Jump to content

PC Pausing often, Occassional strange Firefox activity


RhysT

Recommended Posts

Hi Guys and thanks in advance for the assistance.

Description of Issues :

- PC Pausing Often. This started to happen about a month to two months ago. Probably about every 20 to 40 seconds, everything pauses for about 5 second, then continues on. I am still able to move the curser, however everything else pauses. If i'm typing, the screen will be frozen for the 5 seconds, then when everything gets going again, the type will appear.

I have ran the Performance tab under Windows Task Manager, and during these pauses the CPU usage goes up to 100%. I recently removed a process "ArcDaemon" which was part of a program that came with some hardware, as someone had suggested that may be causing the issue. But it didn't really help anything.

I've also read suggestions that the hardware getting hot can causes the PC to pause, but the pausing occurs right from when the Laptop is turned on and everything is still cold.

- Strange Firefox Activity. While i'm using Firefox, occassionaly when i'm using different windows, randomly the window i'm not working in will become the active window. On rare occassions Firefox will just close for no reason.

Misc. Notes - I use Avast as my permanently running protection and regularly run scans on that which turn up clear each time. I've also ran Malwarebytes and Super Antivirus scans just since the pausing began and they havn't turned up anything. Until yesterday where Malwareybytes turned up one thing which is shown in the below log.

I'm not sure if it's worth mentioning, but I did have some issues a while ago which were fixed by the good people here. For reference i've included the link here if it may be relevant.

http://forums.malwarebytes.org/index.php?showtopic=48185

Malwarebytes Log

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4681

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18943

24/09/2010 7:25:04 PM

mbam-log-2010-09-24 (19-25-04).txt

Scan type: Quick scan

Objects scanned: 140496

Time elapsed: 11 minute(s), 42 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\FLVPlayer.exe (Adware.FLVPlayer) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS Log

DDS (Ver_10-03-17.01) - NTFSx86

Run by Lucy at 19:30:12.08 on Fri 24/09/2010

Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_20

Microsoft

attach.zip

Link to post
Share on other sites

Hello ,

And :) My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the Quick Scan button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop

  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop

Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

Link to post
Share on other sites

Hi Elise, Pleased to meet you.

I have been away from the PC for a few days which is shown by my late reply.

I am about to take on your instructions, I just wanted to post back to advise i'm still here.

I remembered something else that was odd which convinced me to post here. When I was I was posting on my regular forums, strange text was being placed at the end of my posts. It looked like some sort of Registration/Product key with a date. It was for about a week and then disappeared.

Also randomly my PC will click the mouse button when i'm not touching it.

Anyway, thought i'd mention those things which i'd previously forgotten in my original post.

I will follow your instructions and post back ASAP. I understand the PC pausing etc may not be caused by any virus etc, but I very much appreciate your assistance to give me a clean bill of health in that respect.

Link to post
Share on other sites

Hi, are you still there?

Hello,, Sorry.. Work shipped me off Interstate for the past week so hadn't got a chance to run through your instructions...

Unfortunately a 7 day rest from me using the PC didn't heal the pausing issues.

Thank you for your patience,,, this thread now has my uninterrupted attention.

Link to post
Share on other sites

Logs as requested... PC Symptoms are still as detailed in my first post.

Malwarebytes Log

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4799

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18943

12/10/2010 8:00:56 PM

mbam-log-2010-10-12 (20-00-56).txt

Scan type: Quick scan

Objects scanned: 140991

Time elapsed: 12 minute(s), 10 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS Log

DDS (Ver_10-03-17.01) - NTFSx86

Run by Lucy at 20:03:52.75 on Tue 12/10/2010

Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_21

Microsoft

Link to post
Share on other sites

logs continued plus attachment..

OTL Logs (Extras)

OTL Extras logfile created on: 12/10/2010 9:23:59 PM - Run 1

OTL by OldTimer - Version 3.2.15.1 Folder = C:\Users\Lucy\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18943)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 41.00% Memory free

4.00 Gb Paging File | 2.00 Gb Available in Paging File | 64.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 223.31 Gb Total Space | 91.09 Gb Free Space | 40.79% Space Free | Partition Type: NTFS

Drive D: | 9.57 Gb Total Space | 1.71 Gb Free Space | 17.85% Space Free | Partition Type: NTFS

Computer Name: LUCY-PC | User Name: Lucy | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-171498318-588807135-3609434882-1003\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

"UacDisableNotify" = 0

"InternetSettingsDisableNotify" = 0

"AutoUpdateDisableNotify" = 0

"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)

"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{3670D740-2D15-4EDB-A18D-C64879F043F0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{413E8FD7-E64F-4497-87FC-D1A58930BECE}" = lport=2869 | protocol=6 | dir=in | app=system |

"{557063A0-5EC4-4FED-9D1B-DA7B8534BFF9}" = lport=2869 | protocol=6 | dir=in | app=system |

"{8D60A3CD-F2BA-41A8-A62B-CE6D6FC81C62}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{91EBCA3D-A9A0-4668-93CC-B652173F1516}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{9AA7FCF9-9734-426F-9112-76B383945115}" = lport=2869 | protocol=6 | dir=in | app=system |

"{B9DFB1ED-1FAD-4271-A362-ABDECA240961}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{DE66C67E-DD15-489C-AD9C-DB53B6D1DDB8}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01DD3817-7FDC-4B78-BAB2-1D3F60FD67B4}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{0CE06E7B-435A-490E-AE27-67C935B5217A}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |

"{1208C506-53A7-4565-BF1C-DCF9BBDED1BB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{1CE84E6E-1C1E-48B2-81A4-83B571B85B4C}" = protocol=17 | dir=in | app=c:\users\lucy\desktop\lucy - games, music etc\limewire\limewire.exe |

"{2BCF0C13-2E6D-4F91-BE92-E9E4A7BD4967}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |

"{3B46E3C9-5A2C-4009-A122-46BD2EF814D0}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |

"{45B305F7-1CBB-4E12-9B4F-B07FE188C84D}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |

"{48321BA6-C08C-4EBB-BAFC-94BE36CF8243}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |

"{4A3B4786-B3E8-4BAA-A948-F3A16FECFEBF}" = protocol=6 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe |

"{541415E9-CA85-42D7-A3FD-3233CCF7ABD0}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{5AA4EC5E-5AE2-49CA-B994-22CD822D9767}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"{5B175536-DADD-487D-A3D6-2A98398CFA6C}" = protocol=17 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe |

"{92F522AE-BEFE-44BE-B681-14BF3405177B}" = protocol=6 | dir=in | app=c:\users\lucy\desktop\lucy - games, music etc\limewire\limewire.exe |

"{979B1223-D9D3-4CFC-8F3D-473FCDFBE8F4}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{97EF7E02-3D62-43C5-A114-445E44CDACF8}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |

"{9B392240-E3AA-414C-8B1C-8EC4C6740F1E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{A1AAE35D-8F30-4895-BFFE-833AE0F156A8}" = protocol=6 | dir=in | app=c:\users\lucy\desktop\lucy - games, music etc\limewire\limewire.exe |

"{AFAF442E-9BAA-4F9A-9A71-1FC13A3797B3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{B62A0537-3AEC-4D34-8CCE-A778500017F8}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{BD5F546D-8671-4EA0-81F1-9DF8CAA8A300}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{BFEEEC63-1759-4571-8F8C-1B9D410D8EB4}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"{DA697DF7-A1E8-4C1C-A05B-0950ABDE7B3D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{E8348D68-2D19-4B09-B56B-F17A2016A98C}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |

"{ECB6DA55-C3DB-41BA-8CC5-82DD03C67C61}" = protocol=17 | dir=in | app=c:\users\lucy\desktop\lucy - games, music etc\limewire\limewire.exe |

"{FC31862F-49E9-4B50-A66B-6B9EB1F00796}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"TCP Query User{062D011F-6E4E-4726-B76A-ABBFFBCDE694}C:\program files\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare\bearshare.exe |

"TCP Query User{1C77668F-BB8F-4EBB-845E-7938D8D5E285}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |

"TCP Query User{2AA219FF-06A7-4AE1-88D1-28BABE5707E5}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |

"TCP Query User{32920BB1-77B9-4692-BC05-3E1D2EE683DB}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{46509C8B-6B24-450F-8071-8EB7ED318D75}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{4E9241BB-5865-4809-9B7C-A133786B918D}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"TCP Query User{53052C70-EF37-4C77-9CF0-8E5F52CE4FD1}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |

"TCP Query User{53DD024F-EAAB-4068-8E78-B655736BE940}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |

"TCP Query User{5F6C6099-A475-4CA1-9A32-8D60EEFD060D}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

"TCP Query User{82C84426-D33A-415E-9DD9-7E11374F07D1}C:\program files\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare\bearshare.exe |

"TCP Query User{C4A3E1AA-F259-4062-838E-B716B8EFC7DD}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |

"TCP Query User{DF00B683-50B7-4D74-B3C7-A63E1ADBE9C3}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"TCP Query User{F00E6DD7-EADF-4712-A5F0-4AD3E87C0345}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

"UDP Query User{0EBE9660-82D4-4BC0-A54A-35F99100853C}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"UDP Query User{231466BB-2BFE-44C0-9558-C264FB274924}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |

"UDP Query User{33127783-86BA-4464-8659-58EB79944265}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |

"UDP Query User{3FA977B6-79D2-4DC0-9DD6-5B04A2E36FB3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{5193DAC0-5C7C-4F2E-93DD-870A625BE9C8}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{757466E1-E713-4DCF-9C06-A18516C3B831}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

"UDP Query User{7A57F8B4-CBA9-43F3-ADB8-051A2E0E0661}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

"UDP Query User{848C4460-9C64-40E9-BA71-F37E02595B83}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |

"UDP Query User{8C0BDFBA-72FD-4647-8FE4-877A816019FA}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"UDP Query User{CF2EAFF7-C57E-45AC-8142-3941D40A056D}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |

"UDP Query User{D5E31C51-1F94-4749-97E4-FC30DDC4D330}C:\program files\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare\bearshare.exe |

"UDP Query User{F901E243-1DCC-4668-8FF7-9E36F6882E25}C:\program files\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare\bearshare.exe |

"UDP Query User{F95EE3D3-42CC-4D4B-957A-7FF661EC4F54}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer

"{10479E5C-2EC2-4A70-A816-4B0FF3D90FCD}_is1" = 3D Ebook Cover 1.0

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series" = Canon MP270 series MP Drivers

"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1

"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime

"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1

"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant

"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check

"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 21

"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

"{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant

"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D3

"{34DAFDEC-A4B4-488A-A5CD-C91975A6F083}" = MediaRing Talk

"{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}" = muvee autoProducer 6.1

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting

"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module

"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout

"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 4.1

"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger

"{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}" = HP Easy Setup - Frontend

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer

"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6B566EFE-DC1D-471F-93DD-84832663F140}" = OVT Scanner X86

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115120220}" = CLUE Classic

"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module

"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DF92D68-F8EE-4F9C-89A2-26254C1C4B6B}" = HP Help and Support

"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003

"{991B1E79-12B6-40C3-A081-1FC47C6F2F37}" = Bulk Rename Utility 2, 5, 4, 3

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library

"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel

"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes

"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer

"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0

"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1

"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin

"{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}" = HP Customer Experience Enhancements

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B38BDBB0-BFF7-4280-8BEE-234FC262BD62}" = Top Chef

"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc

"{B640E7CC-7091-4A24-AE76-2140065D2054}" = HP User Guides 0110

"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5

"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client

"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader

"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1

"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01

"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor

"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo

"Acoustica MP3 CD Burner" = Acoustica MP3 CD Burner

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player

"Affair Bureau1.0" = Affair Bureau

"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.9 (Unicode)

"avast5" = avast! Free Antivirus

"Avenue Flo1.0" = Avenue Flo

"Brainiversity 21.0.0.0" = Brainiversity 2

"Burger Shop 21.0" = Burger Shop 2

"Burger Shop1.0" = Burger Shop

"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program

"CanonMyPrinter" = Canon Utilities My Printer

"CanonSolutionMenu" = Canon Utilities Solution Menu

"Carnival Mania1.0" = Carnival Mania

"CCleaner" = CCleaner

"CloneDVD2" = CloneDVD2

"CNXT_AUDIO_HDA" = Conexant HD Audio

"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP

"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09

"Debut" = Debut Video Capture Software

"E2D312050E630E0CB2650D738A53820EE8BB1A95" = Windows Driver Package - 2Wire (2WIREPCP) Net (03/22/2007 2.0)

"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX

"Family Feud II - Patriot Force" = Family Feud II - Patriot Force

"FLV Player" = FLV Player 2.0 (build 25)

"Gadwin PrintScreen" = Gadwin PrintScreen

"gardenscapes_is1" = gardenscapes 1.0

"HijackThis" = HijackThis 2.0.2

"HP Photosmart Essential" = HP Photosmart Essential 2.5

"HyperMedia_is1" = HyperMedia Software

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"Jigsaw Puzzle Lite" = Jigsaw Puzzle Lite

"Jigsaw Puzzle Platinum" = Jigsaw Puzzle Platinum

"Kitchen Brigade1.0" = Kitchen Brigade

"KraiSoft Games Launcher" = KraiSoft Games Launcher

"KWorld USB DVB-T BDA Driver_is1" = KWorld USB DVB-T BDA Driver

"LAME for Audacity_is1" = LAME v3.98.2 for Audacity

"Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)

"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0

"Mr Jones Graveyard Shift2.5.1.23937" = Mr Jones Graveyard Shift

"My Kingdom for the Princess1.0" = My Kingdom for the Princess

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"Orbit_is1" = Orbit Downloader

"OVT Scanner" = Uninstall OVT Scanner

"RapidShare Manager" = RapidShare Manager

"RealAlt_is1" = Real Alternative 1.7.5

"RoughDraft_is1" = RoughDraft 2.11

"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6

"SopCast" = SopCast 3.2.8

"SUPER

Attach.zip

Link to post
Share on other sites

Hello again,

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

Hello..

Unfortunately still having the same problem...

I actually just posted on another forum (unrelated to virus removal etc), and the strange text appeared again at the end of my post...

I have contacted the forum owner and they believe it is not their website and no other members have had the same problem..

Just at the end of my post when I hit reply, this message comes up..

CFAEAF65-9E9B-2C48-3112-FA056EA4B5A1

1.02.05

Link to post
Share on other sites

Had to let this one run overnight..... Thank you again for your time and assistance..

Note: This Log was to long for a single post, so I have split it so that "Hooks" will be in the second reply. Although the "Hooks" section is very long, so I may even need to split that into 2 posts...

2nd RootKit Unhooker Log

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows Vista

Version 6.0.6002 (Service Pack 2)

Number of processors #2

==============================================

>SSDT State

==============================================

==============================================

>Shadow

==============================================

==============================================

>Processes

==============================================

0x84AD8C48 [188] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P., Module to process WiFi messages.)

0x9E9EE458 [352] C:\Windows\System32\taskeng.exe (Microsoft Corporation, Task Scheduler Engine)

0x8763DC50 [472] C:\Windows\System32\smss.exe (Microsoft Corporation, Windows Session Manager)

0x911F2478 [492] C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation, NVIDIA Driver Helper Service, Version 197.16)

0x862347D0 [540] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)

0x8796E2E8 [584] C:\Windows\System32\wininit.exe (Microsoft Corporation, Windows Start-Up Application)

0x8796A900 [604] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)

0x9E98D940 [632] C:\Windows\System32\wbem\WmiPrvSE.exe (Microsoft Corporation, WMI Provider Host)

0x8798E2F0 [636] C:\Windows\System32\services.exe (Microsoft Corporation, Services and Controller app)

0x8798FA40 [652] C:\Windows\System32\lsass.exe (Microsoft Corporation, Local Security Authority Process)

0x879C1170 [660] C:\Windows\System32\lsm.exe (Microsoft Corporation, Local Session Manager Service)

0x9E93AB70 [684] C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation, Sink to receive asynchronous callbacks for WMI client application)

0x9C26E108 [712] C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc., Bonjour Service)

0x9112BD90 [788] C:\Program Files\iPod\bin\iPodService.exe (Apple Inc., iPodService Module (32-bit))

0x853FBD90 [800] C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation, Windows Media Player Network Sharing Service)

0x907274A0 [820] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x907742B0 [876] C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation, NVIDIA Driver Helper Service, Version 197.16)

0x90744D90 [904] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x90747D90 [956] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x907A2020 [1008] C:\Windows\System32\winlogon.exe (Microsoft Corporation, Windows Logon Application)

0x8796E578 [1020] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x907AE718 [1064] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x907E6850 [1076] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x907E19C8 [1184] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x907FD9E8 [1200] C:\Windows\System32\SLsvc.exe (Microsoft Corporation, Microsoft Software Licensing Service)

0x9103D578 [1252] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x911B9D68 [1336] C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation, SQL Server Windows NT)

0x9C20DD90 [1356] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc., Apple Mobile Device Service)

0x872806D8 [1368] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x910AF298 [1484] C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software, avast! Service)

0x9109EA10 [1508] C:\Windows\System32\wlanext.exe (Microsoft Corporation, Windows Wireless LAN 802.11 Extensibility Framework)

0x9C28AB20 [1732] C:\Program Files\Canon\IJPLM\ijplmsvc.exe (-, Inkjet Printer/Scanner/Fax Extended Servey Program Service)

0x911A0968 [1832] C:\Windows\System32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)

0x911B1858 [1856] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x9C2EA808 [2108] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x9C2F5C10 [2144] C:\Windows\SMINST\BLService.exe (-, STServices)

0x9C479020 [2184] C:\Windows\explorer.exe (Microsoft Corporation, Windows Explorer)

0x911B2468 [2220] C:\Program Files\CyberLink\Shared Files\RichVideo.exe (-, RichVideo Module)

0x911EEA50 [2276] C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation, SQL Browser Service EXE)

0x907DF020 [2300] C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation, SQL Server VSS Writer)

0x9C2E4D90 [2328] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x9C350D90 [2364] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)

0x9C213C48 [2420] C:\Windows\System32\SearchIndexer.exe (Microsoft Corporation, Microsoft Windows Search Indexer)

0x84B3E578 [3064] C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Synaptics, Inc., Synaptics Pointing Device Helper)

0x9C5BF138 [3128] C:\Windows\System32\dwm.exe (Microsoft Corporation, Desktop Window Manager)

0x9C5C6360 [3148] C:\Windows\System32\taskeng.exe (Microsoft Corporation, Task Scheduler Engine)

0x84EBD480 [3196] C:\Users\Lucy\Desktop\RKUnhookerLE.EXE (UG North, RKULE, SR2 Normandy)

0x84BE2BD8 [3204] C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe (-, HpqToaster Module)

0x9E9EBD90 [3408] C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P., hpqwmiex Module)

0x84A62580 [3568] C:\Windows\ehome\ehmsas.exe (Microsoft Corporation, Media Center Media Status Aggregator Service)

0x9E8C78B8 [3580] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc., Synaptics TouchPad Enhancements)

0x9E8F3630 [3616] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp., HP QuickPlay Resident Program)

0x9E8E5668 [3636] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation, Windows Defender User Interface)

0xA3C25228 [3676] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation, Windows Media Player Network Sharing Service Configuration Application)

0x9E8E47C0 [3700] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P., Quick Launch Buttons)

0x9E90FB70 [3712] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard, HpqSRmon)

0x9C267938 [3728] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard, hpwuSchd Application)

0x9BBDB420 [3752] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P., HPWAMain Module)

0x9E8B2370 [3936] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc., iTunesHelper)

0x9E92A838 [3944] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software, avast! Antivirus)

0x9E9901F0 [4020] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc., Java Update Scheduler)

0x9E9305A8 [4040] C:\Windows\ehome\ehtray.exe (Microsoft Corporation, Media Center Tray Applet)

0x84BF2478 [4184] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Hewlett-Packard, HP Health Check Service)

0x84479790 [4] System

0x879EF6B8 [1164] C:\Windows\System32\audiodg.exe (Microsoft Corporation, Windows Audio Device Graph Isolation )

==============================================

>Drivers

==============================================

0x8C00F000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 11591680 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 197.16 )

0x82A0E000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)

0x82A0E000 PnpManager 3903488 bytes

0x82A0E000 RAW 3903488 bytes

0x82A0E000 WMIxWDM 3903488 bytes

0x95CC0000 Win32k 2109440 bytes

0x95CC0000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0x87E0C000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)

0x87A07000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)

0x8D44A000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)

0x8BEB5000 C:\Windows\system32\DRIVERS\nvmfdx32.sys 1036288 bytes (NVIDIA Corporation, NVIDIA MCP Networking Function Driver.)

