Jump to content

Rootkit.agent removal help


Recommended Posts

Left my laptop running for 30 or so mins when i left it to cook dinner, came back and was flooded with spy/malware.

Managed to removed 99% of it all but i have a really difficult problem getting rid of a few .sys files in C:\win32\drivers.

Can no longer connect to the internet either. keep getting the "windows has performed a critical problem. restart in 1 min" spiel everytime i plug in my ethernet cable.

any help with removing this pest would be greatly appreciated

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4493

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

2/09/2010 12:56:49 AM

mbam-log-2010-09-02 (00-56-49).txt

Scan type: Quick scan

Objects scanned: 148407

Time elapsed: 8 minute(s), 3 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\windows\system32\Drivers\wnxggco.sys (Rootkit.Agent) -> No action taken.

---------------------------

DDS (Ver_10-03-17.01) - NTFSx86

Run by Pacey at 0:58:21.44 on Thu 02/09/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.1790.836 [GMT 10:00]

============== Running Processes ===============

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\system32\atiesrxx.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\atieclxx.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe

C:\windows\system32\svchost.exe -k hpdevmgmt

c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\windows\System32\svchost.exe -k HPZ12

C:\windows\System32\svchost.exe -k HPZ12

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\TOSHIBA\TECO\TecoService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\windows\system32\wbem\unsecapp.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\SearchIndexer.exe

C:\windows\system32\svchost.exe -k HPService

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\TOSHIBA\Utilities\KeNotify.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Program Files\TOSHIBA\TECO\TEco.exe

C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe

C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

C:\Program Files\iPod\bin\iPodService.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\windows\system32\taskeng.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Program Files\LSI SoftModem\agrsmsvc.exe

C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe

C:\windows\System32\svchost.exe -k secsvcs

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\servicing\TrustedInstaller.exe

C:\windows\system32\wuauclt.exe

C:\windows\System32\spoolsv.exe

C:\Windows\system32\WUDFHost.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\Users\Pacey\Desktop\dds.scr

C:\windows\system32\conhost.exe

C:\windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSAU&bmod=TSAU

BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll

TB: RAW Thumbnail Viewer: {f301665a-12f8-4331-804a-5bcbd379668c} - c:\progra~1\arcsoft\rawthu~1\EXIFToolBar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll

uRun: [steam] "c:\program files\steam\steam.exe" -silent

mRun: [sVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL

mRun: [HWSetup] "c:\program files\toshiba\utilities\HWSetup.exe" hwSetUP

mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe

mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

mRun: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

mRun: [smartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe

mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60

mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r

mRun: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe

mRun: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe

mRun: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab

DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB

DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab?1271334819154

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-au.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\pacey\appdata\roaming\mozilla\firefox\profiles\bkwfx5sn.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/WORLD/

FF - component: c:\program files\arcsoft\raw thumbnail viewer\firefox extension\components\FirefoxMenu.dll

---- FIREFOX POLICIES ----

FF - user.js: search.clsid - {138E5B46-43A1-4677-9531-1CEE383B713D}

FF - user.js: search.sid - 15101055100

FF - user.js: extensions.newAddons - falsec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-8-28 64288]

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-8-30 217032]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-3-12 176128]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-8-30 112592]

R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-11 185712]

R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-11 46448]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1355416]

R2 RSELSVC;TOSHIBA Modem region select service;c:\program files\toshiba\rselect\RSelSvc.exe [2009-7-8 62832]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-8-12 185712]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-20 12920]

R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2010-3-12 24064]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-3-12 167936]

R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-3-12 51512]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-4 111960]

R3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-8-7 685424]

S2 gupdate1cac112b270ae5f;Google Update Service (gupdate1cac112b270ae5f);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15008]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 Media Jukebox 14 Service;Media Jukebox 14 Service;c:\program files\j river\media jukebox 14\jrservice.exe --> c:\program files\j river\media jukebox 14\JRService.exe [?]

S3 rcmirror;rcmirror;c:\windows\system32\drivers\rcmirror.sys [2010-1-18 3200]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-3-12 171520]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-8-30 366840]

S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-8-30 1142224]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-18 1343400]

=============== Created Last 30 ================

2010-08-30 19:58:12 0 d-sh--w- C:\$RECYCLE.BIN

2010-08-30 17:03:27 0 d-----w- C:\Device

2010-08-30 15:13:52 98816 ----a-w- c:\windows\sed.exe

2010-08-30 15:13:52 77312 ----a-w- c:\windows\MBR.exe

2010-08-30 15:13:52 256512 ----a-w- c:\windows\PEV.exe

2010-08-30 15:13:52 161792 ----a-w- c:\windows\SWREG.exe

2010-08-29 21:04:20 0 d-----w- c:\programdata\Comodo Downloader

2010-08-29 20:53:04 0 d-----w- c:\users\pacey\appdata\roaming\PC Tools

2010-08-29 20:53:04 0 d-----w- c:\programdata\PC Tools

2010-08-29 20:53:04 0 d-----w- c:\program files\Spyware Doctor

2010-08-29 20:53:04 0 d-----w- c:\program files\common files\PC Tools

2010-08-29 19:35:03 0 d-----w- c:\program files\Sophos

2010-08-29 19:34:46 541184 ----a-w- c:\windows\system32\kerberos.dll

2010-08-29 18:46:34 349073 ----a-w- c:\windows\_detmp.1

2010-08-28 11:52:27 0 d-----w- C:\ArcSoft

2010-08-27 19:21:51 0 d-----w- c:\users\pacey\appdata\roaming\Malwarebytes

2010-08-27 19:21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-27 19:21:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-27 19:21:38 0 d-----w- c:\programdata\Malwarebytes

2010-08-27 19:21:38 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-27 19:01:47 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-08-27 18:41:52 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-08-27 18:41:19 0 dc-h--w- c:\programdata\{ECC164E0-3133-4C70-A831-F08DB2940F70}

2010-08-27 18:40:56 0 d-----w- c:\programdata\Lavasoft

2010-08-27 18:40:56 0 d-----w- c:\program files\Lavasoft

2010-08-27 16:30:25 0 d-sh--w- c:\windows\system32\%USERPROFILE%

2010-08-27 16:29:44 785920 ----a-w- c:\windows\system32\drivers\wnxggco.sys

2010-08-27 16:29:16 0 d-----w- c:\programdata\Update

2010-08-26 21:37:24 0 d-----w- c:\users\pacey\appdata\roaming\LolClient

2010-08-24 18:09:11 213000 ---ha-w- c:\windows\system32\mlfcache.dat

2010-08-24 15:47:06 621056 ------w- c:\windows\system32\MJ14.exe

2010-08-24 15:46:53 0 d-----w- c:\users\pacey\appdata\roaming\J River

2010-08-23 19:00:16 0 d-----w- C:\AMD

2010-08-23 18:55:43 0 d-----w- c:\programdata\ATI

2010-08-23 18:48:40 0 d-----w- C:\ATI

2010-08-23 17:42:17 0 d-----w- c:\programdata\Blizzard Entertainment

2010-08-23 17:42:17 0 d-----w- c:\program files\StarCraft II

2010-08-23 17:42:17 0 d-----w- c:\program files\common files\Blizzard Entertainment

2010-08-23 13:44:06 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2010-08-23 13:44:06 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2010-08-23 13:42:36 0 d-----w- c:\program files\iPod

2010-08-23 13:42:34 0 d-----w- c:\program files\iTunes

2010-08-23 07:21:35 0 d-----w- c:\users\pacey\appdata\roaming\Stardock

2010-08-23 07:21:09 0 dc-h--w- c:\programdata\{6F7EF3E6-7F1B-4824-84CD-E8DF6F1B4168}

2010-08-23 07:20:52 0 d-----w- c:\programdata\Stardock

2010-08-23 07:20:52 0 d-----w- c:\program files\Stardock

2010-08-23 07:20:17 0 dc-h--w- c:\programdata\{DF6E6A21-48E9-4FBD-B0B2-9E838A1DFED0}

2010-08-23 07:19:55 0 d-----w- c:\program files\Stardock Games

2010-08-19 11:17:10 467984 ----a-w- c:\windows\system32\d3dx10_39.dll

2010-08-19 11:17:10 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll

2010-08-19 11:17:08 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll

2010-08-19 11:12:10 0 d-----w- C:\Riot Games

2010-08-19 04:14:26 130 ----a-w- c:\windows\cfplogvw.INI

2010-08-18 11:43:06 0 d-----w- c:\program files\GameSpy Arcade

2010-08-18 08:22:10 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

2010-08-18 08:09:02 0 d-----w- c:\windows\Simple Port Forwarding

2010-08-18 06:56:08 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll

2010-08-18 06:30:08 0 d-----w- C:\UT2004

2010-08-16 14:36:07 0 d-----w- c:\users\pacey\appdata\roaming\Tropico 3

2010-08-10 17:51:28 0 d-----w- c:\program files\Eraser

2010-08-09 18:41:58 0 d-----w- c:\program files\Elaborate Bytes

2010-08-09 07:14:52 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-08-09 07:11:11 0 d-----w- c:\programdata\Apple Computer

2010-08-09 07:09:37 0 d-----w- c:\program files\Bonjour

2010-08-09 07:09:03 0 d-----w- c:\programdata\Apple

2010-08-04 14:42:54 0 d-----w- c:\programdata\2DBoy

2010-08-04 14:41:32 0 d-----w- c:\program files\WorldOfGoo

2010-08-03 20:47:07 0 d-----w- c:\windows\system32\xlive

2010-08-03 20:47:06 0 d-----w- c:\program files\Microsoft Games for Windows - LIVE

2010-08-03 00:50:57 0 d-----w- C:\VideoOutput

2010-08-03 00:50:47 0 d-----w- c:\program files\Avi to Mpeg

==================== Find3M ====================

2010-08-24 15:53:50 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat

2010-07-12 12:47:36 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2010-05-07 02:32:40 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2010-03-11 10:18:04 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 0:59:28.09 ===============

Link to post
Share on other sites

  • Staff

Hi,

Again, please update MBAM (latest database is past version 4500), run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

updated manually.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4526

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

4/09/2010 4:03:37 AM

mbam-log-2010-09-04 (04-03-37).txt

Scan type: Quick scan

Objects scanned: 148230

Time elapsed: 6 minute(s), 58 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\windows\system32\Drivers\wnxggco.sys (Rootkit.Agent) -> No action taken.

---------------------------------

Link to post
Share on other sites

DDS (Ver_10-03-17.01) - NTFSx86

Run by Pacey at 4:09:47.18 on Sat 04/09/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.1790.1082 [GMT 10:00]

============== Running Processes ===============

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\system32\atiesrxx.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\atieclxx.exe

C:\windows\system32\Dwm.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\Program Files\TOSHIBA\Utilities\KeNotify.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe

C:\windows\system32\svchost.exe -k hpdevmgmt

c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\windows\System32\svchost.exe -k HPZ12

C:\windows\System32\svchost.exe -k HPZ12

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\TOSHIBA\TECO\TecoService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\windows\system32\svchost.exe -k HPService

C:\windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\system32\taskeng.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\LSI SoftModem\agrsmsvc.exe

C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe

C:\windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\system32\wuauclt.exe

C:\windows\Explorer.exe

C:\windows\system32\taskhost.exe

C:\Users\Pacey\Desktop\dds.scr

C:\windows\system32\conhost.exe

C:\windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSAU&bmod=TSAU

BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll

TB: RAW Thumbnail Viewer: {f301665a-12f8-4331-804a-5bcbd379668c} - c:\progra~1\arcsoft\rawthu~1\EXIFToolBar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll

uRun: [steam] "c:\program files\steam\steam.exe" -silent

mRun: [sVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL

mRun: [HWSetup] "c:\program files\toshiba\utilities\HWSetup.exe" hwSetUP

mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe

mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

mRun: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

mRun: [smartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe

mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60

mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r

mRun: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe

mRun: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe

mRun: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [iSTray] "c:\program files\spyware doctor\pctsTray.exe"

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab

DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB

DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab?1271334819154

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-au.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\pacey\appdata\roaming\mozilla\firefox\profiles\bkwfx5sn.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/WORLD/

FF - component: c:\program files\arcsoft\raw thumbnail viewer\firefox extension\components\FirefoxMenu.dll

---- FIREFOX POLICIES ----

FF - user.js: search.clsid - {138E5B46-43A1-4677-9531-1CEE383B713D}

FF - user.js: search.sid - 15101055100

FF - user.js: extensions.newAddons - falsec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-8-28 64288]

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-8-30 217032]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-3-12 176128]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-8-30 112592]

R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-11 185712]

R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-11 46448]

R2 RSELSVC;TOSHIBA Modem region select service;c:\program files\toshiba\rselect\RSelSvc.exe [2009-7-8 62832]

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-8-30 366840]

R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-8-30 1142224]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-8-12 185712]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-20 12920]

R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2010-3-12 24064]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-3-12 167936]

R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-3-12 51512]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-4 111960]

S2 gupdate1cac112b270ae5f;Google Update Service (gupdate1cac112b270ae5f);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1355416]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15008]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 Media Jukebox 14 Service;Media Jukebox 14 Service;c:\program files\j river\media jukebox 14\jrservice.exe --> c:\program files\j river\media jukebox 14\JRService.exe [?]

S3 rcmirror;rcmirror;c:\windows\system32\drivers\rcmirror.sys [2010-1-18 3200]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-3-12 171520]

S3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-8-7 685424]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-18 1343400]

=============== Created Last 30 ================

2010-09-03 16:34:50 0 d-sh--w- C:\$RECYCLE.BIN

2010-08-30 17:03:27 0 d-----w- C:\Device

2010-08-30 15:13:52 98816 ----a-w- c:\windows\sed.exe

2010-08-30 15:13:52 77312 ----a-w- c:\windows\MBR.exe

2010-08-30 15:13:52 256512 ----a-w- c:\windows\PEV.exe

2010-08-30 15:13:52 161792 ----a-w- c:\windows\SWREG.exe

2010-08-29 21:04:20 0 d-----w- c:\programdata\Comodo Downloader

2010-08-29 20:53:04 0 d-----w- c:\users\pacey\appdata\roaming\PC Tools

2010-08-29 20:53:04 0 d-----w- c:\programdata\PC Tools

2010-08-29 20:53:04 0 d-----w- c:\program files\Spyware Doctor

2010-08-29 20:53:04 0 d-----w- c:\program files\common files\PC Tools

2010-08-29 19:35:03 0 d-----w- c:\program files\Sophos

2010-08-29 19:34:46 541184 ----a-w- c:\windows\system32\kerberos.dll

2010-08-29 18:46:34 349073 ----a-w- c:\windows\_detmp.1

2010-08-28 11:52:27 0 d-----w- C:\ArcSoft

2010-08-27 19:21:51 0 d-----w- c:\users\pacey\appdata\roaming\Malwarebytes

2010-08-27 19:21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-27 19:21:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-27 19:21:38 0 d-----w- c:\programdata\Malwarebytes

2010-08-27 19:21:38 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-27 19:01:47 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-08-27 18:41:52 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-08-27 18:41:19 0 dc-h--w- c:\programdata\{ECC164E0-3133-4C70-A831-F08DB2940F70}

2010-08-27 18:40:56 0 d-----w- c:\programdata\Lavasoft

2010-08-27 18:40:56 0 d-----w- c:\program files\Lavasoft

2010-08-27 16:30:25 0 d-sh--w- c:\windows\system32\%USERPROFILE%

2010-08-27 16:29:44 785920 ----a-w- c:\windows\system32\drivers\wnxggco.sys

2010-08-27 16:29:16 0 d-----w- c:\programdata\Update

2010-08-26 21:37:24 0 d-----w- c:\users\pacey\appdata\roaming\LolClient

2010-08-24 18:09:11 213000 ---ha-w- c:\windows\system32\mlfcache.dat

2010-08-24 15:47:06 621056 ------w- c:\windows\system32\MJ14.exe

2010-08-24 15:46:53 0 d-----w- c:\users\pacey\appdata\roaming\J River

2010-08-23 19:00:16 0 d-----w- C:\AMD

2010-08-23 18:55:43 0 d-----w- c:\programdata\ATI

2010-08-23 18:48:40 0 d-----w- C:\ATI

2010-08-23 17:42:17 0 d-----w- c:\programdata\Blizzard Entertainment

2010-08-23 17:42:17 0 d-----w- c:\program files\StarCraft II

2010-08-23 17:42:17 0 d-----w- c:\program files\common files\Blizzard Entertainment

2010-08-23 13:44:06 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2010-08-23 13:44:06 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2010-08-23 13:42:36 0 d-----w- c:\program files\iPod

2010-08-23 13:42:34 0 d-----w- c:\program files\iTunes

2010-08-23 07:21:35 0 d-----w- c:\users\pacey\appdata\roaming\Stardock

2010-08-23 07:21:09 0 dc-h--w- c:\programdata\{6F7EF3E6-7F1B-4824-84CD-E8DF6F1B4168}

2010-08-23 07:20:52 0 d-----w- c:\programdata\Stardock

2010-08-23 07:20:52 0 d-----w- c:\program files\Stardock

2010-08-23 07:20:17 0 dc-h--w- c:\programdata\{DF6E6A21-48E9-4FBD-B0B2-9E838A1DFED0}

2010-08-23 07:19:55 0 d-----w- c:\program files\Stardock Games

2010-08-19 11:17:10 467984 ----a-w- c:\windows\system32\d3dx10_39.dll

2010-08-19 11:17:10 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll

2010-08-19 11:17:08 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll

2010-08-19 11:12:10 0 d-----w- C:\Riot Games

2010-08-19 04:14:26 130 ----a-w- c:\windows\cfplogvw.INI

2010-08-18 11:43:06 0 d-----w- c:\program files\GameSpy Arcade

2010-08-18 08:22:10 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

2010-08-18 08:09:02 0 d-----w- c:\windows\Simple Port Forwarding

2010-08-18 06:56:08 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll

2010-08-18 06:30:08 0 d-----w- C:\UT2004

2010-08-16 14:36:07 0 d-----w- c:\users\pacey\appdata\roaming\Tropico 3

2010-08-10 17:51:28 0 d-----w- c:\program files\Eraser

2010-08-09 18:41:58 0 d-----w- c:\program files\Elaborate Bytes

2010-08-09 07:14:52 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-08-09 07:11:11 0 d-----w- c:\programdata\Apple Computer

2010-08-09 07:09:37 0 d-----w- c:\program files\Bonjour

2010-08-09 07:09:03 0 d-----w- c:\programdata\Apple

==================== Find3M ====================

2010-08-24 15:53:50 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat

2010-07-12 12:47:36 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2010-05-07 02:32:40 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2010-03-11 10:18:04 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 4:10:36.99 ===============

Link to post
Share on other sites

PT 1

ComboFix 10-08-29.04 - Pacey 04/09/2010 2:11.3.1 - x86

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.1790.1162 [GMT 10:00]

Running from: c:\users\Pacey\Desktop\ComboFix.exe

.

((((((((((((((((((((((((( Files Created from 2010-08-03 to 2010-09-03 )))))))))))))))))))))))))))))))

.

2010-09-03 16:28 . 2010-09-03 16:28 -------- d-----w- c:\users\Public\AppData\Local\temp

2010-09-03 16:28 . 2010-09-03 16:28 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-09-03 16:28 . 2010-09-03 16:28 -------- d-----w- c:\users\Chris\AppData\Local\temp

2010-08-30 18:16 . 2010-09-03 16:28 -------- d-----w- c:\users\Pacey\AppData\Local\temp

2010-08-30 17:03 . 2010-08-30 17:03 -------- d-----w- C:\Device

2010-08-29 21:04 . 2010-08-29 21:18 -------- d-----w- c:\programdata\Comodo Downloader

2010-08-29 19:35 . 2010-08-29 19:35 -------- d-----w- c:\program files\Sophos

2010-08-29 19:34 . 2009-12-08 11:57 541184 ----a-w- c:\windows\system32\kerberos.dll

2010-08-28 11:52 . 2010-08-28 11:52 -------- d-----w- C:\ArcSoft

2010-08-27 19:21 . 2010-08-27 19:21 -------- d-----w- c:\users\Pacey\AppData\Roaming\Malwarebytes

2010-08-27 19:21 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-27 19:21 . 2010-08-27 19:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-27 19:21 . 2010-08-27 19:21 -------- d-----w- c:\programdata\Malwarebytes

2010-08-27 19:21 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-27 19:13 . 2010-08-27 19:13 -------- d-----w- c:\users\Pacey\AppData\Local\ElevatedDiagnostics

2010-08-27 19:01 . 2010-08-12 12:15 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-08-27 18:41 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-08-27 18:41 . 2010-08-27 18:41 -------- dc-h--w- c:\programdata\{ECC164E0-3133-4C70-A831-F08DB2940F70}

2010-08-27 18:40 . 2010-08-27 18:41 -------- d-----w- c:\programdata\Lavasoft

2010-08-27 18:40 . 2010-08-27 18:40 -------- d-----w- c:\program files\Lavasoft

2010-08-27 16:41 . 2010-08-27 19:01 -------- d-----w- c:\users\Chris\AppData\Roaming\27F90DA2A41754561A9BFD234E2EECDB

2010-08-27 16:30 . 2010-08-27 16:30 -------- d-sh--w- c:\windows\system32\%USERPROFILE%

2010-08-27 16:29 . 2010-08-28 12:37 -------- d-----w- c:\programdata\Update

2010-08-26 21:37 . 2010-08-26 21:37 -------- d-----w- c:\users\Pacey\AppData\Roaming\LolClient

2010-08-24 18:09 . 2010-08-24 18:09 213000 ---ha-w- c:\windows\system32\mlfcache.dat

2010-08-24 15:47 . 2010-07-15 21:28 621056 ------w- c:\windows\system32\MJ14.exe

2010-08-24 15:46 . 2010-08-24 15:46 -------- d-----w- c:\users\Pacey\AppData\Roaming\J River

2010-08-23 19:00 . 2010-08-23 19:00 -------- d-----w- C:\AMD

2010-08-23 18:55 . 2010-08-23 18:55 -------- d-----w- c:\programdata\ATI

2010-08-23 18:48 . 2010-08-23 18:48 -------- d-----w- C:\ATI

2010-08-23 17:42 . 2010-08-23 18:36 -------- d-----w- c:\programdata\Blizzard Entertainment

2010-08-23 17:42 . 2010-08-23 18:36 -------- d-----w- c:\program files\StarCraft II

2010-08-23 17:42 . 2010-08-23 18:07 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment

2010-08-23 13:44 . 2009-05-18 03:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2010-08-23 13:44 . 2008-04-17 02:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2010-08-23 13:42 . 2010-08-23 13:42 -------- d-----w- c:\program files\iPod

2010-08-23 13:42 . 2010-08-23 13:44 -------- d-----w- c:\program files\iTunes

2010-08-23 07:30 . 2010-08-23 07:30 -------- d-----w- c:\users\Pacey\AppData\Local\Ironclad Games

2010-08-23 07:21 . 2010-08-23 07:21 -------- d-----w- c:\users\Pacey\AppData\Roaming\Stardock

2010-08-23 07:21 . 2010-08-23 07:21 -------- dc-h--w- c:\programdata\{6F7EF3E6-7F1B-4824-84CD-E8DF6F1B4168}

2010-08-23 07:20 . 2010-08-23 07:20 -------- d-----w- c:\programdata\Stardock

2010-08-23 07:20 . 2010-08-23 07:20 -------- d-----w- c:\program files\Stardock

2010-08-23 07:20 . 2010-08-23 07:20 -------- dc-h--w- c:\programdata\{DF6E6A21-48E9-4FBD-B0B2-9E838A1DFED0}

2010-08-23 07:19 . 2010-08-23 07:19 -------- d-----w- c:\program files\Stardock Games

2010-08-23 07:15 . 2010-08-23 07:15 -------- d-----w- c:\users\Pacey\AppData\Local\PackageAware

2010-08-23 06:32 . 2010-08-23 06:32 -------- d-----w- c:\users\Pacey\AppData\Roaming\SystemRequirementsLab

2010-08-19 11:17 . 2008-07-11 22:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll

2010-08-19 11:17 . 2008-07-11 22:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll

2010-08-19 11:17 . 2008-07-11 22:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll

2010-08-19 11:12 . 2010-08-19 11:12 -------- d-----w- C:\Riot Games

2010-08-18 11:43 . 2010-08-18 11:43 -------- d-----w- c:\program files\GameSpy Arcade

2010-08-18 08:22 . 2010-08-18 08:22 -------- d--h--r- c:\users\Pacey\AppData\Roaming\SecuROM

2010-08-18 08:22 . 2010-08-18 08:22 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

2010-08-18 08:09 . 2010-08-18 08:09 -------- d-----w- c:\windows\Simple Port Forwarding

2010-08-18 07:35 . 2010-08-18 07:35 -------- d-----w- c:\users\Pacey\AppData\Local\Eraser 6

2010-08-18 06:56 . 2010-08-18 06:56 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll

2010-08-18 06:30 . 2010-08-18 08:43 -------- d-----w- C:\UT2004

2010-08-16 14:36 . 2010-08-26 21:08 -------- d-----w- c:\users\Pacey\AppData\Roaming\Tropico 3

2010-08-14 21:51 . 2010-08-14 21:51 -------- d-----w- c:\windows\Sun

2010-08-11 06:29 . 2010-08-11 06:29 -------- d-----w- c:\users\Chris\AppData\Local\Eraser 6

2010-08-11 04:23 . 2010-08-11 04:23 -------- d-----w- c:\users\Chris\AppData\Roaming\Apple Computer

2010-08-11 04:22 . 2010-08-11 04:22 -------- d-----w- c:\users\Chris\AppData\Local\Mozilla

2010-08-10 17:51 . 2010-08-10 17:51 -------- d-----w- c:\program files\Eraser

2010-08-09 18:41 . 2010-08-09 18:41 -------- d-----w- c:\program files\Elaborate Bytes

2010-08-09 07:16 . 2010-08-24 16:00 -------- d-----w- c:\users\Pacey\AppData\Roaming\Apple Computer

2010-08-09 07:16 . 2010-08-09 23:23 -------- d-----w- c:\users\Pacey\AppData\Local\Apple Computer

2010-08-09 07:15 . 2010-08-27 18:41 -------- dc----w- c:\windows\system32\DRVSTORE

2010-08-09 07:14 . 2010-08-09 07:15 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-08-09 07:11 . 2010-08-23 13:42 -------- d-----w- c:\programdata\Apple Computer

2010-08-09 07:11 . 2010-08-09 07:11 -------- d-----w- c:\program files\QuickTime

2010-08-09 07:10 . 2010-08-09 07:10 -------- d-----w- c:\users\Pacey\AppData\Local\Apple

2010-08-09 07:10 . 2010-08-09 07:10 -------- d-----w- c:\program files\Apple Software Update

2010-08-09 07:09 . 2010-08-09 07:09 -------- d-----w- c:\program files\Bonjour

2010-08-09 07:09 . 2010-08-23 13:42 -------- d-----w- c:\program files\Common Files\Apple

2010-08-09 07:09 . 2010-08-17 01:32 -------- d-----w- c:\programdata\Apple

Link to post
Share on other sites

PT 2

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-03 16:08 . 2010-07-18 17:38 -------- d-----w- c:\program files\Steam

2010-09-03 16:07 . 2010-08-29 20:53 -------- d-----w- c:\program files\Spyware Doctor

2010-08-31 16:37 . 2010-07-13 17:37 -------- d-----w- c:\users\Pacey\AppData\Roaming\vlc

2010-08-29 20:54 . 2010-08-29 20:53 -------- d-----w- c:\program files\Common Files\PC Tools

2010-08-29 20:53 . 2010-08-29 20:53 -------- d-----w- c:\users\Pacey\AppData\Roaming\PC Tools

2010-08-29 20:53 . 2010-08-29 20:53 -------- d-----w- c:\programdata\PC Tools

2010-08-29 18:53 . 2010-03-11 16:57 -------- d-----w- c:\program files\Windows Live

2010-08-29 18:48 . 2009-08-21 06:33 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-08-26 22:03 . 2010-08-26 22:03 47364 ----a-w- c:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll

2010-08-26 20:43 . 2009-08-21 07:00 -------- d-----w- c:\program files\Common Files\Adobe AIR

2010-08-26 20:43 . 2010-08-26 20:43 53632 ----a-w- c:\users\Pacey\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-08-26 20:43 . 2010-08-19 11:16 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-08-26 15:12 . 2010-07-29 05:17 -------- d-----w- c:\users\Pacey\AppData\Roaming\uTorrent

2010-08-24 15:54 . 2010-03-12 00:25 -------- d-----w- c:\program files\COMODO

2010-08-24 15:53 . 2010-03-12 00:30 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat

2010-08-23 18:54 . 2010-03-11 16:23 -------- d-----w- c:\program files\ATI Technologies

2010-08-23 06:32 . 2010-06-23 16:50 -------- d-----w- c:\program files\SystemRequirementsLab

2010-08-23 06:32 . 2010-08-23 06:32 92280 ----a-w- c:\users\Pacey\AppData\Roaming\SystemRequirementsLab\srlproxy_cyri_4.3.1.0A.dll

2010-08-20 03:58 . 2010-03-11 17:19 -------- d-----w- c:\programdata\WildTangent

2010-08-12 12:16 . 2010-08-27 18:41 2979848 -c--a-w- c:\programdata\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe

2010-08-04 14:42 . 2010-08-04 14:42 -------- d-----w- c:\programdata\2DBoy

2010-08-04 14:42 . 2010-08-04 14:41 -------- d-----w- c:\program files\WorldOfGoo

2010-08-04 14:34 . 2010-08-04 14:34 -------- d-----w- c:\users\Pacey\AppData\Roaming\Media Player Classic

2010-08-03 20:47 . 2010-08-03 20:47 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE

2010-08-03 00:50 . 2010-08-03 00:50 -------- d-----w- c:\program files\Avi to Mpeg

2010-07-29 05:17 . 2010-07-29 05:17 -------- d-----w- c:\program files\uTorrent

2010-07-29 04:50 . 2010-07-18 17:38 -------- d-----w- c:\program files\Common Files\Steam

2010-07-28 22:28 . 2010-07-12 12:54 -------- d-----w- c:\users\Pacey\AppData\Roaming\HpUpdate

2010-07-26 20:33 . 2010-07-13 17:37 -------- d-----w- c:\users\Pacey\AppData\Roaming\dvdcss

2010-07-24 03:47 . 2010-03-31 14:13 -------- d-----w- c:\program files\Jewel Match

2010-07-22 02:03 . 2010-07-22 02:03 -------- d-----w- c:\programdata\Wild Tangent

2010-07-22 02:00 . 2010-07-22 02:00 -------- d-----w- c:\program files\EA GAMES

2010-07-21 06:30 . 2010-07-21 06:30 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe

2010-07-13 20:08 . 2010-07-13 20:08 -------- d-----w- c:\users\Pacey\AppData\Roaming\WildTangent

2010-07-13 19:59 . 2010-07-13 19:59 -------- d-----w- c:\users\Pacey\AppData\Roaming\inkscape

2010-07-12 14:04 . 2010-07-12 13:04 -------- d-----w- c:\users\Pacey\AppData\Roaming\Toshiba

2010-07-12 12:51 . 2010-07-08 00:45 -------- d-----w- c:\users\Pacey\AppData\Roaming\ArcSoft

2010-07-12 12:50 . 2010-07-08 00:46 122816 ----a-w- c:\users\Pacey\AppData\Local\GDIPFONTCACHEV1.DAT

2010-07-12 12:47 . 2010-07-12 12:47 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2010-07-08 00:45 . 2010-07-08 00:45 -------- d-----w- c:\users\Pacey\AppData\Roaming\ATI

2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat

2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

.

((((((((((((((((((((((((((((( SnapShot@2010-08-30_19.50.47 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-06-10 21:20 . 2009-07-13 22:09 21504 c:\windows\winsxs\x86_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_7280378295916274\scmstcs.sys

+ 2009-06-10 21:20 . 2009-07-13 22:09 31232 c:\windows\winsxs\x86_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_7280378295916274\grserial.sys

+ 2009-06-10 21:20 . 2009-07-13 22:09 20608 c:\windows\winsxs\x86_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_7280378295916274\cmbp0wdm.sys

+ 2009-06-10 21:20 . 2009-07-14 01:19 40016 c:\windows\winsxs\x86_sisraid2.inf_31bf3856ad364e35_6.1.7600.16385_none_27067bd4e7455fdf\sisraid2.sys

+ 2009-07-13 20:46 . 2009-06-10 21:23 32768 c:\windows\winsxs\x86_regsvcs_b03f5f7f11d50a3a_6.1.7600.16385_none_beb69dae2443e398\RegSvcs.exe

+ 2009-07-13 20:46 . 2009-06-10 21:23 53248 c:\windows\winsxs\x86_regasm_b03f5f7f11d50a3a_6.1.7600.16385_none_eb9b7307d1d0eae8\RegAsm.exe

+ 2009-06-10 21:18 . 2009-07-13 22:02 44032 c:\windows\winsxs\x86_netvfx86.inf_31bf3856ad364e35_6.1.7600.16385_none_3b1156f5c78fdc2d\fetnd6.sys

+ 2009-06-10 21:18 . 2009-07-13 22:02 43008 c:\windows\winsxs\x86_netrtl32.inf_31bf3856ad364e35_6.1.7600.16385_none_1f9f7f645fc650e8\Rtnicxp.sys

+ 2009-06-10 21:17 . 2009-07-13 22:02 29184 c:\windows\winsxs\x86_netl260x.inf_31bf3856ad364e35_6.1.7600.16385_none_86358b760d39a5e3\l260x86.sys

+ 2009-06-20 02:10 . 2009-07-13 22:02 47104 c:\windows\winsxs\x86_netl1e86.inf_31bf3856ad364e35_6.1.7600.16385_none_97b228e992ab79c1\L1E62x86.sys

+ 2009-06-10 21:17 . 2009-07-13 22:02 50688 c:\windows\winsxs\x86_netl1c86.inf_31bf3856ad364e35_6.1.7600.16385_none_5175a0d7ad893f4f\L1C62x86.sys

+ 2009-06-25 02:15 . 2009-07-13 22:02 47104 c:\windows\winsxs\x86_netl160x.inf_31bf3856ad364e35_6.1.7600.16385_none_5d23b5549453ace4\l160x86.sys

+ 2009-06-10 21:18 . 2009-07-13 22:02 48128 c:\windows\winsxs\x86_netgb6.inf_31bf3856ad364e35_6.1.7600.16385_none_33c0abd150a8143e\SiSGB6.sys

+ 2009-06-10 21:15 . 2009-06-10 21:15 12288 c:\windows\winsxs\x86_netfx35wpf-system.windows.presentation_31bf3856ad364e35_6.1.7600.16385_none_854247e5694c766

b\System.Windows.Presentation.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 91984 c:\windows\winsxs\x86_netfx-shfusion_res_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_7a97f0ca887d1f24\ShFusRes.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 13648 c:\windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\SharedReg12.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 13648 c:\windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900

c\sbscmp20_perfcounter.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 13648 c:\windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\sbscmp20_mscorwks.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 13648 c:\windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\sbscmp20_mscorlib.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 13648 c:\windows\winsxs\x86_netfx-sbscmp10_dll_31bf3856ad364e35_6.1.7600.16385_none_74dc56c5664f82a6\sbscmp10.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 11104 c:\windows\winsxs\x86_netfx-sbs_wminet_utils_dll_31bf3856ad364e35_6.1.7600.16385_none_007147dce7111012\sbs_wminet_utils.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 11080 c:\windows\winsxs\x86_netfx-sbs_vsavb7rt_dll_31bf3856ad364e35_6.1.7600.16385_none_9385bc36cee40401\sbs_VsaVb7rt.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 11112 c:\windows\winsxs\x86_netfx-sbs_sys_enterprisesvc_dll_31bf3856ad364e35_6.1.7600.16385_none_60ffafae87253a03\sbs_system.enterpriseservices.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 11088 c:\windows\winsxs\x86_netfx-sbs_sys_data_dll_31bf3856ad364e35_6.1.7600.16385_none_fe6017304e1a4816\sbs_system.data.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 11120 c:\windows\winsxs\x86_netfx-sbs_sys_config_install_dll_31bf3856ad364e35_6.1.7600.16385_none_bf20a9b996bb3c0e\sbs_system.configuration.install.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 11096 c:\windows\winsxs\x86_netfx-sbs_mscorsec_dll_31bf3856ad364e35_6.1.7600.16385_none_e5d406243d850419\sbs_mscorsec.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 11096 c:\windows\winsxs\x86_netfx-sbs_mscorrc_dll_31bf3856ad364e35_6.1.7600.16385_none_a1303282cea2a049\sbs_mscorrc.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 11096 c:\windows\winsxs\x86_netfx-sbs_mscordbi_dll_31bf3856ad364e35_6.1.7600.16385_none_6306500898a352f7\sbs_mscordbi.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 11656 c:\windows\winsxs\x86_netfx-sbs_ms_vsa_vb_codedomproc_31bf3856ad364e35_6.1.7600.16385_none_f77f9375f74f03f7\sbs_microsoft.vsa.vb.codedomprocessor.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 11112 c:\windows\winsxs\x86_netfx-sbs_microsoft_jscript_dll_31bf3856ad364e35_6.1.7600.16385_none_fcad5233f2cc477e\sbs_microsoft.jscript.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 11088 c:\windows\winsxs\x86_netfx-sbs_iehost_dll_31bf3856ad364e35_6.1.7600.16385_none_178e80c5a3bdbcbe\sbs_iehost.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 11104 c:\windows\winsxs\x86_netfx-sbs_diasymreader_dll_31bf3856ad364e35_6.1.7600.16385_none_a68583f940737324\sbs_diasymreader.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 85336 c:\windows\winsxs\x86_netfx-perfcounter_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_fe5e474bbbf4bf39\PerfCounter.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 21320 c:\windows\winsxs\x86_netfx-normalization_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_b0b7c0cee9f32465\normalization.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 97608 c:\windows\winsxs\x86_netfx-ngen_exe_b03f5f7f11d50a3a_6.1.7600.16385_none_4c4430e106efd828\ngen.exe

+ 2009-07-13 20:46 . 2009-06-10 21:22 79688 c:\windows\winsxs\x86_netfx-netfxsbs10_exe_31bf3856ad364e35_6.1.7600.16385_none_3b6545980f480049\NETFXSBS10.exe

+ 2009-07-13 20:46 . 2009-06-10 21:23 16192 c:\windows\winsxs\x86_netfx-mscortim_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_a32524c42126d7e8\mscortim.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 66384 c:\windows\winsxs\x86_netfx-mscorsvw_exe_b03f5f7f11d50a3a_6.1.7600.16385_none_f47d7472a4c4e67e\mscorsvw.exe

+ 2009-07-13 20:46 . 2009-06-10 21:23 15696 c:\windows\winsxs\x86_netfx-mscorsn_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_6adff9151d65c2d5\mscorsn.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 74064 c:\windows\winsxs\x86_netfx-mscorsec_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_e638a346b112adf9\mscorsec.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 90960 c:\windows\winsxs\x86_netfx-mscorld_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_9766625605fae790\mscorld.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 43344 c:\windows\winsxs\x86_netfx-mscorie_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_bf1dd07c2c77e214\mscorie.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 80192 c:\windows\winsxs\x86_netfx-mscordbc_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_4177226482049015\mscordbc.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 61776 c:\windows\winsxs\x86_netfx-installutillib_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_8b3db65294ce6352\InstallUtilLib.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 15680 c:\windows\winsxs\x86_netfx-fusion_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_d758b247c6e65f96\fusion.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 33096 c:\windows\winsxs\x86_netfx-dw_b03f5f7f11d50a3a_6.1.7600.16385_none_a223bd3dd785391a\dw20.exe

