRegisterClassicProvider, Type: EAT modification 0x835A62F8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EtwSendTraceBuffer, Type: EAT modification 0x835A62FC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EtwUnregister, Type: EAT modification 0x835A6300-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EtwWrite, Type: EAT modification 0x835A6304-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EtwWriteEndScenario, Type: EAT modification 0x835A6308-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EtwWriteEx, Type: EAT modification 0x835A630C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EtwWriteStartScenario, Type: EAT modification 0x835A6310-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EtwWriteString, Type: EAT modification 0x835A6314-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->EtwWriteTransfer, Type: EAT modification 0x835A6318-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAcquireCacheAwarePushLockExclusive, Type: EAT modification 0x835A631C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAcquireFastMutexUnsafe, Type: EAT modification 0x835A6028-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAcquireResourceExclusiveLite, Type: EAT modification 0x835A6320-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAcquireResourceSharedLite, Type: EAT modification 0x835A6324-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAcquireRundownProtection, Type: EAT modification 0x835A602C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAcquireRundownProtectionCacheAware, Type: EAT modification 0x835A6030-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAcquireRundownProtectionCacheAwareEx, Type: EAT modification 0x835A6034-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAcquireRundownProtectionEx, Type: EAT modification 0x835A6038-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAcquireSharedStarveExclusive, Type: EAT modification 0x835A6328-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAcquireSharedWaitForExclusive, Type: EAT modification 0x835A632C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAcquireSpinLockExclusive, Type: EAT modification 0x835A6330-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAcquireSpinLockExclusiveAtDpcLevel, Type: EAT modification 0x835A6334-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAcquireSpinLockShared, Type: EAT modification 0x835A6338-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAcquireSpinLockSharedAtDpcLevel, Type: EAT modification 0x835A633C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAllocateCacheAwarePushLock, Type: EAT modification 0x835A6340-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAllocateCacheAwareRundownProtection, Type: EAT modification 0x835A6344-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAllocateFromPagedLookasideList, Type: EAT modification 0x835A6348-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAllocatePool, Type: EAT modification 0x835A634C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAllocatePoolWithQuota, Type: EAT modification 0x835A6350-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAllocatePoolWithQuotaTag, Type: EAT modification 0x835A6354-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAllocatePoolWithTag, Type: EAT modification 0x835A6358-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExAllocatePoolWithTagPriority, Type: EAT modification 0x835A635C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExConvertExclusiveToSharedLite, Type: EAT modification 0x835A6360-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExCreateCallback, Type: EAT modification 0x835A6364-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExDeleteLookasideListEx, Type: EAT modification 0x835A6368-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExDeleteNPagedLookasideList, Type: EAT modification 0x835A636C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExDeletePagedLookasideList, Type: EAT modification 0x835A6370-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExDeleteResourceLite, Type: EAT modification 0x835A6374-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExDesktopObjectType, Type: EAT modification 0x835A6378-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExDisableResourceBoostLite, Type: EAT modification 0x835A637C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExEnterCriticalRegionAndAcquireFastMutexUnsafe, Type: EAT modification 0x835A603C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExEnterCriticalRegionAndAcquireResourceExclusive, Type: EAT modification 0x835A6380-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExEnterCriticalRegionAndAcquireResourceShared, Type: EAT modification 0x835A6384-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExEnterCriticalRegionAndAcquireSharedWaitForExclusive, Type: EAT modification 0x835A6388-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExEnterPriorityRegionAndAcquireResourceExclusive, Type: EAT modification 0x835A638C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExEnterPriorityRegionAndAcquireResourceShared, Type: EAT modification 0x835A6390-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExEnumHandleTable, Type: EAT modification 0x835A6394-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExEventObjectType, Type: EAT modification 0x835A6398-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExExtendZone, Type: EAT modification 0x835A639C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfAcquirePushLockExclusive, Type: EAT modification 0x835A6094-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfAcquirePushLockShared, Type: EAT modification 0x835A6098-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExFetchLicenseData, Type: EAT modification 0x835A63A0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->Exfi386InterlockedDecrementLong, Type: EAT modification 0x835A60D0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->Exfi386InterlockedExchangeUlong, Type: EAT modification 0x835A60D4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->Exfi386InterlockedIncrementLong, Type: EAT modification 0x835A60D8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfInterlockedAddUlong, Type: EAT modification 0x835A609C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfInterlockedCompareExchange64, Type: EAT modification 0x835A60A0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfInterlockedInsertHeadList, Type: EAT modification 0x835A60A4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfInterlockedInsertTailList, Type: EAT modification 0x835A60A8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfInterlockedPopEntryList, Type: EAT modification 0x835A60AC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfInterlockedPushEntryList, Type: EAT modification 0x835A60B0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfInterlockedRemoveHeadList, Type: EAT modification 0x835A60B4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExFlushLookasideListEx, Type: EAT modification 0x835A63A4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExFreeCacheAwarePushLock, Type: EAT modification 0x835A63A8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExFreeCacheAwareRundownProtection, Type: EAT modification 0x835A63AC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExFreePool, Type: EAT modification 0x835A63B0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExFreePoolWithTag, Type: EAT modification 0x835A63B4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExFreeToPagedLookasideList, Type: EAT modification 0x835A63B8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfReleasePushLock, Type: EAT modification 0x835A60B8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfReleasePushLockExclusive, Type: EAT modification 0x835A60BC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfReleasePushLockShared, Type: EAT modification 0x835A60C0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfTryAcquirePushLockShared, Type: EAT modification 0x835A60C4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfTryToWakePushLock, Type: EAT modification 0x835A60C8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExfUnblockPushLock, Type: EAT modification 0x835A60CC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExGetCurrentProcessorCounts, Type: EAT modification 0x835A63BC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExGetCurrentProcessorCpuUsage, Type: EAT modification 0x835A63C0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExGetExclusiveWaiterCount, Type: EAT modification 0x835A63C4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExGetLicenseTamperState, Type: EAT modification 0x835A63C8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExGetPreviousMode, Type: EAT modification 0x835A63CC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExGetSharedWaiterCount, Type: EAT modification 0x835A63D0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->Exi386InterlockedDecrementLong, Type: EAT modification 0x835A64B8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->Exi386InterlockedExchangeUlong, Type: EAT modification 0x835A64BC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->Exi386InterlockedIncrementLong, Type: EAT modification 0x835A64C0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExiAcquireFastMutex, Type: EAT modification 0x835A60DC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInitializeLookasideListEx, Type: EAT modification 0x835A63D4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInitializeNPagedLookasideList, Type: EAT modification 0x835A63D8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInitializePagedLookasideList, Type: EAT modification 0x835A63DC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInitializePushLock, Type: EAT modification 0x835A63E0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInitializeResourceLite, Type: EAT modification 0x835A63E4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInitializeRundownProtection, Type: EAT modification 0x835A6040-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInitializeRundownProtectionCacheAware, Type: EAT modification 0x835A63E8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInitializeZone, Type: EAT modification 0x835A63EC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedAddLargeInteger, Type: EAT modification 0x835A63F0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedAddLargeStatistic, Type: EAT modification 0x835A6044-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedAddUlong, Type: EAT modification 0x835A63F4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedCompareExchange64, Type: EAT modification 0x835A6048-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedDecrementLong, Type: EAT modification 0x835A63F8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedExchangeUlong, Type: EAT modification 0x835A63FC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedExtendZone, Type: EAT modification 0x835A6400-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedFlushSList, Type: EAT modification 0x835A604C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedIncrementLong, Type: EAT modification 0x835A6404-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedInsertHeadList, Type: EAT modification 0x835A6408-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedInsertTailList, Type: EAT modification 0x835A640C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedPopEntryList, Type: EAT modification 0x835A6410-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedPopEntrySList, Type: EAT modification 0x835A6050-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedPushEntryList, Type: EAT modification 0x835A6414-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedPushEntrySList, Type: EAT modification 0x835A6054-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExInterlockedRemoveHeadList, Type: EAT modification 0x835A6418-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExiReleaseFastMutex, Type: EAT modification 0x835A60E0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExIsProcessorFeaturePresent, Type: EAT modification 0x835A641C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExIsResourceAcquiredExclusiveLite, Type: EAT modification 0x835A6420-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExIsResourceAcquiredSharedLite, Type: EAT modification 0x835A6424-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExiTryToAcquireFastMutex, Type: EAT modification 0x835A60E4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExLocalTimeToSystemTime, Type: EAT modification 0x835A6428-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExNotifyCallback, Type: EAT modification 0x835A642C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExQueryAttributeInformation, Type: EAT modification 0x835A6430-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExQueryPoolBlockSize, Type: EAT modification 0x835A6434-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExQueueWorkItem, Type: EAT modification 0x835A6438-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExRaiseAccessViolation, Type: EAT modification 0x835A643C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExRaiseDatatypeMisalignment, Type: EAT modification 0x835A6440-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExRaiseException, Type: EAT modification 0x835A6444-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExRaiseHardError, Type: EAT modification 0x835A6448-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExRaiseStatus, Type: EAT modification 0x835A644C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExRegisterAttributeInformationCallback, Type: EAT modification 0x835A6450-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExRegisterCallback, Type: EAT modification 0x835A6454-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExRegisterExtension, Type: EAT modification 0x835A6458-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReinitializeResourceLite, Type: EAT modification 0x835A645C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReInitializeRundownProtection, Type: EAT modification 0x835A6058-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReInitializeRundownProtectionCacheAware, Type: EAT modification 0x835A605C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReleaseCacheAwarePushLockExclusive, Type: EAT modification 0x835A6460-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReleaseFastMutexUnsafe, Type: EAT modification 0x835A6060-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReleaseFastMutexUnsafeAndLeaveCriticalRegion, Type: EAT modification 0x835A6064-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReleaseResourceAndLeaveCriticalRegion, Type: EAT modification 0x835A6068-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReleaseResourceAndLeavePriorityRegion, Type: EAT modification 0x835A606C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReleaseResourceForThreadLite, Type: EAT modification 0x835A6464-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReleaseResourceLite, Type: EAT modification 0x835A6070-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReleaseRundownProtection, Type: EAT modification 0x835A6074-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReleaseRundownProtectionCacheAware, Type: EAT modification 0x835A6078-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReleaseRundownProtectionCacheAwareEx, Type: EAT modification 0x835A607C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReleaseRundownProtectionEx, Type: EAT modification 0x835A6080-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReleaseSpinLockExclusive, Type: EAT modification 0x835A6468-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReleaseSpinLockExclusiveFromDpcLevel, Type: EAT modification 0x835A646C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReleaseSpinLockShared, Type: EAT modification 0x835A6470-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExReleaseSpinLockSharedFromDpcLevel, Type: EAT modification 0x835A6474-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExRundownCompleted, Type: EAT modification 0x835A6084-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExRundownCompletedCacheAware, Type: EAT modification 0x835A6088-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExSemaphoreObjectType, Type: EAT modification 0x835A6478-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExSetLicenseTamperState, Type: EAT modification 0x835A647C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExSetResourceOwnerPointer, Type: EAT modification 0x835A6480-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExSetResourceOwnerPointerEx, Type: EAT modification 0x835A6484-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExSetTimerResolution, Type: EAT modification 0x835A6488-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExSizeOfRundownProtectionCacheAware, Type: EAT modification 0x835A648C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExSystemExceptionFilter, Type: EAT modification 0x835A6490-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExSystemTimeToLocalTime, Type: EAT modification 0x835A6494-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExTryConvertSharedSpinLockExclusive, Type: EAT modification 0x835A6498-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExUnregisterAttributeInformationCallback, Type: EAT modification 0x835A649C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExUnregisterCallback, Type: EAT modification 0x835A64A0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExUnregisterExtension, Type: EAT modification 0x835A64A4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExUpdateLicenseData, Type: EAT modification 0x835A64A8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExUuidCreate, Type: EAT modification 0x835A64AC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExVerifySuite, Type: EAT modification 0x835A64B0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExWaitForRundownProtectionRelease, Type: EAT modification 0x835A608C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExWaitForRundownProtectionReleaseCacheAware, Type: EAT modification 0x835A6090-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->ExWindowStationObjectType, Type: EAT modification 0x835A64B4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FirstEntrySList, Type: EAT modification 0x835A64C4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlAcknowledgeEcp, Type: EAT modification 0x835A64C8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlAcquireFileExclusive, Type: EAT modification 0x835A64CC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlAddBaseMcbEntry, Type: EAT modification 0x835A64D0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlAddBaseMcbEntryEx, Type: EAT modification 0x835A64D4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlAddLargeMcbEntry, Type: EAT modification 0x835A64D8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlAddMcbEntry, Type: EAT modification 0x835A64DC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlAddToTunnelCache, Type: EAT modification 0x835A64E0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlAllocateExtraCreateParameter, Type: EAT modification 0x835A64E4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlAllocateExtraCreateParameterFromLookasideList, Type: EAT modification 0x835A64E8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlAllocateExtraCreateParameterList, Type: EAT modification 0x835A64EC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlAllocateFileLock, Type: EAT modification 0x835A64F0-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlAllocatePool, Type: EAT modification 0x835A64F4-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlAllocatePoolWithQuota, Type: EAT modification 0x835A64F8-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlAllocatePoolWithQuotaTag, Type: EAT modification 0x835A64FC-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlAllocatePoolWithTag, Type: EAT modification 0x835A6500-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlAllocateResource, Type: EAT modification 0x835A6504-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlAreNamesEqual, Type: EAT modification 0x835A6508-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlAreThereCurrentOrInProgressFileLocks, Type: EAT modification 0x835A650C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlAreVolumeStartupApplicationsComplete, Type: EAT modification 0x835A6510-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlBalanceReads, Type: EAT modification 0x835A6514-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlCancellableWaitForMultipleObjects, Type: EAT modification 0x835A6518-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlCancellableWaitForSingleObject, Type: EAT modification 0x835A651C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlChangeBackingFileObject, Type: EAT modification 0x835A6520-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlCheckLockForReadAccess, Type: EAT modification 0x835A6524-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlCheckLockForWriteAccess, Type: EAT modification 0x835A6528-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlCheckOplock, Type: EAT modification 0x835A652C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlCheckOplockEx, Type: EAT modification 0x835A6530-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlCopyRead, Type: EAT modification 0x835A6534-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlCopyWrite, Type: EAT modification 0x835A6538-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlCreateSectionForDataScan, Type: EAT modification 0x835A653C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlCurrentBatchOplock, Type: EAT modification 0x835A6540-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlCurrentOplock, Type: EAT modification 0x835A6544-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlCurrentOplockH, Type: EAT modification 0x835A6548-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlDeleteExtraCreateParameterLookasideList, Type: EAT modification 0x835A654C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlDeleteKeyFromTunnelCache, Type: EAT modification 0x835A6550-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlDeleteTunnelCache, Type: EAT modification 0x835A6554-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlDeregisterUncProvider, Type: EAT modification 0x835A6558-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlDissectDbcs, Type: EAT modification 0x835A655C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlDissectName, Type: EAT modification 0x835A6560-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlDoesDbcsContainWildCards, Type: EAT modification 0x835A6564-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlDoesNameContainWildCards, Type: EAT modification 0x835A6568-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlFastCheckLockForRead, Type: EAT modification 0x835A656C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlFastCheckLockForWrite, Type: EAT modification 0x835A6570-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlFastUnlockAll, Type: EAT modification 0x835A6574-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlFastUnlockAllByKey, Type: EAT modification 0x835A6578-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlFastUnlockSingle, Type: EAT modification 0x835A657C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlFindExtraCreateParameter, Type: EAT modification 0x835A6580-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlFindInTunnelCache, Type: EAT modification 0x835A6584-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlFreeExtraCreateParameter, Type: EAT modification 0x835A6588-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlFreeExtraCreateParameterList, Type: EAT modification 0x835A658C-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlFreeFileLock, Type: EAT modification 0x835A6590-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlGetEcpListFromIrp, Type: EAT modification 0x835A6594-->83256000 [ntkrnlpa.exe]
ntkrnlpa.exe-->FsRtlGetFileSize, Type: EAT modification 0x835A6598-->83256000 [ntkrnlpa.exe]