0x87C08000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)

0x8CC06000 C:\Windows\system32\DRIVERS\athr.sys 933888 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)

0x80462000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)

0x9DC01000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)

0x8D607000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)

0x8D900000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)

0x8CB1F000 C:\Windows\System32\drivers\dxgkrnl.sys 659456 bytes (Microsoft Corporation, DirectX Graphics Kernel)

0x8BE02000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)

0x80542000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)

0x8078A000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0x9C001000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)

0x9C172000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)

0x806B3000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)

0x8D54D000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x8060A000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)

0x80421000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)

0x8CD19000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)

0x8D40C000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 253952 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)

0x87DAD000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0x8D804000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0x87B78000 C:\Windows\system32\drivers\CHDRT32.sys 241664 bytes (Conexant Systems Inc., High Definition Audio Function Driver)

0x87B3D000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)

0x9C0F9000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)

0x87F1C000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0x8D8C6000 C:\Windows\system32\drivers\aswMonFlt.sys 225280 bytes (AVAST Software, avast! File System Minifilter for Windows 2003/Vista)

0x8BFB2000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)

0x82DC7000 ACPI_HAL 208896 bytes

0x82DC7000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0x80748000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0x8D595000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)

0x87D5A000 C:\Windows\system32\DRIVERS\SynTP.sys 196608 bytes (Synaptics, Inc., Synaptics Touchpad Driver)

0x8CCEA000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)

0x87BB3000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0x87B12000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)

0x8CBCC000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)

0x8D9C0000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)

0x9C14A000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)

0x8D866000 C:\Windows\System32\Drivers\aswSP.SYS 159744 bytes (AVAST Software, avast! self protection module)

0x87F6D000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)

0x80661000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0x805CB000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0x8CD87000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0x87FA5000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)

0x9C0B9000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0x8D5DA000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 135168 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)

0x8D708000 C:\Windows\System32\Drivers\usbvideo.sys 135168 bytes (Microsoft Corporation, USB Video Class Driver)

0x8D74C000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)

0x9C0DA000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0x8072A000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)

0x9C06E000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)

0x87CF2000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)

0x9C08B000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)

0x8BE97000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0x9C132000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)

0x8D84F000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)

0x8CD65000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0x8D6F1000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)

0x9DCFD000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)

0x8D7D8000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)

0x8D79F000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)

0x9C0A4000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)

0x8CDCD000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)

0x8D6C9000 C:\Windows\system32\drivers\nvhda32v.sys 81920 bytes (NVIDIA Corporation, NVIDIA HDMI Audio Driver)

0x8CDB9000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0x8D6DD000 C:\Windows\system32\drivers\RTSTOR.SYS 81920 bytes (Realtek Semiconductor Corp., Realtek USB Mass Storage Driver for Vista)

0x8D7BF000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)

0x87D3C000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)

0x87FCF000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)

0x8D5C7000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0x87F94000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)

0x8BFE7000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)

0x80408000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)

0x8077A000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)

0x87D1C000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)

0x8D9B0000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)

0x80712000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)

0x8CDE2000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)

0x8D8B7000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)

0x87F5D000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0x80688000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)

0x87D0D000 C:\Windows\system32\DRIVERS\processr.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)

0x8CDAA000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0x87DEB000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0x806A4000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)

0x95F00000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)

0x8D7EE000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)

0x8D788000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)

0x80704000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0x8D88D000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)

0x8D6BC000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)

0x8C000000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)

0x805BE000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)

0x9DCE9000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)

0x8D740000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0x8CBC0000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)

0x8D89A000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes

0x87D4F000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)

0x87D8C000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)

0x8D77D000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)

0x8CD7C000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0x8CD5A000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)

0x87FEF000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)

0x8D7B5000 C:\Windows\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)

0x8069A000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)

0x8D8AD000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)

0x8CDF4000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)

0x8D9EA000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)

0x8D840000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)

0x9DCDF000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)

0x87DA3000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)

0x87FC6000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)

0x8D729000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)

0x8CBF6000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)

0x9DD25000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0x8D796000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0x95EE0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)

0x87E00000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)

0x87D33000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)

0x80650000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0x8BE8F000 C:\Windows\system32\drivers\Afc.sys 32768 bytes (Arcsoft, Inc., Arcsoft® ASPI Shell)

0x80722000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)

0x80419000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)

0x9DD13000 C:\Users\Lucy\AppData\Local\Temp\catchme.sys 32768 bytes

0x8D8A5000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes

0x80659000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)

0x87D9B000 C:\Windows\system32\DRIVERS\nvsmu.sys 32768 bytes (NVIDIA Corporation, NVIDIA nForce SMU Microcontroller Driver)

0x8D76D000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)

0x8D775000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)

0x87F55000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)

0x9DCF5000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)

0x8D739000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)

0x87D2C000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0x80401000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0x8D732000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)

0x806FD000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

0x8BEAF000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)

0x9DD1D000 C:\Users\Lucy\AppData\Local\Temp\mbr.sys 24576 bytes

0x8D600000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)

0x8D7D3000 C:\Windows\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)

0x8D84A000 C:\Windows\System32\Drivers\ElbyCDIO.sys 20480 bytes (Elaborate Bytes AG, ElbyCD Windows NT/2000/XP I/O driver)

0x87FFA000 C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 20480 bytes (Hewlett-Packard Development Company, L.P., HpqKbFiltr Keyboard Filter Driver)

0x87D97000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)

0x9C1D8000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)

0x8D8FD000 C:\Windows\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)

0x80697000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)

0x87E09000 C:\Windows\system32\DRIVERS\HpqRemHid.sys 8192 bytes (Hewlett-Packard Development Company, L.P., HP Remote Control HID Device)

0x8CB1D000 C:\Windows\system32\DRIVERS\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 197.16 )

0x9DD1B000 C:\Windows\system32\Drivers\PROCEXP113.SYS 8192 bytes

0x8CDF2000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0x87D8A000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0x87F6C000 C:\Windows\system32\giveio.sys 4096 bytes

==============================================

>Stealth

==============================================

0x007F0000 Hidden Image-->HP.ActiveSupportLibrary.dll [ EPROCESS 0x84BF2478 ] PID: 4184, 110592 bytes

==============================================

>Files

==============================================

!-->[Hidden] C:\Users\Lucy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6C6M0SNR\api[1].htm

!-->[Hidden] C:\Users\Lucy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6C6M0SNR\background-banner-right-v9[1].jpg

!-->[Hidden] C:\Users\Lucy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6C6M0SNR\background_banner_green_50_v9a[1].jpg

!-->[Hidden] C:\Users\Lucy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6C6M0SNR\background_button_green_full[1].png

!-->[Hidden] C:\Users\Lucy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6C6M0SNR\desktop.ini

!-->[Hidden] C:\Users\Lucy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6C6M0SNR\list-item-plus[1].png

!-->[Hidden] C:\Users\Lucy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NAXLX7BT\api[1].htm

!-->[Hidden] C:\Users\Lucy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NAXLX7BT\background-banner-middle-v9a[1].jpg

!-->[Hidden] C:\Users\Lucy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NAXLX7BT\desktop.ini

!-->[Hidden] C:\Users\Lucy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OCY3GK5P\background-banner-middle-v9[1].jpg

!-->[Hidden] C:\Users\Lucy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OCY3GK5P\background-banner-right-v9a[1].jpg

!-->[Hidden] C:\Users\Lucy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OCY3GK5P\background_banner_green_50_v9[1].jpg

!-->[Hidden] C:\Users\Lucy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OCY3GK5P\desktop.ini

!-->[Hidden] C:\Users\Lucy\Desktop\Calender\Personal Development as at 04-09-08 for backup\Favourites for Internet Explorer\Business Stuff\Cleaning\Commercial cleaning price quotes - Free commercial cleaning services advice and quotes from leading cleaning companies.urlo.url

!-->[Hidden] C:\Windows\Prefetch\CONTROL.EXE-9459D5A0.pf

!-->[Hidden] C:\Windows\Prefetch\RUNDLL32.EXE-BDA041F2.pf

Link to post
Share on other sites

Note: The "Hooks" section of the log was also too long and required splitting up into 3 parts to post successfuly.

2nd RootKit Unhooker Log ((Continued))

==============================================

>Hooks ((part 1))

==============================================

ntkrnlpa.exe+0x000A87AA, Type: Inline - RelativeJump 0x82AB67AA-->82AB67B1 [ntkrnlpa.exe]

ntkrnlpa.exe-->AlpcGetHeaderSize, Type: EAT modification 0x82D0D1A0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->AlpcGetMessageAttribute, Type: EAT modification 0x82D0D1A4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->AlpcInitializeMessageAttribute, Type: EAT modification 0x82D0D1A8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->atoi, Type: EAT modification 0x82D0EDF4-->82A0E14B [ntkrnlpa.exe]

ntkrnlpa.exe-->atol, Type: EAT modification 0x82D0EDF8-->82A0E006 [ntkrnlpa.exe]

ntkrnlpa.exe-->bsearch, Type: EAT modification 0x82D0EDFC-->82A5E02A [ntkrnlpa.exe]