+ 2009-07-13 20:46 . 2009-06-10 21:22 59720 c:\windows\winsxs\x86_netfx-dfdll_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_5cd78bb510da3dfc\dfdll.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 32064 c:\windows\winsxs\x86_netfx-cvtres_for_vc_and_vb_b03f5f7f11d50a3a_6.1.7600.16385_none_ba476986f05abc65\cvtres.exe

+ 2009-07-13 20:46 . 2009-06-10 21:22 23872 c:\windows\winsxs\x86_netfx-culture_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_af3522070c88b45c\Culture.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 77112 c:\windows\winsxs\x86_netfx-csharp_compiler_csc_b03f5f7f11d50a3a_6.1.7600.16385_none_d2fff1dae966863c\csc.exe

+ 2009-07-13 20:46 . 2009-06-10 21:22 86856 c:\windows\winsxs\x86_netfx-corperfmonext_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_876ee0d07f401fc4\CORPerfMonExt.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 54144 c:\windows\winsxs\x86_netfx-clr_sys_entservcs_thunk_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_26e756d174266d3

a\System.EnterpriseServices.Thunk.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 30544 c:\windows\winsxs\x86_netfx-aspnet_wp_exe_b03f5f7f11d50a3a_6.1.7600.16385_none_99702545489547b3\aspnet_wp.exe

+ 2009-07-13 20:46 . 2009-06-10 21:22 31064 c:\windows\winsxs\x86_netfx-aspnet_state_exe_b03f5f7f11d50a3a_6.1.7600.16385_none_55a43aca7f285819\aspnet_state.exe

+ 2009-07-13 20:46 . 2009-06-10 21:22 30040 c:\windows\winsxs\x86_netfx-aspnet_regiis_exe_b03f5f7f11d50a3a_6.1.7600.16385_none_e6af0acbde467b7b\aspnet_regiis.exe

+ 2009-07-13 20:46 . 2009-06-10 21:22 81232 c:\windows\winsxs\x86_netfx-aspnet_rc_dll_res_b03f5f7f11d50a3a_6.1.7600.16385_none_04a12c6aba11825e\aspnet_rc.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 30552 c:\windows\winsxs\x86_netfx-aspnet_perf_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_b2319617b904ff41\Aspnet_perf.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 95056 c:\windows\winsxs\x86_netfx-aspnet_mmc_asp_ext_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_6549ec0c8f70105c\MmcAspExt.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 14168 c:\windows\winsxs\x86_netfx-aspnet_isapi_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_b204bdc22550346a\aspnet_isapi.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 18776 c:\windows\winsxs\x86_netfx-aspnet_filter_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_a9d77998142ec36c\aspnet_filter.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 55632 c:\windows\winsxs\x86_netfx-applaunch_exe_b03f5f7f11d50a3a_6.1.7600.16385_none_99be0d55273fde9a\AppLaunch.exe

+ 2009-07-13 20:46 . 2009-06-10 21:22 95560 c:\windows\winsxs\x86_netfx-_vc_assembly_linker_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_0d833ef6a7dc7363\alink.dll

+ 2009-06-10 21:17 . 2009-07-13 22:02 56320 c:\windows\winsxs\x86_netbxndx.inf_31bf3856ad364e35_6.1.7600.16385_none_a1f96fb4141105bb\bxnd60x.sys

+ 2009-07-13 20:46 . 2009-06-10 21:23 69632 c:\windows\winsxs\x86_msbuild_b03f5f7f11d50a3a_6.1.7600.16385_none_55ba67026d843961\MSBuild.exe

+ 2009-06-10 21:41 . 2009-06-10 21:41 94784 c:\windows\winsxs\x86_microsoft-windows-w..ion-twaincomponents_31bf3856ad364e35_6.1.7600.16385_none_89088a6bbd843b3f\twain.dll

+ 2009-06-10 21:22 . 2009-06-10 21:22 61168 c:\windows\winsxs\x86_microsoft-windows-video-for-windows16_31bf3856ad364e35_6.1.7600.16385_none_5fd0557cd88ef5bd\msacm.dll

+ 2009-06-10 21:41 . 2009-06-10 21:41 19216 c:\windows\winsxs\x86_microsoft-windows-tapicore_31bf3856ad364e35_6.1.7600.16385_none_e4102eada7ea2fc8\tapi.dll

+ 2009-07-13 20:34 . 2009-07-14 01:19 17472 c:\windows\winsxs\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23\spldr.sys

+ 2009-07-13 20:29 . 2009-06-10 21:42 13312 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d\win87em.dll

+ 2009-07-13 20:29 . 2009-06-10 21:42 18896 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d\sysedit.exe

+ 2009-07-13 20:29 . 2009-06-10 21:42 46592 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d\pmspl.dll

+ 2009-07-13 20:29 . 2009-06-10 21:42 82944 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d\olecli.dll

+ 2009-06-10 21:42 . 2009-06-10 21:42 69886 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d\edit.com

+ 2009-07-13 20:29 . 2009-06-10 21:42 27200 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d\ctl3dv2.dll

+ 2009-07-13 20:29 . 2009-06-10 21:42 82944 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system_31bf3856ad364e35_6.1.7600.16385_none_20246c0c81526e58\olecli.dll

+ 2009-06-10 21:19 . 2009-06-10 21:19 40552 c:\windows\winsxs\x86_microsoft-windows-nettrace-netsh-helper_31bf3856ad364e35_6.1.7600.16385_none_9b03b67ad1a770af\gatherNetworkInfo.vbs

+ 2009-06-10 21:15 . 2009-06-10 21:15 15616 c:\windows\winsxs\x86_microsoft-windows-identitycrl_31bf3856ad364e35_6.1.7600.16385_none_51642a0e9fb20494\ppcrlconfig.dll

+ 2009-06-10 21:16 . 2009-06-10 21:16 61440 c:\windows\winsxs\x86_microsoft-windows-com-complus-runtime_31bf3856ad364e35_6.1.7600.16385_none_59a11535360522fb\comempty.dat

+ 2009-06-10 21:19 . 2009-07-14 01:20 30800 c:\windows\winsxs\x86_megasas.inf_31bf3856ad364e35_6.1.7600.16385_none_3016ab5fb005dc4f\megasas.sys

+ 2009-06-10 21:19 . 2009-07-13 20:50 20480 c:\windows\winsxs\x86_macrovision-protection-safedisc_31bf3856ad364e35_6.1.7600.16385_none_5d832d711e99213d\secdrv.sys

+ 2009-07-13 20:46 . 2009-06-10 21:22 72192 c:\windows\winsxs\x86_isymwrapper_b03f5f7f11d50a3a_6.1.7600.16385_none_dce2ea59cf6c775c\ISymWrapper.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 28672 c:\windows\winsxs\x86_installutil_b03f5f7f11d50a3a_6.1.7600.16385_none_4ffee7bfdd6d0044\InstallUtil.exe

+ 2009-06-10 21:16 . 2009-07-13 22:54 28800 c:\windows\winsxs\x86_hcw72bda.inf_31bf3856ad364e35_6.1.7600.16385_none_972d5b7335ad7088\hcw72ADFilter.sys

+ 2009-06-10 21:20 . 2009-07-14 01:20 70720 c:\windows\winsxs\x86_djsvs.inf_31bf3856ad364e35_6.1.7600.16385_none_48bef74e114052fa\djsvs.sys

+ 2009-06-10 21:18 . 2009-07-14 01:15 28672 c:\windows\winsxs\x86_divacx86.inf_31bf3856ad364e35_6.1.7600.16385_none_cf00ff1b11812601\diapi232.dll

+ 2009-06-10 21:18 . 2009-07-13 22:02 52224 c:\windows\winsxs\x86_dc21x4vm.inf_31bf3856ad364e35_6.1.7600.16385_none_2e68bb21c1cbb4fb\dc21x4vm.sys

+ 2009-06-10 21:16 . 2009-07-13 22:54 99584 c:\windows\winsxs\x86_cxfalpal_ibv32.inf_31bf3856ad364e35_6.1.7600.16385_none_bdb6f00794ef172

6\cxfalcon_IBV32.sys

+ 2009-06-10 21:16 . 2009-07-13 22:54 99584 c:\windows\winsxs\x86_cxfalcon_ibv32.inf_31bf3856ad364e35_6.1.7600.16385_none_84b227ad4ed2c99

d\cxfalcon_IBV32.sys

+ 2009-07-13 20:46 . 2009-06-10 21:22 69120 c:\windows\winsxs\x86_custommarshalers_b03f5f7f11d50a3a_6.1.7600.16385_none_46c669ee4e08213a\CustomMarshalers.dll

+ 2009-06-10 21:18 . 2009-06-10 21:18 18852 c:\windows\winsxs\x86_avmisdnc.inf_31bf3856ad364e35_6.1.7600.16385_none_5f240ef0e2922573\avmc20.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 24576 c:\windows\winsxs\x86_aspnet_regbrowsers_b03f5f7f11d50a3a_6.1.7600.16385_none_ddef5417d55eb94

4\aspnet_regbrowsers.exe

+ 2009-07-13 20:46 . 2009-06-10 21:22 36864 c:\windows\winsxs\x86_aspnet_compiler_b03f5f7f11d50a3a_6.1.7600.16385_none_ed4e6c0f14dce27e\aspnet_compiler.exe

+ 2009-06-10 21:19 . 2009-07-14 01:26 79952 c:\windows\winsxs\x86_amdsata.inf_31bf3856ad364e35_6.1.7600.16385_none_4c432d63e33e9c49\amdsata.sys

+ 2009-06-10 21:15 . 2009-06-10 21:15 12288 c:\windows\winsxs\msil_system.windows.presentation_b77a5c561934e089_6.1.7600.16385_none_8a9e0

4cfa243ba79\System.Windows.Presentation.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 81920 c:\windows\winsxs\msil_system.drawing.design_b03f5f7f11d50a3a_6.1.7600.16385_none_f08f72396cb

5b071\System.Drawing.Design.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 81920 c:\windows\winsxs\msil_system.configuration.install_b03f5f7f11d50a3a_6.1.7600.16385_none_6048

a58434f27af0\System.Configuration.Install.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 32768 c:\windows\winsxs\msil_microsoft.vsa_b03f5f7f11d50a3a_6.1.7600.16385_none_3cd6766af66d6f0e\Microsoft.Vsa.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 12800 c:\windows\winsxs\msil_microsoft.vsa.vb.codedomprocessor_b03f5f7f11d50a3a_6.1.7600.16385_none

_19034b5baee4e923\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 28672 c:\windows\winsxs\msil_microsoft.visualbasic.vsa_b03f5f7f11d50a3a_6.1.7600.16385_none_c75fb31

a08c6c4d2\Microsoft.VisualBasic.Vsa.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 77824 c:\windows\winsxs\msil_microsoft.build.utilities_b03f5f7f11d50a3a_6.1.7600.16385_none_b690c3b

76150e9e8\Microsoft.Build.Utilities.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 36864 c:\windows\winsxs\msil_microsoft.build.framework_b03f5f7f11d50a3a_6.1.7600.16385_none_974f760

03fe1a51a\Microsoft.Build.Framework.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 40960 c:\windows\winsxs\msil_jsc_b03f5f7f11d50a3a_6.1.7600.16385_none_7c5b469993c3ad32\jsc.exe

+ 2009-07-13 20:46 . 2009-06-10 21:22 77824 c:\windows\winsxs\msil_iehost_b03f5f7f11d50a3a_6.1.7600.16385_none_52e0df7cc45bdbe4\IEHost.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 13312 c:\windows\winsxs\msil_cscompmgd_b03f5f7f11d50a3a_6.1.7600.16385_none_ed1eb8fd6654bbd7\cscompmgd.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 10752 c:\windows\winsxs\msil_accessibility_b03f5f7f11d50a3a_6.1.7600.16385_none_2232298e4f48d6ba\Accessibility.dll

+ 2009-06-10 21:41 . 2009-06-10 21:41 94784 c:\windows\twain.dll

+ 2009-07-13 20:29 . 2009-06-10 21:42 13312 c:\windows\System32\win87em.dll

+ 2010-03-11 17:26 . 2010-09-03 16:09 50662 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 04:55 . 2010-09-03 16:09 50216 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2006-07-24 18:50 . 2006-07-24 18:50 47920 c:\windows\System32\VBAME.DLL

+ 1998-06-18 08:00 . 1998-06-18 08:00 89360 c:\windows\System32\VB5DB.dll

+ 2009-06-10 21:41 . 2009-06-10 21:41 19216 c:\windows\System32\tapi.dll

+ 2009-07-13 20:29 . 2009-06-10 21:42 18896 c:\windows\System32\sysedit.exe

+ 2008-11-25 06:31 . 2008-11-25 06:31 65888 c:\windows\System32\sqlctr90.dll

+ 2009-04-28 12:37 . 2009-04-28 12:37 28672 c:\windows\System32\SPCtl.dll

+ 2006-07-24 18:50 . 2006-07-24 18:50 39728 c:\windows\System32\SCP32.DLL

+ 2009-07-13 20:29 . 2009-06-10 21:42 46592 c:\windows\System32\pmspl.dll

+ 2009-07-13 20:29 . 2009-06-10 21:42 82944 c:\windows\System32\olecli.dll

+ 2003-04-18 05:29 . 2003-04-18 05:29 82432 c:\windows\System32\msxml4r.dll

+ 2009-06-10 21:22 . 2009-06-10 21:22 61168 c:\windows\System32\msacm.dll

+ 2008-12-03 10:05 . 2008-12-03 10:05 20480 c:\windows\System32\hpzisn12.dll

+ 2008-12-03 10:05 . 2008-12-03 10:05 29696 c:\windows\System32\hpzipt12.dll

+ 2008-12-03 10:05 . 2008-12-03 10:05 33792 c:\windows\System32\HPZipr12.dll

+ 2008-12-03 10:05 . 2008-12-03 10:05 53760 c:\windows\System32\HPZipm12.dll

+ 2008-12-03 10:05 . 2008-12-03 10:05 44544 c:\windows\System32\HPZinw12.dll

+ 2008-12-03 10:05 . 2008-12-03 10:05 49152 c:\windows\System32\HPZidr12.dll

+ 2008-03-04 11:44 . 2008-03-04 11:44 39936 c:\windows\System32\hpbpro.dll

+ 2008-03-04 11:45 . 2008-03-04 11:45 25600 c:\windows\System32\hpboid.dll

+ 2008-03-04 11:44 . 2008-03-04 11:44 24576 c:\windows\System32\hpbmiapi.dll

+ 2009-06-10 21:19 . 2009-06-10 21:19 40552 c:\windows\System32\gatherNetworkInfo.vbs

+ 2006-10-26 22:10 . 2006-10-26 22:10 33088 c:\windows\System32\FM20ENU.DLL

+ 2006-10-30 12:32 . 2006-10-30 12:32 16200 c:\windows\System32\en-US\BCMMS32.Resources.dll

+ 2009-06-10 21:42 . 2009-06-10 21:42 69886 c:\windows\System32\edit.com

+ 2009-07-02 22:55 . 2009-07-02 22:55 49152 c:\windows\System32\EBLib.DLL

+ 2009-06-10 21:20 . 2009-07-13 22:09 21504 c:\windows\System32\DriverStore\FileRepository\smartcrd.inf_x86_neutral_63e72c669d043f14\scmstcs.sys

+ 2009-06-10 21:20 . 2009-07-13 22:09 31232 c:\windows\System32\DriverStore\FileRepository\smartcrd.inf_x86_neutral_63e72c669d043f14\grserial.sys

+ 2009-06-10 21:20 . 2009-07-13 22:09 20608 c:\windows\System32\DriverStore\FileRepository\smartcrd.inf_x86_neutral_63e72c669d043f14\cmbp0wdm.sys

+ 2009-06-10 21:20 . 2009-07-14 01:19 40016 c:\windows\System32\DriverStore\FileRepository\sisraid2.inf_x86_neutral_845e008c32615283\sisraid2.sys

+ 2009-06-10 21:18 . 2009-07-13 22:02 44032 c:\windows\System32\DriverStore\FileRepository\netvfx86.inf_x86_neutral_325ccb4cde393e5d\fetnd6.sys

+ 2009-06-10 21:18 . 2009-07-13 22:02 43008 c:\windows\System32\DriverStore\FileRepository\netrtl32.inf_x86_neutral_79fee35a46b8dacd\Rtnicxp.sys

+ 2009-06-10 21:17 . 2009-07-13 22:02 29184 c:\windows\System32\DriverStore\FileRepository\netl260x.inf_x86_neutral_30b3156b81adc0bb\l260x86.sys

+ 2009-06-20 02:10 . 2009-07-13 22:02 47104 c:\windows\System32\DriverStore\FileRepository\netl1e86.inf_x86_neutral_a34f2431367128ea\L1E62x86.sys

+ 2009-06-10 21:17 . 2009-07-13 22:02 50688 c:\windows\System32\DriverStore\FileRepository\netl1c86.inf_x86_neutral_49e2658f4a72e53f\L1C62x86.sys

+ 2009-06-25 02:15 . 2009-07-13 22:02 47104 c:\windows\System32\DriverStore\FileRepository\netl160x.inf_x86_neutral_cef6a4c5e38079d6\l160x86.sys

+ 2009-06-10 21:18 . 2009-07-13 22:02 48128 c:\windows\System32\DriverStore\FileRepository\netgb6.inf_x86_neutral_437f729e64df024b\SiSGB6.sys

+ 2009-06-10 21:17 . 2009-07-13 22:02 56320 c:\windows\System32\DriverStore\FileRepository\netbxndx.inf_x86_neutral_94ba965704caa228\bxnd60x.sys

+ 2009-06-10 21:19 . 2009-07-14 01:20 30800 c:\windows\System32\DriverStore\FileRepository\megasas.inf_x86_neutral_395276dd9b7a7448\megasas.sys

+ 2009-03-28 02:10 . 2009-03-28 02:10 14336 c:\windows\System32\DriverStore\FileRepository\lsimdv32.inf_x86_neutral_18c3e30de03644c7\agrsmsvc.exe

+ 2009-03-28 02:12 . 2009-03-28 02:12 13824 c:\windows\System32\DriverStore\FileRepository\lsimdv32.inf_x86_neutral_18c3e30de03644c7\agrscoin.dll

+ 2009-07-02 22:55 . 2009-07-02 22:55 36208 c:\windows\System32\DriverStore\FileRepository\lpcfilter.inf_x86_neutral_8ee63da4ef47fc78\LPCFilter.sys

+ 2009-06-10 21:16 . 2009-07-13 22:54 28800 c:\windows\System32\DriverStore\FileRepository\hcw72bda.inf_x86_neutral_8c31e8d2dc91b975\hcw72ADFilter.sys

+ 2009-06-10 21:20 . 2009-07-14 01:20 70720 c:\windows\System32\DriverStore\FileRepository\djsvs.inf_x86_neutral_836a3a3240941631\djsvs.sys

+ 2009-06-10 21:18 . 2009-07-14 01:15 28672 c:\windows\System32\DriverStore\FileRepository\divacx86.inf_x86_neutral_d9558f410186db36\diapi232.dll

+ 2009-06-10 21:18 . 2009-07-13 22:02 52224 c:\windows\System32\DriverStore\FileRepository\dc21x4vm.inf_x86_neutral_8887242a56ee027e\dc21x4vm.sys

+ 2009-06-10 21:16 . 2009-07-13 22:54 99584 c:\windows\System32\DriverStore\FileRepository\cxfalpal_ibv32.inf_x86_neutral_809fe20c75cbdcae\cxfalcon_IBV32.sys

+ 2009-06-10 21:16 . 2009-07-13 22:54 99584 c:\windows\System32\DriverStore\FileRepository\cxfalcon_ibv32.inf_x86_neutral_01ff517b4c863eb6\cxfalcon_IBV32.sys

+ 2009-06-10 21:18 . 2009-06-10 21:18 18852 c:\windows\System32\DriverStore\FileRepository\avmisdnc.inf_x86_neutral_e8031e434b323b61\avmc20.dll

+ 2009-06-10 21:19 . 2009-07-14 01:26 79952 c:\windows\System32\DriverStore\FileRepository\amdsata.inf_x86_neutral_fa9a4835d180b5fc\amdsata.sys

+ 2009-06-20 03:31 . 2009-06-20 03:31 12920 c:\windows\System32\drivers\TVALZFL.sys

+ 2009-07-13 20:34 . 2009-07-14 01:19 17472 c:\windows\System32\drivers\spldr.sys

+ 2009-06-10 21:20 . 2009-07-14 01:19 40016 c:\windows\System32\drivers\sisraid2.sys

+ 2009-06-10 21:19 . 2009-07-14 01:20 30800 c:\windows\System32\drivers\megasas.sys

+ 2009-07-02 22:55 . 2009-07-02 22:55 36208 c:\windows\System32\drivers\LPCFilter.sys

+ 2009-06-10 21:20 . 2009-07-14 01:20 70720 c:\windows\System32\drivers\djsvs.sys

+ 2009-06-10 21:19 . 2009-07-14 01:26 79952 c:\windows\System32\drivers\amdsata.sys

+ 2009-07-13 20:29 . 2009-06-10 21:42 27200 c:\windows\System32\ctl3dv2.dll

+ 2010-03-11 17:36 . 2010-09-03 16:07 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-03-11 17:36 . 2010-08-30 19:26 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-03-11 17:36 . 2010-08-30 19:26 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-03-11 17:36 . 2010-09-03 16:07 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:41 . 2010-09-03 16:07 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:41 . 2010-08-30 19:26 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-06-10 21:16 . 2009-06-10 21:16 61440 c:\windows\System32\com\comempty.dat

+ 2006-10-30 12:33 . 2006-10-30 12:33 95048 c:\windows\System32\BCMMS32.DLL

+ 2009-03-28 02:12 . 2009-03-28 02:12 13824 c:\windows\System32\agrscoin.dll

+ 2009-07-13 20:29 . 2009-06-10 21:42 82944 c:\windows\system\olecli.dll

+ 2005-08-26 05:28 . 2005-08-26 05:28 24576 c:\windows\shortcut.exe

- 2010-03-11 10:18 . 2010-08-30 19:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-03-11 10:18 . 2010-09-03 16:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-03-11 10:18 . 2010-09-03 16:09 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-03-11 10:18 . 2010-08-30 19:25 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-03-11 10:18 . 2010-08-30 19:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-03-11 10:18 . 2010-09-03 16:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-03-11 01:06 . 2010-08-30 19:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-03-11 01:06 . 2010-09-03 16:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-03-11 10:20 . 2010-09-03 16:10 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat

- 2010-03-11 10:20 . 2010-08-30 19:08 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat

+ 2010-03-11 10:20 . 2010-09-03 16:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat

- 2010-03-11 10:20 . 2010-08-30 19:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat

- 2010-03-11 10:20 . 2010-08-30 19:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat

+ 2010-03-11 10:20 . 2010-09-03 16:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat

- 2010-03-11 01:06 . 2010-08-30 19:25 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-03-11 01:06 . 2010-09-03 16:10 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-03-11 01:06 . 2010-09-03 16:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-03-11 01:06 . 2010-08-30 19:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-13 20:46 . 2009-06-10 21:23 54144 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 91984 c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 13648 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

+ 2009-07-13 20:46 . 2009-06-10 21:23 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

+ 2009-07-13 20:46 . 2009-06-10 21:23 85336 c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 21320 c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 97608 c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe

+ 2009-07-13 20:46 . 2009-06-10 21:23 16192 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 66384 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

+ 2009-07-13 20:46 . 2009-06-10 21:23 15696 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 74064 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 90960 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 43344 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 80192 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe

+ 2009-07-13 20:46 . 2009-06-10 21:23 95056 c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe

+ 2009-07-13 20:46 . 2009-06-10 21:22 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 61776 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe

+ 2009-07-13 20:46 . 2009-06-10 21:22 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 15680 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 33096 c:\windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe

+ 2009-07-13 20:46 . 2009-06-10 21:22 59720 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 32064 c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

+ 2009-07-13 20:46 . 2009-06-10 21:22 69120 c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 23872 c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 77112 c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe

+ 2009-07-13 20:46 . 2009-06-10 21:22 86856 c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe

+ 2009-07-13 20:46 . 2009-06-10 21:22 31064 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

+ 2009-07-13 20:46 . 2009-06-10 21:22 30040 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe

+ 2009-07-13 20:46 . 2009-06-10 21:22 24576 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe

+ 2009-07-13 20:46 . 2009-06-10 21:22 81232 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 30552 c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 14168 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 18776 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe

+ 2009-07-13 20:46 . 2009-06-10 21:22 55632 c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe

+ 2009-07-13 20:46 . 2009-06-10 21:22 95560 c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 13648 c:\windows\Microsoft.NET\Framework\SharedReg12.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 13648 c:\windows\Microsoft.NET\Framework\sbscmp10.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 11104 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 11080 c:\windows\Microsoft.NET\Framework\sbs_VsaVb7rt.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 11112 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 11088 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 11120 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 11096 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 11096 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 11096 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 11656 c:\windows\Microsoft.NET\Framework\sbs_microsoft.vsa.vb.codedomprocessor.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 11112 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 11088 c:\windows\Microsoft.NET\Framework\sbs_iehost.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 11104 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 79688 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe

+ 2009-06-24 05:45 . 2009-06-24 05:45 53248 c:\windows\Installer\22d78.msi

+ 2006-10-30 12:32 . 2006-10-30 12:32 43848 c:\windows\Installer\$PatchCache$\Managed\9504C23BA7E6FE14DA0265FD81279B32\3.0.5828\wizardresources.dll

+ 2006-10-30 12:33 . 2006-10-30 12:33 60320 c:\windows\Installer\$PatchCache$\Managed\9504C23BA7E6FE14DA0265FD81279B32\3.0.5828\bcmuser.exe

+ 2006-10-30 12:33 . 2006-10-30 12:33 56264 c:\windows\Installer\$PatchCache$\Managed\9504C23BA7E6FE14DA0265FD81279B32\3.0.5828\bcmsqlnetprot.exe

+ 2006-10-30 12:33 . 2006-10-30 12:33 52192 c:\windows\Installer\$PatchCache$\Managed\9504C23BA7E6FE14DA0265FD81279B32\3.0.5828\bcmfirewall.exe

+ 2005-11-23 17:22 . 2005-11-23 17:22 89792 c:\windows\Installer\$PatchCache$\Managed\90404A0900063D11C8EF10054038389C\11.0.8003\OSE.EXE

+ 2006-07-24 18:50 . 2006-07-24 18:50 47920 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\VBAME.DLL

+ 2009-04-02 20:02 . 2009-04-02 20:02 14720 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\SMARTTAGINSTALL.EXE

+ 2009-03-06 13:04 . 2009-03-06 13:04 33152 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\SETLANG.EXE

+ 2009-03-06 12:04 . 2009-03-06 12:04 39464 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\REFIEBAR.DLL

+ 2008-11-04 11:29 . 2008-11-04 11:29 39248 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\REFEDIT.DLL

+ 2009-04-02 20:02 . 2009-04-02 20:02 45968 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\OSETUPPS.DLL

+ 2008-10-24 21:18 . 2008-10-24 21:18 72568 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONFILTER.DLL

+ 2008-10-24 21:18 . 2008-10-24 21:18 98696 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONENOTEM.EXE

+ 2009-04-02 20:02 . 2009-04-02 20:02 15760 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\OMUOPTINPS.DLL

+ 2009-03-06 12:23 . 2009-03-06 12:23 22432 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\OISCTRL.DLL

+ 2008-11-04 10:02 . 2008-11-04 10:02 54744 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\OFFRHD.DLL

+ 2009-03-06 12:04 . 2009-03-06 12:04 64872 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\NAME.DLL

+ 2009-04-02 20:01 . 2009-04-02 20:01 42864 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\MSSH.DLL

+ 2009-04-04 02:46 . 2009-04-04 02:46 34200 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\MSOSTYLE.DLL

+ 2008-11-10 18:50 . 2008-11-10 18:50 68472 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\MSOHTMED.EXE

+ 2008-11-10 18:50 . 2008-11-10 18:50 76664 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\MSOHEV.DLL

+ 2008-11-10 19:38 . 2008-11-10 19:38 27000 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\MSOEURO.DLL

+ 2008-11-04 07:39 . 2008-11-04 07:39 14728 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\MSOCFU.DLL

+ 2009-04-02 20:01 . 2009-04-02 20:01 18816 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\MSMH.DLL

+ 2006-07-24 18:50 . 2006-07-24 18:50 92976 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\MSADDNDR.DLL

+ 2008-10-25 14:18 . 2008-10-25 14:18 89464 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\METCONV.DLL

+ 2009-04-02 20:01 . 2009-04-02 20:01 56680 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\EXP_XPS.DLL

+ 2009-04-04 02:46 . 2009-04-04 02:46 97640 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\EXP_PDF.DLL

+ 2008-10-25 14:18 . 2008-10-25 14:18 54152 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\AUTHZAX.DLL

+ 2009-03-06 10:48 . 2009-03-06 10:48 55152 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ACERCLR.DLL

+ 2008-10-25 13:31 . 2008-10-25 13:31 15224 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ACEODTXT.DLL

+ 2008-10-25 13:31 . 2008-10-25 13:31 15224 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ACEODPDX.DLL

+ 2008-10-25 13:31 . 2008-10-25 13:31 15224 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ACEODEXL.DLL

+ 2008-10-25 13:31 . 2008-10-25 13:31 15224 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ACEODDBS.DLL

+ 2009-03-06 10:47 . 2009-03-06 10:47 47008 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ACEERR.DLL

+ 2006-10-26 10:17 . 2006-10-26 10:17 11072 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\XLCALL32.DLL

+ 2006-10-26 10:13 . 2006-10-26 10:13 72472 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\XL12CNVP.DLL

+ 2006-10-27 04:11 . 2006-10-27 04:11 21264 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\WRD12EXE.EXE

+ 2006-10-26 10:17 . 2006-10-26 10:17 12096 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\WORDPOL.DLL

+ 2006-10-27 06:58 . 2006-10-27 06:58 33080 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\VPREVIEW.EXE

+ 2006-10-26 08:59 . 2006-10-26 08:59 12080 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\VBIDEPOL.DLL

+ 2006-10-26 08:59 . 2006-10-26 08:59 64288 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\VBIDEPIA.DLL

+ 2006-10-26 03:04 . 2006-10-26 03:04 76624 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\TWSTRUCT.DLL

+ 2006-10-26 03:04 . 2006-10-26 03:04 19784 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\TWRECS.DLL

+ 2006-10-26 03:04 . 2006-10-26 03:04 51008 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\TWRECE.DLL

+ 2006-10-26 03:04 . 2006-10-26 03:04 27456 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\TWORIENT.DLL

+ 2006-10-26 03:04 . 2006-10-26 03:04 58168 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\TWLAY32.DLL

+ 2006-10-26 03:05 . 2006-10-26 03:05 86840 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\TWCUTLIN.DLL

+ 2006-10-26 03:04 . 2006-10-26 03:04 29976 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\THOCRAPI.DLL

+ 2006-10-26 08:59 . 2006-10-26 08:59 15672 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\SMARTTAGINSTALL.EXE

+ 2006-10-26 08:49 . 2006-10-26 08:49 34104 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\SETLANG.EXE

+ 2006-10-26 03:04 . 2006-10-26 03:04 19784 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\REVERSE.DLL

+ 2006-10-26 10:13 . 2006-10-26 10:13 38168 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\REFEDIT.DLL

+ 2006-10-26 03:05 . 2006-10-26 03:05 77144 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\PSOM.DLL

+ 2006-10-26 10:07 . 2006-10-26 10:07 12112 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\PPTPOL.DLL

+ 2006-10-26 08:59 . 2006-10-26 08:59 46936 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OSETUPPS.DLL

+ 2006-10-26 09:24 . 2006-10-26 09:24 72504 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONFILTER.DLL

+ 2006-10-26 09:24 . 2006-10-26 09:24 98632 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONENOTEM.EXE

+ 2006-10-26 09:00 . 2006-10-26 09:00 23392 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OISCTRL.DLL

+ 2006-10-27 04:11 . 2006-10-27 04:11 54680 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OFFRHD.DLL

+ 2006-10-26 08:59 . 2006-10-26 08:59 11544 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OFFICEPL.DLL

+ 2006-10-26 09:12 . 2006-10-26 09:12 16192 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\NPOFF12.DLL

+ 2006-10-26 09:12 . 2006-10-26 09:12 65824 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\NAME.DLL

+ 2006-10-26 09:00 . 2006-10-26 09:00 12104 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSTAGPOL.DLL

+ 2006-10-26 08:59 . 2006-10-26 08:59 20280 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSTAGPIA.DLL

+ 2006-10-26 08:59 . 2006-10-26 08:59 43832 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSSH.DLL

+ 2006-10-27 04:26 . 2006-10-27 04:26 35152 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSOSTYLE.DLL

+ 2006-10-26 08:56 . 2006-10-26 08:56 67408 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSONPUI.DLL

+ 2006-10-26 08:56 . 2006-10-26 08:56 33104 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSONPPPR.DLL

+ 2006-10-26 08:56 . 2006-10-26 08:56 32592 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSONPMON.DLL

+ 2006-10-26 09:12 . 2006-10-26 09:12 67896 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSOHTMED.EXE

+ 2006-10-27 04:01 . 2006-10-27 04:01 76088 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSOHEV.DLL

+ 2006-10-26 10:13 . 2006-10-26 10:13 26936 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSOEURO.DLL

+ 2006-10-26 08:48 . 2006-10-26 08:48 14664 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSOCFU.DLL

+ 2006-10-26 08:59 . 2006-10-26 08:59 19768 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSMH.DLL

+ 2006-10-26 09:02 . 2006-10-26 09:02 12096 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\GRAPHPOL.DLL

+ 2006-10-26 03:04 . 2006-10-26 03:04 75576 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\FORM.DLL

+ 2006-10-26 10:17 . 2006-10-26 10:17 12096 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\EXCELPOL.DLL

+ 2006-10-26 09:12 . 2006-10-26 09:12 53576 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\AUTHZAX.DLL

+ 2006-10-26 09:13 . 2006-10-26 09:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEODTXT.DLL

+ 2006-10-26 09:13 . 2006-10-26 09:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEODPDX.DLL

+ 2006-10-26 09:13 . 2006-10-26 09:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEODEXL.DLL

+ 2006-10-26 09:13 . 2006-10-26 09:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEODDBS.DLL

+ 2006-10-27 04:00 . 2006-10-27 04:00 47976 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEERR.DLL

+ 2009-04-02 22:23 . 2009-04-02 22:23 10104 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\XLCALL32.DLL

+ 2009-04-04 02:01 . 2009-04-04 02:01 71504 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\XL12CNVP.DLL

+ 2009-04-04 01:57 . 2009-04-04 01:57 21320 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\WRD12EXE.EXE

+ 2009-03-05 01:24 . 2009-03-05 01:24 54088 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\SCANOST.EXE

+ 2009-03-05 01:24 . 2009-03-05 01:24 75608 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\RM.DLL

+ 2009-03-05 01:24 . 2009-03-05 01:24 38240 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\RECALL.DLL

+ 2009-01-07 05:31 . 2009-01-07 05:31 48512 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\PUBTRAP.DLL

+ 2009-03-05 01:24 . 2009-03-05 01:24 52072 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\OUTLVBA.DLL

+ 2008-11-25 06:32 . 2008-11-25 06:32 46928 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\OUTLRPC.DLL

+ 2008-10-31 05:24 . 2008-10-31 05:24 21368 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\MLSHEXT.DLL

+ 2009-03-05 01:24 . 2009-03-05 01:24 34192 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\DUMPSTER.DLL

+ 2009-03-05 01:24 . 2009-03-05 01:24 87392 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\DLGSETP.DLL

+ 2006-10-27 05:17 . 2006-10-27 05:17 11072 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\XLCALL32.DLL

+ 2006-10-27 05:13 . 2006-10-27 05:13 72472 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\XL12CNVP.DLL

+ 2006-10-27 23:11 . 2006-10-27 23:11 21264 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\WRD12EXE.EXE

+ 2006-10-27 06:58 . 2006-10-27 06:58 33080 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\VPREVIEW.EXE

+ 2006-10-27 03:59 . 2006-10-27 03:59 15672 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\SMARTTAGINSTALL.EXE

+ 2006-10-27 03:49 . 2006-10-27 03:49 34104 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\SETLANG.EXE

+ 2006-10-27 04:55 . 2006-10-27 04:55 55056 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\SCANOST.EXE

+ 2006-10-27 04:55 . 2006-10-27 04:55 76576 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\RM.DLL

+ 2006-10-27 04:12 . 2006-10-27 04:12 40424 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\REFIEBAR.DLL

+ 2006-10-27 05:13 . 2006-10-27 05:13 38168 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\REFEDIT.DLL

+ 2006-10-27 04:55 . 2006-10-27 04:55 39208 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\RECALL.DLL

+ 2006-10-27 04:09 . 2006-10-27 04:09 48448 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\PUBTRAP.DLL

+ 2006-10-27 04:55 . 2006-10-27 04:55 53048 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\OUTLVBA.DLL

+ 2006-10-27 23:16 . 2006-10-27 23:16 46864 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\OUTLRPC.DLL

+ 2006-10-27 23:16 . 2006-10-27 23:16 31000 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\OUTLACCT.DLL

+ 2006-10-27 03:59 . 2006-10-27 03:59 46936 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\OSETUPPS.DLL

+ 2006-10-27 03:59 . 2006-10-27 03:59 16728 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\OMUOPTINPS.DLL

+ 2006-10-27 04:00 . 2006-10-27 04:00 23392 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\OISCTRL.DLL

+ 2006-10-27 23:11 . 2006-10-27 23:11 54680 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\OFFRHD.DLL

+ 2006-10-27 04:12 . 2006-10-27 04:12 16192 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\NPOFF12.DLL

+ 2006-10-27 04:12 . 2006-10-27 04:12 65824 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\NAME.DLL

+ 2006-10-27 03:59 . 2006-10-27 03:59 43832 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\MSSH.DLL

+ 2006-10-27 23:26 . 2006-10-27 23:26 35152 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\MSOSTYLE.DLL

+ 2006-10-27 03:52 . 2006-10-27 03:52 66368 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\MSOMSE.DLL

+ 2006-10-27 04:12 . 2006-10-27 04:12 67896 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\MSOHTMED.EXE

+ 2006-10-27 23:01 . 2006-10-27 23:01 76088 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\MSOHEV.DLL

+ 2006-10-27 05:13 . 2006-10-27 05:13 26936 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\MSOEURO.DLL

+ 2006-10-27 03:48 . 2006-10-27 03:48 14664 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\MSOCFU.DLL

+ 2006-10-27 03:59 . 2006-10-27 03:59 19768 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\MSMH.DLL

+ 2006-10-27 03:52 . 2006-10-27 03:52 48424 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\MSE7.EXE

+ 2006-10-27 05:18 . 2006-10-27 05:18 66880 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\MSAEXP30.DLL

+ 2006-10-27 04:55 . 2006-10-27 04:55 21312 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\MLSHEXT.DLL