ntkrnlpa.exe-->CcCanIWrite, Type: EAT modification 0x82D0D1AC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcCopyRead, Type: EAT modification 0x82D0D1B0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcCopyWrite, Type: EAT modification 0x82D0D1B4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcDeferWrite, Type: EAT modification 0x82D0D1B8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcFastCopyRead, Type: EAT modification 0x82D0D1BC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcFastCopyWrite, Type: EAT modification 0x82D0D1C0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcFastMdlReadWait, Type: EAT modification 0x82D0D1C4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcFlushCache, Type: EAT modification 0x82D0D1C8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcGetDirtyPages, Type: EAT modification 0x82D0D1CC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcGetFileObjectFromBcb, Type: EAT modification 0x82D0D1D0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcGetFileObjectFromSectionPtrs, Type: EAT modification 0x82D0D1D4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcGetFileObjectFromSectionPtrsRef, Type: EAT modification 0x82D0D1D8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcGetFlushedValidData, Type: EAT modification 0x82D0D1DC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcGetLsnForFileObject, Type: EAT modification 0x82D0D1E0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcInitializeCacheMap, Type: EAT modification 0x82D0D1E4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcIsThereDirtyData, Type: EAT modification 0x82D0D1E8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcIsThereDirtyDataEx, Type: EAT modification 0x82D0D1EC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcMapData, Type: EAT modification 0x82D0D1F0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcMdlRead, Type: EAT modification 0x82D0D1F4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcMdlReadComplete, Type: EAT modification 0x82D0D1F8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcMdlWriteAbort, Type: EAT modification 0x82D0D1FC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcMdlWriteComplete, Type: EAT modification 0x82D0D200-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcPinMappedData, Type: EAT modification 0x82D0D204-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcPinRead, Type: EAT modification 0x82D0D208-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcPrepareMdlWrite, Type: EAT modification 0x82D0D20C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcPreparePinWrite, Type: EAT modification 0x82D0D210-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcPurgeCacheSection, Type: EAT modification 0x82D0D214-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcRemapBcb, Type: EAT modification 0x82D0D218-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcRepinBcb, Type: EAT modification 0x82D0D21C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcScheduleReadAhead, Type: EAT modification 0x82D0D220-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcSetAdditionalCacheAttributes, Type: EAT modification 0x82D0D224-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcSetBcbOwnerPointer, Type: EAT modification 0x82D0D228-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcSetDirtyPageThreshold, Type: EAT modification 0x82D0D22C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcSetDirtyPinnedData, Type: EAT modification 0x82D0D230-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcSetFileSizes, Type: EAT modification 0x82D0D234-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcSetFileSizesEx, Type: EAT modification 0x82D0D238-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcSetLogHandleForFile, Type: EAT modification 0x82D0D23C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcSetParallelFlushFile, Type: EAT modification 0x82D0D240-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcSetReadAheadGranularity, Type: EAT modification 0x82D0D244-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcTestControl, Type: EAT modification 0x82D0D248-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcUninitializeCacheMap, Type: EAT modification 0x82D0D24C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcUnpinData, Type: EAT modification 0x82D0D250-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcUnpinDataForThread, Type: EAT modification 0x82D0D254-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcUnpinRepinnedBcb, Type: EAT modification 0x82D0D258-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcWaitForCurrentLazyWriterActivity, Type: EAT modification 0x82D0D25C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcZeroData, Type: EAT modification 0x82D0D260-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CmCallbackGetKeyObjectID, Type: EAT modification 0x82D0D264-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CmGetBoundTransaction, Type: EAT modification 0x82D0D268-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CmGetCallbackVersion, Type: EAT modification 0x82D0D26C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CmRegisterCallback, Type: EAT modification 0x82D0D270-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CmRegisterCallbackEx, Type: EAT modification 0x82D0D274-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CmSetCallbackObjectContext, Type: EAT modification 0x82D0D278-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CmUnRegisterCallback, Type: EAT modification 0x82D0D27C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->DbgBreakPoint, Type: EAT modification 0x82D0D280-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->DbgBreakPointWithStatus, Type: EAT modification 0x82D0D284-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->DbgCommandString, Type: EAT modification 0x82D0D288-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->DbgLoadImageSymbols, Type: EAT modification 0x82D0D28C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->DbgPrint, Type: EAT modification 0x82D0D290-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->DbgPrintEx, Type: EAT modification 0x82D0D294-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->DbgPrintReturnControlC, Type: EAT modification 0x82D0D298-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->DbgPrompt, Type: EAT modification 0x82D0D29C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->DbgQueryDebugFilterState, Type: EAT modification 0x82D0D2A0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->DbgSetDebugFilterState, Type: EAT modification 0x82D0D2A4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->DbgSetDebugPrintCallback, Type: EAT modification 0x82D0D2A8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EmClientQueryRuleState, Type: EAT modification 0x82D0D2AC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EmClientRuleDeregisterNotification, Type: EAT modification 0x82D0D2B0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EmClientRuleEvaluate, Type: EAT modification 0x82D0D2B4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EmClientRuleRegisterNotification, Type: EAT modification 0x82D0D2B8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EmpProviderRegister, Type: EAT modification 0x82D0D2CC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EmProviderDeregister, Type: EAT modification 0x82D0D2BC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EmProviderDeregisterEntry, Type: EAT modification 0x82D0D2C0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EmProviderRegister, Type: EAT modification 0x82D0D2C4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EmProviderRegisterEntry, Type: EAT modification 0x82D0D2C8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EtwActivityIdControl, Type: EAT modification 0x82D0D2D0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EtwEnableTrace, Type: EAT modification 0x82D0D2D4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EtwEventEnabled, Type: EAT modification 0x82D0D2D8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EtwProviderEnabled, Type: EAT modification 0x82D0D2DC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EtwRegister, Type: EAT modification 0x82D0D2E0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EtwRegisterClassicProvider, Type: EAT modification 0x82D0D2E4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EtwSendTraceBuffer, Type: EAT modification 0x82D0D2E8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EtwUnregister, Type: EAT modification 0x82D0D2EC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EtwWrite, Type: EAT modification 0x82D0D2F0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EtwWriteEndScenario, Type: EAT modification 0x82D0D2F4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EtwWriteStartScenario, Type: EAT modification 0x82D0D2F8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EtwWriteString, Type: EAT modification 0x82D0D2FC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EtwWriteTransfer, Type: EAT modification 0x82D0D300-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAcquireCacheAwarePushLockExclusive, Type: EAT modification 0x82D0D304-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAcquireFastMutexUnsafe, Type: EAT modification 0x82D0D028-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAcquireResourceExclusiveLite, Type: EAT modification 0x82D0D308-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAcquireResourceSharedLite, Type: EAT modification 0x82D0D30C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAcquireRundownProtection, Type: EAT modification 0x82D0D02C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAcquireRundownProtectionCacheAware, Type: EAT modification 0x82D0D030-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAcquireRundownProtectionCacheAwareEx, Type: EAT modification 0x82D0D034-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAcquireRundownProtectionEx, Type: EAT modification 0x82D0D038-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAcquireSharedStarveExclusive, Type: EAT modification 0x82D0D310-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAcquireSharedWaitForExclusive, Type: EAT modification 0x82D0D314-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAcquireSpinLockExclusive, Type: EAT modification 0x82D0D318-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAcquireSpinLockExclusiveAtDpcLevel, Type: EAT modification 0x82D0D31C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAcquireSpinLockShared, Type: EAT modification 0x82D0D320-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAcquireSpinLockSharedAtDpcLevel, Type: EAT modification 0x82D0D324-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAllocateCacheAwarePushLock, Type: EAT modification 0x82D0D328-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAllocateCacheAwareRundownProtection, Type: EAT modification 0x82D0D32C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAllocateFromPagedLookasideList, Type: EAT modification 0x82D0D330-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAllocatePool, Type: EAT modification 0x82D0D334-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAllocatePoolWithQuota, Type: EAT modification 0x82D0D338-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAllocatePoolWithQuotaTag, Type: EAT modification 0x82D0D33C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAllocatePoolWithTag, Type: EAT modification 0x82D0D340-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAllocatePoolWithTagPriority, Type: EAT modification 0x82D0D344-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExConvertExclusiveToSharedLite, Type: EAT modification 0x82D0D348-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExCreateCallback, Type: EAT modification 0x82D0D34C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExDeleteLookasideListEx, Type: EAT modification 0x82D0D350-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExDeleteNPagedLookasideList, Type: EAT modification 0x82D0D354-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExDeletePagedLookasideList, Type: EAT modification 0x82D0D358-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExDeleteResourceLite, Type: EAT modification 0x82D0D35C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExDesktopObjectType, Type: EAT modification 0x82D0D360-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExDisableResourceBoostLite, Type: EAT modification 0x82D0D364-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExEnterCriticalRegionAndAcquireFastMutexUnsafe, Type: EAT modification 0x82D0D03C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExEnterCriticalRegionAndAcquireResourceExclusive, Type: EAT modification 0x82D0D368-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExEnterCriticalRegionAndAcquireResourceShared, Type: EAT modification 0x82D0D36C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExEnterCriticalRegionAndAcquireSharedWaitForExclusive, Type: EAT modification 0x82D0D370-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExEnterPriorityRegionAndAcquireResourceExclusive, Type: EAT modification 0x82D0D374-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExEnterPriorityRegionAndAcquireResourceShared, Type: EAT modification 0x82D0D378-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExEnumHandleTable, Type: EAT modification 0x82D0D37C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExEventObjectType, Type: EAT modification 0x82D0D380-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExExtendZone, Type: EAT modification 0x82D0D384-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExfAcquirePushLockExclusive, Type: EAT modification 0x82D0D094-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExfAcquirePushLockShared, Type: EAT modification 0x82D0D098-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExFetchLicenseData, Type: EAT modification 0x82D0D388-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->Exfi386InterlockedDecrementLong, Type: EAT modification 0x82D0D0D0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->Exfi386InterlockedExchangeUlong, Type: EAT modification 0x82D0D0D4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->Exfi386InterlockedIncrementLong, Type: EAT modification 0x82D0D0D8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExfInterlockedAddUlong, Type: EAT modification 0x82D0D09C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExfInterlockedCompareExchange64, Type: EAT modification 0x82D0D0A0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExfInterlockedInsertHeadList, Type: EAT modification 0x82D0D0A4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExfInterlockedInsertTailList, Type: EAT modification 0x82D0D0A8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExfInterlockedPopEntryList, Type: EAT modification 0x82D0D0AC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExfInterlockedPushEntryList, Type: EAT modification 0x82D0D0B0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExfInterlockedRemoveHeadList, Type: EAT modification 0x82D0D0B4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExFlushLookasideListEx, Type: EAT modification 0x82D0D38C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExFreeCacheAwarePushLock, Type: EAT modification 0x82D0D390-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExFreeCacheAwareRundownProtection, Type: EAT modification 0x82D0D394-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExFreePool, Type: EAT modification 0x82D0D398-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExFreePoolWithTag, Type: EAT modification 0x82D0D39C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExFreeToPagedLookasideList, Type: EAT modification 0x82D0D3A0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExfReleasePushLock, Type: EAT modification 0x82D0D0B8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExfReleasePushLockExclusive, Type: EAT modification 0x82D0D0BC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExfReleasePushLockShared, Type: EAT modification 0x82D0D0C0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExfTryAcquirePushLockShared, Type: EAT modification 0x82D0D0C4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExfTryToWakePushLock, Type: EAT modification 0x82D0D0C8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExfUnblockPushLock, Type: EAT modification 0x82D0D0CC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExGetCurrentProcessorCounts, Type: EAT modification 0x82D0D3A4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExGetCurrentProcessorCpuUsage, Type: EAT modification 0x82D0D3A8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExGetExclusiveWaiterCount, Type: EAT modification 0x82D0D3AC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExGetLicenseTamperState, Type: EAT modification 0x82D0D3B0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExGetPreviousMode, Type: EAT modification 0x82D0D3B4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExGetSharedWaiterCount, Type: EAT modification 0x82D0D3B8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->Exi386InterlockedDecrementLong, Type: EAT modification 0x82D0D488-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->Exi386InterlockedExchangeUlong, Type: EAT modification 0x82D0D48C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->Exi386InterlockedIncrementLong, Type: EAT modification 0x82D0D490-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExiAcquireFastMutex, Type: EAT modification 0x82D0D0DC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInitializeLookasideListEx, Type: EAT modification 0x82D0D3BC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInitializeNPagedLookasideList, Type: EAT modification 0x82D0D3C0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInitializePagedLookasideList, Type: EAT modification 0x82D0D3C4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInitializePushLock, Type: EAT modification 0x82D0D3C8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInitializeResourceLite, Type: EAT modification 0x82D0D3CC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInitializeRundownProtection, Type: EAT modification 0x82D0D040-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInitializeRundownProtectionCacheAware, Type: EAT modification 0x82D0D3D0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInitializeZone, Type: EAT modification 0x82D0D3D4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInterlockedAddLargeInteger, Type: EAT modification 0x82D0D3D8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInterlockedAddLargeStatistic, Type: EAT modification 0x82D0D044-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInterlockedAddUlong, Type: EAT modification 0x82D0D3DC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInterlockedCompareExchange64, Type: EAT modification 0x82D0D048-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInterlockedDecrementLong, Type: EAT modification 0x82D0D3E0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInterlockedExchangeUlong, Type: EAT modification 0x82D0D3E4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInterlockedExtendZone, Type: EAT modification 0x82D0D3E8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInterlockedFlushSList, Type: EAT modification 0x82D0D04C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInterlockedIncrementLong, Type: EAT modification 0x82D0D3EC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInterlockedInsertHeadList, Type: EAT modification 0x82D0D3F0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInterlockedInsertTailList, Type: EAT modification 0x82D0D3F4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInterlockedPopEntryList, Type: EAT modification 0x82D0D3F8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInterlockedPopEntrySList, Type: EAT modification 0x82D0D050-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInterlockedPushEntryList, Type: EAT modification 0x82D0D3FC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInterlockedPushEntrySList, Type: EAT modification 0x82D0D054-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInterlockedRemoveHeadList, Type: EAT modification 0x82D0D400-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExiReleaseFastMutex, Type: EAT modification 0x82D0D0E0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExIsProcessorFeaturePresent, Type: EAT modification 0x82D0D404-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExIsResourceAcquiredExclusiveLite, Type: EAT modification 0x82D0D408-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExIsResourceAcquiredSharedLite, Type: EAT modification 0x82D0D40C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExiTryToAcquireFastMutex, Type: EAT modification 0x82D0D0E4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExLocalTimeToSystemTime, Type: EAT modification 0x82D0D410-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExNotifyCallback, Type: EAT modification 0x82D0D414-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExQueryPoolBlockSize, Type: EAT modification 0x82D0D418-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExQueueWorkItem, Type: EAT modification 0x82D0D41C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExRaiseAccessViolation, Type: EAT modification 0x82D0D420-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExRaiseDatatypeMisalignment, Type: EAT modification 0x82D0D424-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExRaiseException, Type: EAT modification 0x82D0D428-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExRaiseHardError, Type: EAT modification 0x82D0D42C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExRaiseStatus, Type: EAT modification 0x82D0D430-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExRegisterCallback, Type: EAT modification 0x82D0D434-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReinitializeResourceLite, Type: EAT modification 0x82D0D438-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReInitializeRundownProtection, Type: EAT modification 0x82D0D058-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReInitializeRundownProtectionCacheAware, Type: EAT modification 0x82D0D05C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReleaseCacheAwarePushLockExclusive, Type: EAT modification 0x82D0D43C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReleaseFastMutexUnsafe, Type: EAT modification 0x82D0D060-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReleaseFastMutexUnsafeAndLeaveCriticalRegion, Type: EAT modification 0x82D0D064-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReleaseResourceAndLeaveCriticalRegion, Type: EAT modification 0x82D0D068-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReleaseResourceAndLeavePriorityRegion, Type: EAT modification 0x82D0D06C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReleaseResourceForThreadLite, Type: EAT modification 0x82D0D440-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReleaseResourceLite, Type: EAT modification 0x82D0D070-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReleaseRundownProtection, Type: EAT modification 0x82D0D074-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReleaseRundownProtectionCacheAware, Type: EAT modification 0x82D0D078-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReleaseRundownProtectionCacheAwareEx, Type: EAT modification 0x82D0D07C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReleaseRundownProtectionEx, Type: EAT modification 0x82D0D080-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReleaseSpinLockExclusive, Type: EAT modification 0x82D0D444-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReleaseSpinLockExclusiveFromDpcLevel, Type: EAT modification 0x82D0D448-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReleaseSpinLockShared, Type: EAT modification 0x82D0D44C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReleaseSpinLockSharedFromDpcLevel, Type: EAT modification 0x82D0D450-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExRundownCompleted, Type: EAT modification 0x82D0D084-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExRundownCompletedCacheAware, Type: EAT modification 0x82D0D088-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExSemaphoreObjectType, Type: EAT modification 0x82D0D454-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExSetLicenseTamperState, Type: EAT modification 0x82D0D458-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExSetResourceOwnerPointer, Type: EAT modification 0x82D0D45C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExSetTimerResolution, Type: EAT modification 0x82D0D460-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExSizeOfRundownProtectionCacheAware, Type: EAT modification 0x82D0D464-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExSystemExceptionFilter, Type: EAT modification 0x82D0D468-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExSystemTimeToLocalTime, Type: EAT modification 0x82D0D46C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExTryConvertSharedSpinLockExclusive, Type: EAT modification 0x82D0D470-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExUnregisterCallback, Type: EAT modification 0x82D0D474-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExUpdateLicenseData, Type: EAT modification 0x82D0D478-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExUuidCreate, Type: EAT modification 0x82D0D47C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExVerifySuite, Type: EAT modification 0x82D0D480-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExWaitForRundownProtectionRelease, Type: EAT modification 0x82D0D08C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExWaitForRundownProtectionReleaseCacheAware, Type: EAT modification 0x82D0D090-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExWindowStationObjectType, Type: EAT modification 0x82D0D484-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FirstEntrySList, Type: EAT modification 0x82D0D494-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAcknowledgeEcp, Type: EAT modification 0x82D0D498-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAcquireFileExclusive, Type: EAT modification 0x82D0D49C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAddBaseMcbEntry, Type: EAT modification 0x82D0D4A0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAddBaseMcbEntryEx, Type: EAT modification 0x82D0D4A4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAddLargeMcbEntry, Type: EAT modification 0x82D0D4A8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAddMcbEntry, Type: EAT modification 0x82D0D4AC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAddToTunnelCache, Type: EAT modification 0x82D0D4B0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAllocateExtraCreateParameter, Type: EAT modification 0x82D0D4B4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAllocateExtraCreateParameterFromLookasideList, Type: EAT modification 0x82D0D4B8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAllocateExtraCreateParameterList, Type: EAT modification 0x82D0D4BC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAllocateFileLock, Type: EAT modification 0x82D0D4C0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAllocatePool, Type: EAT modification 0x82D0D4C4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAllocatePoolWithQuota, Type: EAT modification 0x82D0D4C8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAllocatePoolWithQuotaTag, Type: EAT modification 0x82D0D4CC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAllocatePoolWithTag, Type: EAT modification 0x82D0D4D0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAllocateResource, Type: EAT modification 0x82D0D4D4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAreNamesEqual, Type: EAT modification 0x82D0D4D8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAreVolumeStartupApplicationsComplete, Type: EAT modification 0x82D0D4DC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlBalanceReads, Type: EAT modification 0x82D0D4E0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlCancellableWaitForMultipleObjects, Type: EAT modification 0x82D0D4E4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlCancellableWaitForSingleObject, Type: EAT modification 0x82D0D4E8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlChangeBackingFileObject, Type: EAT modification 0x82D0D4EC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlCheckLockForReadAccess, Type: EAT modification 0x82D0D4F0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlCheckLockForWriteAccess, Type: EAT modification 0x82D0D4F4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlCheckOplock, Type: EAT modification 0x82D0D4F8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlCheckOplockEx, Type: EAT modification 0x82D0D4FC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlCopyRead, Type: EAT modification 0x82D0D500-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlCopyWrite, Type: EAT modification 0x82D0D504-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlCreateSectionForDataScan, Type: EAT modification 0x82D0D508-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlCurrentBatchOplock, Type: EAT modification 0x82D0D50C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlCurrentOplock, Type: EAT modification 0x82D0D510-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlDeleteExtraCreateParameterLookasideList, Type: EAT modification 0x82D0D514-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlDeleteKeyFromTunnelCache, Type: EAT modification 0x82D0D518-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlDeleteTunnelCache, Type: EAT modification 0x82D0D51C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlDeregisterUncProvider, Type: EAT modification 0x82D0D520-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlDissectDbcs, Type: EAT modification 0x82D0D524-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlDissectName, Type: EAT modification 0x82D0D528-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlDoesDbcsContainWildCards, Type: EAT modification 0x82D0D52C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlDoesNameContainWildCards, Type: EAT modification 0x82D0D530-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlFastCheckLockForRead, Type: EAT modification 0x82D0D534-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlFastCheckLockForWrite, Type: EAT modification 0x82D0D538-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlFastUnlockAll, Type: EAT modification 0x82D0D53C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlFastUnlockAllByKey, Type: EAT modification 0x82D0D540-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlFastUnlockSingle, Type: EAT modification 0x82D0D544-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlFindExtraCreateParameter, Type: EAT modification 0x82D0D548-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlFindInTunnelCache, Type: EAT modification 0x82D0D54C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlFreeExtraCreateParameter, Type: EAT modification 0x82D0D550-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlFreeExtraCreateParameterList, Type: EAT modification 0x82D0D554-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlFreeFileLock, Type: EAT modification 0x82D0D558-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlGetEcpListFromIrp, Type: EAT modification 0x82D0D55C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlGetFileSize, Type: EAT modification 0x82D0D560-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlGetNextBaseMcbEntry, Type: EAT modification 0x82D0D564-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlGetNextExtraCreateParameter, Type: EAT modification 0x82D0D568-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlGetNextFileLock, Type: EAT modification 0x82D0D56C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlGetNextLargeMcbEntry, Type: EAT modification 0x82D0D570-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlGetNextMcbEntry, Type: EAT modification 0x82D0D574-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlIncrementCcFastMdlReadWait, Type: EAT modification 0x82D0D578-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlIncrementCcFastReadNotPossible, Type: EAT modification 0x82D0D580-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlIncrementCcFastReadNoWait, Type: EAT modification 0x82D0D57C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlIncrementCcFastReadResourceMiss, Type: EAT modification 0x82D0D584-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlIncrementCcFastReadWait, Type: EAT modification 0x82D0D588-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlInitExtraCreateParameterLookasideList, Type: EAT modification 0x82D0D58C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlInitializeBaseMcb, Type: EAT modification 0x82D0D590-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlInitializeBaseMcbEx, Type: EAT modification 0x82D0D594-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlInitializeFileLock, Type: EAT modification 0x82D0D598-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlInitializeLargeMcb, Type: EAT modification 0x82D0D59C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlInitializeMcb, Type: EAT modification 0x82D0D5A0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlInitializeOplock, Type: EAT modification 0x82D0D5A4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlInitializeTunnelCache, Type: EAT modification 0x82D0D5A8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlInsertExtraCreateParameter, Type: EAT modification 0x82D0D5AC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlInsertPerFileContext, Type: EAT modification 0x82D0D5B0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlInsertPerFileObjectContext, Type: EAT modification 0x82D0D5B4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlInsertPerStreamContext, Type: EAT modification 0x82D0D5B8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlIsDbcsInExpression, Type: EAT modification 0x82D0D5BC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlIsEcpAcknowledged, Type: EAT modification 0x82D0D5C0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlIsEcpFromUserMode, Type: EAT modification 0x82D0D5C4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlIsFatDbcsLegal, Type: EAT modification 0x82D0D5C8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlIsHpfsDbcsLegal, Type: EAT modification 0x82D0D5CC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlIsNameInExpression, Type: EAT modification 0x82D0D5D0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlIsNtstatusExpected, Type: EAT modification 0x82D0D5D4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlIsPagingFile, Type: EAT modification 0x82D0D5D8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlIsTotalDeviceFailure, Type: EAT modification 0x82D0D5DC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlLegalAnsiCharacterArray, Type: EAT modification 0x82D0D5E0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlLogCcFlushError, Type: EAT modification 0x82D0D5E4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlLookupBaseMcbEntry, Type: EAT modification 0x82D0D5E8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlLookupLargeMcbEntry, Type: EAT modification 0x82D0D5EC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlLookupLastBaseMcbEntry, Type: EAT modification 0x82D0D5F0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlLookupLastBaseMcbEntryAndIndex, Type: EAT modification 0x82D0D5F4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlLookupLastLargeMcbEntry, Type: EAT modification 0x82D0D5F8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlLookupLastLargeMcbEntryAndIndex, Type: EAT modification 0x82D0D5FC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlLookupLastMcbEntry, Type: EAT modification 0x82D0D600-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlLookupMcbEntry, Type: EAT modification 0x82D0D604-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlLookupPerFileContext, Type: EAT modification 0x82D0D608-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlLookupPerFileObjectContext, Type: EAT modification 0x82D0D60C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlLookupPerStreamContextInternal, Type: EAT modification 0x82D0D610-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlMdlRead, Type: EAT modification 0x82D0D614-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlMdlReadComplete, Type: EAT modification 0x82D0D618-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlMdlReadCompleteDev, Type: EAT modification 0x82D0D61C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlMdlReadDev, Type: EAT modification 0x82D0D620-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlMdlWriteComplete, Type: EAT modification 0x82D0D624-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlMdlWriteCompleteDev, Type: EAT modification 0x82D0D628-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlMupGetProviderIdFromName, Type: EAT modification 0x82D0D62C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlMupGetProviderInfoFromFileObject, Type: EAT modification 0x82D0D630-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlNormalizeNtstatus, Type: EAT modification 0x82D0D634-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlNotifyChangeDirectory, Type: EAT modification 0x82D0D638-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlNotifyCleanup, Type: EAT modification 0x82D0D63C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlNotifyCleanupAll, Type: EAT modification 0x82D0D640-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlNotifyFilterChangeDirectory, Type: EAT modification 0x82D0D644-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlNotifyFilterReportChange, Type: EAT modification 0x82D0D648-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlNotifyFullChangeDirectory, Type: EAT modification 0x82D0D64C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlNotifyFullReportChange, Type: EAT modification 0x82D0D650-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlNotifyInitializeSync, Type: EAT modification 0x82D0D654-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlNotifyReportChange, Type: EAT modification 0x82D0D658-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlNotifyUninitializeSync, Type: EAT modification 0x82D0D65C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlNotifyVolumeEvent, Type: EAT modification 0x82D0D660-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlNotifyVolumeEventEx, Type: EAT modification 0x82D0D664-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlNumberOfRunsInBaseMcb, Type: EAT modification 0x82D0D668-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlNumberOfRunsInLargeMcb, Type: EAT modification 0x82D0D66C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlNumberOfRunsInMcb, Type: EAT modification 0x82D0D670-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlOplockBreakToNone, Type: EAT modification 0x82D0D674-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlOplockFsctrl, Type: EAT modification 0x82D0D678-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlOplockIsFastIoPossible, Type: EAT modification 0x82D0D67C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlPostPagingFileStackOverflow, Type: EAT modification 0x82D0D680-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlPostStackOverflow, Type: EAT modification 0x82D0D684-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlPrepareMdlWrite, Type: EAT modification 0x82D0D688-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlPrepareMdlWriteDev, Type: EAT modification 0x82D0D68C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlPrivateLock, Type: EAT modification 0x82D0D690-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlProcessFileLock, Type: EAT modification 0x82D0D694-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlRegisterFileSystemFilterCallbacks, Type: EAT modification 0x82D0D698-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlRegisterFltMgrCalls, Type: EAT modification 0x82D0D69C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlRegisterMupCalls, Type: EAT modification 0x82D0D6A0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlRegisterUncProvider, Type: EAT modification 0x82D0D6A4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlRegisterUncProviderEx, Type: EAT modification 0x82D0D6A8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlReleaseFile, Type: EAT modification 0x82D0D6AC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlRemoveBaseMcbEntry, Type: EAT modification 0x82D0D6B0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlRemoveDotsFromPath, Type: EAT modification 0x82D0D6B4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlRemoveExtraCreateParameter, Type: EAT modification 0x82D0D6B8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlRemoveLargeMcbEntry, Type: EAT modification 0x82D0D6BC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlRemoveMcbEntry, Type: EAT modification 0x82D0D6C0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlRemovePerFileContext, Type: EAT modification 0x82D0D6C4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlRemovePerFileObjectContext, Type: EAT modification 0x82D0D6C8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlRemovePerStreamContext, Type: EAT modification 0x82D0D6CC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlResetBaseMcb, Type: EAT modification 0x82D0D6D0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlResetLargeMcb, Type: EAT modification 0x82D0D6D4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlSetEcpListIntoIrp, Type: EAT modification 0x82D0D6D8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlSplitBaseMcb, Type: EAT modification 0x82D0D6DC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlSplitLargeMcb, Type: EAT modification 0x82D0D6E0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlSyncVolumes, Type: EAT modification 0x82D0D6E4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlTeardownPerFileContexts, Type: EAT modification 0x82D0D6E8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlTeardownPerStreamContexts, Type: EAT modification 0x82D0D6EC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlTruncateBaseMcb, Type: EAT modification 0x82D0D6F0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlTruncateLargeMcb, Type: EAT modification 0x82D0D6F4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlTruncateMcb, Type: EAT modification 0x82D0D6F8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlUninitializeBaseMcb, Type: EAT modification 0x82D0D6FC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlUninitializeFileLock, Type: EAT modification 0x82D0D700-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlUninitializeLargeMcb, Type: EAT modification 0x82D0D704-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlUninitializeMcb, Type: EAT modification 0x82D0D708-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlUninitializeOplock, Type: EAT modification 0x82D0D70C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlValidateReparsePointBuffer, Type: EAT modification 0x82D0D710-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->HalDispatchTable, Type: EAT modification 0x82D0D714-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->HalExamineMBR, Type: EAT modification 0x82D0D0E8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->HalPrivateDispatchTable, Type: EAT modification 0x82D0D718-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->HeadlessDispatch, Type: EAT modification 0x82D0D71C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->HvlQueryConnection, Type: EAT modification 0x82D0D720-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InbvAcquireDisplayOwnership, Type: EAT modification 0x82D0D724-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InbvCheckDisplayOwnership, Type: EAT modification 0x82D0D728-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InbvDisplayString, Type: EAT modification 0x82D0D72C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InbvEnableBootDriver, Type: EAT modification 0x82D0D730-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InbvEnableDisplayString, Type: EAT modification 0x82D0D734-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InbvInstallDisplayStringFilter, Type: EAT modification 0x82D0D738-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InbvIsBootDriverInstalled, Type: EAT modification 0x82D0D73C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InbvNotifyDisplayOwnershipLost, Type: EAT modification 0x82D0D740-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InbvResetDisplay, Type: EAT modification 0x82D0D744-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InbvSetScrollRegion, Type: EAT modification 0x82D0D748-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InbvSetTextColor, Type: EAT modification 0x82D0D74C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InbvSolidColorFill, Type: EAT modification 0x82D0D750-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InitSafeBootMode, Type: EAT modification 0x82D0D754-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InterlockedCompareExchange, Type: EAT modification 0x82D0D0EC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InterlockedDecrement, Type: EAT modification 0x82D0D0F0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InterlockedExchange, Type: EAT modification 0x82D0D0F4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InterlockedExchangeAdd, Type: EAT modification 0x82D0D0F8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InterlockedIncrement, Type: EAT modification 0x82D0D0FC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InterlockedPopEntrySList, Type: EAT modification 0x82D0D100-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InterlockedPushEntrySList, Type: EAT modification 0x82D0D104-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAcquireCancelSpinLock, Type: EAT modification 0x82D0D758-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAcquireRemoveLockEx, Type: EAT modification 0x82D0D75C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAcquireVpbSpinLock, Type: EAT modification 0x82D0D760-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAdapterObjectType, Type: EAT modification 0x82D0D764-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAllocateAdapterChannel, Type: EAT modification 0x82D0D768-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAllocateController, Type: EAT modification 0x82D0D76C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAllocateDriverObjectExtension, Type: EAT modification 0x82D0D770-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAllocateErrorLogEntry, Type: EAT modification 0x82D0D774-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAllocateIrp, Type: EAT modification 0x82D0D778-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAllocateMdl, Type: EAT modification 0x82D0D77C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAllocateMiniCompletionPacket, Type: EAT modification 0x82D0D780-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAllocateSfioStreamIdentifier, Type: EAT modification 0x82D0D784-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAllocateWorkItem, Type: EAT modification 0x82D0D788-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoApplyPriorityInfoThread, Type: EAT modification 0x82D0D78C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAssignDriveLetters, Type: EAT modification 0x82D0D108-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAssignResources, Type: EAT modification 0x82D0D790-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAttachDevice, Type: EAT modification 0x82D0D794-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAttachDeviceByPointer, Type: EAT modification 0x82D0D798-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAttachDeviceToDeviceStack, Type: EAT modification 0x82D0D79C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAttachDeviceToDeviceStackSafe, Type: EAT modification 0x82D0D7A0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoBuildAsynchronousFsdRequest, Type: EAT modification 0x82D0D7A4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoBuildDeviceIoControlRequest, Type: EAT modification 0x82D0D7A8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoBuildPartialMdl, Type: EAT modification 0x82D0D7AC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoBuildSynchronousFsdRequest, Type: EAT modification 0x82D0D7B0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCallDriver, Type: EAT modification 0x82D0D7B4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCallDriverStackSafe, Type: EAT modification 0x82D0D10C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCancelFileOpen, Type: EAT modification 0x82D0D7B8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCancelIrp, Type: EAT modification 0x82D0D7BC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCheckDesiredAccess, Type: EAT modification 0x82D0D7C0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCheckEaBufferValidity, Type: EAT modification 0x82D0D7C4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCheckFunctionAccess, Type: EAT modification 0x82D0D7C8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCheckQuerySetFileInformation, Type: EAT modification 0x82D0D7CC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCheckQuerySetVolumeInformation, Type: EAT modification 0x82D0D7D0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCheckQuotaBufferValidity, Type: EAT modification 0x82D0D7D4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCheckShareAccess, Type: EAT modification 0x82D0D7D8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCheckShareAccessEx, Type: EAT modification 0x82D0D7DC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoClearDependency, Type: EAT modification 0x82D0D7E0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoClearIrpExtraCreateParameter, Type: EAT modification 0x82D0D7E4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCompleteRequest, Type: EAT modification 0x82D0D7E8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoConnectInterrupt, Type: EAT modification 0x82D0D7EC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoConnectInterruptEx, Type: EAT modification 0x82D0D7F0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCreateArcName, Type: EAT modification 0x82D0D7F4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCreateController, Type: EAT modification 0x82D0D7F8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCreateDevice, Type: EAT modification 0x82D0D7FC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCreateDisk, Type: EAT modification 0x82D0D800-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCreateDriver, Type: EAT modification 0x82D0D804-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCreateFile, Type: EAT modification 0x82D0D808-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCreateFileEx, Type: EAT modification 0x82D0D80C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCreateFileSpecifyDeviceObjectHint, Type: EAT modification 0x82D0D810-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCreateNotificationEvent, Type: EAT modification 0x82D0D814-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCreateStreamFileObject, Type: EAT modification 0x82D0D818-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCreateStreamFileObjectEx, Type: EAT modification 0x82D0D81C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCreateStreamFileObjectLite, Type: EAT modification 0x82D0D820-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCreateSymbolicLink, Type: EAT modification 0x82D0D824-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCreateSynchronizationEvent, Type: EAT modification 0x82D0D828-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCreateUnprotectedSymbolicLink, Type: EAT modification 0x82D0D82C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCsqInitialize, Type: EAT modification 0x82D0D830-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCsqInitializeEx, Type: EAT modification 0x82D0D834-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCsqInsertIrp, Type: EAT modification 0x82D0D838-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCsqInsertIrpEx, Type: EAT modification 0x82D0D83C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCsqRemoveIrp, Type: EAT modification 0x82D0D840-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCsqRemoveNextIrp, Type: EAT modification 0x82D0D844-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoDeleteAllDependencyRelations, Type: EAT modification 0x82D0D848-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoDeleteController, Type: EAT modification 0x82D0D84C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoDeleteDevice, Type: EAT modification 0x82D0D850-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoDeleteDriver, Type: EAT modification 0x82D0D854-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoDeleteSymbolicLink, Type: EAT modification 0x82D0D858-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoDetachDevice, Type: EAT modification 0x82D0D85C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoDeviceHandlerObjectSize, Type: EAT modification 0x82D0D860-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoDeviceHandlerObjectType, Type: EAT modification 0x82D0D864-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoDeviceObjectType, Type: EAT modification 0x82D0D868-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoDisconnectInterrupt, Type: EAT modification 0x82D0D86C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoDisconnectInterruptEx, Type: EAT modification 0x82D0D870-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoDriverObjectType, Type: EAT modification 0x82D0D874-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoDuplicateDependency, Type: EAT modification 0x82D0D878-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoEnqueueIrp, Type: EAT modification 0x82D0D87C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoEnumerateDeviceObjectList, Type: EAT modification 0x82D0D880-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoEnumerateRegisteredFiltersList, Type: EAT modification 0x82D0D884-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoFastQueryNetworkAttributes, Type: EAT modification 0x82D0D888-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IofCallDriver, Type: EAT modification 0x82D0D120-->8305E048 [unknown_code_page]

ntkrnlpa.exe-->IofCompleteRequest, Type: EAT modification 0x82D0D124-->8304E061 [unknown_code_page]

ntkrnlpa.exe-->IoFileObjectType, Type: EAT modification 0x82D0D88C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoForwardAndCatchIrp, Type: EAT modification 0x82D0D890-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoForwardIrpSynchronously, Type: EAT modification 0x82D0D894-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoFreeController, Type: EAT modification 0x82D0D898-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoFreeErrorLogEntry, Type: EAT modification 0x82D0D89C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoFreeIrp, Type: EAT modification 0x82D0D8A0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoFreeMdl, Type: EAT modification 0x82D0D8A4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoFreeMiniCompletionPacket, Type: EAT modification 0x82D0D8A8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoFreeSfioStreamIdentifier, Type: EAT modification 0x82D0D8AC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoFreeWorkItem, Type: EAT modification 0x82D0D8B0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetAttachedDevice, Type: EAT modification 0x82D0D8B4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetAttachedDeviceReference, Type: EAT modification 0x82D0D8B8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetBaseFileSystemDeviceObject, Type: EAT modification 0x82D0D8BC-->84D2078C [unknown_code_page]

ntkrnlpa.exe-->IoGetBootDiskInformationLite, Type: EAT modification 0x82D0D8C4-->8EA20A9B [unknown_code_page]

ntkrnlpa.exe-->IoGetDeviceAttachmentBaseRef, Type: EAT modification 0x82D0D8D0-->82D0D1A0 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetDeviceInterfaceAlias, Type: EAT modification 0x82D0D8D4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetDeviceInterfaces, Type: EAT modification 0x82D0D8D8-->82A2566F [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetDeviceObjectPointer, Type: EAT modification 0x82D0D8DC-->82F3E05C [unknown_code_page]

ntkrnlpa.exe-->IoGetDeviceProperty, Type: EAT modification 0x82D0D8E0-->8313E079 [unknown_code_page]

ntkrnlpa.exe-->IoGetDevicePropertyData, Type: EAT modification 0x82D0D8E4-->8305E074 [unknown_code_page]

ntkrnlpa.exe-->IoGetDeviceToVerify, Type: EAT modification 0x82D0D8E8-->82F2E06D [unknown_code_page]

ntkrnlpa.exe-->IoGetDiskDeviceObject, Type: EAT modification 0x82D0D8EC-->830FE06F [unknown_code_page]

ntkrnlpa.exe-->IoGetDmaAdapter, Type: EAT modification 0x82D0D8F0-->82FCE074 [unknown_code_page]

ntkrnlpa.exe-->IoGetDriverObjectExtension, Type: EAT modification 0x82D0D8F4-->8319E073 [unknown_code_page]

ntkrnlpa.exe-->IoGetFileObjectGenericMapping, Type: EAT modification 0x82D0D8F8-->8314E073 [unknown_code_page]

ntkrnlpa.exe-->IoGetInitialStack, Type: EAT modification 0x82D0D8FC-->830DE065 [unknown_code_page]

ntkrnlpa.exe-->IoGetIoPriorityHint, Type: EAT modification 0x82D0D900-->82D2E033 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetIrpExtraCreateParameter, Type: EAT modification 0x82D0D904-->830EE05C [unknown_code_page]

ntkrnlpa.exe-->IoGetLowerDeviceObject, Type: EAT modification 0x82D0D908-->830BE074 [unknown_code_page]

ntkrnlpa.exe-->IoGetPagingIoPriority, Type: EAT modification 0x82D0D110-->830EE072 [unknown_code_page]

ntkrnlpa.exe-->IoGetRelatedDeviceObject, Type: EAT modification 0x82D0D90C-->8310E06C [unknown_code_page]

ntkrnlpa.exe-->IoGetRequestorProcess, Type: EAT modification 0x82D0D910-->82CEE061 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetRequestorProcessId, Type: EAT modification 0x82D0D914-->8318E065 [unknown_code_page]

ntkrnlpa.exe-->IoGetRequestorSessionId, Type: EAT modification 0x82D0D918-->82A0E065 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetSfioStreamIdentifier, Type: EAT modification 0x82D0D91C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetStackLimits, Type: EAT modification 0x82D0D920-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetSymlinkSupportInformation, Type: EAT modification 0x82D0D924-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetTopLevelIrp, Type: EAT modification 0x82D0D928-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetTransactionParameterBlock, Type: EAT modification 0x82D0D92C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoInitializeIrp, Type: EAT modification 0x82D0D930-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoInitializeRemoveLockEx, Type: EAT modification 0x82D0D934-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoInitializeTimer, Type: EAT modification 0x82D0D938-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoInitializeWorkItem, Type: EAT modification 0x82D0D93C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoInvalidateDeviceRelations, Type: EAT modification 0x82D0D940-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoInvalidateDeviceState, Type: EAT modification 0x82D0D944-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoIsFileObjectIgnoringSharing, Type: EAT modification 0x82D0D948-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoIsFileOriginRemote, Type: EAT modification 0x82D0D94C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoIsOperationSynchronous, Type: EAT modification 0x82D0D950-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoIsSystemThread, Type: EAT modification 0x82D0D954-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoIsValidNameGraftingBuffer, Type: EAT modification 0x82D0D958-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoIsWdmVersionAvailable, Type: EAT modification 0x82D0D95C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoMakeAssociatedIrp, Type: EAT modification 0x82D0D960-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoOpenDeviceInterfaceRegistryKey, Type: EAT modification 0x82D0D964-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoOpenDeviceRegistryKey, Type: EAT modification 0x82D0D968-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoPageRead, Type: EAT modification 0x82D0D96C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoPnPDeliverServicePowerNotification, Type: EAT modification 0x82D0D970-->82A0E000 [ntkrnlpa.exe]

Link to post
Share on other sites

2nd RootKit Unhooker Log ((Continued))

==============================================

>Hooks ((part 2))

==============================================

ntkrnlpa.exe-->IoQueryDeviceDescription, Type: EAT modification 0x82D0D974-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoQueryFileDosDeviceName, Type: EAT modification 0x82D0D978-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoQueryFileInformation, Type: EAT modification 0x82D0D97C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoQueryVolumeInformation, Type: EAT modification 0x82D0D980-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoQueueThreadIrp, Type: EAT modification 0x82D0D984-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoQueueWorkItem, Type: EAT modification 0x82D0D988-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoQueueWorkItemEx, Type: EAT modification 0x82D0D98C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoRaiseHardError, Type: EAT modification 0x82D0D990-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoRaiseInformationalHardError, Type: EAT modification 0x82D0D994-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReadDiskSignature, Type: EAT modification 0x82D0D998-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReadOperationCount, Type: EAT modification 0x82D0D99C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReadPartitionTable, Type: EAT modification 0x82D0D114-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReadPartitionTableEx, Type: EAT modification 0x82D0D9A0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReadTransferCount, Type: EAT modification 0x82D0D9A4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoRegisterBootDriverReinitialization, Type: EAT modification 0x82D0D9A8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoRegisterDeviceInterface, Type: EAT modification 0x82D0D9AC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoRegisterDriverReinitialization, Type: EAT modification 0x82D0D9B0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoRegisterFileSystem, Type: EAT modification 0x82D0D9B4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoRegisterFsRegistrationChange, Type: EAT modification 0x82D0D9B8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoRegisterLastChanceShutdownNotification, Type: EAT modification 0x82D0D9BC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoRegisterPlugPlayNotification, Type: EAT modification 0x82D0D9C0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoRegisterShutdownNotification, Type: EAT modification 0x82D0D9C4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReleaseCancelSpinLock, Type: EAT modification 0x82D0D9C8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReleaseRemoveLockAndWaitEx, Type: EAT modification 0x82D0D9CC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReleaseRemoveLockEx, Type: EAT modification 0x82D0D9D0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReleaseVpbSpinLock, Type: EAT modification 0x82D0D9D4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoRemoveShareAccess, Type: EAT modification 0x82D0D9D8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReplacePartitionUnit, Type: EAT modification 0x82D0D9DC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReportDetectedDevice, Type: EAT modification 0x82D0D9E0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReportHalResourceUsage, Type: EAT modification 0x82D0D9E4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReportResourceForDetection, Type: EAT modification 0x82D0D9E8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReportResourceUsage, Type: EAT modification 0x82D0D9EC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReportTargetDeviceChange, Type: EAT modification 0x82D0D9F0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReportTargetDeviceChangeAsynchronous, Type: EAT modification 0x82D0D9F4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoRequestDeviceEject, Type: EAT modification 0x82D0D9F8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoRequestDeviceEjectEx, Type: EAT modification 0x82D0D9FC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoRetrievePriorityInfo, Type: EAT modification 0x82D0DA00-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReuseIrp, Type: EAT modification 0x82D0DA04-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetCompletionRoutineEx, Type: EAT modification 0x82D0DA08-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetDependency, Type: EAT modification 0x82D0DA0C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetDeviceInterfaceState, Type: EAT modification 0x82D0DA10-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetDevicePropertyData, Type: EAT modification 0x82D0DA14-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetDeviceToVerify, Type: EAT modification 0x82D0DA18-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetFileOrigin, Type: EAT modification 0x82D0DA1C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetHardErrorOrVerifyDevice, Type: EAT modification 0x82D0DA20-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetInformation, Type: EAT modification 0x82D0DA24-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetIoCompletion, Type: EAT modification 0x82D0DA28-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetIoCompletionEx, Type: EAT modification 0x82D0DA2C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetIoPriorityHint, Type: EAT modification 0x82D0DA30-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetIoPriorityHintIntoFileObject, Type: EAT modification 0x82D0DA34-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetIoPriorityHintIntoThread, Type: EAT modification 0x82D0DA38-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetIrpExtraCreateParameter, Type: EAT modification 0x82D0DA3C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetPartitionInformation, Type: EAT modification 0x82D0D118-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetPartitionInformationEx, Type: EAT modification 0x82D0DA40-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetShareAccess, Type: EAT modification 0x82D0DA44-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetShareAccessEx, Type: EAT modification 0x82D0DA48-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetStartIoAttributes, Type: EAT modification 0x82D0DA4C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetSystemPartition, Type: EAT modification 0x82D0DA50-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetThreadHardErrorMode, Type: EAT modification 0x82D0DA54-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetTopLevelIrp, Type: EAT modification 0x82D0DA58-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSizeofWorkItem, Type: EAT modification 0x82D0DA5C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoStartNextPacket, Type: EAT modification 0x82D0DA60-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoStartNextPacketByKey, Type: EAT modification 0x82D0DA64-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoStartPacket, Type: EAT modification 0x82D0DA68-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoStartTimer, Type: EAT modification 0x82D0DA6C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoStatisticsLock, Type: EAT modification 0x82D0DA70-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoStopTimer, Type: EAT modification 0x82D0DA74-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSynchronousInvalidateDeviceRelations, Type: EAT modification 0x82D0DA78-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSynchronousPageWrite, Type: EAT modification 0x82D0DA7C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoThreadToProcess, Type: EAT modification 0x82D0DA80-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoTranslateBusAddress, Type: EAT modification 0x82D0DA84-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoUninitializeWorkItem, Type: EAT modification 0x82D0DA88-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoUnregisterFileSystem, Type: EAT modification 0x82D0DA8C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoUnregisterFsRegistrationChange, Type: EAT modification 0x82D0DA90-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoUnregisterPlugPlayNotification, Type: EAT modification 0x82D0DA94-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoUnregisterShutdownNotification, Type: EAT modification 0x82D0DA98-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoUpdateShareAccess, Type: EAT modification 0x82D0DA9C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoValidateDeviceIoControlAccess, Type: EAT modification 0x82D0DAA0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoVerifyPartitionTable, Type: EAT modification 0x82D0DAA4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoVerifyVolume, Type: EAT modification 0x82D0DAA8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoVolumeDeviceToDosName, Type: EAT modification 0x82D0DAAC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoWithinStackLimits, Type: EAT modification 0x82D0DAEC-->8305E078 [unknown_code_page]

ntkrnlpa.exe-->IoWMIAllocateInstanceIds, Type: EAT modification 0x82D0DAB0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoWMIDeviceObjectToInstanceName, Type: EAT modification 0x82D0DAB4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoWMIExecuteMethod, Type: EAT modification 0x82D0DAB8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoWMIHandleToInstanceName, Type: EAT modification 0x82D0DABC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoWMIOpenBlock, Type: EAT modification 0x82D0DAC0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoWMIQueryAllData, Type: EAT modification 0x82D0DAC4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoWMIQueryAllDataMultiple, Type: EAT modification 0x82D0DAC8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoWMIQuerySingleInstance, Type: EAT modification 0x82D0DACC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoWMIQuerySingleInstanceMultiple, Type: EAT modification 0x82D0DAD0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoWMIRegistrationControl, Type: EAT modification 0x82D0DAD4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoWMISetNotificationCallback, Type: EAT modification 0x82D0DAD8-->8314E06E [unknown_code_page]

ntkrnlpa.exe-->IoWMISetSingleInstance, Type: EAT modification 0x82D0DADC-->8312E06B [unknown_code_page]

ntkrnlpa.exe-->IoWMISetSingleItem, Type: EAT modification 0x82D0DAE0-->830CE06E [unknown_code_page]

ntkrnlpa.exe-->IoWMISuggestInstanceName, Type: EAT modification 0x82D0DAE4-->8301E070 [unknown_code_page]

ntkrnlpa.exe-->IoWMIWriteEvent, Type: EAT modification 0x82D0DAE8-->8305E02E [unknown_code_page]

ntkrnlpa.exe-->IoWriteErrorLogEntry, Type: EAT modification 0x82D0DAF0-->82CDE02D [ntkrnlpa.exe]

ntkrnlpa.exe-->IoWriteOperationCount, Type: EAT modification 0x82D0DAF4-->82E1E03E [unknown_code_page]

ntkrnlpa.exe-->IoWritePartitionTable, Type: EAT modification 0x82D0D11C-->8310E06C [unknown_code_page]

ntkrnlpa.exe-->IoWritePartitionTableEx, Type: EAT modification 0x82D0DAF8-->82E7E063 [unknown_code_page]

ntkrnlpa.exe-->IoWriteTransferCount, Type: EAT modification 0x82D0DAFC-->8314E065 [unknown_code_page]

ntkrnlpa.exe-->isdigit, Type: EAT modification 0x82D0EE00-->8590C1B0 [unknown_code_page]

ntkrnlpa.exe-->islower, Type: EAT modification 0x82D0EE04-->82A0E002 [ntkrnlpa.exe]

ntkrnlpa.exe-->isprint, Type: EAT modification 0x82D0EE08-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->isspace, Type: EAT modification 0x82D0EE0C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->isupper, Type: EAT modification 0x82D0EE10-->F59FF8CF [unknown_code_page]

ntkrnlpa.exe-->isxdigit, Type: EAT modification 0x82D0EE14-->92A20B19 [unknown_code_page]

ntkrnlpa.exe-->KdChangeOption, Type: EAT modification 0x82D0DB00-->8312E065 [unknown_code_page]

ntkrnlpa.exe-->KdDebuggerEnabled, Type: EAT modification 0x82D0DB04-->8309E053 [unknown_code_page]

ntkrnlpa.exe-->KdDebuggerNotPresent, Type: EAT modification 0x82D0DB08-->8305E07A [unknown_code_page]