+ 2006-10-27 04:12 . 2006-10-27 04:12 89400 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\METCONV.DLL

+ 2006-10-27 04:55 . 2006-10-27 04:55 35160 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\DUMPSTER.DLL

+ 2006-10-27 04:55 . 2006-10-27 04:55 87344 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\DLGSETP.DLL

+ 2006-10-27 05:30 . 2006-10-27 05:30 65312 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\COLLIMP.DLL

+ 2006-10-27 04:12 . 2006-10-27 04:12 53576 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\AUTHZAX.DLL

+ 2006-10-27 04:13 . 2006-10-27 04:13 56120 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\ACERCLR.DLL

+ 2006-10-27 04:13 . 2006-10-27 04:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\ACEODTXT.DLL

+ 2006-10-27 04:13 . 2006-10-27 04:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\ACEODPDX.DLL

+ 2006-10-27 04:13 . 2006-10-27 04:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\ACEODEXL.DLL

+ 2006-10-27 04:13 . 2006-10-27 04:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\ACEODDBS.DLL

+ 2006-10-27 23:00 . 2006-10-27 23:00 47976 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\ACEERR.DLL

+ 2006-10-27 05:18 . 2006-10-27 05:18 94016 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\ACCOLK.DLL

+ 2006-10-27 05:17 . 2006-10-27 05:17 12096 c:\windows\Installer\$PatchCache$\Managed\00002105501100000000000000F01FEC\12.0.4518\WORDPOL.DLL

+ 2006-10-27 03:59 . 2006-10-27 03:59 12080 c:\windows\Installer\$PatchCache$\Managed\00002105501100000000000000F01FEC\12.0.4518\VBIDEPOL.DLL

+ 2006-10-27 03:59 . 2006-10-27 03:59 64288 c:\windows\Installer\$PatchCache$\Managed\00002105501100000000000000F01FEC\12.0.4518\VBIDEPIA.DLL

+ 2006-10-27 05:07 . 2006-10-27 05:07 12112 c:\windows\Installer\$PatchCache$\Managed\00002105501100000000000000F01FEC\12.0.4518\PPTPOL.DLL

+ 2006-10-27 03:59 . 2006-10-27 03:59 11544 c:\windows\Installer\$PatchCache$\Managed\00002105501100000000000000F01FEC\12.0.4518\OFFICEPL.DLL

+ 2006-10-27 04:00 . 2006-10-27 04:00 12104 c:\windows\Installer\$PatchCache$\Managed\00002105501100000000000000F01FEC\12.0.4518\MSTAGPOL.DLL

+ 2006-10-27 03:59 . 2006-10-27 03:59 20280 c:\windows\Installer\$PatchCache$\Managed\00002105501100000000000000F01FEC\12.0.4518\MSTAGPIA.DLL

+ 2006-10-27 04:02 . 2006-10-27 04:02 12096 c:\windows\Installer\$PatchCache$\Managed\00002105501100000000000000F01FEC\12.0.4518\GRAPHPOL.DLL

+ 2006-10-27 05:17 . 2006-10-27 05:17 12096 c:\windows\Installer\$PatchCache$\Managed\00002105501100000000000000F01FEC\12.0.4518\EXCELPOL.DLL

+ 2007-10-16 01:29 . 2007-10-16 01:29 40960 c:\windows\hpmonZ.exe

+ 2008-01-14 07:47 . 2008-01-14 07:47 99712 c:\windows\HPBroker.dll

+ 2005-08-26 05:27 . 2005-08-26 05:27 45056 c:\windows\devenum.exe

+ 2009-06-10 21:15 . 2009-06-10 21:15 12288 c:\windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2009-06-10 21:38 . 2009-06-10 21:38 3983 c:\windows\winsxs\x86_microsoft-windows-rascmak_31bf3856ad364e35_6.1.7600.16385_none_1062b6b4da087467\quarchk.cmd

+ 2009-07-13 20:29 . 2009-06-10 21:42 9008 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d\ver.dll

+ 2009-07-13 20:29 . 2009-06-10 21:42 9936 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d\lzexpand.dll

+ 2009-07-13 20:29 . 2009-06-10 21:42 9008 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system_31bf3856ad364e35_6.1.7600.16385_none_20246c0c81526e58\ver.dll

+ 2009-07-13 20:29 . 2009-06-10 21:42 9936 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system_31bf3856ad364e35_6.1.7600.16385_none_20246c0c81526e58\lzexpand.dll

+ 2009-06-10 21:17 . 2009-06-10 21:17 4656 c:\windows\winsxs\x86_microsoft-windows-m..r-setup-thunking-16_31bf3856ad364e35_6.1.7600.16385_none_1717ba562e61bc7c\ds16gt.dLL

+ 2009-06-10 21:14 . 2009-06-10 21:14 4096 c:\windows\winsxs\x86_microsoft-windows-b..onment-dvd-etfsboot_31bf3856ad364e35_6.1.7600.16385_none_82523ed4cbbd035a\etfsboot.com

+ 2009-07-13 20:46 . 2009-06-10 21:23 7168 c:\windows\winsxs\msil_microsoft_vsavb_b03f5f7f11d50a3a_6.1.7600.16385_none_3b8492f78a3b9c97\Microsoft_VsaVb.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 5632 c:\windows\winsxs\msil_microsoft.visualc_b03f5f7f11d50a3a_6.1.7600.16385_none_5979280b6e249d9

1\Microsoft.VisualC.Dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 6656 c:\windows\winsxs\msil_iiehost_b03f5f7f11d50a3a_6.1.7600.16385_none_56100bff47b890a3\IIEHost.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 8192 c:\windows\winsxs\msil_ieexecremote_b03f5f7f11d50a3a_6.1.7600.16385_none_c3f621f081831627\IEExecRemote.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 9728 c:\windows\winsxs\msil_ieexec_b03f5f7f11d50a3a_6.1.7600.16385_none_53678ee8c3f93f6b\IEExec.exe

+ 2009-07-13 20:46 . 2009-06-10 21:22 5120 c:\windows\winsxs\msil_dfsvc_b03f5f7f11d50a3a_6.1.7600.16385_none_3a54952b454a8916\dfsvc.exe

- 2010-03-12 01:55 . 2010-08-29 14:19 6908 c:\windows\System32\wdi\ERCQueuedResolutions.dat

+ 2010-03-12 01:55 . 2010-09-01 02:09 6908 c:\windows\System32\wdi\ERCQueuedResolutions.dat

+ 2010-07-08 00:45 . 2010-09-03 16:09 7858 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-469993106-387004547-705224218-1008_UserData.bin

+ 2009-07-13 20:29 . 2009-06-10 21:42 9008 c:\windows\System32\ver.dll

+ 2010-08-30 21:00 . 2010-08-30 21:00 9560 c:\windows\System32\NetworkList\Icons\{3C141E2F-A94F-40E9-8353-30DFBE26D4AA}_48.bin

+ 2010-08-30 21:00 . 2010-08-30 21:00 4280 c:\windows\System32\NetworkList\Icons\{3C141E2F-A94F-40E9-8353-30DFBE26D4AA}_32.bin

+ 2010-08-30 21:00 . 2010-08-30 21:00 2456 c:\windows\System32\NetworkList\Icons\{3C141E2F-A94F-40E9-8353-30DFBE26D4AA}_24.bin

+ 2009-07-13 20:29 . 2009-06-10 21:42 9936 c:\windows\System32\lzexpand.dll

+ 2008-03-04 11:44 . 2008-03-04 11:44 7680 c:\windows\System32\hpbprops.dll

+ 2008-03-04 11:45 . 2008-03-04 11:45 7680 c:\windows\System32\hpboidps.dll

+ 2009-06-10 21:17 . 2009-06-10 21:17 4656 c:\windows\System32\ds16gt.dLL

+ 2009-07-13 20:29 . 2009-06-10 21:42 9008 c:\windows\system\ver.dll

+ 2009-07-13 20:29 . 2009-06-10 21:42 9936 c:\windows\system\lzexpand.dll

+ 2010-09-03 16:07 . 2010-09-03 16:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2010-08-30 19:22 . 2010-08-30 19:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2010-08-30 19:22 . 2010-08-30 19:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2010-09-03 16:07 . 2010-09-03 16:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-07-13 20:46 . 2009-06-10 21:23 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 6656 c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe

+ 2009-07-13 20:46 . 2009-06-10 21:22 5120 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe

+ 2009-06-10 21:14 . 2009-06-10 21:14 4096 c:\windows\Boot\DVD\PCAT\etfsboot.com

+ 2009-07-13 20:46 . 2009-06-10 21:23 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 5120 c:\windows\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\dfsvc.exe

+ 2009-07-10 20:15 . 2009-07-10 20:15 306544 c:\windows\WLXPGSS.SCR

+ 2009-06-10 21:16 . 2009-07-13 22:54 157568 c:\windows\winsxs\x86_xcbdav.inf_31bf3856ad364e35_6.1.7600.16385_none_23239678b7db5032\xcbdaV.sys

+ 2009-06-10 21:20 . 2009-07-14 01:19 141904 c:\windows\winsxs\x86_vsmraid.inf_31bf3856ad364e35_6.1.7600.16385_none_f43e5343fbc88252\vsmraid.sys

+ 2009-07-13 20:46 . 2009-06-10 21:23 261632 c:\windows\winsxs\x86_system.transactions_b77a5c561934e089_6.1.7600.16385_none_e812023124da13

45\System.Transactions.dll

+ 2009-07-13 20:46 . 2009-07-13 20:46 113664 c:\windows\winsxs\x86_system.enterpriseservices_b03f5f7f11d50a3a_6.1.7600.16385_none_aa2ded88

6a639c17\System.EnterpriseServices.Wrapper.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 258048 c:\windows\winsxs\x86_system.enterpriseservices_b03f5f7f11d50a3a_6.1.7600.16385_none_aa2ded88

6a639c17\System.EnterpriseServices.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 486400 c:\windows\winsxs\x86_system.data.oracleclient_b77a5c561934e089_6.1.7600.16385_none_c7bd2a489

97441af\System.Data.OracleClient.dll

+ 2009-06-10 21:19 . 2009-07-14 01:20 142416 c:\windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

+ 2009-06-10 21:18 . 2009-07-13 22:02 148992 c:\windows\winsxs\x86_netxe32.inf_31bf3856ad364e35_6.1.7600.16385_none_3195038809335afd\ixe6032.sys

+ 2009-06-10 21:18 . 2009-07-13 22:02 139776 c:\windows\winsxs\x86_netrtx32.inf_31bf3856ad364e35_6.1.7600.16385_none_c50aafcfbe93af94\Rt86win7.sys

+ 2009-06-10 21:18 . 2009-07-13 22:02 545792 c:\windows\winsxs\x86_netr73.inf_31bf3856ad364e35_6.1.7600.16385_none_6a4ab05f3ea08241\netr73.sys

+ 2009-06-10 21:18 . 2009-07-13 22:02 657408 c:\windows\winsxs\x86_netr28u.inf_31bf3856ad364e35_6.1.7600.16385_none_125dfdaeef4a9c84\netr28u.sys

+ 2009-06-10 21:18 . 2009-07-13 22:02 530944 c:\windows\winsxs\x86_netr28.inf_31bf3856ad364e35_6.1.7600.16385_none_cc88d5e49ef83763\netr28.sys

+ 2009-06-10 21:18 . 2009-07-13 22:02 429056 c:\windows\winsxs\x86_netnvmx.inf_31bf3856ad364e35_6.1.7600.16385_none_467b2a7539c27c56\nvm60x32.sys

+ 2009-06-10 21:18 . 2009-07-13 22:02 347264 c:\windows\winsxs\x86_netnvm32.inf_31bf3856ad364e35_6.1.7600.16385_none_451b844e98bbe8c3\nvm62x32.sys

+ 2009-07-13 20:46 . 2009-06-10 21:23 388936 c:\windows\winsxs\x86_netfx-sos_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_e8770d60b724d0af\SOS.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 115536 c:\windows\winsxs\x86_netfx-shfusion_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_2f5fa0ee888ae42d\shfusion.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 140096 c:\windows\winsxs\x86_netfx-peverify_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_711dc6fb06230c92\peverify.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 229696 c:\windows\winsxs\x86_netfx-mscorsvc__dll_b03f5f7f11d50a3a_6.1.7600.16385_none_2f777190c055960d\mscorsvc.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 342352 c:\windows\winsxs\x86_netfx-mscorrc_res_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_c4ae794258959c84\mscorrc.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 110928 c:\windows\winsxs\x86_netfx-mscorpe_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_cc6b15b21883fa43\mscorpe.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 363856 c:\windows\winsxs\x86_netfx-mscorjit_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_93e3f833ed7b80cd\mscorjit.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 304976 c:\windows\winsxs\x86_netfx-mscordbi_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_44ad8fa318b9fa8b\mscordbi.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 995160 c:\windows\winsxs\x86_netfx-mscordacwks_b03f5f7f11d50a3a_6.1.7600.16385_none_ffa8c59fc32ff49a\mscordacwks.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 794976 c:\windows\winsxs\x86_netfx-eventlogmessages_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_a3ebab27af457126\EventLogMessages.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 572760 c:\windows\winsxs\x86_netfx-debugging_msdia70_b03f5f7f11d50a3a_6.1.7600.16385_none_a5658c87d101b1b3\diasymreader.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 102216 c:\windows\winsxs\x86_netfx-clrgc_b03f5f7f11d50a3a_6.1.7600.16385_none_f5526262b556abc0\clrgc.exe

+ 2009-07-13 20:46 . 2009-06-10 21:22 227656 c:\windows\winsxs\x86_netfx-clr_ilasm_exe_b03f5f7f11d50a3a_6.1.7600.16385_none_d797745a4a1a7c82\ilasm.exe

+ 2009-07-13 20:46 . 2009-06-10 21:22 144712 c:\windows\winsxs\x86_netfx-ado_net_diag_b03f5f7f11d50a3a_6.1.7600.16385_none_41e26933a436d37d\AdoNetDiag.dll

+ 2009-06-10 21:17 . 2009-07-13 22:02 430080 c:\windows\winsxs\x86_netbvbdx.inf_31bf3856ad364e35_6.1.7600.16385_none_aa6a9305c377b511\bxvbdx.sys

+ 2009-06-10 21:18 . 2009-07-13 22:02 359424 c:\windows\winsxs\x86_net8187se86.inf_31bf3856ad364e35_6.1.7600.16385_none_af12632ccf817687\RTL8187Se.sys

+ 2009-06-10 21:18 . 2009-07-13 22:02 347136 c:\windows\winsxs\x86_net8187bv32.inf_31bf3856ad364e35_6.1.7600.16385_none_7ae4bde1f72fe924\RTL8187B.sys

+ 2009-06-10 21:18 . 2009-07-13 22:02 311808 c:\windows\winsxs\x86_net8185.inf_31bf3856ad364e35_6.1.7600.16385_none_6f88ca7e4992dffb\RTL85n86.sys

+ 2009-07-13 20:46 . 2009-06-10 21:23 632656 c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b

5\msvcr80.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 554816 c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b

5\msvcp80.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 479232 c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b

5\msvcm80.dll

+ 2009-07-13 20:34 . 2009-07-14 01:06 126976 c:\windows\winsxs\x86_microsoft.powershel..ershell.composition_31bf3856ad364e35_6.1.7600.1638

5_none_5e46c1a00c8aa367\CompiledComposition.Microsoft.PowerShell.GPowerShell.dll

+ 2009-06-10 21:16 . 2009-06-10 21:16 516096 c:\windows\winsxs\x86_microsoft.ink_31bf3856ad364e35_1.7.7600.16385_none_c87c51e0123d40da\Microsoft.Ink.dll

+ 2009-06-10 21:16 . 2009-06-10 21:16 356352 c:\windows\winsxs\x86_microsoft.ink_31bf3856ad364e35_1.0.7600.16385_none_3d42499fe3144d49\Microsoft.Ink.dll

+ 2009-06-10 21:21 . 2009-06-10 21:21 126912 c:\windows\winsxs\x86_microsoft-windows-video-for-windows16_31bf3856ad364e35_6.1.7600.16385_none_5fd0557cd88ef5bd\msvideo.dll

+ 2009-06-10 21:21 . 2009-06-10 21:21 126912 c:\windows\winsxs\x86_microsoft-windows-v..or-windows16-system_31bf3856ad364e35_6.1.7600.16385_none_175bd3942a0bc225\msvideo.dll

+ 2009-06-10 21:38 . 2009-06-10 21:38 113629 c:\windows\winsxs\x86_microsoft-windows-security-spp-tools_31bf3856ad364e35_6.1.7600.16385_none_456f9c422073f3b7\slmgr.vbs

+ 2009-06-10 21:30 . 2009-07-13 20:34 405504 c:\windows\winsxs\x86_microsoft-windows-s..ive-blackbox-driver_31bf3856ad364e35_6.1.7600.16385_none_0948d857092a4b6c\spsys.sys

+ 2009-07-13 20:29 . 2009-06-10 21:42 256192 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d\winhelp.exe

+ 2009-07-13 20:29 . 2009-06-10 21:42 108464 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d\netapi.dll

+ 2009-07-13 20:29 . 2009-06-10 21:42 221600 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d\lanman.drv

+ 2009-06-10 21:41 . 2009-07-14 01:15 970240 c:\windows\winsxs\x86_microsoft-windows-msmpeg2adec_31bf3856ad364e35_6.1.7600.16385_none_91b0a94518ab5271\msmpeg2adec.dll

+ 2009-06-10 21:26 . 2009-06-10 21:26 673088 c:\windows\winsxs\x86_microsoft-windows-mlang_31bf3856ad364e35_6.1.7600.16385_none_56b5a19c4551e3b0\mlang.dat

+ 2009-06-10 21:13 . 2009-07-14 01:15 610304 c:\windows\winsxs\x86_microsoft-windows-m..s-components-jetdao_31bf3856ad364e35_6.1.7600.16385_none_7b8c1dc4ef873d90\dao360.dll

+ 2009-06-10 21:16 . 2009-07-14 01:16 180800 c:\windows\winsxs\x86_microsoft-windows-m..nents-mdac-sqlunirl_31bf3856ad364e35_6.1.7600.16385_none_3bed0e7fdd8193ca\sqlunirl.dll

+ 2009-06-10 21:18 . 2009-07-14 01:15 120320 c:\windows\winsxs\x86_microsoft-windows-indeo4-codecs_31bf3856ad364e35_6.1.7600.16385_none_3ba474acb8a82ef6\ir41_qcx.dll

+ 2009-06-10 21:18 . 2009-07-14 01:15 120320 c:\windows\winsxs\x86_microsoft-windows-indeo4-codecs_31bf3856ad364e35_6.1.7600.16385_none_3ba474acb8a82ef6\ir41_qc.dll

+ 2009-06-10 21:14 . 2009-06-10 21:14 355832 c:\windows\winsxs\x86_microsoft-windows-ie-pdm_31bf3856ad364e35_8.0.7600.16385_none_08068807c0e177da\pdm.dll

+ 2009-06-10 21:13 . 2009-07-14 01:15 445952 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_8.0.7600.16385_none_1622b3b244141a27\ieapfltr.dll

+ 2009-07-13 20:44 . 2009-06-10 21:15 254216 c:\windows\winsxs\x86_microsoft-windows-identitycrl_31bf3856ad364e35_6.1.7600.16385_none_51642a0e9fb20494\ppcrlui.dll

+ 2009-06-10 21:39 . 2009-06-10 21:39 313208 c:\windows\winsxs\x86_microsoft-windows-e..mcewmdrmndbootstrap_31bf3856ad364e35_6.1.7600.16385_none_331bca3c12e6d91e\MCEWMDRMNDBootstrap.dll

+ 2009-06-10 21:34 . 2009-06-10 21:34 215943 c:\windows\winsxs\x86_microsoft-windows-dssec_31bf3856ad364e35_6.1.7600.16385_none_5a3c2da65ddb680f\dssec.dat

+ 2009-06-10 21:25 . 2009-06-10 21:25 177856 c:\windows\winsxs\x86_microsoft-windows-com-legacyole_31bf3856ad364e35_6.1.7600.16385_none_3ef1fb2b3399cda4\typelib.dll

+ 2009-06-10 21:19 . 2009-07-14 01:20 332352 c:\windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

+ 2009-06-10 21:19 . 2009-07-14 01:20 453712 c:\windows\winsxs\x86_elxstor.inf_31bf3856ad364e35_6.1.7600.16385_none_ac63ce9f12a65929\elxstor.sys

+ 2009-07-13 20:46 . 2009-06-10 21:22 106496 c:\windows\winsxs\x86_caspol_b03f5f7f11d50a3a_6.1.7600.16385_none_405dfa65ac2b545d\CasPol.exe

+ 2009-06-10 21:15 . 2009-07-13 22:54 253824 c:\windows\winsxs\x86_averhbh826_noaverir.inf_31bf3856ad364e35_6.1.7600.16385_none_aebbbbc610

5ed43d\AVerFx2hbtv.sys

+ 2009-06-10 21:15 . 2009-07-13 22:54 253824 c:\windows\winsxs\x86_averfx2swtv_noavin.inf_31bf3856ad364e35_6.1.7600.16385_none_0195b977d61

c4ffa\AVerFx2hbtv.sys

+ 2009-06-10 21:15 . 2009-07-13 22:54 253824 c:\windows\winsxs\x86_averfx2swtv.inf_31bf3856ad364e35_6.1.7600.16385_none_404da64a4d4aeb7c\AVerFx2hbtv.sys

+ 2009-06-10 21:15 . 2009-07-13 22:54 253824 c:\windows\winsxs\x86_averfx2hbtv.inf_31bf3856ad364e35_6.1.7600.16385_none_dbf34d434e20e60e\AVerFx2hbtv.sys

+ 2009-06-10 21:15 . 2009-07-13 22:54 253824 c:\windows\winsxs\x86_averfx2h826d_noaverir.inf_31bf3856ad364e35_6.1.7600.16385_none_d83bdb42

ac169b0d\AVerFx2hbtv.sys

+ 2009-06-10 21:15 . 2009-07-13 22:54 377472 c:\windows\winsxs\x86_atiriolh.inf_31bf3856ad364e35_6.1.7600.16385_none_67b09ffd01f7b71c\atinavrr.sys

+ 2009-07-13 20:46 . 2009-06-10 21:22 106496 c:\windows\winsxs\x86_aspnet_regsql_b03f5f7f11d50a3a_6.1.7600.16385_none_2461659e78807255\aspnet_regsql.exe

+ 2009-06-10 21:16 . 2009-07-13 22:54 393472 c:\windows\winsxs\x86_angelusb.inf_31bf3856ad364e35_6.1.7600.16385_none_d40505709390382b\AngelUsb.sys

+ 2009-06-10 21:16 . 2009-07-13 22:54 370816 c:\windows\winsxs\x86_angel2.inf_31bf3856ad364e35_6.1.7600.16385_none_7efccfe261ae9ded\Angel2.sys

+ 2009-06-10 21:16 . 2009-07-13 22:54 370816 c:\windows\winsxs\x86_angel.inf_31bf3856ad364e35_6.1.7600.16385_none_bec1ffea4e349df5\Angel.sys

+ 2009-06-10 21:20 . 2009-07-14 01:26 159312 c:\windows\winsxs\x86_amdsbs.inf_31bf3856ad364e35_6.1.7600.16385_none_65738ca67673cb3a\amdsbs.sys

+ 2009-06-10 21:15 . 2009-07-13 22:54 199168 c:\windows\winsxs\x86_af9035bda.inf_31bf3856ad364e35_6.1.7600.16385_none_07be4f4780dba30f\AF9035BDA.sys

+ 2009-06-10 21:19 . 2009-07-14 01:26 422976 c:\windows\winsxs\x86_adp94xx.inf_31bf3856ad364e35_6.1.7600.16385_none_01c7863b127773b6\adp94xx.sys

+ 2009-07-13 20:46 . 2009-06-10 21:23 835584 c:\windows\winsxs\msil_system.web.mobile_b03f5f7f11d50a3a_6.1.7600.16385_none_ac77bab68c65711

9\System.Web.Mobile.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 114688 c:\windows\winsxs\msil_system.serviceprocess_b03f5f7f11d50a3a_6.1.7600.16385_none_2985296a38e

0e8e5\System.ServiceProcess.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 258048 c:\windows\winsxs\msil_system.security_b03f5f7f11d50a3a_6.1.7600.16385_none_708e5d028a8d3dbd\System.Security.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 131072 c:\windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.163

85_none_1c9a3ec1e01c684b\System.Runtime.Serialization.Formatters.Soap.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 303104 c:\windows\winsxs\msil_system.runtime.remoting_b77a5c561934e089_6.1.7600.16385_none_9a1bbbf10

17eb46c\System.Runtime.Remoting.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 258048 c:\windows\winsxs\msil_system.messaging_b03f5f7f11d50a3a_6.1.7600.16385_none_0239959bdfee12d9\System.Messaging.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 372736 c:\windows\winsxs\msil_system.management_b03f5f7f11d50a3a_6.1.7600.16385_none_f3bcbffac8b8606

2\System.Management.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 626688 c:\windows\winsxs\msil_system.drawing_b03f5f7f11d50a3a_6.1.7600.16385_none_641a7f26ad20a17f\System.Drawing.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 401408 c:\windows\winsxs\msil_system.directoryservices_b03f5f7f11d50a3a_6.1.7600.16385_none_2b25936f

edbeb29c\System.DirectoryServices.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 188416 c:\windows\winsxs\msil_system.directoryservices.protocols_b03f5f7f11d50a3a_6.1.7600.16385_non

e_83a19ecc10aa89e7\System.DirectoryServices.Protocols.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 970752 c:\windows\winsxs\msil_system.deployment_b03f5f7f11d50a3a_6.1.7600.16385_none_34825b1fed3d4be

2\System.Deployment.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 745472 c:\windows\winsxs\msil_system.data.sqlxml_b77a5c561934e089_6.1.7600.16385_none_05ff88d6614be0

44\System.Data.SqlXml.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 425984 c:\windows\winsxs\msil_system.configuration_b03f5f7f11d50a3a_6.1.7600.16385_none_ffabb95ef307

c795\System.configuration.dll

Link to post
Share on other sites

PT 3

+ 2009-07-13 20:46 . 2009-06-10 21:23 110592 c:\windows\winsxs\msil_sysglobl_b03f5f7f11d50a3a_6.1.7600.16385_none_a96733044673a6a5\sysglobl.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 610304 c:\windows\winsxs\msil_microsoft.visualbasic_b03f5f7f11d50a3a_6.1.7600.16385_none_8214d266bd8

142fc\Microsoft.VisualBasic.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 372736 c:\windows\winsxs\msil_microsoft.visualbasic.compatibility_b03f5f7f11d50a3a_6.1.7600.16385_no

ne_c1ebf9f551855ae4\Microsoft.VisualBasic.Compatibility.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 110592 c:\windows\winsxs\msil_microsoft.visualbasic.compatibility.data_b03f5f7f11d50a3a_6.1.7600.163

85_none_33c3c607d91c26f6\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 749568 c:\windows\winsxs\msil_microsoft.jscript_b03f5f7f11d50a3a_6.1.7600.16385_none_a6b44d3a3f5b37c

7\Microsoft.JScript.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 655360 c:\windows\winsxs\msil_microsoft.build.tasks_b03f5f7f11d50a3a_6.1.7600.16385_none_71e86b49497

b3bdc\Microsoft.Build.Tasks.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 348160 c:\windows\winsxs\msil_microsoft.build.engine_b03f5f7f11d50a3a_6.1.7600.16385_none_0d285a74ca

ccf196\Microsoft.Build.Engine.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 507904 c:\windows\winsxs\msil_aspnetmmcext_b03f5f7f11d50a3a_6.1.7600.16385_none_54ffde5552ddf5e9\AspNetMMCExt.dll

+ 2009-07-13 20:29 . 2009-06-10 21:42 256192 c:\windows\winhelp.exe

+ 2005-08-26 05:28 . 2005-08-26 05:28 143360 c:\windows\unzip.exe

+ 2009-07-13 20:34 . 2009-07-14 01:06 126976 c:\windows\System32\WindowsPowerShell\v1.0\CompiledComposition.Microsoft.PowerShell.GPowerShell.dll

+ 2010-04-17 08:09 . 2010-08-31 12:48 184936 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin

+ 2010-03-11 17:57 . 2010-09-02 15:04 284186 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2009-06-10 21:25 . 2009-06-10 21:25 177856 c:\windows\System32\typelib.dll

+ 2009-06-10 21:16 . 2009-07-14 01:16 180800 c:\windows\System32\sqlunirl.dll

+ 2009-06-10 21:38 . 2009-06-10 21:38 113629 c:\windows\System32\slmgr.vbs

- 2009-07-14 02:05 . 2010-08-30 19:27 715962 c:\windows\System32\perfh009.dat

+ 2009-07-14 02:05 . 2010-09-01 15:00 715962 c:\windows\System32\perfh009.dat

- 2009-07-14 02:05 . 2010-08-30 19:27 143800 c:\windows\System32\perfc009.dat

+ 2009-07-14 02:05 . 2010-09-01 15:00 143800 c:\windows\System32\perfc009.dat

+ 2009-07-13 20:29 . 2009-06-10 21:42 108464 c:\windows\System32\netapi.dll

+ 2009-06-10 21:21 . 2009-06-10 21:21 126912 c:\windows\System32\msvideo.dll

+ 2006-07-24 18:50 . 2006-07-24 18:50 125744 c:\windows\System32\MSSTDFMT.DLL

+ 2009-06-10 21:41 . 2009-07-14 01:15 970240 c:\windows\System32\msmpeg2adec.dll

+ 2009-06-10 21:26 . 2009-06-10 21:26 673088 c:\windows\System32\mlang.dat

+ 2009-06-10 21:39 . 2009-06-10 21:39 313208 c:\windows\System32\MCEWMDRMNDBootstrap.dll

+ 2009-07-13 20:29 . 2009-06-10 21:42 221600 c:\windows\System32\lanman.drv

+ 2009-06-10 21:18 . 2009-07-14 01:15 120320 c:\windows\System32\ir41_qcx.dll

+ 2009-06-10 21:18 . 2009-07-14 01:15 120320 c:\windows\System32\ir41_qc.dll

+ 2009-06-10 21:13 . 2009-07-14 01:15 445952 c:\windows\System32\ieapfltr.dll

+ 2007-04-24 00:33 . 2007-04-24 00:33 114688 c:\windows\System32\hplbdchn.dll

+ 2009-06-10 21:16 . 2009-07-13 22:54 157568 c:\windows\System32\DriverStore\FileRepository\xcbdav.inf_x86_neutral_8e8664e62708b91f\xcbdaV.sys

+ 2009-06-10 21:20 . 2009-07-14 01:19 141904 c:\windows\System32\DriverStore\FileRepository\vsmraid.inf_x86_neutral_be11b7aaa746e92d\vsmraid.sys

+ 2009-06-10 21:19 . 2009-07-14 01:20 142416 c:\windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys

+ 2009-06-10 21:18 . 2009-07-13 22:02 148992 c:\windows\System32\DriverStore\FileRepository\netxe32.inf_x86_neutral_2d971e2b4a578e3d\ixe6032.sys

+ 2009-06-10 21:18 . 2009-07-13 22:02 139776 c:\windows\System32\DriverStore\FileRepository\netrtx32.inf_x86_neutral_aa92429bfa083dca\Rt86win7.sys

+ 2009-06-10 21:18 . 2009-07-13 22:02 545792 c:\windows\System32\DriverStore\FileRepository\netr73.inf_x86_neutral_d8d856fa32ab7ec2\netr73.sys

+ 2009-06-10 21:18 . 2009-07-13 22:02 657408 c:\windows\System32\DriverStore\FileRepository\netr28u.inf_x86_neutral_b42b25ec42f762c2\netr28u.sys

+ 2009-06-10 21:18 . 2009-07-13 22:02 530944 c:\windows\System32\DriverStore\FileRepository\netr28.inf_x86_neutral_980e8922b9be3562\netr28.sys

+ 2009-06-10 21:18 . 2009-07-13 22:02 429056 c:\windows\System32\DriverStore\FileRepository\netnvmx.inf_x86_neutral_7af3f06863f3b983\nvm60x32.sys

+ 2009-06-10 21:18 . 2009-07-13 22:02 347264 c:\windows\System32\DriverStore\FileRepository\netnvm32.inf_x86_neutral_163a5a97980bb89d\nvm62x32.sys

+ 2009-06-10 21:17 . 2009-07-13 22:02 430080 c:\windows\System32\DriverStore\FileRepository\netbvbdx.inf_x86_neutral_6d29499ebc7c7338\bxvbdx.sys

+ 2009-06-10 21:18 . 2009-07-13 22:02 359424 c:\windows\System32\DriverStore\FileRepository\net8187se86.inf_x86_neutral_dbc0aab1acd9c67e\RTL8187Se.sys

+ 2009-06-10 21:18 . 2009-07-13 22:02 347136 c:\windows\System32\DriverStore\FileRepository\net8187bv32.inf_x86_neutral_4133912759f4531a\RTL8187B.sys

+ 2009-06-10 21:18 . 2009-07-13 22:02 311808 c:\windows\System32\DriverStore\FileRepository\net8185.inf_x86_neutral_20a13cfe2956ed8a\RTL85n86.sys

+ 2008-08-22 00:28 . 2008-08-22 00:28 333824 c:\windows\System32\DriverStore\FileRepository\ips_ka_toshiba87se.inf_x86_neutral_28a1bfb9076c2195\RTL8187Se.sys

+ 2009-06-10 21:19 . 2009-07-14 01:20 332352 c:\windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys

+ 2009-06-10 21:19 . 2009-07-14 01:20 453712 c:\windows\System32\DriverStore\FileRepository\elxstor.inf_x86_neutral_4263942b9dfe9077\elxstor.sys

+ 2009-06-10 21:15 . 2009-07-13 22:54 253824 c:\windows\System32\DriverStore\FileRepository\averhbh826_noaverir.inf_x86_neutral_620e8a01977ecb40\AVerFx2hbtv.sys

+ 2009-06-10 21:15 . 2009-07-13 22:54 253824 c:\windows\System32\DriverStore\FileRepository\averfx2swtv_noavin.inf_x86_neutral_622d8263ea46770a\AVerFx2hbtv.sys

+ 2009-06-10 21:15 . 2009-07-13 22:54 253824 c:\windows\System32\DriverStore\FileRepository\averfx2swtv.inf_x86_neutral_c099b789396c5410\AVerFx2hbtv.sys

+ 2009-06-10 21:15 . 2009-07-13 22:54 253824 c:\windows\System32\DriverStore\FileRepository\averfx2hbtv.inf_x86_neutral_30c25b3574f8bcf5\AVerFx2hbtv.sys

+ 2009-06-10 21:15 . 2009-07-13 22:54 253824 c:\windows\System32\DriverStore\FileRepository\averfx2h826d_noaverir.inf_x86_neutral_4663ffee9c09b012\AVerFx2hbtv.sys

+ 2009-06-10 21:15 . 2009-07-13 22:54 377472 c:\windows\System32\DriverStore\FileRepository\atiriolh.inf_x86_neutral_cdb610d99bcbc631\atinavrr.sys

+ 2009-06-10 21:16 . 2009-07-13 22:54 393472 c:\windows\System32\DriverStore\FileRepository\angelusb.inf_x86_neutral_7bfd84ec2b59623e\AngelUsb.sys

+ 2009-06-10 21:16 . 2009-07-13 22:54 370816 c:\windows\System32\DriverStore\FileRepository\angel2.inf_x86_neutral_6a809c9c7f9c8486\Angel2.sys

+ 2009-06-10 21:16 . 2009-07-13 22:54 370816 c:\windows\System32\DriverStore\FileRepository\angel.inf_x86_neutral_8bb84b2b92dfa947\Angel.sys

+ 2009-06-10 21:20 . 2009-07-14 01:26 159312 c:\windows\System32\DriverStore\FileRepository\amdsbs.inf_x86_neutral_5cae6933bef20aa8\amdsbs.sys

+ 2009-06-10 21:15 . 2009-07-13 22:54 199168 c:\windows\System32\DriverStore\FileRepository\af9035bda.inf_x86_neutral_aa11aa34552d1d4d\AF9035BDA.sys

+ 2009-06-10 21:19 . 2009-07-14 01:26 422976 c:\windows\System32\DriverStore\FileRepository\adp94xx.inf_x86_neutral_4928c8870f6a1577\adp94xx.sys

+ 2009-06-10 21:20 . 2009-07-14 01:19 141904 c:\windows\System32\drivers\vsmraid.sys

+ 2009-06-10 21:30 . 2009-07-13 20:34 405504 c:\windows\System32\drivers\spsys.sys

+ 2008-08-22 00:28 . 2008-08-22 00:28 333824 c:\windows\System32\drivers\RTL8187Se.sys

+ 2009-06-10 21:19 . 2009-07-14 01:20 142416 c:\windows\System32\drivers\nvstor.sys

+ 2009-06-10 21:19 . 2009-07-14 01:20 332352 c:\windows\System32\drivers\iaStorV.sys

+ 2009-06-10 21:19 . 2009-07-14 01:20 453712 c:\windows\System32\drivers\elxstor.sys

+ 2009-06-10 21:17 . 2009-07-13 22:02 430080 c:\windows\System32\drivers\bxvbdx.sys

+ 2009-06-10 21:20 . 2009-07-14 01:26 159312 c:\windows\System32\drivers\amdsbs.sys

+ 2009-06-10 21:19 . 2009-07-14 01:26 422976 c:\windows\System32\drivers\adp94xx.sys

+ 2008-07-22 08:33 . 2008-07-22 08:33 287256 c:\windows\System32\AbaleZip.dll

+ 2009-06-10 21:21 . 2009-06-10 21:21 126912 c:\windows\system\msvideo.dll

- 2009-07-14 04:47 . 2010-08-30 19:21 421164 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 04:47 . 2010-09-01 22:54 421164 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-13 20:46 . 2009-06-10 21:23 835584 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 261632 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 303104 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll

+ 2009-07-13 20:46 . 2009-07-13 20:46 113664 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 626688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 401408 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 970752 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 745472 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 486400 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 425984 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 115536 c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 140096 c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 229696 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 342352 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 110928 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 304976 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 995160 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 610304 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 749568 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 655360 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 348160 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 227656 c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe

+ 2009-07-13 20:46 . 2009-06-10 21:22 794976 c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 572760 c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe

+ 2009-07-13 20:46 . 2009-06-10 21:22 507904 c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe

+ 2009-07-13 20:46 . 2009-06-10 21:22 144712 c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll

+ 2008-08-28 06:00 . 2008-08-28 06:00 822784 c:\windows\Installer\9e28a.msi

+ 2009-05-14 15:41 . 2009-05-14 15:41 340480 c:\windows\Installer\9c258d.msi

+ 2008-08-01 21:00 . 2008-08-01 21:00 330240 c:\windows\Installer\9c2588.msi

+ 2008-08-01 21:00 . 2008-08-01 21:00 360960 c:\windows\Installer\9c257d.msi

+ 2008-08-01 21:00 . 2008-08-01 21:00 330752 c:\windows\Installer\9c2578.msi

+ 2008-08-01 21:00 . 2008-08-01 21:00 224256 c:\windows\Installer\9c2573.msi

+ 2009-01-20 22:58 . 2009-01-20 22:58 282624 c:\windows\Installer\9c24e5.msi

+ 2009-05-26 07:53 . 2009-05-26 07:53 579072 c:\windows\Installer\6d2d37.msp

+ 2008-03-20 09:56 . 2008-03-20 09:56 507392 c:\windows\Installer\4ac322.msi

+ 2008-03-20 09:55 . 2008-03-20 09:55 506368 c:\windows\Installer\4ac31c.msi

+ 2008-03-20 09:54 . 2008-03-20 09:54 506880 c:\windows\Installer\4ac316.msi

+ 2008-08-31 19:35 . 2008-08-31 19:35 240128 c:\windows\Installer\4aa75.msi

+ 2009-05-27 01:12 . 2009-05-27 01:12 556544 c:\windows\Installer\30feaa.msp

+ 2006-03-15 19:40 . 2006-03-15 19:40 643072 c:\windows\Installer\2301c.msi

+ 2009-07-05 19:29 . 2009-07-05 19:29 240128 c:\windows\Installer\22d4e.msi

+ 2008-10-29 20:00 . 2008-10-29 20:00 330752 c:\windows\Installer\22d3f.msi

+ 2009-02-07 02:23 . 2009-02-07 02:23 932864 c:\windows\Installer\22d3a.msi

+ 2009-02-07 01:25 . 2009-02-07 01:25 964608 c:\windows\Installer\22d35.msi

+ 2009-07-12 17:16 . 2009-07-12 17:16 223232 c:\windows\Installer\165a62a.msi

+ 2007-02-06 19:07 . 2007-02-06 19:07 823808 c:\windows\Installer\12c4a.msi

+ 2008-08-08 22:11 . 2008-08-08 22:11 232960 c:\windows\Installer\111b0.msi

+ 2006-10-30 12:33 . 2006-10-30 12:33 269192 c:\windows\Installer\$PatchCache$\Managed\9504C23BA7E6FE14DA0265FD81279B32\3.0.5828\wizard.exe

+ 2006-10-30 12:33 . 2006-10-30 12:33 117128 c:\windows\Installer\$PatchCache$\Managed\9504C23BA7E6FE14DA0265FD81279B32\3.0.5828\setup.exe

+ 2006-10-30 12:33 . 2006-10-30 12:33 142152 c:\windows\Installer\$PatchCache$\Managed\9504C23BA7E6FE14DA0265FD81279B32\3.0.5828\Iris.Mapi.MessageStore.dll

+ 2006-11-01 15:32 . 2006-11-01 15:32 527184 c:\windows\Installer\$PatchCache$\Managed\9504C23BA7E6FE14DA0265FD81279B32\3.0.5828\bcmres.resources.dll

+ 2006-10-30 12:33 . 2006-10-30 12:33 203592 c:\windows\Installer\$PatchCache$\Managed\9504C23BA7E6FE14DA0265FD81279B32\3.0.5828\BcmImportUtility.exe

+ 2006-10-30 12:33 . 2006-10-30 12:33 280392 c:\windows\Installer\$PatchCache$\Managed\9504C23BA7E6FE14DA0265FD81279B32\3.0.5828\bcmhistoryaddin.dll

+ 2006-10-30 12:33 . 2006-10-30 12:33 300872 c:\windows\Installer\$PatchCache$\Managed\9504C23BA7E6FE14DA0265FD81279B32\3.0.5828\BCMCommon.dll

+ 2006-10-30 12:33 . 2006-10-30 12:33 113480 c:\windows\Installer\$PatchCache$\Managed\9504C23BA7E6FE14DA0265FD81279B32\3.0.5828\ActXmlSourceAdapter.dll

+ 2006-10-30 12:33 . 2006-10-30 12:33 117576 c:\windows\Installer\$PatchCache$\Managed\9504C23BA7E6FE14DA0265FD81279B32\3.0.5828\actsevensourceadapter.dll

+ 2005-05-04 08:06 . 2005-05-04 08:06 199408 c:\windows\Installer\$PatchCache$\Managed\90404A0900063D11C8EF10054038389C\11.0.8173\MSMDUN80.DLL

+ 2005-05-04 08:06 . 2005-05-04 08:06 465640 c:\windows\Installer\$PatchCache$\Managed\90404A0900063D11C8EF10054038389C\11.0.8173\MSDMENG.DLL

+ 2005-03-17 21:40 . 2005-03-17 21:40 231616 c:\windows\Installer\$PatchCache$\Managed\90404A0900063D11C8EF10054038389C\11.0.8003\MSCDM.DLL

+ 2005-04-19 23:42 . 2005-04-19 23:42 142528 c:\windows\Installer\$PatchCache$\Managed\90404A0900063D11C8EF10054038389C\11.0.8003\ATP.DLL

+ 2008-04-09 23:20 . 2008-04-09 23:20 638976 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA746454382090000000040\9.0.0\AdobeLinguistic.dll

+ 2007-02-26 09:01 . 2007-02-26 09:01 437160 c:\windows\Installer\$PatchCache$\Managed\000021599B0090400000000000F01FEC\12.0.6012\DWTRIG20.EXE

+ 2009-04-04 01:57 . 2009-04-04 01:57 509256 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\WRD12CVR.DLL

+ 2009-04-02 21:06 . 2009-04-02 21:06 439160 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\SETUP.EXE

+ 2008-10-25 14:19 . 2008-10-25 14:19 503688 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\SELFCERT.EXE

+ 2009-04-02 22:35 . 2009-04-02 22:35 368520 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\PPSLAX.DLL

+ 2008-10-26 13:42 . 2008-10-26 13:42 482656 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\PORTCONN.DLL

+ 2007-06-08 03:51 . 2007-06-08 03:51 465800 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\OUTLFLTR.DLL

+ 2008-10-24 20:52 . 2008-10-24 20:52 664968 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONBTTNOL.DLL

+ 2008-10-24 20:52 . 2008-10-24 20:52 604056 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONBTTNIE.DLL

+ 2008-11-04 09:24 . 2008-11-04 09:24 285576 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\OISGRAPH.DLL

+ 2008-11-04 09:24 . 2008-11-04 09:24 998784 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\OISAPP.DLL

+ 2008-11-04 09:24 . 2008-11-04 09:24 274808 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\OIS.EXE

+ 2008-03-19 14:27 . 2008-03-19 14:27 661536 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\OGALEGIT.DLL

+ 2009-04-02 21:06 . 2009-04-02 21:06 231848 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ODEPLOY.EXE

+ 2009-03-06 13:16 . 2009-03-06 13:16 538968 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\MSTORES.DLL

+ 2009-03-06 13:16 . 2009-03-06 13:16 144728 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\MSTORE.EXE

+ 2009-03-06 13:16 . 2009-03-06 13:16 832344 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\MSTORDB.EXE

+ 2006-07-24 18:50 . 2006-07-24 18:50 125744 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\MSSTDFMT.DLL

+ 2008-10-25 06:21 . 2008-10-25 06:21 505192 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\MSSOAP30.DLL

+ 2009-03-06 13:05 . 2009-03-06 13:05 671072 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\MSQRY32.EXE

+ 2008-11-21 07:42 . 2008-11-21 07:42 732504 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\MSPROOF6.DLL

+ 2008-10-25 06:50 . 2008-10-25 06:50 436584 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\MSORUN.DLL

+ 2009-03-06 12:04 . 2009-03-06 12:04 427848 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\MSODCW.DLL

+ 2009-03-06 11:31 . 2009-03-06 11:31 160616 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\MSOCF.DLL

+ 2008-11-04 12:13 . 2008-11-04 12:13 118128 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\MSCONV97.DLL

+ 2008-11-04 11:49 . 2008-11-04 11:49 829280 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\MEDCAT.DLL

+ 2009-04-02 20:01 . 2009-04-02 20:01 177520 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\IETAG.DLL

+ 2008-10-25 14:18 . 2008-10-25 14:18 172880 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\IEAWSDC.DLL

+ 2008-11-25 06:17 . 2008-11-25 06:17 983944 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\FPWEC.DLL

+ 2008-11-04 09:44 . 2008-11-04 09:44 435096 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\DWTRIG20.EXE

+ 2009-03-06 12:04 . 2009-03-06 12:04 105856 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\DSSM.EXE

+ 2008-11-21 08:02 . 2008-11-21 08:02 189816 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\CONTACTPICKER.DLL

+ 2008-11-04 11:47 . 2008-11-04 11:47 205680 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\CLVIEW.EXE

+ 2008-11-04 12:21 . 2008-11-04 12:21 400208 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\CDLMSO.DLL

+ 2009-03-06 10:48 . 2009-03-06 10:48 370608 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ACEXBE.DLL

+ 2009-03-06 10:48 . 2009-03-06 10:48 223152 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ACETXT.DLL

+ 2009-03-06 10:48 . 2009-03-06 10:48 550840 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ACEREP.DLL

+ 2009-03-06 10:48 . 2009-03-06 10:48 288688 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ACER3X.DLL

+ 2009-03-06 10:48 . 2009-03-06 10:48 255920 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ACER2X.DLL

+ 2009-03-06 10:48 . 2009-03-06 10:48 391096 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ACEPDE.DLL

+ 2009-03-06 10:48 . 2009-03-06 10:48 387000 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ACEOLEDB.DLL

+ 2009-03-06 10:48 . 2009-03-06 10:48 278912 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ACEODBC.DLL

+ 2009-03-06 10:48 . 2009-03-06 10:48 206776 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ACELTS.DLL

+ 2009-03-06 10:48 . 2009-03-06 10:48 628656 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ACEEXCL.DLL

+ 2009-03-06 10:48 . 2009-03-06 10:48 337832 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ACEEXCH.DLL

+ 2009-03-06 10:47 . 2009-03-06 10:47 190400 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ACEES.DLL

+ 2009-03-06 10:47 . 2009-03-06 10:47 575416 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ACEDAO.DLL

+ 2006-10-26 03:05 . 2006-10-26 03:05 530760 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\XPAGE3C.DLL

+ 2006-10-26 09:49 . 2006-10-26 09:49 509200 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\WRD12CVR.DLL

+ 2006-10-26 10:17 . 2006-10-26 10:17 781104 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\WORDPIA.DLL

+ 2006-10-27 04:23 . 2006-10-27 04:23 347432 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\WINWORD.EXE

+ 2006-10-26 03:05 . 2006-10-26 03:05 126784 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\TWCUTCHR.DLL

+ 2006-10-26 09:06 . 2006-10-26 09:06 439600 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\SETUP.EXE

+ 2006-10-26 09:13 . 2006-10-26 09:13 503624 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\SELFCERT.EXE

+ 2006-10-26 10:07 . 2006-10-26 10:07 248632 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\PPTPIA.DLL

+ 2006-10-26 10:07 . 2006-10-26 10:07 368968 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\PPSLAX.DLL

+ 2006-10-27 04:04 . 2006-10-27 04:04 465200 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\POWERPNT.EXE

+ 2006-10-26 10:30 . 2006-10-26 10:30 482088 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\PORTCONN.DLL

+ 2006-07-26 07:53 . 2006-07-26 07:53 459080 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OUTLFLTR.DLL

+ 2006-10-26 09:23 . 2006-10-26 09:23 782720 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONSYNCPC.DLL

+ 2006-10-27 04:39 . 2006-10-27 04:39 687432 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONBTTNOL.DLL

+ 2006-10-26 09:32 . 2006-10-26 09:32 604000 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONBTTNIE.DLL

+ 2006-10-26 09:00 . 2006-10-26 09:00 285008 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OISGRAPH.DLL

+ 2006-10-26 09:00 . 2006-10-26 09:00 998208 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OISAPP.DLL

+ 2006-10-26 09:00 . 2006-10-26 09:00 274744 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OIS.EXE

+ 2006-10-19 21:37 . 2006-10-19 21:37 637744 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OGALEGIT.DLL

+ 2006-10-26 09:00 . 2006-10-26 09:00 416544 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OFFICE.DLL

+ 2006-10-26 09:06 . 2006-10-26 09:06 232816 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ODEPLOY.EXE

+ 2006-10-26 08:55 . 2006-10-26 08:55 538904 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSTORES.DLL

+ 2006-10-26 08:55 . 2006-10-26 08:55 145688 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSTORE.EXE

+ 2006-10-26 08:55 . 2006-10-26 08:55 832800 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSTORDB.EXE

+ 2006-10-26 02:56 . 2006-10-26 02:56 505136 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSSOAP30.DLL

+ 2006-10-26 08:50 . 2006-10-26 08:50 672024 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSQRY32.EXE

+ 2006-10-26 03:47 . 2006-10-26 03:47 727840 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSPROOF6.DLL

+ 2006-10-26 02:56 . 2006-10-26 02:56 436520 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSORUN.DLL

+ 2006-10-26 08:56 . 2006-10-26 08:56 864080 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSONPDRV.DLL

+ 2006-10-26 09:12 . 2006-10-26 09:12 428816 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSODCW.DLL

+ 2006-10-27 03:59 . 2006-10-27 03:59 161080 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSOCF.DLL

+ 2006-10-26 02:58 . 2006-10-26 02:58 117552 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSCONV97.DLL

+ 2006-10-26 08:55 . 2006-10-26 08:55 828704 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MEDCAT.DLL

+ 2006-10-26 09:12 . 2006-10-26 09:12 173328 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\IEAWSDC.DLL

+ 2006-10-26 09:02 . 2006-10-26 09:02 150320 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\GRAPHPIA.DLL

+ 2006-10-27 04:09 . 2006-10-27 04:09 983376 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\FPWEC.DLL

+ 2006-10-26 08:48 . 2006-10-26 08:48 434528 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\DWTRIG20.EXE

+ 2006-10-26 09:12 . 2006-10-26 09:12 106824 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\DSSM.EXE

+ 2006-10-26 09:12 . 2006-10-26 09:12 189760 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\CONTACTPICKER.DLL

+ 2006-10-26 08:59 . 2006-10-26 08:59 205616 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\CLVIEW.EXE

+ 2006-10-27 04:41 . 2006-10-27 04:41 399640 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\CDLMSO.DLL

+ 2006-10-26 09:13 . 2006-10-26 09:13 371568 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEXBE.DLL

+ 2006-10-26 09:13 . 2006-10-26 09:13 826232 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEWDAT.DLL

+ 2006-10-26 09:13 . 2006-10-26 09:13 224104 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACETXT.DLL

+ 2006-10-26 09:13 . 2006-10-26 09:13 551800 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEREP.DLL

+ 2006-10-26 09:13 . 2006-10-26 09:13 289648 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACER3X.DLL

+ 2006-10-26 09:13 . 2006-10-26 09:13 260976 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACER2X.DLL

+ 2006-10-26 09:13 . 2006-10-26 09:13 392048 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEPDE.DLL

+ 2006-10-27 04:00 . 2006-10-27 04:00 387960 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEOLEDB.DLL

+ 2006-10-26 09:13 . 2006-10-26 09:13 279352 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEODBC.DLL

+ 2006-10-26 09:13 . 2006-10-26 09:13 207736 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACELTS.DLL

+ 2006-10-26 09:13 . 2006-10-26 09:13 629616 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEEXCL.DLL

+ 2006-10-26 09:13 . 2006-10-26 09:13 338800 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEEXCH.DLL

+ 2006-10-27 04:00 . 2006-10-27 04:00 191360 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEES.DLL

+ 2006-10-27 04:00 . 2006-10-27 04:00 576376 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACEDAO.DLL

+ 2009-04-04 02:11 . 2009-04-04 02:11 408424 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\WINWORD.EXE

+ 2009-03-05 01:24 . 2009-03-05 01:24 282032 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\SCNPST64.DLL

+ 2009-03-05 01:24 . 2009-03-05 01:24 273320 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\SCNPST32.DLL

+ 2009-03-06 10:06 . 2009-03-06 10:06 407904 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\RTFHTML.DLL

+ 2009-03-06 11:41 . 2009-03-06 11:41 589704 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\PUBCONV.DLL

+ 2009-01-08 18:59 . 2009-01-08 18:59 624520 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\PTXT9.DLL

+ 2009-03-05 01:24 . 2009-03-05 01:24 420696 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\PSTPRX32.DLL

+ 2008-10-25 14:21 . 2008-10-25 14:21 136072 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\PRTF9.DLL

+ 2009-04-04 02:04 . 2009-04-04 02:04 521064 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\POWERPNT.EXE

+ 2008-11-21 08:49 . 2008-11-21 08:49 169360 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\OUTLPH.DLL

+ 2009-03-06 10:05 . 2009-03-06 10:05 593288 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\OUTLMIME.DLL

+ 2008-10-31 05:24 . 2008-10-31 05:24 137552 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\OUTLCTL.DLL

+ 2009-03-06 12:55 . 2009-03-06 12:55 194448 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\OMSXP32.DLL

+ 2009-03-06 12:55 . 2009-03-06 12:55 661888 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\OMSMAIN.DLL

+ 2009-03-05 01:24 . 2009-03-05 01:24 253808 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\OLKFSTUB.DLL

+ 2008-11-04 08:04 . 2008-11-04 08:04 498072 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\MORPH9.DLL

+ 2009-03-05 01:24 . 2009-03-05 01:24 340304 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\MIMEDIR.DLL

+ 2009-03-05 01:24 . 2009-03-05 01:24 138072 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\IMPMAIL.DLL

+ 2008-11-21 08:48 . 2008-11-21 08:48 155016 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\ENVELOPE.DLL

+ 2008-11-21 08:48 . 2008-11-21 08:48 116600 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\EMABLT32.DLL

+ 2009-03-06 10:05 . 2009-03-06 10:05 127336 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\CONTAB32.DLL

+ 2006-10-27 04:49 . 2006-10-27 04:49 509200 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\WRD12CVR.DLL

+ 2006-10-27 23:23 . 2006-10-27 23:23 347432 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\WINWORD.EXE

+ 2006-07-28 23:21 . 2006-07-28 23:21 277320 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\SSGEN.DLL

+ 2006-10-27 05:18 . 2006-10-27 05:18 502608 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\SOA.DLL

+ 2006-10-27 04:06 . 2006-10-27 04:06 439600 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\SETUP.EXE

+ 2006-10-27 04:13 . 2006-10-27 04:13 503624 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\SELFCERT.EXE

+ 2006-10-27 04:55 . 2006-10-27 04:55 272744 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\SCNPST64.DLL

+ 2006-10-27 04:55 . 2006-10-27 04:55 263520 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\SCNPST32.DLL

+ 2006-10-27 23:16 . 2006-10-27 23:16 408880 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\RTFHTML.DLL

+ 2006-10-27 04:09 . 2006-10-27 04:09 590144 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\PUBCONV.DLL

+ 2006-10-27 23:04 . 2006-10-27 23:04 624456 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\PTXT9.DLL

+ 2006-10-27 04:55 . 2006-10-27 04:55 413472 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\PSTPRX32.DLL

+ 2006-10-27 04:09 . 2006-10-27 04:09 136008 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\PRTF9.DLL

+ 2006-10-27 05:07 . 2006-10-27 05:07 368968 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\PPSLAX.DLL

+ 2006-10-27 23:04 . 2006-10-27 23:04 465200 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\POWERPNT.EXE

+ 2006-10-27 05:30 . 2006-10-27 05:30 482088 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\PORTCONN.DLL

+ 2006-10-27 23:16 . 2006-10-27 23:16 176976 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\OUTLPH.DLL

+ 2006-10-27 23:16 . 2006-10-27 23:16 594256 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\OUTLMIME.DLL

+ 2006-07-27 02:53 . 2006-07-27 02:53 459080 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\OUTLFLTR.DLL

+ 2006-10-27 23:16 . 2006-10-27 23:16 138512 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\OUTLCTL.DLL

+ 2006-10-27 04:34 . 2006-10-27 04:34 192848 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\OMSXP32.DLL

+ 2006-10-27 04:34 . 2006-10-27 04:34 660792 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\OMSMAIN.DLL

+ 2006-10-27 04:55 . 2006-10-27 04:55 254776 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\OLKFSTUB.DLL

+ 2006-10-27 04:00 . 2006-10-27 04:00 285008 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\OISGRAPH.DLL

+ 2006-10-27 04:00 . 2006-10-27 04:00 998208 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\OISAPP.DLL

+ 2006-10-27 04:00 . 2006-10-27 04:00 274744 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\OIS.EXE

+ 2006-10-20 16:37 . 2006-10-20 16:37 637744 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\OGALEGIT.DLL

+ 2006-10-27 04:06 . 2006-10-27 04:06 232816 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\ODEPLOY.EXE

+ 2006-10-27 03:55 . 2006-10-27 03:55 538904 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\MSTORES.DLL

+ 2006-10-27 03:55 . 2006-10-27 03:55 145688 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\MSTORE.EXE

+ 2006-10-27 03:55 . 2006-10-27 03:55 832800 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\MSTORDB.EXE

+ 2006-10-26 21:56 . 2006-10-26 21:56 505136 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\MSSOAP30.DLL

+ 2006-10-27 03:50 . 2006-10-27 03:50 672024 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\MSQRY32.EXE

+ 2006-10-26 22:47 . 2006-10-26 22:47 727840 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\MSPROOF6.DLL

+ 2006-10-26 21:56 . 2006-10-26 21:56 436520 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\MSORUN.DLL

+ 2006-10-27 04:12 . 2006-10-27 04:12 428816 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\MSODCW.DLL

+ 2006-10-27 22:59 . 2006-10-27 22:59 161080 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\MSOCF.DLL

+ 2006-10-26 21:58 . 2006-10-26 21:58 117552 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\MSCONV97.DLL

+ 2006-10-26 21:58 . 2006-10-26 21:58 290576 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\MSCDM.DLL

+ 2006-10-27 23:04 . 2006-10-27 23:04 497504 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\MORPH9.DLL

+ 2006-10-27 03:52 . 2006-10-27 03:52 460616 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\MODHELP.DLL

+ 2006-10-27 04:55 . 2006-10-27 04:55 340248 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\MIMEDIR.DLL

+ 2006-10-27 03:55 . 2006-10-27 03:55 828704 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\MEDCAT.DLL

+ 2006-10-27 04:55 . 2006-10-27 04:55 138024 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\IMPMAIL.DLL

+ 2006-10-27 04:00 . 2006-10-27 04:00 178488 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\IETAG.DLL

+ 2006-10-27 04:12 . 2006-10-27 04:12 173328 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\IEAWSDC.DLL

+ 2006-10-27 23:09 . 2006-10-27 23:09 983376 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\FPWEC.DLL

+ 2006-10-27 04:55 . 2006-10-27 04:55 154960 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\ENVELOPE.DLL

+ 2006-10-27 04:55 . 2006-10-27 04:55 116544 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\EMABLT32.DLL

+ 2006-10-27 03:48 . 2006-10-27 03:48 434528 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\DWTRIG20.EXE

+ 2006-10-27 04:12 . 2006-10-27 04:12 106824 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\DSSM.EXE

+ 2006-10-27 04:12 . 2006-10-27 04:12 189760 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\CONTACTPICKER.DLL

+ 2006-10-27 23:16 . 2006-10-27 23:16 133936 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\CONTAB32.DLL

+ 2006-10-27 03:59 . 2006-10-27 03:59 205616 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\CLVIEW.EXE

+ 2006-10-27 23:41 . 2006-10-27 23:41 399640 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\CDLMSO.DLL

+ 2006-10-27 04:13 . 2006-10-27 04:13 371568 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\ACEXBE.DLL

+ 2006-10-27 23:40 . 2006-10-27 23:40 208760 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\ACEWSS.DLL

+ 2006-10-27 04:13 . 2006-10-27 04:13 826232 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\ACEWDAT.DLL

+ 2006-10-27 04:13 . 2006-10-27 04:13 224104 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\ACETXT.DLL

+ 2006-10-27 04:13 . 2006-10-27 04:13 551800 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\ACEREP.DLL

+ 2006-10-27 04:13 . 2006-10-27 04:13 289648 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\ACER3X.DLL

+ 2006-10-27 04:13 . 2006-10-27 04:13 260976 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\ACER2X.DLL

+ 2006-10-27 04:13 . 2006-10-27 04:13 392048 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\ACEPDE.DLL

+ 2006-10-27 23:00 . 2006-10-27 23:00 387960 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\ACEOLEDB.DLL

+ 2006-10-27 04:13 . 2006-10-27 04:13 279352 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\ACEODBC.DLL

+ 2006-10-27 04:13 . 2006-10-27 04:13 207736 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\ACELTS.DLL

+ 2006-10-27 04:13 . 2006-10-27 04:13 629616 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\ACEEXCL.DLL

+ 2006-10-27 04:13 . 2006-10-27 04:13 338800 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\ACEEXCH.DLL

+ 2006-10-27 23:00 . 2006-10-27 23:00 191360 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\ACEES.DLL

+ 2006-10-27 23:00 . 2006-10-27 23:00 576376 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\ACEDAO.DLL

+ 2006-10-27 05:18 . 2006-10-27 05:18 162616 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\ACCWIZ.DLL

+ 2006-10-27 23:00 . 2006-10-27 23:00 576376 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\ACACEDAO.DLL

+ 2006-10-27 05:17 . 2006-10-27 05:17 781104 c:\windows\Installer\$PatchCache$\Managed\00002105501100000000000000F01FEC\12.0.4518\WORDPIA.DLL

+ 2006-10-27 05:07 . 2006-10-27 05:07 248632 c:\windows\Installer\$PatchCache$\Managed\00002105501100000000000000F01FEC\12.0.4518\PPTPIA.DLL

+ 2006-10-27 04:00 . 2006-10-27 04:00 416544 c:\windows\Installer\$PatchCache$\Managed\00002105501100000000000000F01FEC\12.0.4518\OFFICE.DLL

+ 2006-10-27 04:02 . 2006-10-27 04:02 150320 c:\windows\Installer\$PatchCache$\Managed\00002105501100000000000000F01FEC\12.0.4518\GRAPHPIA.DLL

+ 2006-11-20 00:04 . 2006-11-20 00:04 117088 c:\windows\Downloaded Program Files\PURen-au.dll

+ 2009-04-20 07:23 . 2009-04-20 07:23 198280 c:\windows\Downloaded Program Files\HPISDataManager.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 610304 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2009-07-13 20:46 . 2009-07-13 20:46 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 5242880 c:\windows\winsxs\x86_system.web_b03f5f7f11d50a3a_6.1.7600.16385_none_cbaefa77d2cfd5e6\System.Web.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 2933248 c:\windows\winsxs\x86_system.data_b77a5c561934e089_6.1.7600.16385_none_691daed8707c6c98\System.Data.dll

+ 2009-06-10 21:20 . 2009-07-14 01:19 1383488 c:\windows\winsxs\x86_ql2300.inf_31bf3856ad364e35_6.1.7600.16385_none_346a58af07aad4dc\ql2300.sys

+ 2009-06-10 21:16 . 2009-07-13 22:54 1277952 c:\windows\winsxs\x86_ph6xib32c1.inf_31bf3856ad364e35_6.1.7600.16385_none_b1986e3ae1f5d9d0\Ph6xIB32.sys

+ 2009-06-10 21:16 . 2009-07-13 22:54 1277952 c:\windows\winsxs\x86_ph6xib32c0.inf_31bf3856ad364e35_6.1.7600.16385_none_0e7a2a31ef64bc97\Ph6xIB32.sys

+ 2009-06-10 21:16 . 2009-07-13 22:54 1311232 c:\windows\winsxs\x86_ph3xibc9.inf_31bf3856ad364e35_6.1.7600.16385_none_4482afc18dfa7358\Ph3xIB32.sys

+ 2009-06-10 21:16 . 2009-07-13 22:54 1311232 c:\windows\winsxs\x86_ph3xibc8.inf_31bf3856ad364e35_6.1.7600.16385_none_43f99d8c74dc36ef\Ph3xIB32.sys

+ 2009-06-10 21:16 . 2009-07-13 22:54 1311232 c:\windows\winsxs\x86_ph3xibc7.inf_31bf3856ad364e35_6.1.7600.16385_none_43708b575bbdfa86\Ph3xIB32.sys

+ 2009-06-10 21:16 . 2009-07-13 22:54 1311232 c:\windows\winsxs\x86_ph3xibc6.inf_31bf3856ad364e35_6.1.7600.16385_none_42e77922429fbe1d\Ph3xIB32.sys

+ 2009-06-10 21:16 . 2009-07-13 22:54 1311232 c:\windows\winsxs\x86_ph3xibc5.inf_31bf3856ad364e35_6.1.7600.16385_none_425e66ed298181b4\Ph3xIB32.sys

+ 2009-06-10 21:16 . 2009-07-13 22:54 1311232 c:\windows\winsxs\x86_ph3xibc4.inf_31bf3856ad364e35_6.1.7600.16385_none_41d554b81063454b\Ph3xIB32.sys

+ 2009-06-10 21:16 . 2009-07-13 22:54 1311232 c:\windows\winsxs\x86_ph3xibc3.inf_31bf3856ad364e35_6.1.7600.16385_none_414c4282f74508e2\Ph3xIB32.sys

+ 2009-06-10 21:16 . 2009-07-13 22:54 1311232 c:\windows\winsxs\x86_ph3xibc2.inf_31bf3856ad364e35_6.1.7600.16385_none_40c3304dde26cc79\Ph3xIB32.sys

+ 2009-06-10 21:16 . 2009-07-13 22:54 1311232 c:\windows\winsxs\x86_ph3xibc12.inf_31bf3856ad364e35_6.1.7600.16385_none_08b91414a6cc93ae\Ph3xIB32.sys

+ 2009-06-10 21:16 . 2009-07-13 22:54 1311232 c:\windows\winsxs\x86_ph3xibc11.inf_31bf3856ad364e35_6.1.7600.16385_none_dfa73df32de69aaf\Ph3xIB32.sys

+ 2009-06-10 21:16 . 2009-07-13 22:54 1311232 c:\windows\winsxs\x86_ph3xibc10.inf_31bf3856ad364e35_6.1.7600.16385_none_b69567d1b500a1b0\Ph3xIB32.sys

+ 2009-06-10 21:16 . 2009-07-13 22:54 1311232 c:\windows\winsxs\x86_ph3xibc1.inf_31bf3856ad364e35_6.1.7600.16385_none_403a1e18c5089010\Ph3xIB32.sys

+ 2009-06-10 21:16 . 2009-07-13 22:54 1311232 c:\windows\winsxs\x86_ph3xibc0.inf_31bf3856ad364e35_6.1.7600.16385_none_3fb10be3abea53a7\Ph3xIB32.sys

+ 2009-06-10 21:19 . 2009-07-14 01:16 7592960 c:\windows\winsxs\x86_nv_lh.inf_31bf3856ad364e35_6.1.7600.16385_none_ee3de1f52c28dff5\nvd3dum.dll

+ 2009-06-10 21:18 . 2009-07-13 22:02 4231168 c:\windows\winsxs\x86_netw5v32.inf_31bf3856ad364e35_6.1.7600.16385_none_6721dbbb2f1a8394\netw5v32.sys

+ 2009-07-13 20:46 . 2009-06-10 21:23 5816640 c:\windows\winsxs\x86_netfx-mscorwks_dll_b03f5f7f11d50a3a_6.1.7600.16385_none_06e4a2b8eb2ee8c7\mscorwks.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 1160520 c:\windows\winsxs\x86_netfx-csharp_compiler_cscomp_b03f5f7f11d50a3a_6.1.7600.16385_none_fdf470b68e2eb0fc\cscomp.dll

+ 2009-06-10 21:17 . 2009-07-13 22:02 3100160 c:\windows\winsxs\x86_netevbdx.inf_31bf3856ad364e35_6.1.7600.16385_none_463f038f04054e96\evbdx.sys

+ 2009-06-10 21:18 . 2009-07-13 22:02 1131008 c:\windows\winsxs\x86_netbc6.inf_31bf3856ad364e35_6.1.7600.16385_none_5a2526e94bf6df30\BCMWL6.SYS

+ 2009-06-20 02:10 . 2009-07-13 22:02 1096704 c:\windows\winsxs\x86_netathr.inf_31bf3856ad364e35_6.1.7600.16385_none_ad493f9a90f8a50c\athr.sys

+ 2009-07-13 20:46 . 2009-06-10 21:23 4550656 c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7600.16385_none_9c3dd3cb7da78442\mscorlib.dll

+ 2009-06-10 21:38 . 2009-07-14 01:15 1386496 c:\windows\winsxs\x86_microsoft-windows-msvbvm60_31bf3856ad364e35_6.1.7600.16385_none_c25a1af6b30d72ee\msvbvm60.dll

+ 2009-06-10 21:41 . 2009-07-14 01:15 2134016 c:\windows\winsxs\x86_microsoft-windows-msmpeg2vdec_31bf3856ad364e35_6.1.7600.16385_none_90cd9ae919559d36\msmpeg2vdec.dll

+ 2009-06-10 21:44 . 2009-06-10 21:44 2119152 c:\windows\winsxs\x86_microsoft-windows-migrationengine_31bf3856ad364e35_6.1.7600.16385_none_587e2dd63c939245\SFLISTW7.dat

+ 2009-06-10 21:13 . 2009-06-10 21:13 3698584 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_8.0.7600.16385_none_1622b3b244141a27\ieapfltr.dat

+ 2009-06-10 21:26 . 2009-06-10 21:26 9633792 c:\windows\winsxs\x86_microsoft-windows-font-staticcache_31bf3856ad364e35_6.1.7600.16385_none_e3b4b9789a59fe2d\StaticCache.dat

+ 2009-06-10 21:40 . 2009-07-13 22:13 1068032 c:\windows\winsxs\x86_mdmmotsm.inf_31bf3856ad364e35_6.1.7600.16385_none_7a97936f8a972896\smserial.sys

+ 2009-06-10 21:40 . 2009-07-13 22:13 1035776 c:\windows\winsxs\x86_mdmagrs.inf_31bf3856ad364e35_6.1.7600.16385_none_bcc4f695c7fd24c3\AGRSM.sys

+ 2009-06-10 21:19 . 2009-06-10 21:19 4756480 c:\windows\winsxs\x86_igdlh.inf_31bf3856ad364e35_6.1.7600.16385_none_97c86acaeb632964\igdkmd32.sys

+ 2009-06-10 21:16 . 2009-07-13 22:54 1394688 c:\windows\winsxs\x86_hcw85bda.inf_31bf3856ad364e35_6.1.7600.16385_none_465458b00b39395c\HCW85BDA.sys

+ 2009-06-10 21:19 . 2009-07-14 01:14 4030976 c:\windows\winsxs\x86_atiilhag.inf_31bf3856ad364e35_6.1.7600.16385_none_a574bbd4a69c292d\atiumdag.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 3178496 c:\windows\winsxs\msil_system_b77a5c561934e089_6.1.7600.16385_none_af171a7618443e7f\System.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 4927488 c:\windows\winsxs\msil_system.design_b03f5f7f11d50a3a_6.1.7600.16385_none_89d14f6bbf6b7a53\System.Design.dll

+ 2008-07-08 18:55 . 2008-07-08 18:55 1112288 c:\windows\System32\WdfCoInstaller01007.dll

+ 2008-11-25 06:31 . 2008-11-25 06:31 2248544 c:\windows\System32\sqlncli.dll

+ 2009-07-14 02:03 . 2010-09-01 14:59 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT

- 2009-07-14 02:03 . 2010-08-30 15:34 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT

+ 2009-06-10 21:38 . 2009-07-14 01:15 1386496 c:\windows\System32\msvbvm60.dll

+ 2009-06-10 21:41 . 2009-07-14 01:15 2134016 c:\windows\System32\msmpeg2vdec.dll

+ 2007-08-27 05:41 . 2007-08-27 05:41 1089440 c:\windows\System32\msidcrl40.dll

+ 2009-06-10 21:44 . 2009-06-10 21:44 2119152 c:\windows\System32\migwiz\SFLISTW7.dat

+ 2009-06-10 21:13 . 2009-06-10 21:13 3698584 c:\windows\System32\ieapfltr.dat

+ 2008-07-08 18:55 . 2008-07-08 18:55 1112288 c:\windows\System32\DriverStore\FileRepository\synpd.inf_x86_neutral_6c9046112f8f549d\WdfCoInstaller01007.dll

+ 2008-07-08 18:55 . 2008-07-08 18:55 1112288 c:\windows\System32\DriverStore\FileRepository\synhid.inf_x86_neutral_10f38e91c50be6f5\WdfCoInstaller01007.dll

+ 2009-06-10 21:20 . 2009-07-14 01:19 1383488 c:\windows\System32\DriverStore\FileRepository\ql2300.inf_x86_neutral_ca8487daf77ff7cb\ql2300.sys

+ 2009-06-10 21:16 . 2009-07-13 22:54 1277952 c:\windows\System32\DriverStore\FileRepository\ph6xib32c1.inf_x86_neutral_569a6f95e9320f9c\Ph6xIB32.sys

+ 2009-06-10 21:16 . 2009-07-13 22:54 1277952 c:\windows\System32\DriverStore\FileRepository\ph6xib32c0.inf_x86_neutral_a7233f8f3a9f58ff\Ph6xIB32.sys

+ 2009-06-10 21:16 . 2009-07-13 22:54 1311232 c:\windows\System32\DriverStore\FileRepository\ph3xibc9.inf_x86_neutral_ff3a566e4b6ba035\Ph3xIB32.sys

+ 2009-06-10 21:16 . 2009-07-13 22:54 1311232 c:\windows\System32\DriverStore\FileRepository\ph3xibc8.inf_x86_neutral_c93e7023ef90e637\Ph3xIB32.sys

+ 2009-06-10 21:16 . 2009-07-13 22:54 1311232 c:\windows\System32\DriverStore\FileRepository\ph3xibc7.inf_x86_neutral_348f512722c79525\Ph3xIB32.sys

+ 2009-06-10 21:16 . 2009-07-13 22:54 1311232 c:\windows\System32\DriverStore\FileRepository\ph3xibc6.inf_x86_neutral_2818f7b3b62bdd39\Ph3xIB32.sys

+ 2009-06-10 21:16 . 2009-07-13 22:54 1311232 c:\windows\System32\DriverStore\FileRepository\ph3xibc5.inf_x86_neutral_2270382453de2dbb\Ph3xIB32.sys

+ 2009-06-10 21:16 . 2009-07-13 22:54 1311232 c:\windows\System32\DriverStore\FileRepository\ph3xibc4.inf_x86_neutral_310871d800afa82a\Ph3xIB32.sys

+ 2009-06-10 21:16 . 2009-07-13 22:54 1311232 c:\windows\System32\DriverStore\FileRepository\ph3xibc3.inf_x86_neutral_1da6abc36a79974f\Ph3xIB32.sys

+ 2009-06-10 21:16 . 2009-07-13 22:54 1311232 c:\windows\System32\DriverStore\FileRepository\ph3xibc2.inf_x86_neutral_7621f5d62d77f42e\Ph3xIB32.sys

+ 2009-06-10 21:16 . 2009-07-13 22:54 1311232 c:\windows\System32\DriverStore\FileRepository\ph3xibc12.inf_x86_neutral_ff7295ba5a46d63f\Ph3xIB32.sys

+ 2009-06-10 21:16 . 2009-07-13 22:54 1311232 c:\windows\System32\DriverStore\FileRepository\ph3xibc11.inf_x86_neutral_bb18e5f134c40c68\Ph3xIB32.sys

+ 2009-06-10 21:16 . 2009-07-13 22:54 1311232 c:\windows\System32\DriverStore\FileRepository\ph3xibc10.inf_x86_neutral_2c5d0c618dbfaf2a\Ph3xIB32.sys