ntkrnlpa.exe-->KdDisableDebugger, Type: EAT modification 0x82D0DB0C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KdEnableDebugger, Type: EAT modification 0x82D0DB10-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KdEnteredDebugger, Type: EAT modification 0x82D0DB14-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KdPollBreakIn, Type: EAT modification 0x82D0DB18-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KdPowerTransition, Type: EAT modification 0x82D0DB1C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KdRefreshDebuggerNotPresent, Type: EAT modification 0x82D0DB20-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KdSystemDebugControl, Type: EAT modification 0x82D0DB24-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->Ke386CallBios, Type: EAT modification 0x82D0DB28-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->Ke386IoSetAccessProcess, Type: EAT modification 0x82D0DB2C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->Ke386QueryIoAccessMap, Type: EAT modification 0x82D0DB30-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->Ke386SetIoAccessMap, Type: EAT modification 0x82D0DB34-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeAcquireGuardedMutex, Type: EAT modification 0x82D0D128-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeAcquireGuardedMutexUnsafe, Type: EAT modification 0x82D0D12C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeAcquireInStackQueuedSpinLockAtDpcLevel, Type: EAT modification 0x82D0D130-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeAcquireInStackQueuedSpinLockForDpc, Type: EAT modification 0x82D0D134-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeAcquireInterruptSpinLock, Type: EAT modification 0x82D0DB38-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeAcquireSpinLockAtDpcLevel, Type: EAT modification 0x82D0DB3C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeAcquireSpinLockForDpc, Type: EAT modification 0x82D0D138-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeAddSystemServiceTable, Type: EAT modification 0x82D0DB40-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeAlertThread, Type: EAT modification 0x82D0DB44-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeAllocateCalloutStack, Type: EAT modification 0x82D0DB48-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeAreAllApcsDisabled, Type: EAT modification 0x82D0DB4C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeAreApcsDisabled, Type: EAT modification 0x82D0DB50-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeAttachProcess, Type: EAT modification 0x82D0DB54-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeBugCheck, Type: EAT modification 0x82D0DB58-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeBugCheckEx, Type: EAT modification 0x82D0DB5C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeCancelTimer, Type: EAT modification 0x82D0DB60-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeCapturePersistentThreadState, Type: EAT modification 0x82D0DB64-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeClearEvent, Type: EAT modification 0x82D0DB68-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeDelayExecutionThread, Type: EAT modification 0x82D0DB6C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeDeregisterBugCheckCallback, Type: EAT modification 0x82D0DB70-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeDeregisterBugCheckReasonCallback, Type: EAT modification 0x82D0DB74-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeDeregisterNmiCallback, Type: EAT modification 0x82D0DB78-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeDeregisterProcessorChangeCallback, Type: EAT modification 0x82D0DB7C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeDetachProcess, Type: EAT modification 0x82D0DB80-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeEnterCriticalRegion, Type: EAT modification 0x82D0DB84-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeEnterGuardedRegion, Type: EAT modification 0x82D0DB88-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeEnterKernelDebugger, Type: EAT modification 0x82D0DB8C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeExpandKernelStackAndCallout, Type: EAT modification 0x82D0DB90-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeExpandKernelStackAndCalloutEx, Type: EAT modification 0x82D0DB94-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KefAcquireSpinLockAtDpcLevel, Type: EAT modification 0x82D0D168-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeFindConfigurationEntry, Type: EAT modification 0x82D0DB98-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeFindConfigurationNextEntry, Type: EAT modification 0x82D0DB9C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeFlushEntireTb, Type: EAT modification 0x82D0DBA0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeFlushQueuedDpcs, Type: EAT modification 0x82D0DBA4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeFreeCalloutStack, Type: EAT modification 0x82D0DBA8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KefReleaseSpinLockFromDpcLevel, Type: EAT modification 0x82D0D16C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeGenericCallDpc, Type: EAT modification 0x82D0DBAC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeGetCurrentThread, Type: EAT modification 0x82D0DBB0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeGetPreviousMode, Type: EAT modification 0x82D0DBB4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeGetRecommendedSharedDataAlignment, Type: EAT modification 0x82D0DBB8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeI386AbiosCall, Type: EAT modification 0x82D0DBBC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeI386AllocateGdtSelectors, Type: EAT modification 0x82D0DBC0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeI386Call16BitCStyleFunction, Type: EAT modification 0x82D0DBC4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeI386Call16BitFunction, Type: EAT modification 0x82D0DBC8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->Kei386EoiHelper, Type: EAT modification 0x82D0D198-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeI386FlatToGdtSelector, Type: EAT modification 0x82D0DBCC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeI386GetLid, Type: EAT modification 0x82D0DBD0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeI386MachineType, Type: EAT modification 0x82D0DBD4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeI386ReleaseGdtSelectors, Type: EAT modification 0x82D0DBD8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeI386ReleaseLid, Type: EAT modification 0x82D0DBDC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeI386SetGdtSelector, Type: EAT modification 0x82D0DBE0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInitializeApc, Type: EAT modification 0x82D0DBE4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInitializeCrashDumpHeader, Type: EAT modification 0x82D0DBE8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInitializeDeviceQueue, Type: EAT modification 0x82D0DBEC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInitializeDpc, Type: EAT modification 0x82D0DBF0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInitializeEvent, Type: EAT modification 0x82D0DBF4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInitializeGuardedMutex, Type: EAT modification 0x82D0D13C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInitializeInterrupt, Type: EAT modification 0x82D0DBF8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInitializeMutant, Type: EAT modification 0x82D0DBFC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInitializeMutex, Type: EAT modification 0x82D0DC00-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInitializeQueue, Type: EAT modification 0x82D0DC04-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInitializeSemaphore, Type: EAT modification 0x82D0DC08-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInitializeSpinLock, Type: EAT modification 0x82D0DC0C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInitializeThreadedDpc, Type: EAT modification 0x82D0DC10-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInitializeTimer, Type: EAT modification 0x82D0DC14-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInitializeTimerEx, Type: EAT modification 0x82D0DC18-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInsertByKeyDeviceQueue, Type: EAT modification 0x82D0DC1C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInsertDeviceQueue, Type: EAT modification 0x82D0DC20-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInsertHeadQueue, Type: EAT modification 0x82D0DC24-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInsertQueue, Type: EAT modification 0x82D0DC28-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInsertQueueApc, Type: EAT modification 0x82D0DC2C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInsertQueueDpc, Type: EAT modification 0x82D0DC30-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInvalidateAllCaches, Type: EAT modification 0x82D0DC34-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInvalidateRangeAllCaches, Type: EAT modification 0x82D0D140-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeIpiGenericCall, Type: EAT modification 0x82D0DC38-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeIsAttachedProcess, Type: EAT modification 0x82D0DC3C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeIsExecutingDpc, Type: EAT modification 0x82D0DC40-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeIsWaitListEmpty, Type: EAT modification 0x82D0DC44-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeLeaveCriticalRegion, Type: EAT modification 0x82D0DC48-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeLeaveGuardedRegion, Type: EAT modification 0x82D0DC4C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeLoaderBlock, Type: EAT modification 0x82D0DC50-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeNumberProcessors, Type: EAT modification 0x82D0DC54-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeProfileInterrupt, Type: EAT modification 0x82D0DC58-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeProfileInterruptWithSource, Type: EAT modification 0x82D0DC5C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KePulseEvent, Type: EAT modification 0x82D0DC60-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeQueryActiveProcessorCount, Type: EAT modification 0x82D0DC64-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeQueryActiveProcessors, Type: EAT modification 0x82D0DC68-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeQueryDpcWatchdogInformation, Type: EAT modification 0x82D0DC6C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeQueryInterruptTime, Type: EAT modification 0x82D0DC70-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeQueryMaximumProcessorCount, Type: EAT modification 0x82D0DC74-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeQueryPriorityThread, Type: EAT modification 0x82D0DC78-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeQueryRuntimeThread, Type: EAT modification 0x82D0DC7C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeQuerySystemTime, Type: EAT modification 0x82D0DC80-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeQueryTickCount, Type: EAT modification 0x82D0DC84-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeQueryTimeIncrement, Type: EAT modification 0x82D0DC88-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeRaiseUserException, Type: EAT modification 0x82D0DC8C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeReadStateEvent, Type: EAT modification 0x82D0DC90-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeReadStateMutant, Type: EAT modification 0x82D0DC94-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeReadStateMutex, Type: EAT modification 0x82D0DC98-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeReadStateQueue, Type: EAT modification 0x82D0DC9C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeReadStateSemaphore, Type: EAT modification 0x82D0DCA0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeReadStateTimer, Type: EAT modification 0x82D0DCA4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeRegisterBugCheckCallback, Type: EAT modification 0x82D0DCA8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeRegisterBugCheckReasonCallback, Type: EAT modification 0x82D0DCAC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeRegisterNmiCallback, Type: EAT modification 0x82D0DCB0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeRegisterProcessorChangeCallback, Type: EAT modification 0x82D0DCB4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeReleaseGuardedMutex, Type: EAT modification 0x82D0D144-->82DAE043 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeReleaseGuardedMutexUnsafe, Type: EAT modification 0x82D0D148-->82F7E05C [unknown_code_page]

ntkrnlpa.exe-->KeReleaseInStackQueuedSpinLockForDpc, Type: EAT modification 0x82D0D14C-->830EE069 [unknown_code_page]

ntkrnlpa.exe-->KeReleaseInStackQueuedSpinLockFromDpcLevel, Type: EAT modification 0x82D0D150-->830FE064 [unknown_code_page]

ntkrnlpa.exe-->KeReleaseInterruptSpinLock, Type: EAT modification 0x82D0DCB8-->8313E077 [unknown_code_page]

ntkrnlpa.exe-->KeReleaseMutant, Type: EAT modification 0x82D0DCBC-->8313E05C [unknown_code_page]

ntkrnlpa.exe-->KeReleaseMutex, Type: EAT modification 0x82D0DCC0-->8313E079 [unknown_code_page]

ntkrnlpa.exe-->KeReleaseSemaphore, Type: EAT modification 0x82D0DCC4-->8305E074 [unknown_code_page]

ntkrnlpa.exe-->KeReleaseSpinLockForDpc, Type: EAT modification 0x82D0D154-->82D3E06D [ntkrnlpa.exe]

ntkrnlpa.exe-->KeReleaseSpinLockFromDpcLevel, Type: EAT modification 0x82D0DCC8-->82FCE032 [unknown_code_page]

ntkrnlpa.exe-->KeRemoveByKeyDeviceQueue, Type: EAT modification 0x82D0DCCC-->8314E06E [unknown_code_page]

ntkrnlpa.exe-->KeRemoveByKeyDeviceQueueIfBusy, Type: EAT modification 0x82D0DCD0-->8312E06B [unknown_code_page]

ntkrnlpa.exe-->KeRemoveDeviceQueue, Type: EAT modification 0x82D0DCD4-->830CE06E [unknown_code_page]

ntkrnlpa.exe-->KeRemoveEntryDeviceQueue, Type: EAT modification 0x82D0DCD8-->8301E070 [unknown_code_page]

ntkrnlpa.exe-->KeRemoveQueue, Type: EAT modification 0x82D0DCDC-->8305E02E [unknown_code_page]

ntkrnlpa.exe-->KeRemoveQueueDpc, Type: EAT modification 0x82D0DCE0-->8305E078 [unknown_code_page]

ntkrnlpa.exe-->KeRemoveQueueEx, Type: EAT modification 0x82D0DCE4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeRemoveSystemServiceTable, Type: EAT modification 0x82D0DCE8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeResetEvent, Type: EAT modification 0x82D0DCEC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeRestoreFloatingPointState, Type: EAT modification 0x82D0DCF0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeRevertToUserAffinityThread, Type: EAT modification 0x82D0DCF4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeRevertToUserAffinityThreadEx, Type: EAT modification 0x82D0DCF8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeRundownQueue, Type: EAT modification 0x82D0DCFC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSaveFloatingPointState, Type: EAT modification 0x82D0DD00-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSaveStateForHibernate, Type: EAT modification 0x82D0DD04-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeServiceDescriptorTable, Type: EAT modification 0x82D0DD08-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSetActualBasePriorityThread, Type: EAT modification 0x82D0DD0C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSetAffinityThread, Type: EAT modification 0x82D0DD10-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSetBasePriorityThread, Type: EAT modification 0x82D0DD14-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSetDmaIoCoherency, Type: EAT modification 0x82D0DD18-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSetEvent, Type: EAT modification 0x82D0DD1C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSetEventBoostPriority, Type: EAT modification 0x82D0DD20-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSetIdealProcessorThread, Type: EAT modification 0x82D0DD24-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSetImportanceDpc, Type: EAT modification 0x82D0DD28-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSetKernelStackSwapEnable, Type: EAT modification 0x82D0DD2C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSetPriorityThread, Type: EAT modification 0x82D0DD30-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSetProfileIrql, Type: EAT modification 0x82D0DD34-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSetSystemAffinityThread, Type: EAT modification 0x82D0DD38-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSetSystemAffinityThreadEx, Type: EAT modification 0x82D0DD3C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSetTargetProcessorDpc, Type: EAT modification 0x82D0DD40-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSetTimeIncrement, Type: EAT modification 0x82D0DD44-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSetTimer, Type: EAT modification 0x82D0DD48-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSetTimerEx, Type: EAT modification 0x82D0DD4C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSignalCallDpcDone, Type: EAT modification 0x82D0DD50-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSignalCallDpcSynchronize, Type: EAT modification 0x82D0DD54-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeStackAttachProcess, Type: EAT modification 0x82D0DD58-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeStartDynamicProcessor, Type: EAT modification 0x82D0DD5C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSynchronizeExecution, Type: EAT modification 0x82D0DD60-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeTerminateThread, Type: EAT modification 0x82D0DD64-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeTestAlertThread, Type: EAT modification 0x82D0DD68-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeTestSpinLock, Type: EAT modification 0x82D0D158-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeTickCount, Type: EAT modification 0x82D0DD6C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeTryToAcquireGuardedMutex, Type: EAT modification 0x82D0D15C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeTryToAcquireSpinLockAtDpcLevel, Type: EAT modification 0x82D0D160-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeUnstackDetachProcess, Type: EAT modification 0x82D0DD70-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeUpdateRunTime, Type: EAT modification 0x82D0D164-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeUpdateSystemTime, Type: EAT modification 0x82D0DD74-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeUserModeCallback, Type: EAT modification 0x82D0DD78-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeWaitForMultipleObjects, Type: EAT modification 0x82D0DD7C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeWaitForMutexObject, Type: EAT modification 0x82D0DD80-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeWaitForSingleObject, Type: EAT modification 0x82D0DD84-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KiAcquireSpinLock, Type: EAT modification 0x82D0D170-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KiBugCheckData, Type: EAT modification 0x82D0DD88-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KiCheckForKernelApcDelivery, Type: EAT modification 0x82D0DD8C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KiCheckForSListAddress, Type: EAT modification 0x82D0D174-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KiCoprocessorError, Type: EAT modification 0x82D0DD90-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KiDeliverApc, Type: EAT modification 0x82D0DD94-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KiDispatchInterrupt, Type: EAT modification 0x82D0DD98-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->Kii386SpinOnSpinLock, Type: EAT modification 0x82D0D19C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KiIpiServiceRoutine, Type: EAT modification 0x82D0DD9C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KiReleaseSpinLock, Type: EAT modification 0x82D0D178-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KiUnexpectedInterrupt, Type: EAT modification 0x82D0DDA0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->LdrAccessResource, Type: EAT modification 0x82D0DDA4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->LdrEnumResources, Type: EAT modification 0x82D0DDA8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->LdrFindResourceDirectory_U, Type: EAT modification 0x82D0DDAC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->LdrFindResourceEx_U, Type: EAT modification 0x82D0DDB0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->LdrFindResource_U, Type: EAT modification 0x82D0DDB4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->LdrResFindResource, Type: EAT modification 0x82D0DDB8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->LdrResFindResourceDirectory, Type: EAT modification 0x82D0DDBC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->LdrResSearchResource, Type: EAT modification 0x82D0DDC0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->LpcPortObjectType, Type: EAT modification 0x82D0DDC4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->LpcReplyWaitReplyPort, Type: EAT modification 0x82D0DDC8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->LpcRequestPort, Type: EAT modification 0x82D0DDCC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->LpcRequestWaitReplyPort, Type: EAT modification 0x82D0DDD0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->LpcRequestWaitReplyPortEx, Type: EAT modification 0x82D0DDD4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->LpcSendWaitReceivePort, Type: EAT modification 0x82D0DDD8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->LsaCallAuthenticationPackage, Type: EAT modification 0x82D0DDDC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->LsaDeregisterLogonProcess, Type: EAT modification 0x82D0DDE0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->LsaFreeReturnBuffer, Type: EAT modification 0x82D0DDE4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->LsaLogonUser, Type: EAT modification 0x82D0DDE8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->LsaLookupAuthenticationPackage, Type: EAT modification 0x82D0DDEC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->LsaRegisterLogonProcess, Type: EAT modification 0x82D0DDF0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->mbstowcs, Type: EAT modification 0x82D0EE18-->85B4B330 [unknown_code_page]

ntkrnlpa.exe-->mbtowc, Type: EAT modification 0x82D0EE1C-->85B4B378 [unknown_code_page]

ntkrnlpa.exe-->memchr, Type: EAT modification 0x82D0EE20-->85B4B3C6 [unknown_code_page]

ntkrnlpa.exe-->memcpy, Type: EAT modification 0x82D0EE24-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->memmove, Type: EAT modification 0x82D0EE28-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->memset, Type: EAT modification 0x82D0EE2C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->Mm64BitPhysicalAddress, Type: EAT modification 0x82D0DDF4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmAddPhysicalMemory, Type: EAT modification 0x82D0DDF8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmAddVerifierThunks, Type: EAT modification 0x82D0DDFC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmAdjustWorkingSetSize, Type: EAT modification 0x82D0DE00-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmAdvanceMdl, Type: EAT modification 0x82D0DE04-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmAllocateContiguousMemory, Type: EAT modification 0x82D0DE08-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmAllocateContiguousMemorySpecifyCache, Type: EAT modification 0x82D0DE0C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmAllocateContiguousMemorySpecifyCacheNode, Type: EAT modification 0x82D0DE10-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmAllocateMappingAddress, Type: EAT modification 0x82D0DE14-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmAllocateNonCachedMemory, Type: EAT modification 0x82D0DE18-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmAllocatePagesForMdl, Type: EAT modification 0x82D0DE1C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmAllocatePagesForMdlEx, Type: EAT modification 0x82D0DE20-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmBadPointer, Type: EAT modification 0x82D0DE24-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmBuildMdlForNonPagedPool, Type: EAT modification 0x82D0DE28-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmCanFileBeTruncated, Type: EAT modification 0x82D0DE2C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmCommitSessionMappedView, Type: EAT modification 0x82D0DE30-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmCopyVirtualMemory, Type: EAT modification 0x82D0DE34-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmCreateMdl, Type: EAT modification 0x82D0DE38-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmCreateMirror, Type: EAT modification 0x82D0DE3C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmCreateSection, Type: EAT modification 0x82D0DE40-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmDisableModifiedWriteOfSection, Type: EAT modification 0x82D0DE44-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmDoesFileHaveUserWritableReferences, Type: EAT modification 0x82D0DE48-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmFlushImageSection, Type: EAT modification 0x82D0DE4C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmForceSectionClosed, Type: EAT modification 0x82D0DE50-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmFreeContiguousMemory, Type: EAT modification 0x82D0DE54-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmFreeContiguousMemorySpecifyCache, Type: EAT modification 0x82D0DE58-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmFreeMappingAddress, Type: EAT modification 0x82D0DE5C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmFreeNonCachedMemory, Type: EAT modification 0x82D0DE60-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmFreePagesFromMdl, Type: EAT modification 0x82D0DE64-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmGetPhysicalAddress, Type: EAT modification 0x82D0DE68-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmGetPhysicalMemoryRanges, Type: EAT modification 0x82D0DE6C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmGetSystemRoutineAddress, Type: EAT modification 0x82D0DE70-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmGetVirtualForPhysical, Type: EAT modification 0x82D0DE74-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmGrowKernelStack, Type: EAT modification 0x82D0DE78-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmHighestUserAddress, Type: EAT modification 0x82D0DE7C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmIsAddressValid, Type: EAT modification 0x82D0DE80-->82A0E009 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmIsDriverVerifyingByAddress, Type: EAT modification 0x82D0DE88-->85A10711 [unknown_code_page]

ntkrnlpa.exe-->MmIsIoSpaceActive, Type: EAT modification 0x82D0DE8C-->F59FF8CF [unknown_code_page]

ntkrnlpa.exe-->MmIsNonPagedSystemAddressValid, Type: EAT modification 0x82D0DE90-->92A20B51 [unknown_code_page]

ntkrnlpa.exe-->MmIsRecursiveIoFault, Type: EAT modification 0x82D0DE94-->85BE8D18 [unknown_code_page]

ntkrnlpa.exe-->MmIsThisAnNtAsSystem, Type: EAT modification 0x82D0DE98-->85BE8D5A [unknown_code_page]

ntkrnlpa.exe-->MmIsVerifierEnabled, Type: EAT modification 0x82D0DE9C-->85BE8DA8 [unknown_code_page]