+ 2009-06-10 21:16 . 2009-07-13 22:54 1311232 c:\windows\System32\DriverStore\FileRepository\ph3xibc1.inf_x86_neutral_662220c3016bb4d0\Ph3xIB32.sys

+ 2009-06-10 21:16 . 2009-07-13 22:54 1311232 c:\windows\System32\DriverStore\FileRepository\ph3xibc0.inf_x86_neutral_c24bcc939e6dfc23\Ph3xIB32.sys

+ 2009-06-10 21:19 . 2009-07-14 01:16 7592960 c:\windows\System32\DriverStore\FileRepository\nv_lh.inf_x86_neutral_bbe628dbdd6fce25\nvd3dum.dll

+ 2009-06-10 21:18 . 2009-07-13 22:02 4231168 c:\windows\System32\DriverStore\FileRepository\netw5v32.inf_x86_neutral_a8056bed0ad979c3\netw5v32.sys

+ 2009-06-10 21:17 . 2009-07-13 22:02 3100160 c:\windows\System32\DriverStore\FileRepository\netevbdx.inf_x86_neutral_7f439b41eebc75ae\evbdx.sys

+ 2009-06-10 21:18 . 2009-07-13 22:02 1131008 c:\windows\System32\DriverStore\FileRepository\netbc6.inf_x86_neutral_a7e1745ea707c8d1\BCMWL6.SYS

+ 2009-06-20 02:10 . 2009-07-13 22:02 1096704 c:\windows\System32\DriverStore\FileRepository\netathr.inf_x86_neutral_c6f6c3fd633fd5e7\athr.sys

+ 2009-06-10 21:40 . 2009-07-13 22:13 1068032 c:\windows\System32\DriverStore\FileRepository\mdmmotsm.inf_x86_neutral_c1415d9789c54b89\smserial.sys

+ 2009-06-10 21:40 . 2009-07-13 22:13 1035776 c:\windows\System32\DriverStore\FileRepository\mdmagrs.inf_x86_neutral_81c67a5080f3eef2\AGRSM.sys

+ 2009-06-10 21:19 . 2009-06-10 21:19 4756480 c:\windows\System32\DriverStore\FileRepository\igdlh.inf_x86_neutral_2d255f193700d214\igdkmd32.sys

+ 2009-06-10 21:16 . 2009-07-13 22:54 1394688 c:\windows\System32\DriverStore\FileRepository\hcw85bda.inf_x86_neutral_0c9092aa3e31c11c\HCW85BDA.sys

+ 2009-06-10 21:19 . 2009-07-14 01:14 4030976 c:\windows\System32\DriverStore\FileRepository\atiilhag.inf_x86_neutral_7d512c02e72ebd25\atiumdag.dll

+ 2009-06-10 21:20 . 2009-07-14 01:19 1383488 c:\windows\System32\drivers\ql2300.sys

+ 2009-06-10 21:17 . 2009-07-13 22:02 3100160 c:\windows\System32\drivers\evbdx.sys

+ 2010-08-16 07:22 . 2010-09-01 22:54 2479352 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-469993106-387004547-705224218-1008-12288.dat

- 2010-08-16 07:22 . 2010-08-30 19:21 2479352 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-469993106-387004547-705224218-1008-12288.dat

+ 2009-07-13 20:46 . 2009-06-10 21:23 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 3178496 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 4927488 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 2933248 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 5816640 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

+ 2009-07-13 20:46 . 2009-06-10 21:22 1160520 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll

+ 2009-04-04 06:10 . 2009-04-04 06:10 1282560 c:\windows\Installer\f8e5b.msp

+ 2009-04-04 06:10 . 2009-04-04 06:10 7888384 c:\windows\Installer\f8e54.msp

+ 2008-08-01 21:00 . 2008-08-01 21:00 3064320 c:\windows\Installer\9c2583.msi

+ 2007-07-08 00:34 . 2007-07-08 00:34 6648832 c:\windows\Installer\611f5c.msp

+ 2008-09-30 10:07 . 2008-09-30 10:07 6042112 c:\windows\Installer\330a86.msi

+ 2009-04-13 17:49 . 2009-04-13 17:49 1922560 c:\windows\Installer\30ffde.msp

+ 2009-04-13 17:18 . 2009-04-13 17:18 9684480 c:\windows\Installer\30ffd7.msp

+ 2009-05-26 07:54 . 2009-05-26 07:54 4192768 c:\windows\Installer\30ff9b.msp

+ 2009-04-13 17:51 . 2009-04-13 17:51 1303040 c:\windows\Installer\30ff73.msp

+ 2009-04-24 01:30 . 2009-04-24 01:30 2583552 c:\windows\Installer\30ff6b.msp

+ 2009-02-25 08:08 . 2009-02-25 08:08 8311808 c:\windows\Installer\30ff45.msp

+ 2009-04-24 01:28 . 2009-04-24 01:28 4450816 c:\windows\Installer\30fefd.msp

+ 2009-04-13 17:50 . 2009-04-13 17:50 5191680 c:\windows\Installer\30fe54.msp

+ 2009-04-24 01:29 . 2009-04-24 01:29 9013760 c:\windows\Installer\30fe01.msp

+ 2009-05-12 20:28 . 2009-05-12 20:28 8594432 c:\windows\Installer\23071.msp

+ 2006-10-30 12:33 . 2006-10-30 12:33 1389056 c:\windows\Installer\23024.msi

+ 2006-10-25 11:14 . 2006-10-25 11:14 1012736 c:\windows\Installer\23013.msi

+ 2006-10-28 16:29 . 2006-10-28 16:29 7160320 c:\windows\Installer\2300e.msi

+ 2008-11-26 05:35 . 2008-11-26 05:35 6643712 c:\windows\Installer\22fdb.msi

+ 2008-11-26 05:23 . 2008-11-26 05:23 9269248 c:\windows\Installer\22fb2.msi

+ 2008-11-26 05:35 . 2008-11-26 05:35 5182976 c:\windows\Installer\22fa3.msi

+ 2008-11-26 05:35 . 2008-11-26 05:35 6643712 c:\windows\Installer\22f8b.msi

+ 2008-11-26 05:23 . 2008-11-26 05:23 1306112 c:\windows\Installer\22f7f.msi

+ 2008-11-26 05:23 . 2008-11-26 05:23 3615744 c:\windows\Installer\22f5e.msi

+ 2009-05-12 20:29 . 2009-05-12 20:29 9926144 c:\windows\Installer\22e03.msp

+ 2008-07-17 21:48 . 2008-07-17 21:48 1850368 c:\windows\Installer\22d2b.msi

+ 2009-01-19 18:57 . 2009-01-19 18:57 2634240 c:\windows\Installer\1754d.msi

+ 2009-06-02 04:00 . 2009-06-02 04:00 4189184 c:\windows\Installer\12c40.msi

+ 2006-10-30 12:33 . 2006-10-30 12:33 1121096 c:\windows\Installer\$PatchCache$\Managed\9504C23BA7E6FE14DA0265FD81279B32\3.0.5828\BusinessLayer.dll

+ 2006-10-30 12:33 . 2006-10-30 12:33 1063752 c:\windows\Installer\$PatchCache$\Managed\9504C23BA7E6FE14DA0265FD81279B32\3.0.5828\BCMRes.dll

+ 2006-09-27 05:01 . 2006-09-27 05:01 2113536 c:\windows\Installer\$PatchCache$\Managed\90404A0900063D11C8EF10054038389C\11.0.8173\MSOLAP80.DLL

+ 2005-05-04 08:06 . 2005-05-04 08:06 1411816 c:\windows\Installer\$PatchCache$\Managed\90404A0900063D11C8EF10054038389C\11.0.8173\MSDMINE.DLL

+ 2005-11-01 23:03 . 2005-11-01 23:03 8058560 c:\windows\Installer\$PatchCache$\Managed\90404A0900063D11C8EF10054038389C\11.0.8003\OWC11.DLL

+ 2005-05-04 07:06 . 2005-05-04 07:06 2120448 c:\windows\Installer\$PatchCache$\Managed\90404A0900063D11C8EF10054038389C\11.0.8003\MSOLAP80.DLL

+ 2008-08-26 06:50 . 2008-08-26 06:50 2585592 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\VBE6.DLL

+ 2009-03-06 11:01 . 2009-03-06 11:01 2335648 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\STSLIST.DLL

+ 2008-11-10 10:41 . 2008-11-10 10:41 2014584 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\PPTVIEW.EXE

+ 2009-04-02 21:07 . 2009-04-02 21:07 6540120 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\OSETUP.DLL

+ 2009-03-05 17:00 . 2009-03-05 17:00 6596472 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONMAIN.DLL

+ 2008-11-09 23:49 . 2008-11-09 23:49 1165680 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONLIBS.DLL

+ 2008-11-24 11:16 . 2008-11-24 11:16 1020776 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ONENOTE.EXE

+ 2009-03-06 12:55 . 2009-03-06 12:55 7036800 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\OFFOWC.DLL

+ 2009-04-04 02:21 . 2009-04-04 02:21 8543096 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\OARTCONV.DLL

+ 2008-10-25 07:45 . 2008-10-25 07:45 1518504 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\NLSD0000.DLL

+ 2009-04-02 20:01 . 2009-04-02 20:01 6637936 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\MSORES.DLL

+ 2009-04-03 05:44 . 2009-04-03 05:44 2532224 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\GRAPH.EXE

+ 2008-10-25 11:38 . 2008-10-25 11:38 1682800 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\FPSRVUTL.DLL

+ 2009-03-06 10:47 . 2009-03-06 10:47 1759136 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\ACECORE.DLL

+ 2006-10-26 03:05 . 2006-10-26 03:05 1181520 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\XIMAGE3B.DLL

+ 2006-10-27 04:11 . 2006-10-27 04:11 4235560 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\WRD12CNV.DLL

+ 2006-10-26 11:58 . 2006-10-26 11:58 3732792 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\VVIEWER.DLL

+ 2006-10-26 12:00 . 2006-10-26 12:00 1841984 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\VVIEWDWG.DLL

+ 2006-09-29 13:42 . 2006-09-29 13:42 2583344 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\VBE6.DLL

+ 2006-10-27 03:57 . 2006-10-27 03:57 2330968 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\STSLIST.DLL

+ 2006-10-26 08:52 . 2006-10-26 08:52 2012480 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\PPTVIEW.EXE

+ 2006-10-27 04:04 . 2006-10-27 04:04 7980848 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\PPCORE.DLL

+ 2006-09-15 05:25 . 2006-09-15 05:25 3611416 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OUTLFLTR.DAT

+ 2006-10-26 09:07 . 2006-10-26 09:07 6536992 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OSETUP.DLL

+ 2006-10-27 04:03 . 2006-10-27 04:03 6579512 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONMAIN.DLL

+ 2006-10-26 09:24 . 2006-10-26 09:24 1165112 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONLIBS.DLL

+ 2006-10-27 04:03 . 2006-10-27 04:03 1018664 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ONENOTE.EXE

+ 2006-10-27 04:18 . 2006-10-27 04:18 1658152 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OGL.DLL

+ 2006-10-26 09:14 . 2006-10-26 09:14 7033152 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OFFOWC.DLL

+ 2006-10-26 09:42 . 2006-10-26 09:42 8423224 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OARTCONV.DLL

+ 2006-10-26 03:47 . 2006-10-26 03:47 1512304 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\NLSD0000.DLL

+ 2006-10-26 09:00 . 2006-10-26 09:00 6635320 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSORES.DLL

+ 2006-10-27 04:10 . 2006-10-27 04:10 5281592 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\IPEDITOR.DLL

+ 2006-10-26 09:02 . 2006-10-26 09:02 2526520 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\GRAPH.EXE

+ 2006-10-26 08:21 . 2006-10-26 08:21 1682232 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\FPSRVUTL.DLL

+ 2006-10-26 03:10 . 2006-10-26 03:10 1190688 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\FM20.DLL

+ 2006-10-26 10:17 . 2006-10-26 10:17 1276720 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\EXCELPIA.DLL

+ 2006-10-27 04:00 . 2006-10-27 04:00 1751904 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\ACECORE.DLL

+ 2009-04-04 01:57 . 2009-04-04 01:57 4671320 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\WRD12CNV.DLL

+ 2008-11-21 11:12 . 2008-11-21 11:12 3750256 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\VVIEWER.DLL

+ 2008-10-25 17:35 . 2008-10-25 17:35 1847160 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\VVIEWDWG.DLL

+ 2009-04-04 02:04 . 2009-04-04 02:04 8468840 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\PPCORE.DLL

+ 2009-03-06 10:05 . 2009-03-06 10:05 2964336 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\OLMAPI32.DLL

+ 2009-02-05 19:36 . 2009-02-05 19:36 1640800 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\OGL.DLL

+ 2009-03-06 11:41 . 2009-03-06 11:41 9589096 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\MSPUB.EXE

+ 2009-03-06 12:26 . 2009-03-06 12:26 5291376 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\IPEDITOR.DLL

+ 2008-11-21 07:06 . 2008-11-21 07:06 1194848 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\FM20.DLL

+ 2006-10-27 23:11 . 2006-10-27 23:11 4235560 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\WRD12CNV.DLL

+ 2006-10-27 06:58 . 2006-10-27 06:58 3732792 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\VVIEWER.DLL

+ 2006-10-27 07:00 . 2006-10-27 07:00 1841984 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\VVIEWDWG.DLL

+ 2006-09-30 08:42 . 2006-09-30 08:42 2583344 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\VBE6.DLL

+ 2006-10-27 22:57 . 2006-10-27 22:57 2330968 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\STSLIST.DLL

+ 2006-10-27 03:52 . 2006-10-27 03:52 2012480 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\PPTVIEW.EXE

+ 2006-10-27 23:04 . 2006-10-27 23:04 7980848 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\PPCORE.DLL

+ 2006-09-16 00:25 . 2006-09-16 00:25 3611416 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\OUTLFLTR.DAT

+ 2006-10-27 04:07 . 2006-10-27 04:07 6536992 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\OSETUP.DLL

+ 2006-10-27 23:16 . 2006-10-27 23:16 2939704 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\OLMAPI32.DLL

+ 2006-10-27 23:18 . 2006-10-27 23:18 1658152 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\OGL.DLL

+ 2006-10-27 04:14 . 2006-10-27 04:14 7033152 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\OFFOWC.DLL

+ 2006-10-27 04:42 . 2006-10-27 04:42 8423224 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\OARTCONV.DLL

+ 2006-10-26 22:47 . 2006-10-26 22:47 1512304 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\NLSD0000.DLL

+ 2006-10-27 23:04 . 2006-10-27 23:04 9581360 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\MSPUB.EXE

+ 2006-10-27 04:00 . 2006-10-27 04:00 6635320 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\MSORES.DLL

+ 2006-10-27 23:10 . 2006-10-27 23:10 5281592 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\IPEDITOR.DLL

+ 2006-10-27 04:02 . 2006-10-27 04:02 2526520 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\GRAPH.EXE

+ 2006-10-27 03:21 . 2006-10-27 03:21 1682232 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\FPSRVUTL.DLL

+ 2006-10-26 22:10 . 2006-10-26 22:10 1190688 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\FM20.DLL

+ 2006-10-27 23:00 . 2006-10-27 23:00 1751904 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\ACECORE.DLL

+ 2006-10-26 22:05 . 2006-10-26 22:05 1165584 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\ACCICONS.EXE

+ 2006-10-27 05:17 . 2006-10-27 05:17 1276720 c:\windows\Installer\$PatchCache$\Managed\00002105501100000000000000F01FEC\12.0.4518\EXCELPIA.DLL

+ 2009-07-13 20:46 . 2009-06-10 21:23 3178496 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 4927488 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

+ 2009-07-13 20:46 . 2009-06-10 21:23 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2009-04-13 16:46 . 2009-04-13 16:46 15438848 c:\windows\Installer\f8e73.msp

+ 2009-05-06 22:04 . 2009-05-06 22:04 18341376 c:\windows\Installer\f8e6b.msp

+ 2009-04-13 17:56 . 2009-04-13 17:56 20498944 c:\windows\Installer\f8e63.msp

+ 2009-04-13 16:22 . 2009-04-13 16:22 19840000 c:\windows\Installer\f8dd3.msp

+ 2003-07-29 16:35 . 2003-07-29 16:35 52125184 c:\windows\Installer\a25065f.msi

+ 2009-04-13 17:21 . 2009-04-13 17:21 15303168 c:\windows\Installer\611f69.msp

+ 2008-09-24 01:05 . 2008-09-24 01:05 16381440 c:\windows\Installer\30ffbb.msp

+ 2009-07-01 02:19 . 2009-07-01 02:19 10607104 c:\windows\Installer\30ffab.msp

+ 2008-08-11 00:49 . 2008-08-11 00:49 22457344 c:\windows\Installer\30ff83.msp

+ 2009-05-27 01:06 . 2009-05-27 01:06 10011648 c:\windows\Installer\30fe6f.msp

+ 2009-05-12 20:28 . 2009-05-12 20:28 15190016 c:\windows\Installer\22e20.msp

+ 2009-05-12 20:29 . 2009-05-12 20:29 21390848 c:\windows\Installer\22dd6.msp

+ 2009-07-10 22:21 . 2009-07-10 22:21 18756608 c:\windows\Installer\22d6d.msi

+ 2009-04-04 02:21 . 2009-04-04 02:21 16037736 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\OART.DLL

+ 2009-04-04 02:46 . 2009-04-04 02:46 17314688 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\MSO.DLL

+ 2006-10-26 10:13 . 2006-10-26 10:13 14674216 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\XL12CNV.EXE

+ 2006-10-27 04:23 . 2006-10-27 04:23 17483560 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\WWLIB.DLL

+ 2006-10-27 04:14 . 2006-10-27 04:14 14151456 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\OART.DLL

+ 2006-10-27 04:26 . 2006-10-27 04:26 16870712 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\MSO.DLL

+ 2006-10-27 04:07 . 2006-10-27 04:07 17891112 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.4518\EXCEL.EXE

+ 2009-04-04 02:01 . 2009-04-04 02:01 15108448 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\XL12CNV.EXE

+ 2009-04-04 02:11 . 2009-04-04 02:11 17740136 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\WWLIB.DLL

+ 2009-03-06 10:06 . 2009-03-06 10:06 12707696 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\OUTLOOK.EXE

+ 2009-04-04 02:11 . 2009-04-04 02:11 18330984 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.6425\EXCEL.EXE

+ 2006-10-27 05:13 . 2006-10-27 05:13 14674216 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\XL12CNV.EXE

+ 2006-10-27 23:23 . 2006-10-27 23:23 17483560 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\WWLIB.DLL

+ 2006-10-27 23:16 . 2006-10-27 23:16 12813096 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\OUTLOOK.EXE

+ 2006-10-27 23:14 . 2006-10-27 23:14 14151456 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\OART.DLL

+ 2006-10-27 23:26 . 2006-10-27 23:26 16870712 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\MSO.DLL

+ 2006-10-27 23:01 . 2006-10-27 23:01 10371880 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\MSACCESS.EXE

+ 2006-10-27 23:07 . 2006-10-27 23:07 17891112 c:\windows\Installer\$PatchCache$\Managed\00002119130000000000000000F01FEC\12.0.4518\EXCEL.EXE

+ 2009-05-12 20:22 . 2009-05-12 20:22 343058432 c:\windows\Installer\22f58.msp

.

-- Snapshot reset to current date --

Link to post
Share on other sites

PT 4

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files\steam\steam.exe" [2010-08-23 1242448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]

"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]

"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]

"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-07-29 163840]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 611672]

"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]

"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-08-12 1324384]

"TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2009-08-07 611672]

"TosNC"="c:\program files\Toshiba\BulletinBoard\TosNcCore.exe" [2009-08-06 466792]

"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2009-08-06 29528]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-06 98304]

"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-03-08 1286608]

c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

qlock.lnk - c:\program files\Qlock\qlock.exe [2009-2-14 4142080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]

@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]

2010-04-09 22:45 979344 ----a-w- c:\progra~1\Eraser\Eraser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-18 12:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

R2 gupdate1cac112b270ae5f;Google Update Service (gupdate1cac112b270ae5f);c:\program files\Google\Update\GoogleUpdate.exe [x]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-08-12 1355416]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-08-12 15008]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 Media Jukebox 14 Service;Media Jukebox 14 Service;c:\program files\J River\Media Jukebox 14\JRService.exe [x]

R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\BC6B.tmp [x]

R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [2010-01-18 3200]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-31 171520]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-07 685424]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-17 1343400]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288]

S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-10 217032]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-30 176128]

S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-21 112592]

S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]

S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]

S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\RSelect\RSelSvc.exe [2009-07-07 62832]

S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-12 185712]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 12920]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 24064]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]

S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 111960]

--- Other Services/Drivers In Memory ---

*Deregistered* - wnxggco

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

2010-09-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 12:15]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://google.com/

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSAU&bmod=TSAU

IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab

DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab?1271334819154

FF - ProfilePath - c:\users\Pacey\AppData\Roaming\Mozilla\Firefox\Profiles\bkwfx5sn.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/WORLD/

FF - component: c:\program files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension\components\FirefoxMenu.dll

---- FIREFOX POLICIES ----

FF - user.js: search.clsid - {138E5B46-43A1-4677-9531-1CEE383B713D}

FF - user.js: search.sid - 15101055100

FF - user.js: extensions.newAddons - falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\BC6B.tmp"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wnxggco]

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-469993106-387004547-705224218-1008\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:00000009

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2010-09-04 02:35:22

ComboFix-quarantined-files.txt 2010-09-03 16:35

ComboFix2.txt 2010-08-30 19:58

ComboFix3.txt 2010-08-30 18:52

Pre-Run: 38,036,955,136 bytes free

Post-Run: 37,981,904,896 bytes free

- - End Of File - - 73663EAB3392CD1E00C0E22E720DE7E1

Link to post
Share on other sites

  • Staff

Hi,

Let's see if this detection is real or not.

Does this file even exist:

C:\windows\system32\Drivers\wnxggco.sys

If so, please go to VirusTotal, and upload the following file for analysis:

C:\windows\system32\Drivers\wnxggco.sys

Post the results in your reply.

Please also list the contents of this folder:

c:\programdata\Update

Link to post
Share on other sites

I cannot use the internet on the infected laptop.

I am using a secondary system to use this forum.

The problem with being unable to access the internet has coincided with the rootkit showing up in my system ergo the Rootkit is the cause of my problems.

I have seen the physical file and are unable to delete/alter it in any way.

Please assist in any other way possible. Thanks.

Link to post
Share on other sites

I cannot edit or alter it in anyway. this included, but is not limited to: copying, zipping etc.

the error is: "can't read from source file or disk"

http://tinyurl.com/wnxggco-sys

http://tinyurl.com/progdata

cmd prompt and progdata respectively.

Thank you and goodluck.

ps. as for what the file is specifically, I am pretty sure it's rootkit.agent as every instance of this rootkit i have seen has manifested itself as a sys32/drivers randomly named .sys file.

Link to post
Share on other sites

  • Staff

Hi,

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next:

Please download Rootkit Unhooker and save it to your Desktop.

  • Disable your security programs
  • Double click RKUnhookerLE.exe to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File --> Save Report
  • Save the report somewhere you can find it. Click Close.
  • Copy the entire contents of the report and paste it in your next reply.

If you get the following warning, please ignore it:

"Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?"

Link to post
Share on other sites

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows 7

Version 6.1.7600

Number of processors #1

==============================================

>Drivers

==============================================

0x8EA26000 C:\windows\system32\DRIVERS\atikmdag.sys 5328896 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)

0x83806000 C:\windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)

0x83806000 PnpManager 4259840 bytes

0x83806000 RAW 4259840 bytes

0x83806000 WMIxWDM 4259840 bytes

0x8FC0E000 C:\windows\system32\drivers\RTKVHDA.sys 2736128 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)

0x95A50000 Win32k 2400256 bytes

0x95A50000 C:\windows\System32\win32k.sys 2400256 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0x89436000 C:\windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)

0x846CA000 C:\windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)

0x8FA7A000 C:\windows\system32\DRIVERS\AGRSM.sys 1163264 bytes (LSI Corporation, SoftModem Device Driver)

0x844C9000 C:\windows\System32\Drivers\wnxggco.sys 815104 bytes

0x8EF3B000 C:\windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)

0x892BC000 C:\windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)

0x83E90000 C:\windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)

0x97967000 C:\windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)

0x9783E000 C:\windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)

0x83F3B000 C:\windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)

0x89248000 C:\windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)

0x8E20D000 C:\windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x8E423000 C:\windows\system32\DRIVERS\RTL8187Se.sys 364544 bytes (Realtek Semiconductor Corporation , Realtek RTL8187S PCIE NDIS Driverr)

0x98874000 C:\windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)

0x98825000 C:\windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)

0x8E4C2000 C:\windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0x845B3000 C:\windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)

0x8441D000 C:\windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)

0x89608000 C:\windows\system32\DRIVERS\tos_sps32.sys 290816 bytes (TOSHIBA Corporation, tos_sps32)

0x8FB96000 C:\windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)

0x8FA25000 C:\windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)

0x83E4E000 C:\windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)

0x8E307000 C:\windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0x9892F000 C:\windows\system32\DRIVERS\udfs.sys 262144 bytes (Microsoft Corporation, UDF File System Driver)

0x895B0000 C:\windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0x89373000 C:\windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)

0x97911000 C:\windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)

0x8E3C5000 C:\windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)

0x84683000 C:\windows\system32\drivers\PCTCore.sys 229376 bytes (PC Tools, PC Tools KDS Core Driver)

0x83C16000 ACPI_HAL 225280 bytes

0x83C16000 C:\windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0x83FBA000 C:\windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0x89200000 C:\windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)

0x8E560000 C:\windows\system32\DRIVERS\SynTP.sys 208896 bytes (Synaptics Incorporated, Synaptics Touchpad Driver)

0x8969C000 C:\windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)

0x8E267000 C:\windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)

0x8957F000 C:\windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)

0x8FEAA000 C:\windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0x89657000 C:\windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)

0x8E47C000 C:\windows\system32\DRIVERS\Rt86win7.sys 180224 bytes (Realtek , Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver )

0x84600000 C:\windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)

0x989AF000 C:\windows\System32\Drivers\fastfat.SYS 172032 bytes (Microsoft Corporation, Fast FAT File System Driver)

0x84476000 C:\windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0x893D6000 C:\windows\system32\DRIVERS\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)

0x896DF000 C:\windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)

0x893B1000 C:\windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)

0x8FF46000 C:\windows\System32\Drivers\usbvideo.sys 147456 bytes (Microsoft Corporation, USB Video Class Driver)

0x8463C000 C:\windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)

0x978EE000 C:\windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0x8E400000 C:\windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0x9780A000 C:\windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)

0x8E393000 C:\windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)

0x89778000 C:\windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)

0x988C5000 C:\windows\system32\DRIVERS\WUDFRd.sys 135168 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)

0x8973F000 C:\windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0x8E51C000 C:\windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)

0x8E2A0000 C:\windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)

0x95CE0000 C:\windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)

0x8FFB8000 C:\windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)

0x9794C000 C:\windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)

0x8FFD3000 C:\windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)

0x978C3000 C:\windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)

0x8FED9000 C:\windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)

0x8E36D000 C:\windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)

0x8E53B000 C:\windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)

0x8E5CC000 C:\windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0x8EA00000 C:\windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0x897E1000 C:\windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0x89400000 C:\windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)

0x897BF000 C:\windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)

0x8FF2F000 C:\windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)

0x98800000 C:\windows\system32\DRIVERS\USBSTOR.SYS 94208 bytes (Microsoft Corporation, USB Mass Storage Class Driver)

0x83E00000 C:\windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)

0x9897A000 C:\windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)

0x89235000 C:\windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0x8FBEC000 C:\windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)

0x8E2E4000 C:\windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0x8E5BA000 C:\windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)

0x978DC000 C:\windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)

0x8E3B4000 C:\windows\system32\DRIVERS\amdppm.sys 69632 bytes (Microsoft Corporation, Processor Device Driver)

0x896CE000 C:\windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)

0x8FF92000 C:\windows\System32\Drivers\dump_dumpfve.sys 69632 bytes

0x84672000 C:\windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)

0x8FA69000 C:\windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)

0x844B8000 C:\windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)

0x83E35000 C:\windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)

0x8E2BF000 C:\windows\system32\DRIVERS\vwififlt.sys 69632 bytes (Microsoft Corporation, Virtual WiFi Filter Driver)

0x8FFED000 C:\windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)

0x89684000 C:\windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)

0x8FBDC000 C:\windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)

0x8E2F7000 C:\windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)

0x845A3000 C:\windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)

0x846BB000 C:\windows\system32\DRIVERS\Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)

0x8E50D000 C:\windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0x8E385000 C:\windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)

0x8E2D0000 C:\windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)

0x897B1000 C:\windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)

0x84407000 C:\windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0x892A5000 C:\windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)

0x8EA18000 C:\windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)

0x83FAC000 C:\windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)

0x8E5AD000 C:\windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)

0x8FF70000 C:\windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)

0x8E553000 C:\windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)

0x844AB000 C:\windows\system32\DRIVERS\LPCFilter.sys 53248 bytes (COMPAL ELECTRONIC INC., LPCFilter)

0x8FEF2000 C:\windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)

0x8E595000 C:\windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)

0x9782B000 C:\windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)

0x89799000 C:\windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)

0x8E361000 C:\windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)

0x8976C000 C:\windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0x84598000 C:\windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)

0x8FF7D000 C:\windows\System32\Drivers\dump_dumpata.sys 45056 bytes

0x9896F000 C:\windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)

0x83E2A000 C:\windows\system32\mcupdate_AuthenticAMD.dll 45056 bytes (Microsoft Corporation, AMD Microcode Update Library)

0x8FFAD000 C:\windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)

0x9898D000 C:\windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)

0x897A6000 C:\windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)

0x8E5E4000 C:\windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0x897D6000 C:\windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)

0x8E5EF000 C:\windows\system32\DRIVERS\VClone.sys 45056 bytes (Elaborate Bytes AG, VirtualCloneCD Driver)

0x844A0000 C:\windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)

0x8FF88000 C:\windows\System32\Drivers\dump_msahci.sys 40960 bytes

0x8FFA3000 C:\windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)

0x8465F000 C:\windows\system32\DRIVERS\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)

0x8E352000 C:\windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)

0x8E348000 C:\windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)

0x97800000 C:\windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)

0x8E4A8000 C:\windows\system32\DRIVERS\tdcmdpst.sys 40960 bytes (TOSHIBA Corporation., TOSHIBA ODD Writing Driver for x86.)

0x8E4B8000 C:\windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)

0x84669000 C:\windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)

0x83E16000 C:\windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)

0x892B3000 C:\windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)

0x988F6000 C:\windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0x95CB0000 C:\windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)

0x84465000 C:\windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0x89704000 C:\windows\system32\DRIVERS\AtiPcie.sys 32768 bytes (Advanced Micro Devices Inc., AMD PCIE Filter Driver for ATI PCIE chipset)

0x83E46000 C:\windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)

0x84590000 C:\windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)

0x89694000 C:\windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)

0x80B9C000 C:\windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)

0x8446E000 C:\windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)

0x8964F000 C:\windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)

0x89765000 C:\windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)

0x8FF1D000 C:\windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0x8975E000 C:\windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)

0x84400000 C:\windows\system32\DRIVERS\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

0x8E5A6000 C:\windows\system32\DRIVERS\TVALZFL.sys 28672 bytes (TOSHIBA Corporation, TOSHIBA TVALZ Filter Driver)

0x8E299000 C:\windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)

0x8E4B2000 C:\windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)

0x8FF6A000 C:\windows\system32\DRIVERS\pgeffect.sys 24576 bytes (TOSHIBA Corporation, TOSHIBA Universal Camera Filter Driver)

0x8E2DE000 C:\windows\System32\Drivers\StarOpen.SYS 24576 bytes

0x8E35C000 C:\windows\System32\Drivers\ElbyCDIO.sys 20480 bytes (Elaborate Bytes AG, ElbyCD Windows NT/2000/XP I/O driver)

0x895EF000 C:\windows\system32\DRIVERS\TVALZ_O.SYS 20480 bytes (TOSHIBA Corporation, TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver)

0x8E5A2000 C:\windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)

0x8E5FA000 C:\windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0x8E593000 C:\windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0x86DAF300 unknown_irp_handler 3328 bytes

==============================================

>Stealth

==============================================

0x06D00000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll [ EPROCESS 0x86036748 ] PID: 4252, 102400 bytes

0x06F50000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Wizard.dll [ EPROCESS 0x86036748 ] PID: 4252, 102400 bytes

0x046C0000 Hidden Image-->PCHealthInfo.dll [ EPROCESS 0x85FCFA58 ] PID: 1888, 110592 bytes

0x006E0000 Hidden Image-->CLI.Foundation.dll [ EPROCESS 0x86036748 ] PID: 4252, 110592 bytes

0x064D0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Runtime.dll [ EPROCESS 0x86036748 ] PID: 4252, 110592 bytes

0x00660000 Hidden Image-->MOM.Implementation.dll [ EPROCESS 0x8607A030 ] PID: 3476, 118784 bytes

0x00DD0000 Hidden Image-->MOM.Implementation.dll [ EPROCESS 0x86036748 ] PID: 4252, 118784 bytes

0x08200000 Hidden Image-->CLI.Component.Dashboard.dll [ EPROCESS 0x86036748 ] PID: 4252, 1232896 bytes

0x046E0000 Hidden Image-->SwUpdates.dll [ EPROCESS 0x85FCFA58 ] PID: 1888, 126976 bytes

0x081E0000 Hidden Image-->CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll [ EPROCESS 0x86036748 ] PID: 4252, 126976 bytes

0x088E0000 Hidden Image-->CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll [ EPROCESS 0x86036748 ] PID: 4252, 1306624 bytes

0x04360000 Hidden Image-->CLI.Caste.Graphics.Shared.dll [ EPROCESS 0x86036748 ] PID: 4252, 167936 bytes

0x07810000 Hidden Image-->CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll [ EPROCESS 0x86036748 ] PID: 4252, 1716224 bytes

0x081B0000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Dashboard.dll [ EPROCESS 0x86036748 ] PID: 4252, 192512 bytes

0x06D20000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Dashboard.dll [ EPROCESS 0x86036748 ] PID: 4252, 208896 bytes

0x074A0000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Wizard.dll [ EPROCESS 0x86036748 ] PID: 4252, 217088 bytes

0x06D60000 Hidden Image-->CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll [ EPROCESS 0x86036748 ] PID: 4252, 282624 bytes

0x006D0000 Hidden Image-->MOM.Foundation.dll [ EPROCESS 0x8607A030 ] PID: 3476, 28672 bytes

0x007A0000 Hidden Image-->LOG.Foundation.Implementation.Private.dll [ EPROCESS 0x8607A030 ] PID: 3476, 28672 bytes

0x006C0000 Hidden Image-->MOM.Foundation.dll [ EPROCESS 0x86036748 ] PID: 4252, 28672 bytes

0x00700000 Hidden Image-->LOG.Foundation.Implementation.Private.dll [ EPROCESS 0x86036748 ] PID: 4252, 28672 bytes

0x00E50000 Hidden Image-->CLI.Component.Runtime.Shared.dll [ EPROCESS 0x86036748 ] PID: 4252, 28672 bytes

0x00F00000 Hidden Image-->AEM.Server.Shared.dll [ EPROCESS 0x86036748 ] PID: 4252, 28672 bytes

0x03DB0000 Hidden Image-->DEM.Foundation.dll [ EPROCESS 0x86036748 ] PID: 4252, 28672 bytes

0x03C70000 Hidden Image-->AEM.Plugin.DPPE.Shared.dll [ EPROCESS 0x86036748 ] PID: 4252, 28672 bytes

0x03C80000 Hidden Image-->AEM.Plugin.Hotkeys.Shared.dll [ EPROCESS 0x86036748 ] PID: 4252, 28672 bytes

0x03D90000 Hidden Image-->AEM.Plugin.WinMessages.Shared.dll [ EPROCESS 0x86036748 ] PID: 4252, 28672 bytes

0x04190000 Hidden Image-->DEM.Graphics.dll [ EPROCESS 0x86036748 ] PID: 4252, 28672 bytes

0x04390000 Hidden Image-->DEM.Graphics.I0709.dll [ EPROCESS 0x86036748 ] PID: 4252, 28672 bytes

0x045E0000 Hidden Image-->AEM.Actions.CCAA.Shared.dll [ EPROCESS 0x86036748 ] PID: 4252, 28672 bytes

0x044B0000 Hidden Image-->AEM.Plugin.GD.Shared.dll [ EPROCESS 0x86036748 ] PID: 4252, 28672 bytes

0x045F0000 Hidden Image-->ResourceManagement.Foundation.Private.dll [ EPROCESS 0x86036748 ] PID: 4252, 28672 bytes

0x04D20000 Hidden Image-->DEM.Graphics.I0804.dll [ EPROCESS 0x86036748 ] PID: 4252, 28672 bytes

0x04FE0000 Hidden Image-->CLI.Caste.Graphics.Runtime.Shared.Private.dll [ EPROCESS 0x86036748 ] PID: 4252, 28672 bytes

0x050A0000 Hidden Image-->DEM.Graphics.I0912.dll [ EPROCESS 0x86036748 ] PID: 4252, 28672 bytes

0x050B0000 Hidden Image-->DEM.Graphics.I0706.dll [ EPROCESS 0x86036748 ] PID: 4252, 28672 bytes

0x06010000 Hidden Image-->DEM.Graphics.I0712.dll [ EPROCESS 0x86036748 ] PID: 4252, 28672 bytes

0x06560000 Hidden Image-->DEM.Graphics.I0906.dll [ EPROCESS 0x86036748 ] PID: 4252, 28672 bytes

0x066C0000 Hidden Image-->DEM.Graphics.I0812.dll [ EPROCESS 0x86036748 ] PID: 4252, 28672 bytes

0x06700000 Hidden Image-->DEM.Graphics.I0805.dll [ EPROCESS 0x86036748 ] PID: 4252, 28672 bytes

0x066F0000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll [ EPROCESS 0x86036748 ] PID: 4252, 28672 bytes

0x06740000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Shared.dll [ EPROCESS 0x86036748 ] PID: 4252, 28672 bytes

0x06960000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Shared.dll [ EPROCESS 0x86036748 ] PID: 4252, 28672 bytes

0x06DD0000 Hidden Image-->CLI.Caste.Graphics.Wizard.Shared.dll [ EPROCESS 0x86036748 ] PID: 4252, 28672 bytes

0x06BA0000 Hidden Image-->AEM.Plugin.REG.Shared.dll [ EPROCESS 0x86036748 ] PID: 4252, 28672 bytes

0x06B30000 Hidden Image-->CLI.Caste.HydraVision.Shared.dll [ EPROCESS 0x86036748 ] PID: 4252, 28672 bytes

0x069F0000 Hidden Image-->atixclib.dll [ EPROCESS 0x86036748 ] PID: 4252, 28672 bytes