ntkrnlpa.exe-->MmLockPagableDataSection, Type: EAT modification 0x82D0DEA0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmLockPagableImageSection, Type: EAT modification 0x82D0DEA4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmLockPagableSectionByHandle, Type: EAT modification 0x82D0DEA8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmMapIoSpace, Type: EAT modification 0x82D0DEAC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmMapLockedPages, Type: EAT modification 0x82D0DEB0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmMapLockedPagesSpecifyCache, Type: EAT modification 0x82D0DEB4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmMapLockedPagesWithReservedMapping, Type: EAT modification 0x82D0DEB8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmMapMemoryDumpMdl, Type: EAT modification 0x82D0DEBC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmMapUserAddressesToPage, Type: EAT modification 0x82D0DEC0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmMapVideoDisplay, Type: EAT modification 0x82D0DEC4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmMapViewInSessionSpace, Type: EAT modification 0x82D0DEC8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmMapViewInSystemSpace, Type: EAT modification 0x82D0DECC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmMapViewOfSection, Type: EAT modification 0x82D0DED0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmMarkPhysicalMemoryAsBad, Type: EAT modification 0x82D0DED4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmMarkPhysicalMemoryAsGood, Type: EAT modification 0x82D0DED8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmPageEntireDriver, Type: EAT modification 0x82D0DEDC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmPrefetchPages, Type: EAT modification 0x82D0DEE0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmProbeAndLockPages, Type: EAT modification 0x82D0DEE4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmProbeAndLockProcessPages, Type: EAT modification 0x82D0DEE8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmProbeAndLockSelectedPages, Type: EAT modification 0x82D0DEEC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmProtectMdlSystemAddress, Type: EAT modification 0x82D0DEF0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmQuerySystemSize, Type: EAT modification 0x82D0DEF4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmRemovePhysicalMemory, Type: EAT modification 0x82D0DEF8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmResetDriverPaging, Type: EAT modification 0x82D0DEFC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmRotatePhysicalView, Type: EAT modification 0x82D0DF00-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmSectionObjectType, Type: EAT modification 0x82D0DF04-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmSecureVirtualMemory, Type: EAT modification 0x82D0DF08-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmSetAddressRangeModified, Type: EAT modification 0x82D0DF0C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmSetBankedSection, Type: EAT modification 0x82D0DF10-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmSetUserExceptionCallout, Type: EAT modification 0x82D0DF14-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmSizeOfMdl, Type: EAT modification 0x82D0DF18-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmSystemRangeStart, Type: EAT modification 0x82D0DF1C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmTrimAllSystemPagableMemory, Type: EAT modification 0x82D0DF20-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmUnlockPagableImageSection, Type: EAT modification 0x82D0DF24-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmUnlockPages, Type: EAT modification 0x82D0DF28-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmUnmapIoSpace, Type: EAT modification 0x82D0DF2C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmUnmapLockedPages, Type: EAT modification 0x82D0DF30-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmUnmapReservedMapping, Type: EAT modification 0x82D0DF34-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmUnmapVideoDisplay, Type: EAT modification 0x82D0DF38-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmUnmapViewInSessionSpace, Type: EAT modification 0x82D0DF3C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmUnmapViewInSystemSpace, Type: EAT modification 0x82D0DF40-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmUnmapViewOfSection, Type: EAT modification 0x82D0DF44-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmUnsecureVirtualMemory, Type: EAT modification 0x82D0DF48-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmUserProbeAddress, Type: EAT modification 0x82D0DF4C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NlsAnsiCodePage, Type: EAT modification 0x82D0DF50-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NlsLeadByteInfo, Type: EAT modification 0x82D0DF54-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NlsMbCodePageTag, Type: EAT modification 0x82D0DF58-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NlsMbOemCodePageTag, Type: EAT modification 0x82D0DF5C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NlsOemCodePage, Type: EAT modification 0x82D0DF60-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NlsOemLeadByteInfo, Type: EAT modification 0x82D0DF64-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtAddAtom, Type: EAT modification 0x82D0DF68-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtAdjustPrivilegesToken, Type: EAT modification 0x82D0DF6C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtAllocateLocallyUniqueId, Type: EAT modification 0x82D0DF70-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtAllocateUuids, Type: EAT modification 0x82D0DF74-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtAllocateVirtualMemory, Type: EAT modification 0x82D0DF78-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtBuildGUID, Type: EAT modification 0x82D0DF7C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtBuildLab, Type: EAT modification 0x82D0DF80-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtBuildNumber, Type: EAT modification 0x82D0DF84-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtClose, Type: EAT modification 0x82D0DF88-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtCommitComplete, Type: EAT modification 0x82D0DF8C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtCommitEnlistment, Type: EAT modification 0x82D0DF90-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtCommitTransaction, Type: EAT modification 0x82D0DF94-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtConnectPort, Type: EAT modification 0x82D0DF98-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtCreateEnlistment, Type: EAT modification 0x82D0DF9C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtCreateEvent, Type: EAT modification 0x82D0DFA0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtCreateFile, Type: EAT modification 0x82D0DFA4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtCreateResourceManager, Type: EAT modification 0x82D0DFA8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtCreateSection, Type: Inline - RelativeJump 0x82C3F905-->8D87B9D6 [aswSP.SYS]

ntkrnlpa.exe-->NtCreateSection, Type: EAT modification 0x82D0DFAC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtCreateTransaction, Type: EAT modification 0x82D0DFB0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtDeleteAtom, Type: EAT modification 0x82D0DFB4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtDeleteFile, Type: EAT modification 0x82D0DFB8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtDeviceIoControlFile, Type: EAT modification 0x82D0DFBC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtDuplicateObject, Type: EAT modification 0x82D0DFC0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtDuplicateToken, Type: EAT modification 0x82D0DFC4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtEnumerateTransactionObject, Type: EAT modification 0x82D0DFC8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtFindAtom, Type: EAT modification 0x82D0DFCC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtFreeVirtualMemory, Type: EAT modification 0x82D0DFD0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtFreezeTransactions, Type: EAT modification 0x82D0DFD4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtFsControlFile, Type: EAT modification 0x82D0DFD8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtGetEnvironmentVariableEx, Type: EAT modification 0x82D0DFDC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtGetNotificationResourceManager, Type: EAT modification 0x82D0DFE0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtGlobalFlag, Type: EAT modification 0x82D0DFE4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtLockFile, Type: EAT modification 0x82D0DFE8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtMakePermanentObject, Type: EAT modification 0x82D0DFEC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtMapViewOfSection, Type: EAT modification 0x82D0DFF0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtNotifyChangeDirectoryFile, Type: EAT modification 0x82D0DFF4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtOpenEnlistment, Type: EAT modification 0x82D0DFF8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtOpenFile, Type: EAT modification 0x82D0DFFC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtOpenProcess, Type: EAT modification 0x82D0E000-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtOpenProcessToken, Type: EAT modification 0x82D0E004-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtOpenProcessTokenEx, Type: EAT modification 0x82D0E008-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtOpenResourceManager, Type: EAT modification 0x82D0E00C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtOpenThread, Type: EAT modification 0x82D0E010-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtOpenThreadToken, Type: EAT modification 0x82D0E014-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtOpenThreadTokenEx, Type: EAT modification 0x82D0E018-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtOpenTransaction, Type: EAT modification 0x82D0E01C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtPrepareComplete, Type: EAT modification 0x82D0E024-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtPrepareEnlistment, Type: EAT modification 0x82D0E028-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtPrePrepareEnlistment, Type: EAT modification 0x82D0E020-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtQueryDirectoryFile, Type: EAT modification 0x82D0E02C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtQueryEaFile, Type: EAT modification 0x82D0E030-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtQueryEnvironmentVariableInfoEx, Type: EAT modification 0x82D0E034-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtQueryInformationAtom, Type: EAT modification 0x82D0E038-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtQueryInformationEnlistment, Type: EAT modification 0x82D0E03C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtQueryInformationFile, Type: EAT modification 0x82D0E040-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtQueryInformationProcess, Type: EAT modification 0x82D0E044-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtQueryInformationResourceManager, Type: EAT modification 0x82D0E048-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtQueryInformationThread, Type: EAT modification 0x82D0E04C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtQueryInformationToken, Type: EAT modification 0x82D0E050-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtQueryInformationTransaction, Type: EAT modification 0x82D0E054-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtQueryInformationTransactionManager, Type: EAT modification 0x82D0E058-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtQueryQuotaInformationFile, Type: EAT modification 0x82D0E05C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtQuerySecurityObject, Type: EAT modification 0x82D0E060-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtQuerySystemInformation, Type: EAT modification 0x82D0E064-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtQueryVolumeInformationFile, Type: EAT modification 0x82D0E068-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtReadFile, Type: EAT modification 0x82D0E06C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtRequestPort, Type: EAT modification 0x82D0E070-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtRequestWaitReplyPort, Type: EAT modification 0x82D0E074-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtRollbackEnlistment, Type: EAT modification 0x82D0E078-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtRollbackTransaction, Type: EAT modification 0x82D0E07C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtSetEaFile, Type: EAT modification 0x82D0E080-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtSetEvent, Type: EAT modification 0x82D0E084-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtSetInformationEnlistment, Type: EAT modification 0x82D0E088-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtSetInformationFile, Type: EAT modification 0x82D0E08C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtSetInformationProcess, Type: EAT modification 0x82D0E090-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtSetInformationResourceManager, Type: EAT modification 0x82D0E094-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtSetInformationThread, Type: EAT modification 0x82D0E098-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtSetInformationTransaction, Type: EAT modification 0x82D0E09C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtSetQuotaInformationFile, Type: EAT modification 0x82D0E0A0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtSetSecurityObject, Type: EAT modification 0x82D0E0A4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtSetVolumeInformationFile, Type: EAT modification 0x82D0E0A8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtShutdownSystem, Type: EAT modification 0x82D0E0AC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtThawTransactions, Type: EAT modification 0x82D0E0B0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtTraceControl, Type: EAT modification 0x82D0E0B4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtTraceEvent, Type: EAT modification 0x82D0E0B8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtUnlockFile, Type: EAT modification 0x82D0E0BC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtVdmControl, Type: EAT modification 0x82D0E0C0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtWaitForSingleObject, Type: EAT modification 0x82D0E0C4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtWriteFile, Type: EAT modification 0x82D0E0C8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObAssignSecurity, Type: EAT modification 0x82D0E0CC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObCheckCreateObjectAccess, Type: EAT modification 0x82D0E0D0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObCheckObjectAccess, Type: EAT modification 0x82D0E0D4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObCloseHandle, Type: EAT modification 0x82D0E0D8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObCreateObject, Type: EAT modification 0x82D0E0DC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObCreateObjectType, Type: EAT modification 0x82D0E0E0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObDeleteCapturedInsertInfo, Type: EAT modification 0x82D0E0E4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObDereferenceObject, Type: EAT modification 0x82D0E0E8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObDereferenceObjectDeferDelete, Type: EAT modification 0x82D0E0EC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObDereferenceSecurityDescriptor, Type: EAT modification 0x82D0E0F0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObfDereferenceObject, Type: EAT modification 0x82D0D17C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObFindHandleForObject, Type: EAT modification 0x82D0E0F4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObfReferenceObject, Type: EAT modification 0x82D0D180-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObGetFilterVersion, Type: EAT modification 0x82D0E0F8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObGetObjectSecurity, Type: EAT modification 0x82D0E0FC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObInsertObject, Type: Inline - RelativeJump 0x82C3E063-->8D878FFA [aswSP.SYS]

ntkrnlpa.exe-->ObInsertObject, Type: EAT modification 0x82D0E100-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObIsDosDeviceLocallyMapped, Type: EAT modification 0x82D0E104-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObIsKernelHandle, Type: EAT modification 0x82D0E108-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObLogSecurityDescriptor, Type: EAT modification 0x82D0E10C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObMakeTemporaryObject, Type: Inline - RelativeJump 0x82BE528F-->8D8775D4 [aswSP.SYS]

ntkrnlpa.exe-->ObMakeTemporaryObject, Type: EAT modification 0x82D0E110-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObOpenObjectByName, Type: EAT modification 0x82D0E114-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObOpenObjectByPointer, Type: EAT modification 0x82D0E118-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObQueryNameString, Type: EAT modification 0x82D0E11C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObQueryObjectAuditingByHandle, Type: EAT modification 0x82D0E120-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObReferenceObjectByHandle, Type: EAT modification 0x82D0E124-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObReferenceObjectByName, Type: EAT modification 0x82D0E128-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObReferenceObjectByPointer, Type: EAT modification 0x82D0E12C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObReferenceSecurityDescriptor, Type: EAT modification 0x82D0E130-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObRegisterCallbacks, Type: EAT modification 0x82D0E134-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObReleaseObjectSecurity, Type: EAT modification 0x82D0E138-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObSetHandleAttributes, Type: EAT modification 0x82D0E13C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObSetSecurityDescriptorInfo, Type: EAT modification 0x82D0E140-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObSetSecurityObjectByPointer, Type: EAT modification 0x82D0E144-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObUnRegisterCallbacks, Type: EAT modification 0x82D0E148-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PfFileInfoNotify, Type: EAT modification 0x82D0E150-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PfxFindPrefix, Type: EAT modification 0x82D0E154-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PfxInitialize, Type: EAT modification 0x82D0E158-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PfxInsertPrefix, Type: EAT modification 0x82D0E15C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PfxRemovePrefix, Type: EAT modification 0x82D0E160-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoCallDriver, Type: EAT modification 0x82D0E164-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoCancelDeviceNotify, Type: EAT modification 0x82D0E168-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoDisableSleepStates, Type: EAT modification 0x82D0E16C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoGetSystemWake, Type: EAT modification 0x82D0E170-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->POGOBuffer, Type: EAT modification 0x82D0E14C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoQueueShutdownWorkItem, Type: EAT modification 0x82D0E174-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoReenableSleepStates, Type: EAT modification 0x82D0E178-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoRegisterDeviceForIdleDetection, Type: EAT modification 0x82D0E17C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoRegisterDeviceNotify, Type: EAT modification 0x82D0E180-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoRegisterPowerSettingCallback, Type: EAT modification 0x82D0E184-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoRegisterSystemState, Type: EAT modification 0x82D0E188-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoRequestPowerIrp, Type: EAT modification 0x82D0E18C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoRequestShutdownEvent, Type: EAT modification 0x82D0E190-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoSetDeviceBusyEx, Type: EAT modification 0x82D0E194-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoSetFixedWakeSource, Type: EAT modification 0x82D0E198-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoSetHiberRange, Type: EAT modification 0x82D0E19C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoSetPowerState, Type: EAT modification 0x82D0E1A0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoSetSystemState, Type: EAT modification 0x82D0E1A4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoSetSystemWake, Type: EAT modification 0x82D0E1A8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoShutdownBugCheck, Type: EAT modification 0x82D0E1AC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoStartNextPowerIrp, Type: EAT modification 0x82D0E1B0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoUnregisterPowerSettingCallback, Type: EAT modification 0x82D0E1B4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoUnregisterSystemState, Type: EAT modification 0x82D0E1B8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoUserShutdownInitiated, Type: EAT modification 0x82D0E1BC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ProbeForRead, Type: EAT modification 0x82D0E1C0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ProbeForWrite, Type: EAT modification 0x82D0E1C4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsAcquireProcessExitSynchronization, Type: EAT modification 0x82D0E1C8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsAssignImpersonationToken, Type: EAT modification 0x82D0E1CC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsChargePoolQuota, Type: EAT modification 0x82D0E1D0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsChargeProcessCpuCycles, Type: EAT modification 0x82D0E1D4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsChargeProcessNonPagedPoolQuota, Type: EAT modification 0x82D0E1D8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsChargeProcessPagedPoolQuota, Type: EAT modification 0x82D0E1DC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsChargeProcessPoolQuota, Type: EAT modification 0x82D0E1E0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsCreateSystemThread, Type: EAT modification 0x82D0E1E4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsDereferenceImpersonationToken, Type: EAT modification 0x82D0E1E8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsDereferencePrimaryToken, Type: EAT modification 0x82D0E1EC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsDisableImpersonation, Type: EAT modification 0x82D0E1F0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsEnterPriorityRegion, Type: EAT modification 0x82D0E1F4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsEstablishWin32Callouts, Type: EAT modification 0x82D0E1F8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetContextThread, Type: EAT modification 0x82D0E1FC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetCurrentProcess, Type: EAT modification 0x82D0E200-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetCurrentProcessId, Type: EAT modification 0x82D0E204-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetCurrentProcessSessionId, Type: EAT modification 0x82D0E208-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetCurrentProcessWin32Process, Type: EAT modification 0x82D0E20C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetCurrentThread, Type: EAT modification 0x82D0E210-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetCurrentThreadId, Type: EAT modification 0x82D0E214-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetCurrentThreadPreviousMode, Type: EAT modification 0x82D0E218-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetCurrentThreadProcess, Type: EAT modification 0x82D0E21C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetCurrentThreadProcessId, Type: EAT modification 0x82D0E220-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetCurrentThreadStackBase, Type: EAT modification 0x82D0E224-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetCurrentThreadStackLimit, Type: EAT modification 0x82D0E228-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetCurrentThreadTeb, Type: EAT modification 0x82D0E22C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetCurrentThreadWin32Thread, Type: EAT modification 0x82D0E230-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetCurrentThreadWin32ThreadAndEnterCriticalRegion, Type: EAT modification 0x82D0E234-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetJobLock, Type: EAT modification 0x82D0E238-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetJobSessionId, Type: EAT modification 0x82D0E23C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetJobUIRestrictionsClass, Type: EAT modification 0x82D0E240-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetProcessCreateTimeQuadPart, Type: EAT modification 0x82D0E244-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetProcessDebugPort, Type: EAT modification 0x82D0E248-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetProcessExitProcessCalled, Type: EAT modification 0x82D0E24C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetProcessExitStatus, Type: EAT modification 0x82D0E250-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetProcessExitTime, Type: EAT modification 0x82D0E254-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetProcessId, Type: EAT modification 0x82D0E258-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetProcessImageFileName, Type: EAT modification 0x82D0E25C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetProcessInheritedFromUniqueProcessId, Type: EAT modification 0x82D0E260-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetProcessJob, Type: EAT modification 0x82D0E264-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetProcessPeb, Type: EAT modification 0x82D0E268-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetProcessPriorityClass, Type: EAT modification 0x82D0E26C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetProcessSectionBaseAddress, Type: EAT modification 0x82D0E270-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetProcessSecurityPort, Type: EAT modification 0x82D0E274-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetProcessSessionId, Type: EAT modification 0x82D0E278-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetProcessSessionIdEx, Type: EAT modification 0x82D0E27C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetProcessWin32Process, Type: EAT modification 0x82D0E280-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetProcessWin32WindowStation, Type: EAT modification 0x82D0E284-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetThreadFreezeCount, Type: EAT modification 0x82D0E288-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetThreadHardErrorsAreDisabled, Type: EAT modification 0x82D0E28C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetThreadId, Type: EAT modification 0x82D0E290-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetThreadProcess, Type: EAT modification 0x82D0E294-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetThreadProcessId, Type: EAT modification 0x82D0E298-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetThreadSessionId, Type: EAT modification 0x82D0E29C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetThreadTeb, Type: EAT modification 0x82D0E2A0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetThreadWin32Thread, Type: EAT modification 0x82D0E2A4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetVersion, Type: EAT modification 0x82D0E2A8-->82A0E000 [ntkrnlpa.exe]

Link to post
Share on other sites

2nd RootKit Unhooker Log ((Continued))

==============================================

>Hooks ((part 3))