0x06B60000 Hidden Image-->APM.Foundation.dll [ EPROCESS 0x86036748 ] PID: 4252, 28672 bytes

0x06B90000 Hidden Image-->CLI.Component.Runtime.Extension.EEU.dll [ EPROCESS 0x86036748 ] PID: 4252, 28672 bytes

0x06C90000 Hidden Image-->CLI.Component.Client.Shared.dll [ EPROCESS 0x86036748 ] PID: 4252, 28672 bytes

0x06BC0000 Hidden Image-->AEM.Plugin.EEU.Shared.dll [ EPROCESS 0x86036748 ] PID: 4252, 28672 bytes

0x06C80000 Hidden Image-->CLI.Component.Wizard.Shared.dll [ EPROCESS 0x86036748 ] PID: 4252, 28672 bytes

0x06ED0000 Hidden Image-->CLI.Caste.HydraVision.Dashboard.dll [ EPROCESS 0x86036748 ] PID: 4252, 28672 bytes

0x06FE0000 Hidden Image-->CLI.Caste.HydraVision.Wizard.dll [ EPROCESS 0x86036748 ] PID: 4252, 28672 bytes

0x07030000 Hidden Image-->CLI.Component.Dashboard.Shared.Private.dll [ EPROCESS 0x86036748 ] PID: 4252, 28672 bytes

0x07490000 Hidden Image-->CLI.Caste.Graphics.Dashboard.Shared.dll [ EPROCESS 0x86036748 ] PID: 4252, 28672 bytes

WARNING: File locked for read access [C:\windows\system32\drivers\wnxggco.sys]

0x07140000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Wizard.dll [ EPROCESS 0x86036748 ] PID: 4252, 315392 bytes

0x06E70000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll [ EPROCESS 0x86036748 ] PID: 4252, 331776 bytes

0x08780000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Dashboard.dll [ EPROCESS 0x86036748 ] PID: 4252, 364544 bytes

0x03D90000 Hidden Image-->NEWAEM.Foundation.dll [ EPROCESS 0x8607A030 ] PID: 3476, 36864 bytes

0x00C70000 Hidden Image-->CLI.Foundation.XManifest.dll [ EPROCESS 0x86036748 ] PID: 4252, 36864 bytes

0x00EF0000 Hidden Image-->NEWAEM.Foundation.dll [ EPROCESS 0x86036748 ] PID: 4252, 36864 bytes

0x05000000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Shared.dll [ EPROCESS 0x86036748 ] PID: 4252, 36864 bytes

0x05020000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Shared.dll [ EPROCESS 0x86036748 ] PID: 4252, 36864 bytes

0x06170000 Hidden Image-->CLI.Aspect.CustomFormats.Graphics.Shared.dll [ EPROCESS 0x86036748 ] PID: 4252, 36864 bytes

0x06670000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Runtime.dll [ EPROCESS 0x86036748 ] PID: 4252, 36864 bytes

0x06540000 Hidden Image-->CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll [ EPROCESS 0x86036748 ] PID: 4252, 36864 bytes

0x06690000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Runtime.dll [ EPROCESS 0x86036748 ] PID: 4252, 36864 bytes

0x06B20000 Hidden Image-->CLI.Caste.HydraVision.Runtime.dll [ EPROCESS 0x86036748 ] PID: 4252, 36864 bytes

0x06CB0000 Hidden Image-->CLI.Component.Wizard.Shared.Private.dll [ EPROCESS 0x86036748 ] PID: 4252, 36864 bytes

0x07000000 Hidden Image-->CLI.Component.Dashboard.Shared.dll [ EPROCESS 0x86036748 ] PID: 4252, 36864 bytes

0x04F10000 Hidden Image-->CLI.Caste.Graphics.Runtime.dll [ EPROCESS 0x86036748 ] PID: 4252, 389120 bytes

0x06E00000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll [ EPROCESS 0x86036748 ] PID: 4252, 405504 bytes

0x06EE0000 Hidden Image-->CLI.Component.Wizard.dll [ EPROCESS 0x86036748 ] PID: 4252, 413696 bytes

0x06F70000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Wizard.dll [ EPROCESS 0x86036748 ] PID: 4252, 421888 bytes

0x00690000 Hidden Image-->LOG.Foundation.dll [ EPROCESS 0x8607A030 ] PID: 3476, 45056 bytes

0x006B0000 Hidden Image-->LOG.Foundation.Private.dll [ EPROCESS 0x8607A030 ] PID: 3476, 45056 bytes

0x03C80000 Hidden Image-->CCC.Implementation.dll [ EPROCESS 0x8607A030 ] PID: 3476, 45056 bytes

0x003E0000 Hidden Image-->CCC.Implementation.dll [ EPROCESS 0x86036748 ] PID: 4252, 45056 bytes

0x006B0000 Hidden Image-->LOG.Foundation.dll [ EPROCESS 0x86036748 ] PID: 4252, 45056 bytes

0x00740000 Hidden Image-->LOG.Foundation.Private.dll [ EPROCESS 0x86036748 ] PID: 4252, 45056 bytes

0x00E60000 Hidden Image-->ATICCCom.dll [ EPROCESS 0x86036748 ] PID: 4252, 45056 bytes

0x05060000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Runtime.dll [ EPROCESS 0x86036748 ] PID: 4252, 45056 bytes

0x05090000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Shared.dll [ EPROCESS 0x86036748 ] PID: 4252, 45056 bytes

0x042C0000 Hidden Image-->ATIDEMGX.dll [ EPROCESS 0x86036748 ] PID: 4252, 487424 bytes

0x00E40000 Hidden Image-->CLI.Foundation.Private.dll [ EPROCESS 0x86036748 ] PID: 4252, 53248 bytes

0x00EE0000 Hidden Image-->AEM.Server.dll [ EPROCESS 0x86036748 ] PID: 4252, 53248 bytes

0x03C50000 Hidden Image-->AEM.Plugin.Source.Kit.Server.dll [ EPROCESS 0x86036748 ] PID: 4252, 53248 bytes

0x03DA0000 Hidden Image-->DEM.Graphics.I0601.dll [ EPROCESS 0x86036748 ] PID: 4252, 53248 bytes

0x04FD0000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll [ EPROCESS 0x86036748 ] PID: 4252, 53248 bytes

0x05010000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll [ EPROCESS 0x86036748 ] PID: 4252, 53248 bytes

0x05050000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Runtime.dll [ EPROCESS 0x86036748 ] PID: 4252, 53248 bytes

0x06510000 Hidden Image-->CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll [ EPROCESS 0x86036748 ] PID: 4252, 53248 bytes

0x06710000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Shared.dll [ EPROCESS 0x86036748 ] PID: 4252, 53248 bytes

0x06730000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Shared.dll [ EPROCESS 0x86036748 ] PID: 4252, 53248 bytes

0x06C70000 Hidden Image-->CLI.Component.Client.Shared.Private.dll [ EPROCESS 0x86036748 ] PID: 4252, 53248 bytes

0x06CA0000 Hidden Image-->CLI.Caste.Graphics.Wizard.dll [ EPROCESS 0x86036748 ] PID: 4252, 53248 bytes

0x06BD0000 Hidden Image-->CLI.Component.Systemtray.dll [ EPROCESS 0x86036748 ] PID: 4252, 585728 bytes

0x08A20000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll [ EPROCESS 0x86036748 ] PID: 4252, 585728 bytes

0x988EFF2E Unknown thread object [ ETHREAD 0x86A69D48 ] , 600 bytes

0x00E30000 Hidden Image-->CLI.Component.Runtime.Shared.Private.dll [ EPROCESS 0x86036748 ] PID: 4252, 61440 bytes

0x06020000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Shared.dll [ EPROCESS 0x86036748 ] PID: 4252, 61440 bytes

0x06030000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Shared.dll [ EPROCESS 0x86036748 ] PID: 4252, 61440 bytes

0x06180000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Shared.dll [ EPROCESS 0x86036748 ] PID: 4252, 61440 bytes

0x064F0000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Runtime.dll [ EPROCESS 0x86036748 ] PID: 4252, 61440 bytes

0x00E10000 Hidden Image-->CLI.Component.Runtime.dll [ EPROCESS 0x86036748 ] PID: 4252, 69632 bytes

0x00DF0000 Hidden Image-->CLI.Component.SkinFactory.dll [ EPROCESS 0x86036748 ] PID: 4252, 69632 bytes

0x064B0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Shared.dll [ EPROCESS 0x86036748 ] PID: 4252, 69632 bytes

0x06B40000 Hidden Image-->APM.Server.dll [ EPROCESS 0x86036748 ] PID: 4252, 69632 bytes

0x07390000 Hidden Image-->ResourceManagement.Foundation.Implementation.dll [ EPROCESS 0x86036748 ] PID: 4252, 749568 bytes

0x00770000 Hidden Image-->LOG.Foundation.Implementation.dll [ EPROCESS 0x8607A030 ] PID: 3476, 77824 bytes

0x00710000 Hidden Image-->LOG.Foundation.Implementation.dll [ EPROCESS 0x86036748 ] PID: 4252, 77824 bytes

0x05FF0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Runtime.dll [ EPROCESS 0x86036748 ] PID: 4252, 77824 bytes

0x06040000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Runtime.dll [ EPROCESS 0x86036748 ] PID: 4252, 77824 bytes

0x06520000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Shared.dll [ EPROCESS 0x86036748 ] PID: 4252, 77824 bytes

0x066A0000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Runtime.dll [ EPROCESS 0x86036748 ] PID: 4252, 77824 bytes

0x06970000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Shared.dll [ EPROCESS 0x86036748 ] PID: 4252, 77824 bytes

0x06CD0000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Dashboard.dll [ EPROCESS 0x86036748 ] PID: 4252, 77824 bytes

0x06FD0000 Hidden Image-->Microsoft.mshtml.dll [ EPROCESS 0x85FCFA58 ] PID: 1888, 8015872 bytes

0x00EC0000 Hidden Image-->ADL.Foundation.dll [ EPROCESS 0x86036748 ] PID: 4252, 86016 bytes

0x066D0000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Runtime.dll [ EPROCESS 0x86036748 ] PID: 4252, 86016 bytes

0x07470000 Hidden Image-->CLI.Caste.Graphics.Dashboard.dll [ EPROCESS 0x86036748 ] PID: 4252, 86016 bytes

0x08B90000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Dashboard.dll [ EPROCESS 0x86036748 ] PID: 4252, 888832 bytes

0x03BF0000 Hidden Image-->Alerts.dll [ EPROCESS 0x85FCFA58 ] PID: 1888, 94208 bytes

==============================================

>Files

==============================================

!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_06548C26.exe_5d1b2d35f458d25ea064252a62368da0a5e812cc_cab_0934fa86\Report.wer

!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_06548C26.exe_5d1b2d35f458d25ea064252a62368da0a5e812cc_cab_0934fa86\WERF5D5.tmp.appcompat.txt

!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_06548C26.exe_5d1b2d35f458d25ea064252a62368da0a5e812cc_cab_0934fa86\WERF6A1.tmp.WERInternalMetadata.xml

!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_06548C26.exe_5d1b2d35f458d25ea064252a62368da0a5e812cc_cab_0934fa86\WERF6A2.tmp.hdmp

!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_06548C26.exe_5d1b2d35f458d25ea064252a62368da0a5e812cc_cab_0934fa86\WERF9FD.tmp.mdmp

!-->[Hidden] C:\Users\Pacey\AppData\Roaming\Apple Computer\Logs\asl.013230_05Sep10.log

!-->[Hidden] C:\Windows\Prefetch\APPLEMOBILEDEVICEHELPER.EXE-96A367D7.pf

!-->[Hidden] C:\Windows\Prefetch\DISTNOTED.EXE-BFFB20F1.pf

!-->[Hidden] C:\Windows\Prefetch\ITUNES.EXE-2A42B776.pf

!-->[Hidden] C:\Windows\Prefetch\SYNCSERVER.EXE-5B564BE1.pf

!-->[Hidden] C:\Windows\Prefetch\WERFAULT.EXE-E69F695A.pf

==============================================

>Hooks

==============================================

Key object-->ParseProcedure, Type: Kernel Object [unknown_code_page]

ntkrnlpa.exe-->AlpcGetHeaderSize, Type: EAT modification 0x83B561A0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->AlpcGetMessageAttribute, Type: EAT modification 0x83B561A4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->AlpcInitializeMessageAttribute, Type: EAT modification 0x83B561A8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->atoi, Type: EAT modification 0x83B58124-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->atol, Type: EAT modification 0x83B58128-->83E3630C [PSHED.dll]

ntkrnlpa.exe-->bsearch, Type: EAT modification 0x83B5812C-->83EC606F [CI.dll]

ntkrnlpa.exe-->CcCanIWrite, Type: EAT modification 0x83B561AC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcCoherencyFlushAndPurgeCache, Type: EAT modification 0x83B561B0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcCopyRead, Type: EAT modification 0x83B561B4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcCopyWrite, Type: EAT modification 0x83B561B8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcCopyWriteWontFlush, Type: EAT modification 0x83B561BC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcDeferWrite, Type: EAT modification 0x83B561C0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcFastCopyRead, Type: EAT modification 0x83B561C4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcFastCopyWrite, Type: EAT modification 0x83B561C8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcFastMdlReadWait, Type: EAT modification 0x83B561CC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcFlushCache, Type: EAT modification 0x83B561D0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcGetDirtyPages, Type: EAT modification 0x83B561D4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcGetFileObjectFromBcb, Type: EAT modification 0x83B561D8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcGetFileObjectFromSectionPtrs, Type: EAT modification 0x83B561DC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcGetFileObjectFromSectionPtrsRef, Type: EAT modification 0x83B561E0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcGetFlushedValidData, Type: EAT modification 0x83B561E4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcGetLsnForFileObject, Type: EAT modification 0x83B561E8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcInitializeCacheMap, Type: EAT modification 0x83B561EC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcIsThereDirtyData, Type: EAT modification 0x83B561F0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcIsThereDirtyDataEx, Type: EAT modification 0x83B561F4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcMapData, Type: EAT modification 0x83B561F8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcMdlRead, Type: EAT modification 0x83B561FC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcMdlReadComplete, Type: EAT modification 0x83B56200-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcMdlWriteAbort, Type: EAT modification 0x83B56204-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcMdlWriteComplete, Type: EAT modification 0x83B56208-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcPinMappedData, Type: EAT modification 0x83B5620C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcPinRead, Type: EAT modification 0x83B56210-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcPrepareMdlWrite, Type: EAT modification 0x83B56214-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcPreparePinWrite, Type: EAT modification 0x83B56218-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcPurgeCacheSection, Type: EAT modification 0x83B5621C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcRemapBcb, Type: EAT modification 0x83B56220-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcRepinBcb, Type: EAT modification 0x83B56224-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcScheduleReadAhead, Type: EAT modification 0x83B56228-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcSetAdditionalCacheAttributes, Type: EAT modification 0x83B5622C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcSetBcbOwnerPointer, Type: EAT modification 0x83B56230-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcSetDirtyPageThreshold, Type: EAT modification 0x83B56234-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcSetDirtyPinnedData, Type: EAT modification 0x83B56238-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcSetFileSizes, Type: EAT modification 0x83B5623C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcSetFileSizesEx, Type: EAT modification 0x83B56240-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcSetLogHandleForFile, Type: EAT modification 0x83B56244-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcSetParallelFlushFile, Type: EAT modification 0x83B56248-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcSetReadAheadGranularity, Type: EAT modification 0x83B5624C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcTestControl, Type: EAT modification 0x83B56250-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcUninitializeCacheMap, Type: EAT modification 0x83B56254-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcUnpinData, Type: EAT modification 0x83B56258-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcUnpinDataForThread, Type: EAT modification 0x83B5625C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcUnpinRepinnedBcb, Type: EAT modification 0x83B56260-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcWaitForCurrentLazyWriterActivity, Type: EAT modification 0x83B56264-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcZeroData, Type: EAT modification 0x83B56268-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CmCallbackGetKeyObjectID, Type: EAT modification 0x83B5626C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CmGetBoundTransaction, Type: EAT modification 0x83B56270-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CmGetCallbackVersion, Type: EAT modification 0x83B56274-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CmKeyObjectType, Type: EAT modification 0x83B56278-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CmRegisterCallback, Type: EAT modification 0x83B5627C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CmRegisterCallbackEx, Type: EAT modification 0x83B56280-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CmSetCallbackObjectContext, Type: EAT modification 0x83B56284-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CmUnRegisterCallback, Type: EAT modification 0x83B56288-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->DbgBreakPoint, Type: EAT modification 0x83B5628C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->DbgBreakPointWithStatus, Type: EAT modification 0x83B56290-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->DbgCommandString, Type: EAT modification 0x83B56294-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->DbgkLkmdRegisterCallback, Type: EAT modification 0x83B562B8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->DbgkLkmdUnregisterCallback, Type: EAT modification 0x83B562BC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->DbgLoadImageSymbols, Type: EAT modification 0x83B56298-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->DbgPrint, Type: EAT modification 0x83B5629C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->DbgPrintEx, Type: EAT modification 0x83B562A0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->DbgPrintReturnControlC, Type: EAT modification 0x83B562A4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->DbgPrompt, Type: EAT modification 0x83B562A8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->DbgQueryDebugFilterState, Type: EAT modification 0x83B562AC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->DbgSetDebugFilterState, Type: EAT modification 0x83B562B0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->DbgSetDebugPrintCallback, Type: EAT modification 0x83B562B4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EmClientQueryRuleState, Type: EAT modification 0x83B562C0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EmClientRuleDeregisterNotification, Type: EAT modification 0x83B562C4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EmClientRuleEvaluate, Type: EAT modification 0x83B562C8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EmClientRuleRegisterNotification, Type: EAT modification 0x83B562CC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EmpProviderRegister, Type: EAT modification 0x83B562E0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EmProviderDeregister, Type: EAT modification 0x83B562D0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EmProviderDeregisterEntry, Type: EAT modification 0x83B562D4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EmProviderRegister, Type: EAT modification 0x83B562D8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EmProviderRegisterEntry, Type: EAT modification 0x83B562DC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EtwActivityIdControl, Type: EAT modification 0x83B562E4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EtwEnableTrace, Type: EAT modification 0x83B562E8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EtwEventEnabled, Type: EAT modification 0x83B562EC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EtwProviderEnabled, Type: EAT modification 0x83B562F0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EtwRegister, Type: EAT modification 0x83B562F4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EtwRegisterClassicProvider, Type: EAT modification 0x83B562F8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EtwSendTraceBuffer, Type: EAT modification 0x83B562FC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EtwUnregister, Type: EAT modification 0x83B56300-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EtwWrite, Type: EAT modification 0x83B56304-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EtwWriteEndScenario, Type: EAT modification 0x83B56308-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EtwWriteEx, Type: EAT modification 0x83B5630C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EtwWriteStartScenario, Type: EAT modification 0x83B56310-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EtwWriteString, Type: EAT modification 0x83B56314-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EtwWriteTransfer, Type: EAT modification 0x83B56318-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAcquireCacheAwarePushLockExclusive, Type: EAT modification 0x83B5631C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAcquireFastMutexUnsafe, Type: EAT modification 0x83B56028-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAcquireResourceExclusiveLite, Type: EAT modification 0x83B56320-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAcquireResourceSharedLite, Type: EAT modification 0x83B56324-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAcquireRundownProtection, Type: EAT modification 0x83B5602C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAcquireRundownProtectionCacheAware, Type: EAT modification 0x83B56030-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAcquireRundownProtectionCacheAwareEx, Type: EAT modification 0x83B56034-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAcquireRundownProtectionEx, Type: EAT modification 0x83B56038-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAcquireSharedStarveExclusive, Type: EAT modification 0x83B56328-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAcquireSharedWaitForExclusive, Type: EAT modification 0x83B5632C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAcquireSpinLockExclusive, Type: EAT modification 0x83B56330-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAcquireSpinLockExclusiveAtDpcLevel, Type: EAT modification 0x83B56334-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAcquireSpinLockShared, Type: EAT modification 0x83B56338-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAcquireSpinLockSharedAtDpcLevel, Type: EAT modification 0x83B5633C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAllocateCacheAwarePushLock, Type: EAT modification 0x83B56340-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAllocateCacheAwareRundownProtection, Type: EAT modification 0x83B56344-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAllocateFromPagedLookasideList, Type: EAT modification 0x83B56348-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAllocatePool, Type: EAT modification 0x83B5634C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAllocatePoolWithQuota, Type: EAT modification 0x83B56350-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAllocatePoolWithQuotaTag, Type: EAT modification 0x83B56354-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAllocatePoolWithTag, Type: EAT modification 0x83B56358-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAllocatePoolWithTagPriority, Type: EAT modification 0x83B5635C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExConvertExclusiveToSharedLite, Type: EAT modification 0x83B56360-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExCreateCallback, Type: EAT modification 0x83B56364-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExDeleteLookasideListEx, Type: EAT modification 0x83B56368-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExDeleteNPagedLookasideList, Type: EAT modification 0x83B5636C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExDeletePagedLookasideList, Type: EAT modification 0x83B56370-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExDeleteResourceLite, Type: EAT modification 0x83B56374-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExDesktopObjectType, Type: EAT modification 0x83B56378-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExDisableResourceBoostLite, Type: EAT modification 0x83B5637C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExEnterCriticalRegionAndAcquireFastMutexUnsafe, Type: EAT modification 0x83B5603C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExEnterCriticalRegionAndAcquireResourceExclusive, Type: EAT modification 0x83B56380-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExEnterCriticalRegionAndAcquireResourceShared, Type: EAT modification 0x83B56384-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExEnterCriticalRegionAndAcquireSharedWaitForExclusive, Type: EAT modification 0x83B56388-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExEnterPriorityRegionAndAcquireResourceExclusive, Type: EAT modification 0x83B5638C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExEnterPriorityRegionAndAcquireResourceShared, Type: EAT modification 0x83B56390-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExEnumHandleTable, Type: EAT modification 0x83B56394-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExEventObjectType, Type: EAT modification 0x83B56398-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExExtendZone, Type: EAT modification 0x83B5639C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExfAcquirePushLockExclusive, Type: EAT modification 0x83B56094-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExfAcquirePushLockShared, Type: EAT modification 0x83B56098-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExFetchLicenseData, Type: EAT modification 0x83B563A0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->Exfi386InterlockedDecrementLong, Type: EAT modification 0x83B560D0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->Exfi386InterlockedExchangeUlong, Type: EAT modification 0x83B560D4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->Exfi386InterlockedIncrementLong, Type: EAT modification 0x83B560D8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExfInterlockedAddUlong, Type: EAT modification 0x83B5609C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExfInterlockedCompareExchange64, Type: EAT modification 0x83B560A0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExfInterlockedInsertHeadList, Type: EAT modification 0x83B560A4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExfInterlockedInsertTailList, Type: EAT modification 0x83B560A8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExfInterlockedPopEntryList, Type: EAT modification 0x83B560AC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExfInterlockedPushEntryList, Type: EAT modification 0x83B560B0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExfInterlockedRemoveHeadList, Type: EAT modification 0x83B560B4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExFlushLookasideListEx, Type: EAT modification 0x83B563A4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExFreeCacheAwarePushLock, Type: EAT modification 0x83B563A8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExFreeCacheAwareRundownProtection, Type: EAT modification 0x83B563AC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExFreePool, Type: EAT modification 0x83B563B0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExFreePoolWithTag, Type: EAT modification 0x83B563B4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExFreeToPagedLookasideList, Type: EAT modification 0x83B563B8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExfReleasePushLock, Type: EAT modification 0x83B560B8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExfReleasePushLockExclusive, Type: EAT modification 0x83B560BC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExfReleasePushLockShared, Type: EAT modification 0x83B560C0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExfTryAcquirePushLockShared, Type: EAT modification 0x83B560C4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExfTryToWakePushLock, Type: EAT modification 0x83B560C8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExfUnblockPushLock, Type: EAT modification 0x83B560CC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExGetCurrentProcessorCounts, Type: EAT modification 0x83B563BC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExGetCurrentProcessorCpuUsage, Type: EAT modification 0x83B563C0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExGetExclusiveWaiterCount, Type: EAT modification 0x83B563C4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExGetLicenseTamperState, Type: EAT modification 0x83B563C8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExGetPreviousMode, Type: EAT modification 0x83B563CC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExGetSharedWaiterCount, Type: EAT modification 0x83B563D0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->Exi386InterlockedDecrementLong, Type: EAT modification 0x83B564B8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->Exi386InterlockedExchangeUlong, Type: EAT modification 0x83B564BC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->Exi386InterlockedIncrementLong, Type: EAT modification 0x83B564C0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExiAcquireFastMutex, Type: EAT modification 0x83B560DC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInitializeLookasideListEx, Type: EAT modification 0x83B563D4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInitializeNPagedLookasideList, Type: EAT modification 0x83B563D8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInitializePagedLookasideList, Type: EAT modification 0x83B563DC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInitializePushLock, Type: EAT modification 0x83B563E0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInitializeResourceLite, Type: EAT modification 0x83B563E4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInitializeRundownProtection, Type: EAT modification 0x83B56040-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInitializeRundownProtectionCacheAware, Type: EAT modification 0x83B563E8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInitializeZone, Type: EAT modification 0x83B563EC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInterlockedAddLargeInteger, Type: EAT modification 0x83B563F0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInterlockedAddLargeStatistic, Type: EAT modification 0x83B56044-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInterlockedAddUlong, Type: EAT modification 0x83B563F4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInterlockedCompareExchange64, Type: EAT modification 0x83B56048-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInterlockedDecrementLong, Type: EAT modification 0x83B563F8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInterlockedExchangeUlong, Type: EAT modification 0x83B563FC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInterlockedExtendZone, Type: EAT modification 0x83B56400-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInterlockedFlushSList, Type: EAT modification 0x83B5604C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInterlockedIncrementLong, Type: EAT modification 0x83B56404-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInterlockedInsertHeadList, Type: EAT modification 0x83B56408-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInterlockedInsertTailList, Type: EAT modification 0x83B5640C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInterlockedPopEntryList, Type: EAT modification 0x83B56410-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInterlockedPopEntrySList, Type: EAT modification 0x83B56050-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInterlockedPushEntryList, Type: EAT modification 0x83B56414-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInterlockedPushEntrySList, Type: EAT modification 0x83B56054-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInterlockedRemoveHeadList, Type: EAT modification 0x83B56418-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExiReleaseFastMutex, Type: EAT modification 0x83B560E0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExIsProcessorFeaturePresent, Type: EAT modification 0x83B5641C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExIsResourceAcquiredExclusiveLite, Type: EAT modification 0x83B56420-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExIsResourceAcquiredSharedLite, Type: EAT modification 0x83B56424-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExiTryToAcquireFastMutex, Type: EAT modification 0x83B560E4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExLocalTimeToSystemTime, Type: EAT modification 0x83B56428-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExNotifyCallback, Type: EAT modification 0x83B5642C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExQueryAttributeInformation, Type: EAT modification 0x83B56430-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExQueryPoolBlockSize, Type: EAT modification 0x83B56434-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExQueueWorkItem, Type: EAT modification 0x83B56438-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExRaiseAccessViolation, Type: EAT modification 0x83B5643C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExRaiseDatatypeMisalignment, Type: EAT modification 0x83B56440-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExRaiseException, Type: EAT modification 0x83B56444-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExRaiseHardError, Type: EAT modification 0x83B56448-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExRaiseStatus, Type: EAT modification 0x83B5644C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExRegisterAttributeInformationCallback, Type: EAT modification 0x83B56450-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExRegisterCallback, Type: EAT modification 0x83B56454-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExRegisterExtension, Type: EAT modification 0x83B56458-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReinitializeResourceLite, Type: EAT modification 0x83B5645C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReInitializeRundownProtection, Type: EAT modification 0x83B56058-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReInitializeRundownProtectionCacheAware, Type: EAT modification 0x83B5605C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReleaseCacheAwarePushLockExclusive, Type: EAT modification 0x83B56460-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReleaseFastMutexUnsafe, Type: EAT modification 0x83B56060-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReleaseFastMutexUnsafeAndLeaveCriticalRegion, Type: EAT modification 0x83B56064-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReleaseResourceAndLeaveCriticalRegion, Type: EAT modification 0x83B56068-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReleaseResourceAndLeavePriorityRegion, Type: EAT modification 0x83B5606C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReleaseResourceForThreadLite, Type: EAT modification 0x83B56464-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReleaseResourceLite, Type: EAT modification 0x83B56070-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReleaseRundownProtection, Type: EAT modification 0x83B56074-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReleaseRundownProtectionCacheAware, Type: EAT modification 0x83B56078-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReleaseRundownProtectionCacheAwareEx, Type: EAT modification 0x83B5607C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReleaseRundownProtectionEx, Type: EAT modification 0x83B56080-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReleaseSpinLockExclusive, Type: EAT modification 0x83B56468-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReleaseSpinLockExclusiveFromDpcLevel, Type: EAT modification 0x83B5646C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReleaseSpinLockShared, Type: EAT modification 0x83B56470-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReleaseSpinLockSharedFromDpcLevel, Type: EAT modification 0x83B56474-->83806000 [ntkrnlpa.exe]

Link to post
Share on other sites

ntkrnlpa.exe-->ExRundownCompleted, Type: EAT modification 0x83B56084-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExRundownCompletedCacheAware, Type: EAT modification 0x83B56088-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExSemaphoreObjectType, Type: EAT modification 0x83B56478-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExSetLicenseTamperState, Type: EAT modification 0x83B5647C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExSetResourceOwnerPointer, Type: EAT modification 0x83B56480-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExSetResourceOwnerPointerEx, Type: EAT modification 0x83B56484-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExSetTimerResolution, Type: EAT modification 0x83B56488-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExSizeOfRundownProtectionCacheAware, Type: EAT modification 0x83B5648C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExSystemExceptionFilter, Type: EAT modification 0x83B56490-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExSystemTimeToLocalTime, Type: EAT modification 0x83B56494-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExTryConvertSharedSpinLockExclusive, Type: EAT modification 0x83B56498-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExUnregisterAttributeInformationCallback, Type: EAT modification 0x83B5649C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExUnregisterCallback, Type: EAT modification 0x83B564A0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExUnregisterExtension, Type: EAT modification 0x83B564A4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExUpdateLicenseData, Type: EAT modification 0x83B564A8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExUuidCreate, Type: EAT modification 0x83B564AC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExVerifySuite, Type: EAT modification 0x83B564B0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExWaitForRundownProtectionRelease, Type: EAT modification 0x83B5608C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExWaitForRundownProtectionReleaseCacheAware, Type: EAT modification 0x83B56090-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExWindowStationObjectType, Type: EAT modification 0x83B564B4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FirstEntrySList, Type: EAT modification 0x83B564C4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAcknowledgeEcp, Type: EAT modification 0x83B564C8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAcquireFileExclusive, Type: EAT modification 0x83B564CC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAddBaseMcbEntry, Type: EAT modification 0x83B564D0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAddBaseMcbEntryEx, Type: EAT modification 0x83B564D4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAddLargeMcbEntry, Type: EAT modification 0x83B564D8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAddMcbEntry, Type: EAT modification 0x83B564DC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAddToTunnelCache, Type: EAT modification 0x83B564E0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAllocateExtraCreateParameter, Type: EAT modification 0x83B564E4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAllocateExtraCreateParameterFromLookasideList, Type: EAT modification 0x83B564E8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAllocateExtraCreateParameterList, Type: EAT modification 0x83B564EC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAllocateFileLock, Type: EAT modification 0x83B564F0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAllocatePool, Type: EAT modification 0x83B564F4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAllocatePoolWithQuota, Type: EAT modification 0x83B564F8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAllocatePoolWithQuotaTag, Type: EAT modification 0x83B564FC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAllocatePoolWithTag, Type: EAT modification 0x83B56500-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAllocateResource, Type: EAT modification 0x83B56504-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAreNamesEqual, Type: EAT modification 0x83B56508-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAreThereCurrentOrInProgressFileLocks, Type: EAT modification 0x83B5650C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAreVolumeStartupApplicationsComplete, Type: EAT modification 0x83B56510-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlBalanceReads, Type: EAT modification 0x83B56514-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlCancellableWaitForMultipleObjects, Type: EAT modification 0x83B56518-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlCancellableWaitForSingleObject, Type: EAT modification 0x83B5651C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlChangeBackingFileObject, Type: EAT modification 0x83B56520-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlCheckLockForReadAccess, Type: EAT modification 0x83B56524-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlCheckLockForWriteAccess, Type: EAT modification 0x83B56528-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlCheckOplock, Type: EAT modification 0x83B5652C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlCheckOplockEx, Type: EAT modification 0x83B56530-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlCopyRead, Type: EAT modification 0x83B56534-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlCopyWrite, Type: EAT modification 0x83B56538-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlCreateSectionForDataScan, Type: EAT modification 0x83B5653C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlCurrentBatchOplock, Type: EAT modification 0x83B56540-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlCurrentOplock, Type: EAT modification 0x83B56544-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlCurrentOplockH, Type: EAT modification 0x83B56548-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlDeleteExtraCreateParameterLookasideList, Type: EAT modification 0x83B5654C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlDeleteKeyFromTunnelCache, Type: EAT modification 0x83B56550-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlDeleteTunnelCache, Type: EAT modification 0x83B56554-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlDeregisterUncProvider, Type: EAT modification 0x83B56558-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlDissectDbcs, Type: EAT modification 0x83B5655C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlDissectName, Type: EAT modification 0x83B56560-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlDoesDbcsContainWildCards, Type: EAT modification 0x83B56564-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlDoesNameContainWildCards, Type: EAT modification 0x83B56568-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlFastCheckLockForRead, Type: EAT modification 0x83B5656C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlFastCheckLockForWrite, Type: EAT modification 0x83B56570-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlFastUnlockAll, Type: EAT modification 0x83B56574-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlFastUnlockAllByKey, Type: EAT modification 0x83B56578-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlFastUnlockSingle, Type: EAT modification 0x83B5657C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlFindExtraCreateParameter, Type: EAT modification 0x83B56580-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlFindInTunnelCache, Type: EAT modification 0x83B56584-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlFreeExtraCreateParameter, Type: EAT modification 0x83B56588-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlFreeExtraCreateParameterList, Type: EAT modification 0x83B5658C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlFreeFileLock, Type: EAT modification 0x83B56590-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlGetEcpListFromIrp, Type: EAT modification 0x83B56594-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlGetFileSize, Type: EAT modification 0x83B56598-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlGetNextBaseMcbEntry, Type: EAT modification 0x83B5659C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlGetNextExtraCreateParameter, Type: EAT modification 0x83B565A0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlGetNextFileLock, Type: EAT modification 0x83B565A4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlGetNextLargeMcbEntry, Type: EAT modification 0x83B565A8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlGetNextMcbEntry, Type: EAT modification 0x83B565AC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlGetVirtualDiskNestingLevel, Type: EAT modification 0x83B565B0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlIncrementCcFastMdlReadWait, Type: EAT modification 0x83B565B4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlIncrementCcFastReadNotPossible, Type: EAT modification 0x83B565BC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlIncrementCcFastReadNoWait, Type: EAT modification 0x83B565B8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlIncrementCcFastReadResourceMiss, Type: EAT modification 0x83B565C0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlIncrementCcFastReadWait, Type: EAT modification 0x83B565C4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlInitExtraCreateParameterLookasideList, Type: EAT modification 0x83B565C8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlInitializeBaseMcb, Type: EAT modification 0x83B565CC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlInitializeBaseMcbEx, Type: EAT modification 0x83B565D0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlInitializeExtraCreateParameter, Type: EAT modification 0x83B565D4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlInitializeExtraCreateParameterList, Type: EAT modification 0x83B565D8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlInitializeFileLock, Type: EAT modification 0x83B565DC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlInitializeLargeMcb, Type: EAT modification 0x83B565E0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlInitializeMcb, Type: EAT modification 0x83B565E4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlInitializeOplock, Type: EAT modification 0x83B565E8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlInitializeTunnelCache, Type: EAT modification 0x83B565EC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlInsertExtraCreateParameter, Type: EAT modification 0x83B565F0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlInsertPerFileContext, Type: EAT modification 0x83B565F4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlInsertPerFileObjectContext, Type: EAT modification 0x83B565F8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlInsertPerStreamContext, Type: EAT modification 0x83B565FC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlIsDbcsInExpression, Type: EAT modification 0x83B56600-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlIsEcpAcknowledged, Type: EAT modification 0x83B56604-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlIsEcpFromUserMode, Type: EAT modification 0x83B56608-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlIsFatDbcsLegal, Type: EAT modification 0x83B5660C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlIsHpfsDbcsLegal, Type: EAT modification 0x83B56610-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlIsNameInExpression, Type: EAT modification 0x83B56614-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlIsNtstatusExpected, Type: EAT modification 0x83B56618-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlIsPagingFile, Type: EAT modification 0x83B5661C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlIsTotalDeviceFailure, Type: EAT modification 0x83B56620-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlLegalAnsiCharacterArray, Type: EAT modification 0x83B56624-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlLogCcFlushError, Type: EAT modification 0x83B56628-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlLookupBaseMcbEntry, Type: EAT modification 0x83B5662C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlLookupLargeMcbEntry, Type: EAT modification 0x83B56630-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlLookupLastBaseMcbEntry, Type: EAT modification 0x83B56634-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlLookupLastBaseMcbEntryAndIndex, Type: EAT modification 0x83B56638-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlLookupLastLargeMcbEntry, Type: EAT modification 0x83B5663C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlLookupLastLargeMcbEntryAndIndex, Type: EAT modification 0x83B56640-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlLookupLastMcbEntry, Type: EAT modification 0x83B56644-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlLookupMcbEntry, Type: EAT modification 0x83B56648-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlLookupPerFileContext, Type: EAT modification 0x83B5664C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlLookupPerFileObjectContext, Type: EAT modification 0x83B56650-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlLookupPerStreamContextInternal, Type: EAT modification 0x83B56654-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlMdlRead, Type: EAT modification 0x83B56658-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlMdlReadComplete, Type: EAT modification 0x83B5665C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlMdlReadCompleteDev, Type: EAT modification 0x83B56660-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlMdlReadDev, Type: EAT modification 0x83B56664-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlMdlWriteComplete, Type: EAT modification 0x83B56668-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlMdlWriteCompleteDev, Type: EAT modification 0x83B5666C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlMupGetProviderIdFromName, Type: EAT modification 0x83B56670-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlMupGetProviderInfoFromFileObject, Type: EAT modification 0x83B56674-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlNormalizeNtstatus, Type: EAT modification 0x83B56678-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlNotifyChangeDirectory, Type: EAT modification 0x83B5667C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlNotifyCleanup, Type: EAT modification 0x83B56680-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlNotifyCleanupAll, Type: EAT modification 0x83B56684-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlNotifyFilterChangeDirectory, Type: EAT modification 0x83B56688-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlNotifyFilterReportChange, Type: EAT modification 0x83B5668C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlNotifyFullChangeDirectory, Type: EAT modification 0x83B56690-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlNotifyFullReportChange, Type: EAT modification 0x83B56694-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlNotifyInitializeSync, Type: EAT modification 0x83B56698-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlNotifyReportChange, Type: EAT modification 0x83B5669C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlNotifyUninitializeSync, Type: EAT modification 0x83B566A0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlNotifyVolumeEvent, Type: EAT modification 0x83B566A4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlNotifyVolumeEventEx, Type: EAT modification 0x83B566A8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlNumberOfRunsInBaseMcb, Type: EAT modification 0x83B566AC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlNumberOfRunsInLargeMcb, Type: EAT modification 0x83B566B0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlNumberOfRunsInMcb, Type: EAT modification 0x83B566B4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlOplockBreakH, Type: EAT modification 0x83B566B8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlOplockBreakToNone, Type: EAT modification 0x83B566BC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlOplockBreakToNoneEx, Type: EAT modification 0x83B566C0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlOplockFsctrl, Type: EAT modification 0x83B566C4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlOplockFsctrlEx, Type: EAT modification 0x83B566C8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlOplockIsFastIoPossible, Type: EAT modification 0x83B566CC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlOplockIsSharedRequest, Type: EAT modification 0x83B566D0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlOplockKeysEqual, Type: EAT modification 0x83B566D4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlPostPagingFileStackOverflow, Type: EAT modification 0x83B566D8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlPostStackOverflow, Type: EAT modification 0x83B566DC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlPrepareMdlWrite, Type: EAT modification 0x83B566E0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlPrepareMdlWriteDev, Type: EAT modification 0x83B566E4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlPrivateLock, Type: EAT modification 0x83B566E8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlProcessFileLock, Type: EAT modification 0x83B566EC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlQueryMaximumVirtualDiskNestingLevel, Type: EAT modification 0x83B566F0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlRegisterFileSystemFilterCallbacks, Type: EAT modification 0x83B566F4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlRegisterFltMgrCalls, Type: EAT modification 0x83B566F8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlRegisterMupCalls, Type: EAT modification 0x83B566FC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlRegisterUncProvider, Type: EAT modification 0x83B56700-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlRegisterUncProviderEx, Type: EAT modification 0x83B56704-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlReleaseFile, Type: EAT modification 0x83B56708-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlRemoveBaseMcbEntry, Type: EAT modification 0x83B5670C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlRemoveDotsFromPath, Type: EAT modification 0x83B56710-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlRemoveExtraCreateParameter, Type: EAT modification 0x83B56714-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlRemoveLargeMcbEntry, Type: EAT modification 0x83B56718-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlRemoveMcbEntry, Type: EAT modification 0x83B5671C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlRemovePerFileContext, Type: EAT modification 0x83B56720-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlRemovePerFileObjectContext, Type: EAT modification 0x83B56724-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlRemovePerStreamContext, Type: EAT modification 0x83B56728-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlResetBaseMcb, Type: EAT modification 0x83B5672C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlResetLargeMcb, Type: EAT modification 0x83B56730-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlSetEcpListIntoIrp, Type: EAT modification 0x83B56734-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlSplitBaseMcb, Type: EAT modification 0x83B56738-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlSplitLargeMcb, Type: EAT modification 0x83B5673C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlSyncVolumes, Type: EAT modification 0x83B56740-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlTeardownPerFileContexts, Type: EAT modification 0x83B56744-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlTeardownPerStreamContexts, Type: EAT modification 0x83B56748-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlTruncateBaseMcb, Type: EAT modification 0x83B5674C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlTruncateLargeMcb, Type: EAT modification 0x83B56750-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlTruncateMcb, Type: EAT modification 0x83B56754-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlUninitializeBaseMcb, Type: EAT modification 0x83B56758-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlUninitializeFileLock, Type: EAT modification 0x83B5675C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlUninitializeLargeMcb, Type: EAT modification 0x83B56760-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlUninitializeMcb, Type: EAT modification 0x83B56764-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlUninitializeOplock, Type: EAT modification 0x83B56768-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlValidateReparsePointBuffer, Type: EAT modification 0x83B5676C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->HalDispatchTable, Type: EAT modification 0x83B56770-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->HalExamineMBR, Type: EAT modification 0x83B560E8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->HalPrivateDispatchTable, Type: EAT modification 0x83B56774-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->HeadlessDispatch, Type: EAT modification 0x83B56778-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->HvlQueryConnection, Type: EAT modification 0x83B5677C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InbvAcquireDisplayOwnership, Type: EAT modification 0x83B56780-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InbvCheckDisplayOwnership, Type: EAT modification 0x83B56784-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InbvDisplayString, Type: EAT modification 0x83B56788-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InbvEnableBootDriver, Type: EAT modification 0x83B5678C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InbvEnableDisplayString, Type: EAT modification 0x83B56790-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InbvInstallDisplayStringFilter, Type: EAT modification 0x83B56794-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InbvIsBootDriverInstalled, Type: EAT modification 0x83B56798-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InbvNotifyDisplayOwnershipLost, Type: EAT modification 0x83B5679C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InbvResetDisplay, Type: EAT modification 0x83B567A0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InbvSetScrollRegion, Type: EAT modification 0x83B567A4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InbvSetTextColor, Type: EAT modification 0x83B567A8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InbvSolidColorFill, Type: EAT modification 0x83B567AC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InitSafeBootMode, Type: EAT modification 0x83B567B0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InterlockedCompareExchange, Type: EAT modification 0x83B560EC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InterlockedDecrement, Type: EAT modification 0x83B560F0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InterlockedExchange, Type: EAT modification 0x83B560F4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InterlockedExchangeAdd, Type: EAT modification 0x83B560F8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InterlockedIncrement, Type: EAT modification 0x83B560FC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InterlockedPopEntrySList, Type: EAT modification 0x83B56100-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InterlockedPushEntrySList, Type: EAT modification 0x83B56104-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAcquireCancelSpinLock, Type: EAT modification 0x83B567B4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAcquireRemoveLockEx, Type: EAT modification 0x83B567B8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAcquireVpbSpinLock, Type: EAT modification 0x83B567BC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAdapterObjectType, Type: EAT modification 0x83B567C0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAdjustStackSizeForRedirection, Type: EAT modification 0x83B567C4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAllocateAdapterChannel, Type: EAT modification 0x83B567C8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAllocateController, Type: EAT modification 0x83B567CC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAllocateDriverObjectExtension, Type: EAT modification 0x83B567D0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAllocateErrorLogEntry, Type: EAT modification 0x83B567D4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAllocateIrp, Type: EAT modification 0x83B567D8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAllocateMdl, Type: EAT modification 0x83B567DC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAllocateMiniCompletionPacket, Type: EAT modification 0x83B567E0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAllocateSfioStreamIdentifier, Type: EAT modification 0x83B567E4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAllocateWorkItem, Type: EAT modification 0x83B567E8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoApplyPriorityInfoThread, Type: EAT modification 0x83B567EC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAssignResources, Type: EAT modification 0x83B567F0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAttachDevice, Type: EAT modification 0x83B567F4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAttachDeviceByPointer, Type: EAT modification 0x83B567F8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAttachDeviceToDeviceStack, Type: EAT modification 0x83B567FC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAttachDeviceToDeviceStackSafe, Type: EAT modification 0x83B56800-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoBuildAsynchronousFsdRequest, Type: EAT modification 0x83B56804-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoBuildDeviceIoControlRequest, Type: EAT modification 0x83B56808-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoBuildPartialMdl, Type: EAT modification 0x83B5680C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoBuildSynchronousFsdRequest, Type: EAT modification 0x83B56810-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCallDriver, Type: EAT modification 0x83B56814-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCancelFileOpen, Type: EAT modification 0x83B56818-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCancelIrp, Type: EAT modification 0x83B5681C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCheckDesiredAccess, Type: EAT modification 0x83B56820-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCheckEaBufferValidity, Type: EAT modification 0x83B56824-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCheckFunctionAccess, Type: EAT modification 0x83B56828-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCheckQuerySetFileInformation, Type: EAT modification 0x83B5682C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCheckQuerySetVolumeInformation, Type: EAT modification 0x83B56830-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCheckQuotaBufferValidity, Type: EAT modification 0x83B56834-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCheckShareAccess, Type: EAT modification 0x83B56838-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCheckShareAccessEx, Type: EAT modification 0x83B5683C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoClearDependency, Type: EAT modification 0x83B56840-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoClearIrpExtraCreateParameter, Type: EAT modification 0x83B56844-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCompleteRequest, Type: EAT modification 0x83B56848-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoConnectInterrupt, Type: EAT modification 0x83B5684C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoConnectInterruptEx, Type: EAT modification 0x83B56850-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCreateArcName, Type: EAT modification 0x83B56854-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCreateController, Type: EAT modification 0x83B56858-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCreateDevice, Type: EAT modification 0x83B5685C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCreateDisk, Type: EAT modification 0x83B56860-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCreateDriver, Type: EAT modification 0x83B56864-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCreateFile, Type: EAT modification 0x83B56868-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCreateFileEx, Type: EAT modification 0x83B5686C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCreateFileSpecifyDeviceObjectHint, Type: EAT modification 0x83B56870-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCreateNotificationEvent, Type: EAT modification 0x83B56874-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCreateStreamFileObject, Type: EAT modification 0x83B56878-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCreateStreamFileObjectEx, Type: EAT modification 0x83B5687C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCreateStreamFileObjectLite, Type: EAT modification 0x83B56880-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCreateSymbolicLink, Type: EAT modification 0x83B56884-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCreateSynchronizationEvent, Type: EAT modification 0x83B56888-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCreateUnprotectedSymbolicLink, Type: EAT modification 0x83B5688C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCsqInitialize, Type: EAT modification 0x83B56890-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCsqInitializeEx, Type: EAT modification 0x83B56894-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCsqInsertIrp, Type: EAT modification 0x83B56898-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCsqInsertIrpEx, Type: EAT modification 0x83B5689C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCsqRemoveIrp, Type: EAT modification 0x83B568A0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCsqRemoveNextIrp, Type: EAT modification 0x83B568A4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoDeleteAllDependencyRelations, Type: EAT modification 0x83B568A8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoDeleteController, Type: EAT modification 0x83B568AC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoDeleteDevice, Type: EAT modification 0x83B568B0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoDeleteDriver, Type: EAT modification 0x83B568B4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoDeleteSymbolicLink, Type: EAT modification 0x83B568B8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoDetachDevice, Type: EAT modification 0x83B568BC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoDeviceHandlerObjectSize, Type: EAT modification 0x83B568C0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoDeviceHandlerObjectType, Type: EAT modification 0x83B568C4-->83B8764C [ntkrnlpa.exe]

ntkrnlpa.exe-->IoDeviceObjectType, Type: EAT modification 0x83B568C8-->D4B469FA [unknown_code_page]

ntkrnlpa.exe-->IoDisconnectInterrupt, Type: EAT modification 0x83B568CC-->8F806C27 [unknown_code_page]

ntkrnlpa.exe-->IoDisconnectInterruptEx, Type: EAT modification 0x83B568D0-->839A9728 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoDriverObjectType, Type: EAT modification 0x83B568D4-->83B87604 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoDuplicateDependency, Type: EAT modification 0x83B568D8-->83806003 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoEnqueueIrp, Type: EAT modification 0x83B568DC-->83806400 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoEnumerateDeviceObjectList, Type: EAT modification 0x83B568E0-->8380605E [ntkrnlpa.exe]

ntkrnlpa.exe-->IoEnumerateRegisteredFiltersList, Type: EAT modification 0x83B568E4-->83944350 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoFastQueryNetworkAttributes, Type: EAT modification 0x83B568E8-->83B875FC [ntkrnlpa.exe]

ntkrnlpa.exe-->IofCallDriver, Type: EAT modification 0x83B56118-->8398F5C0 [ntkrnlpa.exe]

ntkrnlpa.exe-->IofCompleteRequest, Type: EAT modification 0x83B5611C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoFileObjectType, Type: EAT modification 0x83B568EC-->83806003 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoForwardAndCatchIrp, Type: EAT modification 0x83B568F0-->83806200 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoForwardIrpSynchronously, Type: EAT modification 0x83B568F4-->8380600E [ntkrnlpa.exe]

ntkrnlpa.exe-->IoFreeController, Type: EAT modification 0x83B568F8-->83943D10 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoFreeErrorLogEntry, Type: EAT modification 0x83B568FC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoFreeIrp, Type: EAT modification 0x83B56900-->D5B569F8 [unknown_code_page]

ntkrnlpa.exe-->IoFreeMdl, Type: EAT modification 0x83B56904-->83806D22 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoFreeMiniCompletionPacket, Type: EAT modification 0x83B56908-->83992C80 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoFreeSfioStreamIdentifier, Type: EAT modification 0x83B5690C-->839E3990 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoFreeWorkItem, Type: EAT modification 0x83B56910-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetAffinityInterrupt, Type: EAT modification 0x83B56914-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetAttachedDevice, Type: EAT modification 0x83B56918-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetAttachedDeviceReference, Type: EAT modification 0x83B5691C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetBaseFileSystemDeviceObject, Type: EAT modification 0x83B56920-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetBootDiskInformation, Type: EAT modification 0x83B56924-->83B87364 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetBootDiskInformationLite, Type: EAT modification 0x83B56928-->E2BC68FD [unknown_code_page]

ntkrnlpa.exe-->IoGetConfigurationInformation, Type: EAT modification 0x83B5692C-->8B806D20 [unknown_code_page]

ntkrnlpa.exe-->IoGetContainerInformation, Type: EAT modification 0x83B56930-->83967008 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetCurrentProcess, Type: EAT modification 0x83B56934-->8648C858 [unknown_code_page]

ntkrnlpa.exe-->IoGetDeviceAttachmentBaseRef, Type: EAT modification 0x83B56938-->8380600B [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetDeviceInterfaces, Type: EAT modification 0x83B56940-->972B4AFC [unknown_code_page]

ntkrnlpa.exe-->IoGetDeviceObjectPointer, Type: EAT modification 0x83B56948-->839979A0 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetDeviceProperty, Type: EAT modification 0x83B5694C-->839979D0 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetDevicePropertyData, Type: EAT modification 0x83B56950-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetDeviceToVerify, Type: EAT modification 0x83B56954-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetDiskDeviceObject, Type: EAT modification 0x83B56958-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetDmaAdapter, Type: EAT modification 0x83B5695C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetDriverObjectExtension, Type: EAT modification 0x83B56960-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetFileObjectGenericMapping, Type: EAT modification 0x83B56964-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetInitialStack, Type: EAT modification 0x83B56968-->972B4AF7 [unknown_code_page]

ntkrnlpa.exe-->IoGetIrpExtraCreateParameter, Type: EAT modification 0x83B56970-->83997A30 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetLowerDeviceObject, Type: EAT modification 0x83B56974-->83997A60 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetOplockKeyContext, Type: EAT modification 0x83B56978-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetPagingIoPriority, Type: EAT modification 0x83B56108-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetRelatedDeviceObject, Type: EAT modification 0x83B5697C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetRequestorProcess, Type: EAT modification 0x83B56980-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetRequestorProcessId, Type: EAT modification 0x83B56984-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetRequestorSessionId, Type: EAT modification 0x83B56988-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetSfioStreamIdentifier, Type: EAT modification 0x83B5698C-->972B4AF2 [unknown_code_page]

ntkrnlpa.exe-->IoGetSymlinkSupportInformation, Type: EAT modification 0x83B56994-->83997AC0 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetTopLevelIrp, Type: EAT modification 0x83B56998-->83997AF0 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetTransactionParameterBlock, Type: EAT modification 0x83B5699C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoInitializeIrp, Type: EAT modification 0x83B569A0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoInitializeRemoveLockEx, Type: EAT modification 0x83B569A4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoInitializeTimer, Type: EAT modification 0x83B569A8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoInitializeWorkItem, Type: EAT modification 0x83B569AC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoInvalidateDeviceRelations, Type: EAT modification 0x83B569B0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoInvalidateDeviceState, Type: EAT modification 0x83B569B4-->972B4A8D [unknown_code_page]

ntkrnlpa.exe-->IoIsFileOriginRemote, Type: EAT modification 0x83B569BC-->83997B50 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoIsOperationSynchronous, Type: EAT modification 0x83B569C0-->83997B80 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoIsSystemThread, Type: EAT modification 0x83B569C4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoIsValidNameGraftingBuffer, Type: EAT modification 0x83B569C8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoIsWdmVersionAvailable, Type: EAT modification 0x83B569CC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoMakeAssociatedIrp, Type: EAT modification 0x83B569D0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoOpenDeviceInterfaceRegistryKey, Type: EAT modification 0x83B569D4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoOpenDeviceRegistryKey, Type: EAT modification 0x83B569D8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoPageRead, Type: EAT modification 0x83B569DC-->972B4A88 [unknown_code_page]

ntkrnlpa.exe-->IoQueryFileDosDeviceName, Type: EAT modification 0x83B569E4-->83997BE0 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoQueryFileInformation, Type: EAT modification 0x83B569E8-->83997C10 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoQueryVolumeInformation, Type: EAT modification 0x83B569EC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoQueueThreadIrp, Type: EAT modification 0x83B569F0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoQueueWorkItem, Type: EAT modification 0x83B569F4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoQueueWorkItemEx, Type: EAT modification 0x83B569F8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoRaiseHardError, Type: EAT modification 0x83B569FC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoRaiseInformationalHardError, Type: EAT modification 0x83B56A00-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReadDiskSignature, Type: EAT modification 0x83B56A04-->972B4A83 [unknown_code_page]

ntkrnlpa.exe-->IoReadPartitionTable, Type: EAT modification 0x83B5610C-->83997C70 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReadPartitionTableEx, Type: EAT modification 0x83B56A0C-->83997CA0 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReadTransferCount, Type: EAT modification 0x83B56A10-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoRegisterBootDriverReinitialization, Type: EAT modification 0x83B56A14-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoRegisterContainerNotification, Type: EAT modification 0x83B56A18-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoRegisterDeviceInterface, Type: EAT modification 0x83B56A1C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoRegisterDriverReinitialization, Type: EAT modification 0x83B56A20-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoRegisterFileSystem, Type: EAT modification 0x83B56A24-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoRegisterFsRegistrationChange, Type: EAT modification 0x83B56A28-->972B4A9E [unknown_code_page]

ntkrnlpa.exe-->IoRegisterLastChanceShutdownNotification, Type: EAT modification 0x83B56A30-->83997D00 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoRegisterPlugPlayNotification, Type: EAT modification 0x83B56A34-->83997D30 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoRegisterPriorityCallback, Type: EAT modification 0x83B56A38-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoRegisterShutdownNotification, Type: EAT modification 0x83B56A3C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReleaseCancelSpinLock, Type: EAT modification 0x83B56A40-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReleaseRemoveLockAndWaitEx, Type: EAT modification 0x83B56A44-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReleaseRemoveLockEx, Type: EAT modification 0x83B56A48-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReleaseVpbSpinLock, Type: EAT modification 0x83B56A4C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoRemoveShareAccess, Type: EAT modification 0x83B56A50-->972B4A99 [unknown_code_page]

ntkrnlpa.exe-->IoReplacePartitionUnit, Type: EAT modification 0x83B56A58-->83997D90 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReportDetectedDevice, Type: EAT modification 0x83B56A5C-->83997DC0 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReportHalResourceUsage, Type: EAT modification 0x83B56A60-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReportResourceForDetection, Type: EAT modification 0x83B56A64-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReportResourceUsage, Type: EAT modification 0x83B56A68-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReportRootDevice, Type: EAT modification 0x83B56A6C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReportTargetDeviceChange, Type: EAT modification 0x83B56A70-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReportTargetDeviceChangeAsynchronous, Type: EAT modification 0x83B56A74-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoRequestDeviceEject, Type: EAT modification 0x83B56A78-->972B4A94 [unknown_code_page]

ntkrnlpa.exe-->IoRetrievePriorityInfo, Type: EAT modification 0x83B56A80-->83997E20 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReuseIrp, Type: EAT modification 0x83B56A84-->83997E50 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetCompletionRoutineEx, Type: EAT modification 0x83B56A88-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetDependency, Type: EAT modification 0x83B56A8C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetDeviceInterfaceState, Type: EAT modification 0x83B56A90-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetDevicePropertyData, Type: EAT modification 0x83B56A94-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetDeviceToVerify, Type: EAT modification 0x83B56A98-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetFileObjectIgnoreSharing, Type: EAT modification 0x83B56A9C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetFileOrigin, Type: EAT modification 0x83B56AA0-->972B4AAF [unknown_code_page]

ntkrnlpa.exe-->IoSetInformation, Type: EAT modification 0x83B56AA8-->83997EB0 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetIoCompletion, Type: EAT modification 0x83B56AAC-->83997EE0 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetIoCompletionEx, Type: EAT modification 0x83B56AB0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetIoPriorityHint, Type: EAT modification 0x83B56AB4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetIoPriorityHintIntoFileObject, Type: EAT modification 0x83B56AB8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetIoPriorityHintIntoThread, Type: EAT modification 0x83B56ABC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetIrpExtraCreateParameter, Type: EAT modification 0x83B56AC0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetOplockKeyContext, Type: EAT modification 0x83B56AC4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetPartitionInformation, Type: EAT modification 0x83B56110-->972B4AAA [unknown_code_page]

ntkrnlpa.exe-->IoSetShareAccess, Type: EAT modification 0x83B56ACC-->83997F40 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetShareAccessEx, Type: EAT modification 0x83B56AD0-->83997F70 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetStartIoAttributes, Type: EAT modification 0x83B56AD4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetSystemPartition, Type: EAT modification 0x83B56AD8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetThreadHardErrorMode, Type: EAT modification 0x83B56ADC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetTopLevelIrp, Type: EAT modification 0x83B56AE0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSizeofWorkItem, Type: EAT modification 0x83B56AE4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoStartNextPacket, Type: EAT modification 0x83B56AE8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoStartNextPacketByKey, Type: EAT modification 0x83B56AEC-->972B4AA5 [unknown_code_page]

ntkrnlpa.exe-->IoStartTimer, Type: EAT modification 0x83B56AF4-->83997FD0 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoStatisticsLock, Type: EAT modification 0x83B56AF8-->83998000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoStopTimer, Type: EAT modification 0x83B56AFC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSynchronousInvalidateDeviceRelations, Type: EAT modification 0x83B56B00-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSynchronousPageWrite, Type: EAT modification 0x83B56B04-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoThreadToProcess, Type: EAT modification 0x83B56B08-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoTranslateBusAddress, Type: EAT modification 0x83B56B0C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoUninitializeWorkItem, Type: EAT modification 0x83B56B10-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoUnregisterContainerNotification, Type: EAT modification 0x83B56B14-->972B4AA0 [unknown_code_page]

ntkrnlpa.exe-->IoUnregisterFsRegistrationChange, Type: EAT modification 0x83B56B1C-->83998060 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoUnregisterPlugPlayNotification, Type: EAT modification 0x83B56B20-->83998090 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoUnregisterPlugPlayNotificationEx, Type: EAT modification 0x83B56B24-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoUnregisterPriorityCallback, Type: EAT modification 0x83B56B28-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoUnregisterShutdownNotification, Type: EAT modification 0x83B56B2C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoUpdateShareAccess, Type: EAT modification 0x83B56B30-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoValidateDeviceIoControlAccess, Type: EAT modification 0x83B56B34-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoVerifyPartitionTable, Type: EAT modification 0x83B56B38-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoVerifyVolume, Type: EAT modification 0x83B56B3C-->972B4ABB [unknown_code_page]

ntkrnlpa.exe-->IoWithinStackLimits, Type: EAT modification 0x83B56B80-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoWMIAllocateInstanceIds, Type: EAT modification 0x83B56B44-->8398F470 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoWMIDeviceObjectToInstanceName, Type: EAT modification 0x83B56B48-->8398F4A0 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoWMIExecuteMethod, Type: EAT modification 0x83B56B4C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoWMIHandleToInstanceName, Type: EAT modification 0x83B56B50-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoWMIOpenBlock, Type: EAT modification 0x83B56B54-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoWMIQueryAllData, Type: EAT modification 0x83B56B58-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoWMIQueryAllDataMultiple, Type: EAT modification 0x83B56B5C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoWMIQuerySingleInstance, Type: EAT modification 0x83B56B60-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoWMIQuerySingleInstanceMultiple, Type: EAT modification 0x83B56B64-->972B4AB6 [unknown_code_page]

ntkrnlpa.exe-->IoWMISetNotificationCallback, Type: EAT modification 0x83B56B6C-->8398F500 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoWMISetSingleInstance, Type: EAT modification 0x83B56B70-->8398F530 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoWMISetSingleItem, Type: EAT modification 0x83B56B74-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoWMISuggestInstanceName, Type: EAT modification 0x83B56B78-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoWMIWriteEvent, Type: EAT modification 0x83B56B7C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoWriteErrorLogEntry, Type: EAT modification 0x83B56B84-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoWriteOperationCount, Type: EAT modification 0x83B56B88-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoWritePartitionTable, Type: EAT modification 0x83B56114-->972B4AB1 [unknown_code_page]

ntkrnlpa.exe-->IoWriteTransferCount, Type: EAT modification 0x83B56B90-->8398F590 [ntkrnlpa.exe]

ntkrnlpa.exe-->isdigit, Type: EAT modification 0x83B58130-->83F2606F [CI.dll]

ntkrnlpa.exe-->islower, Type: EAT modification 0x83B58134-->83E16066 [atapi.sys]

ntkrnlpa.exe-->isprint, Type: EAT modification 0x83B58138-->83AE6062 [ntkrnlpa.exe]

ntkrnlpa.exe-->isspace, Type: EAT modification 0x83B5813C-->83F46068 [Wdf01000.sys]

ntkrnlpa.exe-->isupper, Type: EAT modification 0x83B58140-->8381606D [ntkrnlpa.exe]

ntkrnlpa.exe-->isxdigit, Type: EAT modification 0x83B58144-->83816000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KdChangeOption, Type: EAT modification 0x83B56B94-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KdDebuggerEnabled, Type: EAT modification 0x83B56B98-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KdDebuggerNotPresent, Type: EAT modification 0x83B56B9C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KdDisableDebugger, Type: EAT modification 0x83B56BA0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KdEnableDebugger, Type: EAT modification 0x83B56BA4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KdEnteredDebugger, Type: EAT modification 0x83B56BA8-->972B4B4C [unknown_code_page]

ntkrnlpa.exe-->KdPowerTransition, Type: EAT modification 0x83B56BB0-->8398F620 [ntkrnlpa.exe]

ntkrnlpa.exe-->KdRefreshDebuggerNotPresent, Type: EAT modification 0x83B56BB4-->8398F650 [ntkrnlpa.exe]

ntkrnlpa.exe-->KdSystemDebugControl, Type: EAT modification 0x83B56BB8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->Ke386CallBios, Type: EAT modification 0x83B56BBC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->Ke386IoSetAccessProcess, Type: EAT modification 0x83B56BC0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->Ke386QueryIoAccessMap, Type: EAT modification 0x83B56BC4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->Ke386SetIoAccessMap, Type: EAT modification 0x83B56BC8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeAcquireGuardedMutex, Type: EAT modification 0x83B56120-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeAcquireGuardedMutexUnsafe, Type: EAT modification 0x83B56124-->972B4B47 [unknown_code_page]

ntkrnlpa.exe-->KeAcquireInStackQueuedSpinLockForDpc, Type: EAT modification 0x83B5612C-->8398F6B0 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeAcquireInterruptSpinLock, Type: EAT modification 0x83B56BCC-->8398F6E0 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeAcquireSpinLockAtDpcLevel, Type: EAT modification 0x83B56BD0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeAcquireSpinLockForDpc, Type: EAT modification 0x83B56130-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeAddGroupAffinityEx, Type: EAT modification 0x83B56BD4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeAddProcessorAffinityEx, Type: EAT modification 0x83B56BD8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeAddProcessorGroupAffinity, Type: EAT modification 0x83B56BDC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeAddSystemServiceTable, Type: EAT modification 0x83B56BE0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeAlertThread, Type: EAT modification 0x83B56BE4-->972B4B42 [unknown_code_page]

ntkrnlpa.exe-->KeAllocateCalloutStackEx, Type: EAT modification 0x83B56BEC-->8398F740 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeAndAffinityEx, Type: EAT modification 0x83B56BF0-->8398F770 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeAndGroupAffinityEx, Type: EAT modification 0x83B56BF4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeAreAllApcsDisabled, Type: EAT modification 0x83B56BF8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeAreApcsDisabled, Type: EAT modification 0x83B56BFC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeAttachProcess, Type: EAT modification 0x83B56C00-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeBugCheck, Type: EAT modification 0x83B56C04-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeBugCheckEx, Type: EAT modification 0x83B56C08-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeCancelTimer, Type: EAT modification 0x83B56C0C-->972B4B5D [unknown_code_page]

ntkrnlpa.exe-->KeCheckProcessorAffinityEx, Type: EAT modification 0x83B56C14-->8398F7D0 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeCheckProcessorGroupAffinity, Type: EAT modification 0x83B56C18-->8398F800 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeClearEvent, Type: EAT modification 0x83B56C1C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeComplementAffinityEx, Type: EAT modification 0x83B56C20-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeCopyAffinityEx, Type: EAT modification 0x83B56C24-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeCountSetBitsAffinityEx, Type: EAT modification 0x83B56C28-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeCountSetBitsGroupAffinity, Type: EAT modification 0x83B56C2C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeDelayExecutionThread, Type: EAT modification 0x83B56C30-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeDeregisterBugCheckCallback, Type: EAT modification 0x83B56C34-->972B4B58 [unknown_code_page]

ntkrnlpa.exe-->KeDeregisterNmiCallback, Type: EAT modification 0x83B56C3C-->8398F860 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeDeregisterProcessorChangeCallback, Type: EAT modification 0x83B56C40-->8398F890 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeDetachProcess, Type: EAT modification 0x83B56C44-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeEnterCriticalRegion, Type: EAT modification 0x83B56C48-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeEnterGuardedRegion, Type: EAT modification 0x83B56C4C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeEnterKernelDebugger, Type: EAT modification 0x83B56C50-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeEnumerateNextProcessor, Type: EAT modification 0x83B56C54-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeExpandKernelStackAndCallout, Type: EAT modification 0x83B56C58-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeExpandKernelStackAndCalloutEx, Type: EAT modification 0x83B56C5C-->972B4B53 [unknown_code_page]

ntkrnlpa.exe-->KefAcquireSpinLockAtDpcLevel, Type: EAT modification 0x83B56160-->972B4B39 [unknown_code_page]

ntkrnlpa.exe-->KeFindConfigurationNextEntry, Type: EAT modification 0x83B56C64-->8398F8F0 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeFindFirstSetLeftAffinityEx, Type: EAT modification 0x83B56C68-->8398F920 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeFindFirstSetLeftGroupAffinity, Type: EAT modification 0x83B56C6C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeFindFirstSetRightGroupAffinity, Type: EAT modification 0x83B56C70-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeFirstGroupAffinityEx, Type: EAT modification 0x83B56C74-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeFlushEntireTb, Type: EAT modification 0x83B56C78-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeFlushQueuedDpcs, Type: EAT modification 0x83B56C7C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeFreeCalloutStack, Type: EAT modification 0x83B56C80-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeGenericCallDpc, Type: EAT modification 0x83B56C84-->972B4B6E [unknown_code_page]

ntkrnlpa.exe-->KeGetCurrentProcessorNumberEx, Type: EAT modification 0x83B56C8C-->8398F980 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeGetCurrentThread, Type: EAT modification 0x83B56C90-->8398F9B0 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeGetPreviousMode, Type: EAT modification 0x83B56C94-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeGetProcessorIndexFromNumber, Type: EAT modification 0x83B56C98-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeGetProcessorNumberFromIndex, Type: EAT modification 0x83B56C9C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeGetRecommendedSharedDataAlignment, Type: EAT modification 0x83B56CA0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeGetXSaveFeatureFlags, Type: EAT modification 0x83B56CA4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeI386AbiosCall, Type: EAT modification 0x83B56CA8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeI386AllocateGdtSelectors, Type: EAT modification 0x83B56CAC-->972B4B69 [unknown_code_page]

ntkrnlpa.exe-->KeI386Call16BitFunction, Type: EAT modification 0x83B56CB4-->8398FA10 [ntkrnlpa.exe]

ntkrnlpa.exe-->Kei386EoiHelper, Type: EAT modification 0x83B5619C-->86481740 [unknown_code_page]

ntkrnlpa.exe-->KeI386FlatToGdtSelector, Type: EAT modification 0x83B56CB8-->8398FA40 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeI386GetLid, Type: EAT modification 0x83B56CBC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeI386MachineType, Type: EAT modification 0x83B56CC0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeI386ReleaseGdtSelectors, Type: EAT modification 0x83B56CC4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeI386ReleaseLid, Type: EAT modification 0x83B56CC8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeI386SetGdtSelector, Type: EAT modification 0x83B56CCC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInitializeAffinityEx, Type: EAT modification 0x83B56CD0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInitializeApc, Type: EAT modification 0x83B56CD4-->972B4B64 [unknown_code_page]

ntkrnlpa.exe-->KeInitializeDeviceQueue, Type: EAT modification 0x83B56CDC-->8398FAA0 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInitializeDpc, Type: EAT modification 0x83B56CE0-->8398FAD0 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInitializeEnumerationContext, Type: EAT modification 0x83B56CE4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInitializeEnumerationContextFromGroup, Type: EAT modification 0x83B56CE8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInitializeEvent, Type: EAT modification 0x83B56CEC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInitializeGuardedMutex, Type: EAT modification 0x83B56134-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInitializeInterrupt, Type: EAT modification 0x83B56CF0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInitializeMutant, Type: EAT modification 0x83B56CF4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInitializeMutex, Type: EAT modification 0x83B56CF8-->972B4B7F [unknown_code_page]

ntkrnlpa.exe-->KeInitializeSemaphore, Type: EAT modification 0x83B56D00-->8398FB30 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInitializeSpinLock, Type: EAT modification 0x83B56D04-->8398FB60 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInitializeThreadedDpc, Type: EAT modification 0x83B56D08-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInitializeTimer, Type: EAT modification 0x83B56D0C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInitializeTimerEx, Type: EAT modification 0x83B56D10-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInsertByKeyDeviceQueue, Type: EAT modification 0x83B56D14-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInsertDeviceQueue, Type: EAT modification 0x83B56D18-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInsertHeadQueue, Type: EAT modification 0x83B56D1C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInsertQueue, Type: EAT modification 0x83B56D20-->972B4B7A [unknown_code_page]

ntkrnlpa.exe-->KeInsertQueueDpc, Type: EAT modification 0x83B56D28-->8398FBC0 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInterlockedClearProcessorAffinityEx, Type: EAT modification 0x83B56D2C-->8398FBF0 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInterlockedSetProcessorAffinityEx, Type: EAT modification 0x83B56D30-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInvalidateAllCaches, Type: EAT modification 0x83B56D34-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInvalidateRangeAllCaches, Type: EAT modification 0x83B56138-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeIpiGenericCall, Type: EAT modification 0x83B56D38-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeIsAttachedProcess, Type: EAT modification 0x83B56D3C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeIsEmptyAffinityEx, Type: EAT modification 0x83B56D40-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeIsEqualAffinityEx, Type: EAT modification 0x83B56D44-->972B4B75 [unknown_code_page]

ntkrnlpa.exe-->KeIsSingleGroupAffinityEx, Type: EAT modification 0x83B56D4C-->86481080 [unknown_code_page]

ntkrnlpa.exe-->KeIsSubsetAffinityEx, Type: EAT modification 0x83B56D50-->864810B0 [unknown_code_page]

ntkrnlpa.exe-->KeIsWaitListEmpty, Type: EAT modification 0x83B56D54-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeLeaveCriticalRegion, Type: EAT modification 0x83B56D58-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeLeaveGuardedRegion, Type: EAT modification 0x83B56D5C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeLoaderBlock, Type: EAT modification 0x83B56D60-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeNumberProcessors, Type: EAT modification 0x83B56D64-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeOrAffinityEx, Type: EAT modification 0x83B56D68-->83806000 [ntkrnlpa.exe]