==============================================

ntkrnlpa.exe-->PsImpersonateClient, Type: EAT modification 0x82D0E2AC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsInitialSystemProcess, Type: EAT modification 0x82D0E2B0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsIsCurrentThreadPrefetching, Type: EAT modification 0x82D0E2B4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsIsProcessBeingDebugged, Type: EAT modification 0x82D0E2B8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsIsProtectedProcess, Type: EAT modification 0x82D0E2BC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsIsSystemProcess, Type: EAT modification 0x82D0E2C0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsIsSystemThread, Type: EAT modification 0x82D0E2C4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsIsThreadImpersonating, Type: EAT modification 0x82D0E2C8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsIsThreadTerminating, Type: EAT modification 0x82D0E2CC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsJobType, Type: EAT modification 0x82D0E2D0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsLeavePriorityRegion, Type: EAT modification 0x82D0E2D4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsLookupProcessByProcessId, Type: EAT modification 0x82D0E2D8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsLookupProcessThreadByCid, Type: EAT modification 0x82D0E2DC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsLookupThreadByThreadId, Type: EAT modification 0x82D0E2E0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->psMUITest, Type: EAT modification 0x82D0EE30-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsProcessType, Type: EAT modification 0x82D0E2E4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsQueryProcessExceptionFlags, Type: EAT modification 0x82D0E2E8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsReferenceImpersonationToken, Type: EAT modification 0x82D0E2EC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsReferencePrimaryToken, Type: EAT modification 0x82D0E2F0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsReferenceProcessFilePointer, Type: EAT modification 0x82D0E2F4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsReleaseProcessExitSynchronization, Type: EAT modification 0x82D0E2F8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsRemoveCreateThreadNotifyRoutine, Type: EAT modification 0x82D0E2FC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsRemoveLoadImageNotifyRoutine, Type: EAT modification 0x82D0E300-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsRestoreImpersonation, Type: EAT modification 0x82D0E304-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsResumeProcess, Type: EAT modification 0x82D0E308-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsReturnPoolQuota, Type: EAT modification 0x82D0E30C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsReturnProcessNonPagedPoolQuota, Type: EAT modification 0x82D0E310-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsReturnProcessPagedPoolQuota, Type: EAT modification 0x82D0E314-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsRevertThreadToSelf, Type: EAT modification 0x82D0E318-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsRevertToSelf, Type: EAT modification 0x82D0E31C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsSetContextThread, Type: EAT modification 0x82D0E320-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsSetCreateProcessNotifyRoutine, Type: EAT modification 0x82D0E324-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsSetCreateProcessNotifyRoutineEx, Type: EAT modification 0x82D0E328-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsSetCreateThreadNotifyRoutine, Type: EAT modification 0x82D0E32C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsSetCurrentThreadPrefetching, Type: EAT modification 0x82D0E330-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsSetJobUIRestrictionsClass, Type: EAT modification 0x82D0E334-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsSetLegoNotifyRoutine, Type: EAT modification 0x82D0E338-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsSetLoadImageNotifyRoutine, Type: EAT modification 0x82D0E33C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsSetProcessPriorityByClass, Type: EAT modification 0x82D0E340-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsSetProcessPriorityClass, Type: EAT modification 0x82D0E344-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsSetProcessSecurityPort, Type: EAT modification 0x82D0E348-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsSetProcessWin32Process, Type: EAT modification 0x82D0E34C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsSetProcessWindowStation, Type: EAT modification 0x82D0E350-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsSetThreadHardErrorsAreDisabled, Type: EAT modification 0x82D0E354-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsSetThreadWin32Thread, Type: EAT modification 0x82D0E358-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsSuspendProcess, Type: EAT modification 0x82D0E35C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsTerminateSystemThread, Type: EAT modification 0x82D0E360-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsThreadType, Type: EAT modification 0x82D0E364-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsUILanguageComitted, Type: EAT modification 0x82D0E368-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsWrapApcWow64Thread, Type: EAT modification 0x82D0E36C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->qsort, Type: EAT modification 0x82D0EE34-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->rand, Type: EAT modification 0x82D0EE38-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->READ_REGISTER_BUFFER_UCHAR, Type: EAT modification 0x82D0E370-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->READ_REGISTER_BUFFER_ULONG, Type: EAT modification 0x82D0E374-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->READ_REGISTER_BUFFER_USHORT, Type: EAT modification 0x82D0E378-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->READ_REGISTER_UCHAR, Type: EAT modification 0x82D0E37C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->READ_REGISTER_ULONG, Type: EAT modification 0x82D0E380-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->READ_REGISTER_USHORT, Type: EAT modification 0x82D0E384-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlAbsoluteToSelfRelativeSD, Type: EAT modification 0x82D0E388-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlAddAccessAllowedAce, Type: EAT modification 0x82D0E38C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlAddAccessAllowedAceEx, Type: EAT modification 0x82D0E390-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlAddAce, Type: EAT modification 0x82D0E394-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlAddAtomToAtomTable, Type: EAT modification 0x82D0E398-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlAddRange, Type: EAT modification 0x82D0E39C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlAllocateHeap, Type: EAT modification 0x82D0E3A0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlAnsiCharToUnicodeChar, Type: EAT modification 0x82D0E3A4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlAnsiStringToUnicodeSize, Type: EAT modification 0x82D0E3A8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlAnsiStringToUnicodeString, Type: EAT modification 0x82D0E3AC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlAppendAsciizToString, Type: EAT modification 0x82D0E3B0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlAppendStringToString, Type: EAT modification 0x82D0E3B4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlAppendUnicodeStringToString, Type: EAT modification 0x82D0E3B8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlAppendUnicodeToString, Type: EAT modification 0x82D0E3BC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlAreAllAccessesGranted, Type: EAT modification 0x82D0E3C0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlAreAnyAccessesGranted, Type: EAT modification 0x82D0E3C4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlAreBitsClear, Type: EAT modification 0x82D0E3C8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlAreBitsSet, Type: EAT modification 0x82D0E3CC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlAssert, Type: EAT modification 0x82D0E3D0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlCaptureContext, Type: EAT modification 0x82D0E3D4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlCaptureStackBackTrace, Type: EAT modification 0x82D0E3D8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlCharToInteger, Type: EAT modification 0x82D0E3DC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlCheckRegistryKey, Type: EAT modification 0x82D0E3E0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlClearAllBits, Type: EAT modification 0x82D0E3E4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlClearBit, Type: EAT modification 0x82D0E3E8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlClearBits, Type: EAT modification 0x82D0E3EC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlCmDecodeMemIoResource, Type: EAT modification 0x82D0E3F0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlCmEncodeMemIoResource, Type: EAT modification 0x82D0E3F4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlCompareAltitudes, Type: EAT modification 0x82D0E3F8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlCompareMemory, Type: EAT modification 0x82D0E3FC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlCompareMemoryUlong, Type: EAT modification 0x82D0E400-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlCompareString, Type: EAT modification 0x82D0E404-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlCompareUnicodeString, Type: EAT modification 0x82D0E408-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlCompressBuffer, Type: EAT modification 0x82D0E40C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlCompressChunks, Type: EAT modification 0x82D0E410-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlComputeCrc32, Type: EAT modification 0x82D0E414-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlConvertLongToLargeInteger, Type: EAT modification 0x82D0E418-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlConvertSidToUnicodeString, Type: EAT modification 0x82D0E41C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlConvertUlongToLargeInteger, Type: EAT modification 0x82D0E420-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlCopyLuid, Type: EAT modification 0x82D0E424-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlCopyLuidAndAttributesArray, Type: EAT modification 0x82D0E428-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlCopyRangeList, Type: EAT modification 0x82D0E42C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlCopySid, Type: EAT modification 0x82D0E430-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlCopySidAndAttributesArray, Type: EAT modification 0x82D0E434-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlCopyString, Type: EAT modification 0x82D0E438-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlCopyUnicodeString, Type: EAT modification 0x82D0E43C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlCreateAcl, Type: EAT modification 0x82D0E440-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlCreateAtomTable, Type: EAT modification 0x82D0E444-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlCreateHeap, Type: EAT modification 0x82D0E448-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlCreateRegistryKey, Type: EAT modification 0x82D0E44C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlCreateSecurityDescriptor, Type: EAT modification 0x82D0E450-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlCreateSystemVolumeInformationFolder, Type: EAT modification 0x82D0E454-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlCreateUnicodeString, Type: EAT modification 0x82D0E458-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlCustomCPToUnicodeN, Type: EAT modification 0x82D0E45C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlDecompressBuffer, Type: EAT modification 0x82D0E460-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlDecompressChunks, Type: EAT modification 0x82D0E464-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlDecompressFragment, Type: EAT modification 0x82D0E468-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlDelete, Type: EAT modification 0x82D0E46C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlDeleteAce, Type: EAT modification 0x82D0E470-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlDeleteAtomFromAtomTable, Type: EAT modification 0x82D0E474-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlDeleteElementGenericTable, Type: EAT modification 0x82D0E478-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlDeleteElementGenericTableAvl, Type: EAT modification 0x82D0E47C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlDeleteNoSplay, Type: EAT modification 0x82D0E480-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlDeleteOwnersRanges, Type: EAT modification 0x82D0E484-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlDeleteRange, Type: EAT modification 0x82D0E488-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlDeleteRegistryValue, Type: EAT modification 0x82D0E48C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlDescribeChunk, Type: EAT modification 0x82D0E490-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlDestroyAtomTable, Type: EAT modification 0x82D0E494-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlDestroyHeap, Type: EAT modification 0x82D0E498-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlDowncaseUnicodeString, Type: EAT modification 0x82D0E49C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlDuplicateUnicodeString, Type: EAT modification 0x82D0E4A0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlEmptyAtomTable, Type: EAT modification 0x82D0E4A4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlEnlargedIntegerMultiply, Type: EAT modification 0x82D0E4A8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlEnlargedUnsignedDivide, Type: EAT modification 0x82D0E4AC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlEnlargedUnsignedMultiply, Type: EAT modification 0x82D0E4B0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlEnumerateGenericTable, Type: EAT modification 0x82D0E4B4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlEnumerateGenericTableAvl, Type: EAT modification 0x82D0E4B8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlEnumerateGenericTableLikeADirectory, Type: EAT modification 0x82D0E4BC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlEnumerateGenericTableWithoutSplaying, Type: EAT modification 0x82D0E4C0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlEnumerateGenericTableWithoutSplayingAvl, Type: EAT modification 0x82D0E4C4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlEqualLuid, Type: EAT modification 0x82D0E4C8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlEqualSid, Type: EAT modification 0x82D0E4CC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlEqualString, Type: EAT modification 0x82D0E4D0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlEqualUnicodeString, Type: EAT modification 0x82D0E4D4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlExtendedIntegerMultiply, Type: EAT modification 0x82D0E4D8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlExtendedLargeIntegerDivide, Type: EAT modification 0x82D0E4DC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlExtendedMagicDivide, Type: EAT modification 0x82D0E4E0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlFillMemory, Type: EAT modification 0x82D0E4E4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlFillMemoryUlong, Type: EAT modification 0x82D0E4E8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlFindClearBits, Type: EAT modification 0x82D0E4EC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlFindClearBitsAndSet, Type: EAT modification 0x82D0E4F0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlFindClearRuns, Type: EAT modification 0x82D0E4F4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlFindClosestEncodableLength, Type: EAT modification 0x82D0E4F8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlFindFirstRunClear, Type: EAT modification 0x82D0E4FC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlFindLastBackwardRunClear, Type: EAT modification 0x82D0E500-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlFindLeastSignificantBit, Type: EAT modification 0x82D0E504-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlFindLongestRunClear, Type: EAT modification 0x82D0E508-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlFindMessage, Type: EAT modification 0x82D0E50C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlFindMostSignificantBit, Type: EAT modification 0x82D0E510-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlFindNextForwardRunClear, Type: EAT modification 0x82D0E514-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlFindRange, Type: EAT modification 0x82D0E518-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlFindSetBits, Type: EAT modification 0x82D0E51C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlFindSetBitsAndClear, Type: EAT modification 0x82D0E520-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlFindUnicodePrefix, Type: EAT modification 0x82D0E524-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlFormatCurrentUserKeyPath, Type: EAT modification 0x82D0E528-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlFormatMessage, Type: EAT modification 0x82D0E52C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlFreeAnsiString, Type: EAT modification 0x82D0E530-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlFreeHeap, Type: EAT modification 0x82D0E534-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlFreeOemString, Type: EAT modification 0x82D0E538-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlFreeRangeList, Type: EAT modification 0x82D0E53C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlFreeUnicodeString, Type: EAT modification 0x82D0E540-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlGenerate8dot3Name, Type: EAT modification 0x82D0E548-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlGetAce, Type: EAT modification 0x82D0E54C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlGetCallersAddress, Type: EAT modification 0x82D0E550-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlGetCompressionWorkSpaceSize, Type: EAT modification 0x82D0E554-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlGetDaclSecurityDescriptor, Type: EAT modification 0x82D0E558-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlGetDefaultCodePage, Type: EAT modification 0x82D0E55C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlGetElementGenericTable, Type: EAT modification 0x82D0E560-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlGetElementGenericTableAvl, Type: EAT modification 0x82D0E564-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlGetFirstRange, Type: EAT modification 0x82D0E568-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlGetGroupSecurityDescriptor, Type: EAT modification 0x82D0E56C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlGetIntegerAtom, Type: EAT modification 0x82D0E570-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlGetNextRange, Type: EAT modification 0x82D0E574-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlGetNtGlobalFlags, Type: EAT modification 0x82D0E578-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlGetOwnerSecurityDescriptor, Type: EAT modification 0x82D0E57C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlGetProductInfo, Type: EAT modification 0x82D0E580-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlGetSaclSecurityDescriptor, Type: EAT modification 0x82D0E584-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlGetSetBootStatusData, Type: EAT modification 0x82D0E588-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlGetThreadLangIdByIndex, Type: EAT modification 0x82D0E58C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlGetVersion, Type: EAT modification 0x82D0E590-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlGUIDFromString, Type: EAT modification 0x82D0E544-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlHashUnicodeString, Type: EAT modification 0x82D0E594-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIdnToAscii, Type: EAT modification 0x82D0E598-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIdnToNameprepUnicode, Type: EAT modification 0x82D0E59C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIdnToUnicode, Type: EAT modification 0x82D0E5A0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlImageDirectoryEntryToData, Type: EAT modification 0x82D0E5A4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlImageNtHeader, Type: EAT modification 0x82D0E5A8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlInitAnsiString, Type: EAT modification 0x82D0E5AC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlInitAnsiStringEx, Type: EAT modification 0x82D0E5B0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlInitCodePageTable, Type: EAT modification 0x82D0E5B4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlInitializeBitMap, Type: EAT modification 0x82D0E5C4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlInitializeGenericTable, Type: EAT modification 0x82D0E5C8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlInitializeGenericTableAvl, Type: EAT modification 0x82D0E5CC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlInitializeRangeList, Type: EAT modification 0x82D0E5D0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlInitializeSid, Type: EAT modification 0x82D0E5D4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlInitializeUnicodePrefix, Type: EAT modification 0x82D0E5D8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlInitString, Type: EAT modification 0x82D0E5B8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlInitUnicodeString, Type: EAT modification 0x82D0E5BC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlInitUnicodeStringEx, Type: EAT modification 0x82D0E5C0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlInsertElementGenericTable, Type: EAT modification 0x82D0E5DC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlInsertElementGenericTableAvl, Type: EAT modification 0x82D0E5E0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlInsertElementGenericTableFull, Type: EAT modification 0x82D0E5E4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlInsertElementGenericTableFullAvl, Type: EAT modification 0x82D0E5E8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlInsertUnicodePrefix, Type: EAT modification 0x82D0E5EC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlInt64ToUnicodeString, Type: EAT modification 0x82D0E5F0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIntegerToChar, Type: EAT modification 0x82D0E5F4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIntegerToUnicode, Type: EAT modification 0x82D0E5F8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIntegerToUnicodeString, Type: EAT modification 0x82D0E5FC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlInvertRangeList, Type: EAT modification 0x82D0E600-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlInvertRangeListEx, Type: EAT modification 0x82D0E604-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIoDecodeMemIoResource, Type: EAT modification 0x82D0E608-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIoEncodeMemIoResource, Type: EAT modification 0x82D0E60C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIpv4AddressToStringA, Type: EAT modification 0x82D0E610-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIpv4AddressToStringExA, Type: EAT modification 0x82D0E614-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIpv4AddressToStringExW, Type: EAT modification 0x82D0E618-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIpv4AddressToStringW, Type: EAT modification 0x82D0E61C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIpv4StringToAddressA, Type: EAT modification 0x82D0E620-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIpv4StringToAddressExA, Type: EAT modification 0x82D0E624-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIpv4StringToAddressExW, Type: EAT modification 0x82D0E628-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIpv4StringToAddressW, Type: EAT modification 0x82D0E62C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIpv6AddressToStringA, Type: EAT modification 0x82D0E630-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIpv6AddressToStringExA, Type: EAT modification 0x82D0E634-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIpv6AddressToStringExW, Type: EAT modification 0x82D0E638-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIpv6AddressToStringW, Type: EAT modification 0x82D0E63C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIpv6StringToAddressA, Type: EAT modification 0x82D0E640-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIpv6StringToAddressExA, Type: EAT modification 0x82D0E644-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIpv6StringToAddressExW, Type: EAT modification 0x82D0E648-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIpv6StringToAddressW, Type: EAT modification 0x82D0E64C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIsGenericTableEmpty, Type: EAT modification 0x82D0E650-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIsGenericTableEmptyAvl, Type: EAT modification 0x82D0E654-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIsNameLegalDOS8Dot3, Type: EAT modification 0x82D0E658-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIsNormalizedString, Type: EAT modification 0x82D0E65C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIsNtDdiVersionAvailable, Type: EAT modification 0x82D0E660-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIsRangeAvailable, Type: EAT modification 0x82D0E664-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIsServicePackVersionInstalled, Type: EAT modification 0x82D0E668-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIsValidOemCharacter, Type: EAT modification 0x82D0E66C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlLargeIntegerAdd, Type: EAT modification 0x82D0E670-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlLargeIntegerArithmeticShift, Type: EAT modification 0x82D0E674-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlLargeIntegerDivide, Type: EAT modification 0x82D0E678-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlLargeIntegerNegate, Type: EAT modification 0x82D0E67C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlLargeIntegerShiftLeft, Type: EAT modification 0x82D0E680-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlLargeIntegerShiftRight, Type: EAT modification 0x82D0E684-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlLargeIntegerSubtract, Type: EAT modification 0x82D0E688-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlLengthRequiredSid, Type: EAT modification 0x82D0E68C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlLengthSecurityDescriptor, Type: EAT modification 0x82D0E690-->84D20774 [unknown_code_page]

ntkrnlpa.exe-->RtlLengthSid, Type: EAT modification 0x82D0E694-->D77DF9CA [unknown_code_page]

ntkrnlpa.exe-->RtlLocalTimeToSystemTime, Type: EAT modification 0x82D0E698-->8EA20A9B [unknown_code_page]

ntkrnlpa.exe-->RtlLockBootStatusData, Type: EAT modification 0x82D0E69C-->859555A8 [unknown_code_page]

ntkrnlpa.exe-->RtlLookupAtomInAtomTable, Type: EAT modification 0x82D0E6A0-->84D1FFD4 [unknown_code_page]

ntkrnlpa.exe-->RtlLookupElementGenericTable, Type: EAT modification 0x82D0E6A4-->82A0E003 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlLookupElementGenericTableAvl, Type: EAT modification 0x82D0E6A8-->82A0E400 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlLookupElementGenericTableFull, Type: EAT modification 0x82D0E6AC-->82A0E05A [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlLookupElementGenericTableFullAvl, Type: EAT modification 0x82D0E6B0-->85954D98 [unknown_code_page]

ntkrnlpa.exe-->RtlLookupFirstMatchingElementGenericTableAvl, Type: EAT modification 0x82D0E6B4-->84D1FFCC [unknown_code_page]

ntkrnlpa.exe-->RtlMapGenericMask, Type: EAT modification 0x82D0E6B8-->82A0E003 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlMapSecurityErrorToNtStatus, Type: EAT modification 0x82D0E6BC-->82A0E200 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlMergeRangeLists, Type: EAT modification 0x82D0E6C0-->82A0E10B [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlMoveMemory, Type: EAT modification 0x82D0E6C4-->85954758 [unknown_code_page]

ntkrnlpa.exe-->RtlMultiByteToUnicodeN, Type: EAT modification 0x82D0E6C8-->85A13597 [unknown_code_page]

ntkrnlpa.exe-->RtlMultiByteToUnicodeSize, Type: EAT modification 0x82D0E6CC-->D77DF9CA [unknown_code_page]

ntkrnlpa.exe-->RtlNextUnicodePrefix, Type: EAT modification 0x82D0E6D0-->8EA20B9E [unknown_code_page]

ntkrnlpa.exe-->RtlNormalizeString, Type: EAT modification 0x82D0E6D4-->85956808 [unknown_code_page]

ntkrnlpa.exe-->RtlNtStatusToDosError, Type: EAT modification 0x82D0E6D8-->84D1FFC4 [unknown_code_page]

ntkrnlpa.exe-->RtlNtStatusToDosErrorNoTeb, Type: EAT modification 0x82D0E6DC-->82A0E003 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlNumberGenericTableElements, Type: EAT modification 0x82D0E6E0-->82A0E400 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlNumberGenericTableElementsAvl, Type: EAT modification 0x82D0E6E4-->82A0E055 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlNumberOfClearBits, Type: EAT modification 0x82D0E6E8-->85955FF8 [unknown_code_page]

ntkrnlpa.exe-->RtlNumberOfSetBits, Type: EAT modification 0x82D0E6EC-->84D1FFBC [unknown_code_page]

ntkrnlpa.exe-->RtlNumberOfSetBitsUlongPtr, Type: EAT modification 0x82D0E6F0-->82A0E003 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlOemStringToCountedUnicodeString, Type: EAT modification 0x82D0E6F4-->82A0E200 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlOemStringToUnicodeSize, Type: EAT modification 0x82D0E6F8-->82A0E10C [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlOemStringToUnicodeString, Type: EAT modification 0x82D0E6FC-->859559B8 [unknown_code_page]

ntkrnlpa.exe-->RtlOemToUnicodeN, Type: EAT modification 0x82D0E700-->85A136D3 [unknown_code_page]