Link to post
Share on other sites

ntkrnlpa.exe-->KePollFreezeExecution, Type: EAT modification 0x83B56D6C-->972B4B70 [unknown_code_page]

ntkrnlpa.exe-->KeProfileInterrupt, Type: EAT modification 0x83B56D74-->86481110 [unknown_code_page]

ntkrnlpa.exe-->KeProfileInterruptWithSource, Type: EAT modification 0x83B56D78-->86481140 [unknown_code_page]

ntkrnlpa.exe-->KePulseEvent, Type: EAT modification 0x83B56D7C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeQueryActiveGroupCount, Type: EAT modification 0x83B56D80-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeQueryActiveProcessorAffinity, Type: EAT modification 0x83B56D84-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeQueryActiveProcessorCount, Type: EAT modification 0x83B56D88-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeQueryActiveProcessorCountEx, Type: EAT modification 0x83B56D8C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeQueryActiveProcessors, Type: EAT modification 0x83B56D90-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeQueryDpcWatchdogInformation, Type: EAT modification 0x83B56D94-->972B4B0B [unknown_code_page]

ntkrnlpa.exe-->KeQueryGroupAffinityEx, Type: EAT modification 0x83B56D9C-->864811A0 [unknown_code_page]

ntkrnlpa.exe-->KeQueryHardwareCounterConfiguration, Type: EAT modification 0x83B56DA0-->864811D0 [unknown_code_page]

ntkrnlpa.exe-->KeQueryHighestNodeNumber, Type: EAT modification 0x83B56DA4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeQueryInterruptTime, Type: EAT modification 0x83B56DA8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeQueryLogicalProcessorRelationship, Type: EAT modification 0x83B56DAC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeQueryMaximumGroupCount, Type: EAT modification 0x83B56DB0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeQueryMaximumProcessorCount, Type: EAT modification 0x83B56DB4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeQueryMaximumProcessorCountEx, Type: EAT modification 0x83B56DB8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeQueryNodeActiveAffinity, Type: EAT modification 0x83B56DBC-->972B4B06 [unknown_code_page]

ntkrnlpa.exe-->KeQueryPriorityThread, Type: EAT modification 0x83B56DC4-->86481230 [unknown_code_page]

ntkrnlpa.exe-->KeQueryRuntimeThread, Type: EAT modification 0x83B56DC8-->86481260 [unknown_code_page]

ntkrnlpa.exe-->KeQuerySystemTime, Type: EAT modification 0x83B56DCC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeQueryTickCount, Type: EAT modification 0x83B56DD0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeQueryTimeIncrement, Type: EAT modification 0x83B56DD4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeQueryUnbiasedInterruptTime, Type: EAT modification 0x83B56DD8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeRaiseUserException, Type: EAT modification 0x83B56DDC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeReadStateEvent, Type: EAT modification 0x83B56DE0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeReadStateMutant, Type: EAT modification 0x83B56DE4-->972B4B01 [unknown_code_page]

ntkrnlpa.exe-->KeReadStateQueue, Type: EAT modification 0x83B56DEC-->864812C0 [unknown_code_page]

ntkrnlpa.exe-->KeReadStateSemaphore, Type: EAT modification 0x83B56DF0-->864812F0 [unknown_code_page]

ntkrnlpa.exe-->KeReadStateTimer, Type: EAT modification 0x83B56DF4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeRegisterBugCheckCallback, Type: EAT modification 0x83B56DF8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeRegisterBugCheckReasonCallback, Type: EAT modification 0x83B56DFC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeRegisterNmiCallback, Type: EAT modification 0x83B56E00-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeRegisterProcessorChangeCallback, Type: EAT modification 0x83B56E04-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeReleaseGuardedMutex, Type: EAT modification 0x83B5613C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeReleaseGuardedMutexUnsafe, Type: EAT modification 0x83B56140-->972B4B1C [unknown_code_page]

ntkrnlpa.exe-->KeReleaseInStackQueuedSpinLockFromDpcLevel, Type: EAT modification 0x83B56148-->86481350 [unknown_code_page]

ntkrnlpa.exe-->KeReleaseInterruptSpinLock, Type: EAT modification 0x83B56E08-->86481380 [unknown_code_page]

ntkrnlpa.exe-->KeReleaseMutant, Type: EAT modification 0x83B56E0C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeReleaseMutex, Type: EAT modification 0x83B56E10-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeReleaseSemaphore, Type: EAT modification 0x83B56E14-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeReleaseSpinLockForDpc, Type: EAT modification 0x83B5614C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeReleaseSpinLockFromDpcLevel, Type: EAT modification 0x83B56E18-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeRemoveByKeyDeviceQueue, Type: EAT modification 0x83B56E1C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeRemoveByKeyDeviceQueueIfBusy, Type: EAT modification 0x83B56E20-->972B4B17 [unknown_code_page]

ntkrnlpa.exe-->KeRemoveEntryDeviceQueue, Type: EAT modification 0x83B56E28-->864813E0 [unknown_code_page]

ntkrnlpa.exe-->KeRemoveGroupAffinityEx, Type: EAT modification 0x83B56E2C-->86481410 [unknown_code_page]

ntkrnlpa.exe-->KeRemoveProcessorAffinityEx, Type: EAT modification 0x83B56E30-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeRemoveProcessorGroupAffinity, Type: EAT modification 0x83B56E34-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeRemoveQueue, Type: EAT modification 0x83B56E38-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeRemoveQueueDpc, Type: EAT modification 0x83B56E3C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeRemoveQueueEx, Type: EAT modification 0x83B56E40-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeRemoveSystemServiceTable, Type: EAT modification 0x83B56E44-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeResetEvent, Type: EAT modification 0x83B56E48-->972B4B12 [unknown_code_page]

ntkrnlpa.exe-->KeRestoreFloatingPointState, Type: EAT modification 0x83B56E50-->86481470 [unknown_code_page]

ntkrnlpa.exe-->KeRevertToUserAffinityThread, Type: EAT modification 0x83B56E54-->864814A0 [unknown_code_page]

ntkrnlpa.exe-->KeRevertToUserAffinityThreadEx, Type: EAT modification 0x83B56E58-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeRevertToUserGroupAffinityThread, Type: EAT modification 0x83B56E5C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeRundownQueue, Type: EAT modification 0x83B56E60-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSaveExtendedProcessorState, Type: EAT modification 0x83B56E64-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSaveFloatingPointState, Type: EAT modification 0x83B56E68-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSaveStateForHibernate, Type: EAT modification 0x83B56E6C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeServiceDescriptorTable, Type: EAT modification 0x83B56E70-->972B4B2D [unknown_code_page]

ntkrnlpa.exe-->KeSetAffinityThread, Type: EAT modification 0x83B56E78-->86481500 [unknown_code_page]

ntkrnlpa.exe-->KeSetBasePriorityThread, Type: EAT modification 0x83B56E7C-->86481530 [unknown_code_page]

ntkrnlpa.exe-->KeSetCoalescableTimer, Type: EAT modification 0x83B56E80-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSetDmaIoCoherency, Type: EAT modification 0x83B56E84-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSetEvent, Type: EAT modification 0x83B56E88-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSetEventBoostPriority, Type: EAT modification 0x83B56E8C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSetHardwareCounterConfiguration, Type: EAT modification 0x83B56E90-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSetIdealProcessorThread, Type: EAT modification 0x83B56E94-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSetImportanceDpc, Type: EAT modification 0x83B56E98-->972B4B28 [unknown_code_page]

ntkrnlpa.exe-->KeSetPriorityThread, Type: EAT modification 0x83B56EA0-->86481590 [unknown_code_page]

ntkrnlpa.exe-->KeSetProfileIrql, Type: EAT modification 0x83B56EA4-->864815C0 [unknown_code_page]

ntkrnlpa.exe-->KeSetSystemAffinityThread, Type: EAT modification 0x83B56EA8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSetSystemAffinityThreadEx, Type: EAT modification 0x83B56EAC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSetSystemGroupAffinityThread, Type: EAT modification 0x83B56EB0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSetTargetProcessorDpc, Type: EAT modification 0x83B56EB4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSetTargetProcessorDpcEx, Type: EAT modification 0x83B56EB8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSetTimeIncrement, Type: EAT modification 0x83B56EBC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSetTimer, Type: EAT modification 0x83B56EC0-->972B4B23 [unknown_code_page]

ntkrnlpa.exe-->KeSignalCallDpcDone, Type: EAT modification 0x83B56EC8-->86481620 [unknown_code_page]

ntkrnlpa.exe-->KeSignalCallDpcSynchronize, Type: EAT modification 0x83B56ECC-->86481650 [unknown_code_page]

ntkrnlpa.exe-->KeStackAttachProcess, Type: EAT modification 0x83B56ED0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeStartDynamicProcessor, Type: EAT modification 0x83B56ED4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSubtractAffinityEx, Type: EAT modification 0x83B56ED8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSynchronizeExecution, Type: EAT modification 0x83B56EDC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeTestAlertThread, Type: EAT modification 0x83B56EE0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeTestSpinLock, Type: EAT modification 0x83B56150-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeTickCount, Type: EAT modification 0x83B56EE4-->972B4B3E [unknown_code_page]

ntkrnlpa.exe-->KeTryToAcquireSpinLockAtDpcLevel, Type: EAT modification 0x83B56158-->864816B0 [unknown_code_page]

ntkrnlpa.exe-->KeUnstackDetachProcess, Type: EAT modification 0x83B56EE8-->864816E0 [unknown_code_page]

ntkrnlpa.exe-->KeUpdateRunTime, Type: EAT modification 0x83B5615C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeUpdateSystemTime, Type: EAT modification 0x83B56EEC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeUserModeCallback, Type: EAT modification 0x83B56EF0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeWaitForMultipleObjects, Type: EAT modification 0x83B56EF4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeWaitForMutexObject, Type: EAT modification 0x83B56EF8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeWaitForSingleObject, Type: EAT modification 0x83B56EFC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KiAcquireSpinLock, Type: EAT modification 0x83B56168-->86481770 [unknown_code_page]

ntkrnlpa.exe-->KiBugCheckData, Type: EAT modification 0x83B56F00-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KiCheckForKernelApcDelivery, Type: EAT modification 0x83B56F04-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KiCheckForSListAddress, Type: EAT modification 0x83B5616C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KiCoprocessorError, Type: EAT modification 0x83B56F08-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KiDeliverApc, Type: EAT modification 0x83B56F0C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KiDispatchInterrupt, Type: EAT modification 0x83B56F10-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KiIpiServiceRoutine, Type: EAT modification 0x83B56F14-->972B4B34 [unknown_code_page]

ntkrnlpa.exe-->KiUnexpectedInterrupt, Type: EAT modification 0x83B56F18-->864817D0 [unknown_code_page]

ntkrnlpa.exe-->LdrAccessResource, Type: EAT modification 0x83B56F1C-->86481800 [unknown_code_page]

ntkrnlpa.exe-->LdrEnumResources, Type: EAT modification 0x83B56F20-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->LdrFindResourceDirectory_U, Type: EAT modification 0x83B56F24-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->LdrFindResourceEx_U, Type: EAT modification 0x83B56F28-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->LdrFindResource_U, Type: EAT modification 0x83B56F2C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->LdrResFindResource, Type: EAT modification 0x83B56F30-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->LdrResFindResourceDirectory, Type: EAT modification 0x83B56F34-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->LdrResSearchResource, Type: EAT modification 0x83B56F38-->972B4BCF [unknown_code_page]

ntkrnlpa.exe-->LpcReplyWaitReplyPort, Type: EAT modification 0x83B56F40-->86481880 [unknown_code_page]

ntkrnlpa.exe-->LpcRequestPort, Type: EAT modification 0x83B56F44-->864818B0 [unknown_code_page]

ntkrnlpa.exe-->LpcRequestWaitReplyPort, Type: EAT modification 0x83B56F48-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->LpcRequestWaitReplyPortEx, Type: EAT modification 0x83B56F4C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->LpcSendWaitReceivePort, Type: EAT modification 0x83B56F50-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->LsaCallAuthenticationPackage, Type: EAT modification 0x83B56F54-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->LsaDeregisterLogonProcess, Type: EAT modification 0x83B56F58-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->LsaFreeReturnBuffer, Type: EAT modification 0x83B56F5C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->LsaLogonUser, Type: EAT modification 0x83B56F60-->972B4BCA [unknown_code_page]

ntkrnlpa.exe-->LsaRegisterLogonProcess, Type: EAT modification 0x83B56F68-->86481910 [unknown_code_page]

ntkrnlpa.exe-->mbstowcs, Type: EAT modification 0x83B58148-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->mbtowc, Type: EAT modification 0x83B5814C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->memchr, Type: EAT modification 0x83B58150-->83806010 [ntkrnlpa.exe]

ntkrnlpa.exe-->memcpy, Type: EAT modification 0x83B58154-->83806002 [ntkrnlpa.exe]

ntkrnlpa.exe-->memcpy_s, Type: EAT modification 0x83B58158-->8381D25E [ntkrnlpa.exe]

ntkrnlpa.exe-->memmove, Type: EAT modification 0x83B5815C-->83866000 [ntkrnlpa.exe]

ntkrnlpa.exe-->memmove_s, Type: EAT modification 0x83B58160-->98F86EA1 [unknown_code_page]

ntkrnlpa.exe-->memset, Type: EAT modification 0x83B58164-->854B24F7 [unknown_code_page]

ntkrnlpa.exe-->Mm64BitPhysicalAddress, Type: EAT modification 0x83B56F6C-->86481940 [unknown_code_page]

ntkrnlpa.exe-->MmAddPhysicalMemory, Type: EAT modification 0x83B56F70-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmAddVerifierThunks, Type: EAT modification 0x83B56F74-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmAdjustWorkingSetSize, Type: EAT modification 0x83B56F78-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmAdvanceMdl, Type: EAT modification 0x83B56F7C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmAllocateContiguousMemory, Type: EAT modification 0x83B56F80-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmAllocateContiguousMemorySpecifyCache, Type: EAT modification 0x83B56F84-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmAllocateContiguousMemorySpecifyCacheNode, Type: EAT modification 0x83B56F88-->972B4BC5 [unknown_code_page]

ntkrnlpa.exe-->MmAllocateNonCachedMemory, Type: EAT modification 0x83B56F90-->864819A0 [unknown_code_page]

ntkrnlpa.exe-->MmAllocatePagesForMdl, Type: EAT modification 0x83B56F94-->864819D0 [unknown_code_page]

ntkrnlpa.exe-->MmAllocatePagesForMdlEx, Type: EAT modification 0x83B56F98-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmBadPointer, Type: EAT modification 0x83B56F9C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmBuildMdlForNonPagedPool, Type: EAT modification 0x83B56FA0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmCanFileBeTruncated, Type: EAT modification 0x83B56FA4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmCommitSessionMappedView, Type: EAT modification 0x83B56FA8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmCopyVirtualMemory, Type: EAT modification 0x83B56FAC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmCreateMdl, Type: EAT modification 0x83B56FB0-->972B4BC0 [unknown_code_page]

ntkrnlpa.exe-->MmCreateSection, Type: EAT modification 0x83B56FB8-->86481A30 [unknown_code_page]

ntkrnlpa.exe-->MmDisableModifiedWriteOfSection, Type: EAT modification 0x83B56FBC-->86481A60 [unknown_code_page]

ntkrnlpa.exe-->MmDoesFileHaveUserWritableReferences, Type: EAT modification 0x83B56FC0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmFlushImageSection, Type: EAT modification 0x83B56FC4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmForceSectionClosed, Type: EAT modification 0x83B56FC8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmFreeContiguousMemory, Type: EAT modification 0x83B56FCC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmFreeContiguousMemorySpecifyCache, Type: EAT modification 0x83B56FD0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmFreeMappingAddress, Type: EAT modification 0x83B56FD4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmFreeNonCachedMemory, Type: EAT modification 0x83B56FD8-->972B4BDB [unknown_code_page]

ntkrnlpa.exe-->MmGetPhysicalAddress, Type: EAT modification 0x83B56FE0-->86481AC0 [unknown_code_page]

ntkrnlpa.exe-->MmGetPhysicalMemoryRanges, Type: EAT modification 0x83B56FE4-->86481AF0 [unknown_code_page]

ntkrnlpa.exe-->MmGetSystemRoutineAddress, Type: EAT modification 0x83B56FE8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmGetVirtualForPhysical, Type: EAT modification 0x83B56FEC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmGrowKernelStack, Type: EAT modification 0x83B56FF0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmHighestUserAddress, Type: EAT modification 0x83B56FF4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmIsAddressValid, Type: EAT modification 0x83B56FF8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmIsDriverVerifying, Type: EAT modification 0x83B56FFC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmIsDriverVerifyingByAddress, Type: EAT modification 0x83B57000-->972B4BD6 [unknown_code_page]

ntkrnlpa.exe-->MmIsNonPagedSystemAddressValid, Type: EAT modification 0x83B57008-->86481B50 [unknown_code_page]

ntkrnlpa.exe-->MmIsRecursiveIoFault, Type: EAT modification 0x83B5700C-->86481B80 [unknown_code_page]

ntkrnlpa.exe-->MmIsThisAnNtAsSystem, Type: EAT modification 0x83B57010-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmIsVerifierEnabled, Type: EAT modification 0x83B57014-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmLockPagableDataSection, Type: EAT modification 0x83B57018-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmLockPagableImageSection, Type: EAT modification 0x83B5701C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmLockPagableSectionByHandle, Type: EAT modification 0x83B57020-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmMapIoSpace, Type: EAT modification 0x83B57024-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmMapLockedPages, Type: EAT modification 0x83B57028-->972B4BD1 [unknown_code_page]

ntkrnlpa.exe-->MmMapLockedPagesWithReservedMapping, Type: EAT modification 0x83B57030-->86481BE0 [unknown_code_page]

ntkrnlpa.exe-->MmMapMemoryDumpMdl, Type: EAT modification 0x83B57034-->86481C10 [unknown_code_page]

ntkrnlpa.exe-->MmMapUserAddressesToPage, Type: EAT modification 0x83B57038-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmMapVideoDisplay, Type: EAT modification 0x83B5703C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmMapViewInSessionSpace, Type: EAT modification 0x83B57040-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmMapViewInSystemSpace, Type: EAT modification 0x83B57044-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmMapViewOfSection, Type: EAT modification 0x83B57048-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmMarkPhysicalMemoryAsBad, Type: EAT modification 0x83B5704C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmMarkPhysicalMemoryAsGood, Type: EAT modification 0x83B57050-->972B4BEC [unknown_code_page]

ntkrnlpa.exe-->MmPrefetchPages, Type: EAT modification 0x83B57058-->86481C70 [unknown_code_page]

ntkrnlpa.exe-->MmProbeAndLockPages, Type: EAT modification 0x83B5705C-->86481CA0 [unknown_code_page]

ntkrnlpa.exe-->MmProbeAndLockProcessPages, Type: EAT modification 0x83B57060-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmProbeAndLockSelectedPages, Type: EAT modification 0x83B57064-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmProtectMdlSystemAddress, Type: EAT modification 0x83B57068-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmQuerySystemSize, Type: EAT modification 0x83B5706C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmRemovePhysicalMemory, Type: EAT modification 0x83B57070-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmResetDriverPaging, Type: EAT modification 0x83B57074-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmRotatePhysicalView, Type: EAT modification 0x83B57078-->972B4BE7 [unknown_code_page]

ntkrnlpa.exe-->MmSecureVirtualMemory, Type: EAT modification 0x83B57080-->86481D00 [unknown_code_page]

ntkrnlpa.exe-->MmSetAddressRangeModified, Type: EAT modification 0x83B57084-->86481D30 [unknown_code_page]

ntkrnlpa.exe-->MmSetBankedSection, Type: EAT modification 0x83B57088-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmSizeOfMdl, Type: EAT modification 0x83B5708C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmSystemRangeStart, Type: EAT modification 0x83B57090-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmTrimAllSystemPagableMemory, Type: EAT modification 0x83B57094-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmUnlockPagableImageSection, Type: EAT modification 0x83B57098-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmUnlockPages, Type: EAT modification 0x83B5709C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmUnmapIoSpace, Type: EAT modification 0x83B570A0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmUnmapLockedPages, Type: EAT modification 0x83B570A4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmUnmapReservedMapping, Type: EAT modification 0x83B570A8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmUnmapVideoDisplay, Type: EAT modification 0x83B570AC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmUnmapViewInSessionSpace, Type: EAT modification 0x83B570B0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmUnmapViewInSystemSpace, Type: EAT modification 0x83B570B4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmUnmapViewOfSection, Type: EAT modification 0x83B570B8-->D9BC61FD [unknown_code_page]

ntkrnlpa.exe-->MmUnsecureVirtualMemory, Type: EAT modification 0x83B570BC-->8B806C25 [unknown_code_page]

ntkrnlpa.exe-->MmUserProbeAddress, Type: EAT modification 0x83B570C0-->839F4978 [ntkrnlpa.exe]

ntkrnlpa.exe-->NlsAnsiCodePage, Type: EAT modification 0x83B570C4-->839695A8 [ntkrnlpa.exe]

ntkrnlpa.exe-->NlsLeadByteInfo, Type: EAT modification 0x83B570C8-->8380600E [ntkrnlpa.exe]

ntkrnlpa.exe-->NlsMbOemCodePageTag, Type: EAT modification 0x83B570D0-->9722728C [unknown_code_page]

ntkrnlpa.exe-->NlsOemLeadByteInfo, Type: EAT modification 0x83B570D8-->83DC604B [unknown_code_page]

ntkrnlpa.exe-->NtAddAtom, Type: EAT modification 0x83B570DC-->83DC603F [unknown_code_page]

ntkrnlpa.exe-->NtAdjustPrivilegesToken, Type: EAT modification 0x83B570E0-->83BA6043 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtAllocateLocallyUniqueId, Type: EAT modification 0x83B570E4-->83D7605C [unknown_code_page]

ntkrnlpa.exe-->NtAllocateUuids, Type: EAT modification 0x83B570E8-->83EE6069 [CI.dll]

ntkrnlpa.exe-->NtAllocateVirtualMemory, Type: EAT modification 0x83B570EC-->83EF6064 [CI.dll]

ntkrnlpa.exe-->NtBuildGUID, Type: EAT modification 0x83B570F0-->83F36077 [CI.dll]

ntkrnlpa.exe-->NtBuildLab, Type: EAT modification 0x83B570F4-->83C7605C [unknown_code_page]

ntkrnlpa.exe-->NtBuildNumber, Type: EAT modification 0x83B570F8-->83EF606C [CI.dll]

ntkrnlpa.exe-->NtClose, Type: EAT modification 0x83B570FC-->83E16062 [atapi.sys]

ntkrnlpa.exe-->NtCommitComplete, Type: EAT modification 0x83B57100-->83E9606C [CI.dll]

ntkrnlpa.exe-->NtCommitEnlistment, Type: EAT modification 0x83B57104-->83E1607A [atapi.sys]

ntkrnlpa.exe-->NtCommitTransaction, Type: EAT modification 0x83B57108-->83E96074 [CI.dll]

ntkrnlpa.exe-->NtConnectPort, Type: EAT modification 0x83B5710C-->83EE606F [CI.dll]

ntkrnlpa.exe-->NtCreateEnlistment, Type: EAT modification 0x83B57110-->83D3605C [unknown_code_page]

ntkrnlpa.exe-->NtCreateEvent, Type: EAT modification 0x83B57114-->83F2606F [CI.dll]

ntkrnlpa.exe-->NtCreateFile, Type: EAT modification 0x83B57118-->83E96074 [CI.dll]

ntkrnlpa.exe-->NtCreateResourceManager, Type: EAT modification 0x83B5711C-->83E7606E [CLFS.SYS]

ntkrnlpa.exe-->NtCreateSection, Type: EAT modification 0x83B57120-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtCreateTransaction, Type: EAT modification 0x83B57124-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtCreateTransactionManager, Type: EAT modification 0x83B57128-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtDeleteAtom, Type: EAT modification 0x83B5712C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtDeleteFile, Type: EAT modification 0x83B57130-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtDeviceIoControlFile, Type: EAT modification 0x83B57134-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtDuplicateObject, Type: EAT modification 0x83B57138-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtDuplicateToken, Type: EAT modification 0x83B5713C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtEnumerateTransactionObject, Type: EAT modification 0x83B57140-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtFindAtom, Type: EAT modification 0x83B57144-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtFreeVirtualMemory, Type: EAT modification 0x83B57148-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtFreezeTransactions, Type: EAT modification 0x83B5714C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtFsControlFile, Type: EAT modification 0x83B57150-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtGetEnvironmentVariableEx, Type: EAT modification 0x83B57154-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtGetNotificationResourceManager, Type: EAT modification 0x83B57158-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtGlobalFlag, Type: EAT modification 0x83B5715C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtLockFile, Type: EAT modification 0x83B57160-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtMakePermanentObject, Type: EAT modification 0x83B57164-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtMapViewOfSection, Type: EAT modification 0x83B57168-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtNotifyChangeDirectoryFile, Type: EAT modification 0x83B5716C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtOpenEnlistment, Type: EAT modification 0x83B57170-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtOpenFile, Type: EAT modification 0x83B57174-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtOpenProcess, Type: EAT modification 0x83B57178-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtOpenProcessToken, Type: EAT modification 0x83B5717C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtOpenProcessTokenEx, Type: EAT modification 0x83B57180-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtOpenResourceManager, Type: EAT modification 0x83B57184-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtOpenThread, Type: EAT modification 0x83B57188-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtOpenThreadToken, Type: EAT modification 0x83B5718C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtOpenThreadTokenEx, Type: EAT modification 0x83B57190-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtOpenTransaction, Type: EAT modification 0x83B57194-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtOpenTransactionManager, Type: EAT modification 0x83B57198-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtPrepareComplete, Type: EAT modification 0x83B571A4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtPrepareEnlistment, Type: EAT modification 0x83B571A8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtPrePrepareComplete, Type: EAT modification 0x83B5719C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtPrePrepareEnlistment, Type: EAT modification 0x83B571A0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtPropagationComplete, Type: EAT modification 0x83B571AC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtPropagationFailed, Type: EAT modification 0x83B571B0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtQueryDirectoryFile, Type: EAT modification 0x83B571B4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtQueryEaFile, Type: EAT modification 0x83B571B8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtQueryEnvironmentVariableInfoEx, Type: EAT modification 0x83B571BC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtQueryInformationAtom, Type: EAT modification 0x83B571C0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtQueryInformationEnlistment, Type: EAT modification 0x83B571C4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtQueryInformationFile, Type: EAT modification 0x83B571C8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtQueryInformationProcess, Type: EAT modification 0x83B571CC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtQueryInformationResourceManager, Type: EAT modification 0x83B571D0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtQueryInformationThread, Type: EAT modification 0x83B571D4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtQueryInformationToken, Type: EAT modification 0x83B571D8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtQueryInformationTransaction, Type: EAT modification 0x83B571DC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtQueryInformationTransactionManager, Type: EAT modification 0x83B571E0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtQueryQuotaInformationFile, Type: EAT modification 0x83B571E4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtQuerySecurityAttributesToken, Type: EAT modification 0x83B571E8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtQuerySecurityObject, Type: EAT modification 0x83B571EC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtQuerySystemInformation, Type: EAT modification 0x83B571F0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtQuerySystemInformationEx, Type: EAT modification 0x83B571F4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtQueryVolumeInformationFile, Type: EAT modification 0x83B571F8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtReadFile, Type: EAT modification 0x83B571FC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtReadOnlyEnlistment, Type: EAT modification 0x83B57200-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtRecoverEnlistment, Type: EAT modification 0x83B57204-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtRecoverResourceManager, Type: EAT modification 0x83B57208-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtRecoverTransactionManager, Type: EAT modification 0x83B5720C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtRequestPort, Type: EAT modification 0x83B57210-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtRequestWaitReplyPort, Type: EAT modification 0x83B57214-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtRollbackComplete, Type: EAT modification 0x83B57218-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtRollbackEnlistment, Type: EAT modification 0x83B5721C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtRollbackTransaction, Type: EAT modification 0x83B57220-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtSetEaFile, Type: EAT modification 0x83B57224-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtSetEvent, Type: EAT modification 0x83B57228-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtSetInformationEnlistment, Type: EAT modification 0x83B5722C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtSetInformationFile, Type: EAT modification 0x83B57230-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtSetInformationProcess, Type: EAT modification 0x83B57234-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtSetInformationResourceManager, Type: EAT modification 0x83B57238-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtSetInformationThread, Type: EAT modification 0x83B5723C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtSetInformationToken, Type: EAT modification 0x83B57240-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtSetInformationTransaction, Type: EAT modification 0x83B57244-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtSetQuotaInformationFile, Type: EAT modification 0x83B57248-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtSetSecurityObject, Type: EAT modification 0x83B5724C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtSetVolumeInformationFile, Type: EAT modification 0x83B57250-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtShutdownSystem, Type: EAT modification 0x83B57254-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtThawTransactions, Type: EAT modification 0x83B57258-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtTraceControl, Type: EAT modification 0x83B5725C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtTraceEvent, Type: EAT modification 0x83B57260-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtUnlockFile, Type: EAT modification 0x83B57264-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtVdmControl, Type: EAT modification 0x83B57268-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtWaitForSingleObject, Type: EAT modification 0x83B5726C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtWriteFile, Type: EAT modification 0x83B57270-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObAssignSecurity, Type: EAT modification 0x83B57274-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObCheckCreateObjectAccess, Type: EAT modification 0x83B57278-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObCheckObjectAccess, Type: EAT modification 0x83B5727C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObCloseHandle, Type: EAT modification 0x83B57280-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObCreateObject, Type: EAT modification 0x83B57284-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObCreateObjectType, Type: EAT modification 0x83B57288-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObDeleteCapturedInsertInfo, Type: EAT modification 0x83B5728C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObDereferenceObject, Type: EAT modification 0x83B57290-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObDereferenceObjectDeferDelete, Type: EAT modification 0x83B57294-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObDereferenceObjectDeferDeleteWithTag, Type: EAT modification 0x83B57298-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObDereferenceSecurityDescriptor, Type: EAT modification 0x83B5729C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObfDereferenceObject, Type: EAT modification 0x83B56174-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObfDereferenceObjectWithTag, Type: EAT modification 0x83B56178-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObFindHandleForObject, Type: EAT modification 0x83B572A0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObfReferenceObject, Type: EAT modification 0x83B5617C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObfReferenceObjectWithTag, Type: EAT modification 0x83B56180-->972272C3 [unknown_code_page]

ntkrnlpa.exe-->ObGetFilterVersion, Type: EAT modification 0x83B572A4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObGetObjectSecurity, Type: EAT modification 0x83B572A8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObGetObjectType, Type: EAT modification 0x83B572AC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObInsertObject, Type: EAT modification 0x83B572B0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObIsDosDeviceLocallyMapped, Type: EAT modification 0x83B572B4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObIsKernelHandle, Type: EAT modification 0x83B572B8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObLogSecurityDescriptor, Type: EAT modification 0x83B572BC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObMakeTemporaryObject, Type: EAT modification 0x83B572C0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObOpenObjectByName, Type: EAT modification 0x83B572C4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObOpenObjectByPointer, Type: EAT modification 0x83B572C8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObOpenObjectByPointerWithTag, Type: EAT modification 0x83B572CC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObQueryNameInfo, Type: EAT modification 0x83B572D0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObQueryNameString, Type: EAT modification 0x83B572D4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObQueryObjectAuditingByHandle, Type: EAT modification 0x83B572D8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObReferenceObjectByHandle, Type: EAT modification 0x83B572DC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObReferenceObjectByHandleWithTag, Type: EAT modification 0x83B572E0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObReferenceObjectByName, Type: EAT modification 0x83B572E4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObReferenceObjectByPointer, Type: EAT modification 0x83B572E8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObReferenceObjectByPointerWithTag, Type: EAT modification 0x83B572EC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObReferenceSecurityDescriptor, Type: EAT modification 0x83B572F0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObRegisterCallbacks, Type: EAT modification 0x83B572F4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObReleaseObjectSecurity, Type: EAT modification 0x83B572F8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObSetHandleAttributes, Type: EAT modification 0x83B572FC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObSetSecurityDescriptorInfo, Type: EAT modification 0x83B57300-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObSetSecurityObjectByPointer, Type: EAT modification 0x83B57304-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObUnRegisterCallbacks, Type: EAT modification 0x83B57308-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PcwAddInstance, Type: EAT modification 0x83B57310-->83DC6094 [unknown_code_page]

ntkrnlpa.exe-->PcwCloseInstance, Type: EAT modification 0x83B57314-->83DC603F [unknown_code_page]

ntkrnlpa.exe-->PcwCreateInstance, Type: EAT modification 0x83B57318-->83BA6043 [ntkrnlpa.exe]

ntkrnlpa.exe-->PcwRegister, Type: EAT modification 0x83B5731C-->83D7605C [unknown_code_page]

ntkrnlpa.exe-->PcwUnregister, Type: EAT modification 0x83B57320-->83EE6069 [CI.dll]

ntkrnlpa.exe-->PfFileInfoNotify, Type: EAT modification 0x83B57324-->83EF6064 [CI.dll]

ntkrnlpa.exe-->PfxFindPrefix, Type: EAT modification 0x83B57328-->83F36077 [CI.dll]

ntkrnlpa.exe-->PfxInitialize, Type: EAT modification 0x83B5732C-->83C7605C [unknown_code_page]

ntkrnlpa.exe-->PfxInsertPrefix, Type: EAT modification 0x83B57330-->83EF606C [CI.dll]

ntkrnlpa.exe-->PfxRemovePrefix, Type: EAT modification 0x83B57334-->83E16062 [atapi.sys]

ntkrnlpa.exe-->PoCallDriver, Type: EAT modification 0x83B57338-->83E9606C [CI.dll]

ntkrnlpa.exe-->PoCancelDeviceNotify, Type: EAT modification 0x83B5733C-->83E1607A [atapi.sys]

ntkrnlpa.exe-->PoClearPowerRequest, Type: EAT modification 0x83B57340-->83E96074 [CI.dll]

ntkrnlpa.exe-->PoCreatePowerRequest, Type: EAT modification 0x83B57344-->83EE606F [CI.dll]

ntkrnlpa.exe-->PoDeletePowerRequest, Type: EAT modification 0x83B57348-->83CD605C [unknown_code_page]

ntkrnlpa.exe-->PoDisableSleepStates, Type: EAT modification 0x83B5734C-->83D46043 [unknown_code_page]

ntkrnlpa.exe-->PoEndDeviceBusy, Type: EAT modification 0x83B57350-->83CD605C [unknown_code_page]

ntkrnlpa.exe-->PoGetSystemWake, Type: EAT modification 0x83B57354-->83D46043 [unknown_code_page]

ntkrnlpa.exe-->PoQueryWatchdogTime, Type: EAT modification 0x83B57358-->83DA602D [unknown_code_page]

ntkrnlpa.exe-->PoQueueShutdownWorkItem, Type: EAT modification 0x83B5735C-->83806041 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoReenableSleepStates, Type: EAT modification 0x83B57360-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoRegisterDeviceForIdleDetection, Type: EAT modification 0x83B57364-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoRegisterDeviceNotify, Type: EAT modification 0x83B57368-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoRegisterPowerSettingCallback, Type: EAT modification 0x83B5736C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoRegisterSystemState, Type: EAT modification 0x83B57370-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoRequestPowerIrp, Type: EAT modification 0x83B57374-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoRequestShutdownEvent, Type: EAT modification 0x83B57378-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoSetDeviceBusyEx, Type: EAT modification 0x83B5737C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoSetFixedWakeSource, Type: EAT modification 0x83B57380-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoSetHiberRange, Type: EAT modification 0x83B57384-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoSetPowerRequest, Type: EAT modification 0x83B57388-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoSetPowerState, Type: EAT modification 0x83B5738C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoSetSystemState, Type: EAT modification 0x83B57390-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoSetSystemWake, Type: EAT modification 0x83B57394-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoShutdownBugCheck, Type: EAT modification 0x83B57398-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoStartDeviceBusy, Type: EAT modification 0x83B5739C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoStartNextPowerIrp, Type: EAT modification 0x83B573A0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoUnregisterPowerSettingCallback, Type: EAT modification 0x83B573A4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoUnregisterSystemState, Type: EAT modification 0x83B573A8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoUserShutdownInitiated, Type: EAT modification 0x83B573AC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ProbeForRead, Type: EAT modification 0x83B573B0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ProbeForWrite, Type: EAT modification 0x83B573B4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsAcquireProcessExitSynchronization, Type: EAT modification 0x83B573B8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsAssignImpersonationToken, Type: EAT modification 0x83B573BC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsChargePoolQuota, Type: EAT modification 0x83B573C0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsChargeProcessCpuCycles, Type: EAT modification 0x83B573C4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsChargeProcessNonPagedPoolQuota, Type: EAT modification 0x83B573C8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsChargeProcessPagedPoolQuota, Type: EAT modification 0x83B573CC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsChargeProcessPoolQuota, Type: EAT modification 0x83B573D0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsCreateSystemThread, Type: EAT modification 0x83B573D4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsDereferenceImpersonationToken, Type: EAT modification 0x83B573D8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsDereferencePrimaryToken, Type: EAT modification 0x83B573DC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsDisableImpersonation, Type: EAT modification 0x83B573E0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsEnterPriorityRegion, Type: EAT modification 0x83B573E4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsEstablishWin32Callouts, Type: EAT modification 0x83B573E8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetContextThread, Type: EAT modification 0x83B573EC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetCurrentProcess, Type: EAT modification 0x83B573F0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetCurrentProcessId, Type: EAT modification 0x83B573F4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetCurrentProcessSessionId, Type: EAT modification 0x83B573F8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetCurrentProcessWin32Process, Type: EAT modification 0x83B573FC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetCurrentThread, Type: EAT modification 0x83B57400-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetCurrentThreadId, Type: EAT modification 0x83B57404-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetCurrentThreadPreviousMode, Type: EAT modification 0x83B57408-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetCurrentThreadProcess, Type: EAT modification 0x83B5740C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetCurrentThreadProcessId, Type: EAT modification 0x83B57410-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetCurrentThreadStackBase, Type: EAT modification 0x83B57414-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetCurrentThreadStackLimit, Type: EAT modification 0x83B57418-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetCurrentThreadTeb, Type: EAT modification 0x83B5741C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetCurrentThreadWin32Thread, Type: EAT modification 0x83B57420-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetCurrentThreadWin32ThreadAndEnterCriticalRegion, Type: EAT modification 0x83B57424-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetJobLock, Type: EAT modification 0x83B57428-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetJobSessionId, Type: EAT modification 0x83B5742C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetJobUIRestrictionsClass, Type: EAT modification 0x83B57430-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetProcessCreateTimeQuadPart, Type: EAT modification 0x83B57434-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetProcessDebugPort, Type: EAT modification 0x83B57438-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetProcessExitProcessCalled, Type: EAT modification 0x83B5743C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetProcessExitStatus, Type: EAT modification 0x83B57440-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetProcessExitTime, Type: EAT modification 0x83B57444-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetProcessId, Type: EAT modification 0x83B57448-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetProcessImageFileName, Type: EAT modification 0x83B5744C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetProcessInheritedFromUniqueProcessId, Type: EAT modification 0x83B57450-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetProcessJob, Type: EAT modification 0x83B57454-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetProcessPeb, Type: EAT modification 0x83B57458-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetProcessPriorityClass, Type: EAT modification 0x83B5745C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetProcessSectionBaseAddress, Type: EAT modification 0x83B57460-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetProcessSecurityPort, Type: EAT modification 0x83B57464-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetProcessSessionId, Type: EAT modification 0x83B57468-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetProcessSessionIdEx, Type: EAT modification 0x83B5746C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetProcessWin32Process, Type: EAT modification 0x83B57470-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetProcessWin32WindowStation, Type: EAT modification 0x83B57474-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetThreadFreezeCount, Type: EAT modification 0x83B57478-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetThreadHardErrorsAreDisabled, Type: EAT modification 0x83B5747C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetThreadId, Type: EAT modification 0x83B57480-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetThreadProcess, Type: EAT modification 0x83B57484-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetThreadProcessId, Type: EAT modification 0x83B57488-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetThreadSessionId, Type: EAT modification 0x83B5748C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetThreadTeb, Type: EAT modification 0x83B57490-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetThreadWin32Thread, Type: EAT modification 0x83B57494-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetVersion, Type: EAT modification 0x83B57498-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsImpersonateClient, Type: EAT modification 0x83B5749C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsInitialSystemProcess, Type: EAT modification 0x83B574A0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsIsCurrentThreadPrefetching, Type: EAT modification 0x83B574A4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsIsProcessBeingDebugged, Type: EAT modification 0x83B574A8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsIsProtectedProcess, Type: EAT modification 0x83B574AC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsIsSystemProcess, Type: EAT modification 0x83B574B0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsIsSystemThread, Type: EAT modification 0x83B574B4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsIsThreadImpersonating, Type: EAT modification 0x83B574B8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsIsThreadTerminating, Type: EAT modification 0x83B574BC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsJobType, Type: EAT modification 0x83B574C0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsLeavePriorityRegion, Type: EAT modification 0x83B574C4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsLookupProcessByProcessId, Type: EAT modification 0x83B574C8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsLookupProcessThreadByCid, Type: EAT modification 0x83B574CC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsLookupThreadByThreadId, Type: EAT modification 0x83B574D0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->psMUITest, Type: EAT modification 0x83B58168-->B804A400 [unknown_code_page]

ntkrnlpa.exe-->PsProcessType, Type: EAT modification 0x83B574D4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsQueryProcessExceptionFlags, Type: EAT modification 0x83B574D8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsReferenceImpersonationToken, Type: EAT modification 0x83B574DC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsReferencePrimaryToken, Type: EAT modification 0x83B574E0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsReferenceProcessFilePointer, Type: EAT modification 0x83B574E4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsReleaseProcessExitSynchronization, Type: EAT modification 0x83B574E8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsRemoveCreateThreadNotifyRoutine, Type: EAT modification 0x83B574EC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsRemoveLoadImageNotifyRoutine, Type: EAT modification 0x83B574F0-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsRestoreImpersonation, Type: EAT modification 0x83B574F4-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsResumeProcess, Type: EAT modification 0x83B574F8-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsReturnPoolQuota, Type: EAT modification 0x83B574FC-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsReturnProcessNonPagedPoolQuota, Type: EAT modification 0x83B57500-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsReturnProcessPagedPoolQuota, Type: EAT modification 0x83B57504-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsRevertThreadToSelf, Type: EAT modification 0x83B57508-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsRevertToSelf, Type: EAT modification 0x83B5750C-->83806000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsSetContextThread, Type: EAT modification 0x83B57510-->83806000 [ntkrnlpa.exe]

Link to post
Share on other sites