ntkrnlpa.exe-->RtlPinAtomInAtomTable, Type: EAT modification 0x82D0E704-->D77DF9CA [unknown_code_page]

ntkrnlpa.exe-->RtlPrefetchMemoryNonTemporal, Type: EAT modification 0x82D0D184-->8EA20B9E [unknown_code_page]

ntkrnlpa.exe-->RtlPrefixString, Type: EAT modification 0x82D0E708-->85957A68 [unknown_code_page]

ntkrnlpa.exe-->RtlPrefixUnicodeString, Type: EAT modification 0x82D0E70C-->84D1FFB4 [unknown_code_page]

ntkrnlpa.exe-->RtlQueryAtomInAtomTable, Type: EAT modification 0x82D0E710-->82A0E003 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlQueryDynamicTimeZoneInformation, Type: EAT modification 0x82D0E714-->82A0E400 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlQueryElevationFlags, Type: EAT modification 0x82D0E718-->82A0E056 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlQueryModuleInformation, Type: EAT modification 0x82D0E71C-->85957258 [unknown_code_page]

ntkrnlpa.exe-->RtlQueryRegistryValues, Type: EAT modification 0x82D0E720-->84D1FFAC [unknown_code_page]

ntkrnlpa.exe-->RtlQueryTimeZoneInformation, Type: EAT modification 0x82D0E724-->82A0E003 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlRaiseException, Type: EAT modification 0x82D0E728-->82A0E200 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlRandom, Type: EAT modification 0x82D0E72C-->82A0E10D [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlRandomEx, Type: EAT modification 0x82D0E730-->85956C18 [unknown_code_page]

ntkrnlpa.exe-->RtlRealPredecessor, Type: EAT modification 0x82D0E734-->85A137F9 [unknown_code_page]

ntkrnlpa.exe-->RtlRealSuccessor, Type: EAT modification 0x82D0E738-->D77DF9CA [unknown_code_page]

ntkrnlpa.exe-->RtlRemoveUnicodePrefix, Type: EAT modification 0x82D0E73C-->8EA20B9E [unknown_code_page]

ntkrnlpa.exe-->RtlReserveChunk, Type: EAT modification 0x82D0E740-->85958CC8 [unknown_code_page]

ntkrnlpa.exe-->RtlRunOnceBeginInitialize, Type: EAT modification 0x82D0E744-->84D1FFA4 [unknown_code_page]

ntkrnlpa.exe-->RtlRunOnceComplete, Type: EAT modification 0x82D0E748-->82A0E003 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlRunOnceExecuteOnce, Type: EAT modification 0x82D0E74C-->82A0E400 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlRunOnceInitialize, Type: EAT modification 0x82D0E750-->82A0E065 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlSecondsSince1970ToTime, Type: EAT modification 0x82D0E754-->859584B8 [unknown_code_page]

ntkrnlpa.exe-->RtlSecondsSince1980ToTime, Type: EAT modification 0x82D0E758-->84D1FF9C [unknown_code_page]

ntkrnlpa.exe-->RtlSelfRelativeToAbsoluteSD, Type: EAT modification 0x82D0E760-->82A0E003 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlSelfRelativeToAbsoluteSD2, Type: EAT modification 0x82D0E75C-->82A0E200 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlSetAllBits, Type: EAT modification 0x82D0E764-->82A0E10E [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlSetBit, Type: EAT modification 0x82D0E768-->85957E78 [unknown_code_page]

ntkrnlpa.exe-->RtlSetBits, Type: EAT modification 0x82D0E76C-->85A13911 [unknown_code_page]

ntkrnlpa.exe-->RtlSetDaclSecurityDescriptor, Type: EAT modification 0x82D0E770-->D77DF9CA [unknown_code_page]

ntkrnlpa.exe-->RtlSetDynamicTimeZoneInformation, Type: EAT modification 0x82D0E774-->8EA20B9E [unknown_code_page]

ntkrnlpa.exe-->RtlSetGroupSecurityDescriptor, Type: EAT modification 0x82D0E778-->85959F28 [unknown_code_page]

ntkrnlpa.exe-->RtlSetOwnerSecurityDescriptor, Type: EAT modification 0x82D0E77C-->84D1FF94 [unknown_code_page]

ntkrnlpa.exe-->RtlSetSaclSecurityDescriptor, Type: EAT modification 0x82D0E780-->82A0E003 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlSetTimeZoneInformation, Type: EAT modification 0x82D0E784-->82A0E400 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlSidHashInitialize, Type: EAT modification 0x82D0E788-->82A0E05F [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlSidHashLookup, Type: EAT modification 0x82D0E78C-->85959718 [unknown_code_page]

ntkrnlpa.exe-->RtlSizeHeap, Type: EAT modification 0x82D0E790-->84D1FF8C [unknown_code_page]

ntkrnlpa.exe-->RtlSplay, Type: EAT modification 0x82D0E794-->82A0E003 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlStringFromGUID, Type: EAT modification 0x82D0E798-->82A0E200 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlSubAuthorityCountSid, Type: EAT modification 0x82D0E79C-->82A0E10F [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlSubAuthoritySid, Type: EAT modification 0x82D0E7A0-->859590D8 [unknown_code_page]

ntkrnlpa.exe-->RtlSubtreePredecessor, Type: EAT modification 0x82D0E7A4-->85A139FB [unknown_code_page]

ntkrnlpa.exe-->RtlSubtreeSuccessor, Type: EAT modification 0x82D0E7A8-->D77DF9CA [unknown_code_page]

ntkrnlpa.exe-->RtlSystemTimeToLocalTime, Type: EAT modification 0x82D0E7AC-->8EA20B9E [unknown_code_page]

ntkrnlpa.exe-->RtlTestBit, Type: EAT modification 0x82D0E7B0-->8595B188 [unknown_code_page]

ntkrnlpa.exe-->RtlTimeFieldsToTime, Type: EAT modification 0x82D0E7B4-->84D1FF84 [unknown_code_page]

ntkrnlpa.exe-->RtlTimeToElapsedTimeFields, Type: EAT modification 0x82D0E7B8-->82A0E003 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlTimeToSecondsSince1970, Type: EAT modification 0x82D0E7BC-->82A0E400 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlTimeToSecondsSince1980, Type: EAT modification 0x82D0E7C0-->82A0E05A [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlTimeToTimeFields, Type: EAT modification 0x82D0E7C4-->8595A978 [unknown_code_page]

ntkrnlpa.exe-->RtlTraceDatabaseAdd, Type: EAT modification 0x82D0E7C8-->84D1FF7C [unknown_code_page]

ntkrnlpa.exe-->RtlTraceDatabaseCreate, Type: EAT modification 0x82D0E7CC-->82A0E003 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlTraceDatabaseDestroy, Type: EAT modification 0x82D0E7D0-->82A0E200 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlTraceDatabaseEnumerate, Type: EAT modification 0x82D0E7D4-->82A0E110 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlTraceDatabaseFind, Type: EAT modification 0x82D0E7D8-->8595A338 [unknown_code_page]

ntkrnlpa.exe-->RtlTraceDatabaseLock, Type: EAT modification 0x82D0E7DC-->85A13AF6 [unknown_code_page]

ntkrnlpa.exe-->RtlTraceDatabaseUnlock, Type: EAT modification 0x82D0E7E0-->D77DF9CA [unknown_code_page]

ntkrnlpa.exe-->RtlTraceDatabaseValidate, Type: EAT modification 0x82D0E7E4-->8EA20B9E [unknown_code_page]

ntkrnlpa.exe-->RtlUlongByteSwap, Type: EAT modification 0x82D0D188-->8595C3E8 [unknown_code_page]

ntkrnlpa.exe-->RtlUlonglongByteSwap, Type: EAT modification 0x82D0D18C-->84D1FF74 [unknown_code_page]

ntkrnlpa.exe-->RtlUnicodeStringToAnsiSize, Type: EAT modification 0x82D0E7E8-->82A0E003 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlUnicodeStringToAnsiString, Type: EAT modification 0x82D0E7EC-->82A0E400 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlUnicodeStringToCountedOemString, Type: EAT modification 0x82D0E7F0-->82A0E074 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlUnicodeStringToInteger, Type: EAT modification 0x82D0E7F4-->8595BBD8 [unknown_code_page]

ntkrnlpa.exe-->RtlUnicodeStringToOemSize, Type: EAT modification 0x82D0E7F8-->84D1FF6C [unknown_code_page]

ntkrnlpa.exe-->RtlUnicodeStringToOemString, Type: EAT modification 0x82D0E7FC-->82A0E003 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlUnicodeToCustomCPN, Type: EAT modification 0x82D0E800-->82A0E200 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlUnicodeToMultiByteN, Type: EAT modification 0x82D0E804-->82A0E111 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlUnicodeToMultiByteSize, Type: EAT modification 0x82D0E808-->8595B598 [unknown_code_page]

ntkrnlpa.exe-->RtlUnicodeToOemN, Type: EAT modification 0x82D0E80C-->85A13C07 [unknown_code_page]

ntkrnlpa.exe-->RtlUnlockBootStatusData, Type: EAT modification 0x82D0E810-->D77DF9CA [unknown_code_page]

ntkrnlpa.exe-->RtlUnwind, Type: EAT modification 0x82D0E814-->8EA20B9E [unknown_code_page]

ntkrnlpa.exe-->RtlUpcaseUnicodeChar, Type: EAT modification 0x82D0E818-->8595D648 [unknown_code_page]

ntkrnlpa.exe-->RtlUpcaseUnicodeString, Type: EAT modification 0x82D0E81C-->84D1FF64 [unknown_code_page]

ntkrnlpa.exe-->RtlUpcaseUnicodeStringToAnsiString, Type: EAT modification 0x82D0E820-->82A0E003 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlUpcaseUnicodeStringToCountedOemString, Type: EAT modification 0x82D0E824-->82A0E400 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlUpcaseUnicodeStringToOemString, Type: EAT modification 0x82D0E828-->82A0E065 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlUpcaseUnicodeToCustomCPN, Type: EAT modification 0x82D0E82C-->8595CE38 [unknown_code_page]

ntkrnlpa.exe-->RtlUpcaseUnicodeToMultiByteN, Type: EAT modification 0x82D0E830-->84D1FF5C [unknown_code_page]

ntkrnlpa.exe-->RtlUpcaseUnicodeToOemN, Type: EAT modification 0x82D0E834-->82A0E003 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlUpperChar, Type: EAT modification 0x82D0E838-->82A0E200 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlUpperString, Type: EAT modification 0x82D0E83C-->82A0E112 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlUshortByteSwap, Type: EAT modification 0x82D0D190-->8595C7F8 [unknown_code_page]

ntkrnlpa.exe-->RtlValidateUnicodeString, Type: EAT modification 0x82D0E84C-->8595E8A8 [unknown_code_page]

ntkrnlpa.exe-->RtlValidRelativeSecurityDescriptor, Type: EAT modification 0x82D0E840-->84D207E4 [unknown_code_page]

ntkrnlpa.exe-->RtlValidSecurityDescriptor, Type: EAT modification 0x82D0E844-->D77DF9CA [unknown_code_page]

ntkrnlpa.exe-->RtlValidSid, Type: EAT modification 0x82D0E848-->8EA20B9E [unknown_code_page]

ntkrnlpa.exe-->RtlVerifyVersionInfo, Type: EAT modification 0x82D0E850-->84D1FF54 [unknown_code_page]

ntkrnlpa.exe-->RtlVolumeDeviceToDosName, Type: EAT modification 0x82D0E854-->82A0E003 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlWalkFrameChain, Type: EAT modification 0x82D0E858-->82A0E400 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlWriteRegistryValue, Type: EAT modification 0x82D0E85C-->82A0E05E [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlxAnsiStringToUnicodeSize, Type: EAT modification 0x82D0E868-->82A0E003 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlxOemStringToUnicodeSize, Type: EAT modification 0x82D0E86C-->82A0E200 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlxUnicodeStringToAnsiSize, Type: EAT modification 0x82D0E870-->82A0E113 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlxUnicodeStringToOemSize, Type: EAT modification 0x82D0E874-->8595DA58 [unknown_code_page]

ntkrnlpa.exe-->RtlZeroHeap, Type: EAT modification 0x82D0E860-->8595E098 [unknown_code_page]

ntkrnlpa.exe-->RtlZeroMemory, Type: EAT modification 0x82D0E864-->84D1FF4C [unknown_code_page]

ntkrnlpa.exe-->SeAccessCheck, Type: EAT modification 0x82D0E878-->82A0E020 [ntkrnlpa.exe]

ntkrnlpa.exe-->SeAccessCheckFromState, Type: EAT modification 0x82D0E87C-->D77DF9CA [unknown_code_page]

ntkrnlpa.exe-->SeAppendPrivileges, Type: EAT modification 0x82D0E880-->8EA20B9E [unknown_code_page]

ntkrnlpa.exe-->SeAssignSecurity, Type: EAT modification 0x82D0E884-->8595FB08 [unknown_code_page]

ntkrnlpa.exe-->SeAssignSecurityEx, Type: EAT modification 0x82D0E888-->84D1FF44 [unknown_code_page]

ntkrnlpa.exe-->SeAuditHardLinkCreation, Type: EAT modification 0x82D0E88C-->82A0E003 [ntkrnlpa.exe]

ntkrnlpa.exe-->SeAuditHardLinkCreationWithTransaction, Type: EAT modification 0x82D0E890-->82A0E400 [ntkrnlpa.exe]

ntkrnlpa.exe-->SeAuditingFileEvents, Type: EAT modification 0x82D0E898-->8595F2F8 [unknown_code_page]

ntkrnlpa.exe-->SeAuditingFileEventsWithContext, Type: EAT modification 0x82D0E89C-->84D1FF3C [unknown_code_page]

ntkrnlpa.exe-->SeAuditingFileOrGlobalEvents, Type: EAT modification 0x82D0E8A0-->82A0E003 [ntkrnlpa.exe]

ntkrnlpa.exe-->SeAuditingHardLinkEvents, Type: EAT modification 0x82D0E8A4-->82A0E200 [ntkrnlpa.exe]

ntkrnlpa.exe-->SeAuditingHardLinkEventsWithContext, Type: EAT modification 0x82D0E8A8-->82A0E114 [ntkrnlpa.exe]

ntkrnlpa.exe-->SeAuditTransactionStateChange, Type: EAT modification 0x82D0E894-->82A0E062 [ntkrnlpa.exe]

ntkrnlpa.exe-->SeCaptureSecurityDescriptor, Type: EAT modification 0x82D0E8AC-->8595ECB8 [unknown_code_page]

ntkrnlpa.exe-->SeCaptureSubjectContext, Type: EAT modification 0x82D0E8B0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->SeCaptureSubjectContextEx, Type: EAT modification 0x82D0E8B4-->D77DF9CA [unknown_code_page]

ntkrnlpa.exe-->SeCloseObjectAuditAlarm, Type: EAT modification 0x82D0E8B8-->8EA20B9E [unknown_code_page]

ntkrnlpa.exe-->SeCloseObjectAuditAlarmForNonObObject, Type: EAT modification 0x82D0E8BC-->85960D68 [unknown_code_page]

ntkrnlpa.exe-->SeComputeAutoInheritByObjectType, Type: EAT modification 0x82D0E8C0-->84D1FF34 [unknown_code_page]

ntkrnlpa.exe-->SeCreateAccessState, Type: EAT modification 0x82D0E8C4-->82A0E003 [ntkrnlpa.exe]

ntkrnlpa.exe-->SeCreateAccessStateEx, Type: EAT modification 0x82D0E8C8-->82A0E400 [ntkrnlpa.exe]

ntkrnlpa.exe-->SeCreateClientSecurity, Type: EAT modification 0x82D0E8CC-->82A0E058 [ntkrnlpa.exe]

ntkrnlpa.exe-->SeCreateClientSecurityFromSubjectContext, Type: EAT modification 0x82D0E8D0-->85960558 [unknown_code_page]

ntkrnlpa.exe-->SeDeassignSecurity, Type: EAT modification 0x82D0E8D4-->84D1FF2C [unknown_code_page]

ntkrnlpa.exe-->SeDeleteAccessState, Type: EAT modification 0x82D0E8D8-->82A0E003 [ntkrnlpa.exe]

ntkrnlpa.exe-->SeDeleteObjectAuditAlarm, Type: EAT modification 0x82D0E8DC-->82A0E200 [ntkrnlpa.exe]

ntkrnlpa.exe-->SeDeleteObjectAuditAlarmWithTransaction, Type: EAT modification 0x82D0E8E0-->82A0E115 [ntkrnlpa.exe]

ntkrnlpa.exe-->SeExamineSacl, Type: EAT modification 0x82D0E8E4-->8595FF18 [unknown_code_page]

ntkrnlpa.exe-->SeExports, Type: EAT modification 0x82D0E8E8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->SeFilterToken, Type: EAT modification 0x82D0E8EC-->D77DF9CA [unknown_code_page]

ntkrnlpa.exe-->SeFreePrivileges, Type: EAT modification 0x82D0E8F0-->8EA20B9E [unknown_code_page]

ntkrnlpa.exe-->SeGetLinkedToken, Type: EAT modification 0x82D0E8F4-->85961FC8 [unknown_code_page]

ntkrnlpa.exe-->SeImpersonateClient, Type: EAT modification 0x82D0E8F8-->84D1FF24 [unknown_code_page]

ntkrnlpa.exe-->SeImpersonateClientEx, Type: EAT modification 0x82D0E8FC-->82A0E003 [ntkrnlpa.exe]

ntkrnlpa.exe-->SeLocateProcessImageName, Type: EAT modification 0x82D0E900-->82A0E400 [ntkrnlpa.exe]

ntkrnlpa.exe-->SeLockSubjectContext, Type: EAT modification 0x82D0E904-->82A0E058 [ntkrnlpa.exe]

ntkrnlpa.exe-->SeMarkLogonSessionForTerminationNotification, Type: EAT modification 0x82D0E908-->859617B8 [unknown_code_page]

ntkrnlpa.exe-->SeOpenObjectAuditAlarm, Type: EAT modification 0x82D0E90C-->84D1FF1C [unknown_code_page]

ntkrnlpa.exe-->SeOpenObjectAuditAlarmForNonObObject, Type: EAT modification 0x82D0E910-->82A0E003 [ntkrnlpa.exe]

ntkrnlpa.exe-->SeOpenObjectAuditAlarmWithTransaction, Type: EAT modification 0x82D0E914-->82A0E200 [ntkrnlpa.exe]

ntkrnlpa.exe-->SeOpenObjectForDeleteAuditAlarm, Type: EAT modification 0x82D0E918-->82A0E116 [ntkrnlpa.exe]

ntkrnlpa.exe-->SeOpenObjectForDeleteAuditAlarmWithTransaction, Type: EAT modification 0x82D0E91C-->85961178 [unknown_code_page]

ntkrnlpa.exe-->SePrivilegeCheck, Type: EAT modification 0x82D0E920-->82A3E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->SePrivilegeObjectAuditAlarm, Type: EAT modification 0x82D0E924-->D77DF9CA [unknown_code_page]

ntkrnlpa.exe-->SePublicDefaultDacl, Type: EAT modification 0x82D0E928-->8EA20B9E [unknown_code_page]

ntkrnlpa.exe-->SeQueryAuthenticationIdToken, Type: EAT modification 0x82D0E92C-->85963228 [unknown_code_page]

ntkrnlpa.exe-->SeQueryInformationToken, Type: EAT modification 0x82D0E930-->84D1FF14 [unknown_code_page]

ntkrnlpa.exe-->SeQuerySecurityDescriptorInfo, Type: EAT modification 0x82D0E934-->82A0E003 [ntkrnlpa.exe]

ntkrnlpa.exe-->SeQuerySessionIdToken, Type: EAT modification 0x82D0E938-->82A0E400 [ntkrnlpa.exe]

ntkrnlpa.exe-->SeRegisterLogonSessionTerminatedRoutine, Type: EAT modification 0x82D0E93C-->82A0E065 [ntkrnlpa.exe]

ntkrnlpa.exe-->SeReleaseSecurityDescriptor, Type: EAT modification 0x82D0E940-->85962A18 [unknown_code_page]

ntkrnlpa.exe-->SeReleaseSubjectContext, Type: EAT modification 0x82D0E944-->84D1FF0C [unknown_code_page]

ntkrnlpa.exe-->SeReportSecurityEvent, Type: EAT modification 0x82D0E948-->82A0E003 [ntkrnlpa.exe]

ntkrnlpa.exe-->SeReportSecurityEventWithSubCategory, Type: EAT modification 0x82D0E94C-->82A0E200 [ntkrnlpa.exe]

ntkrnlpa.exe-->SeSetAccessStateGenericMapping, Type: EAT modification 0x82D0E950-->82A0E117 [ntkrnlpa.exe]

ntkrnlpa.exe-->SeSetAuditParameter, Type: EAT modification 0x82D0E954-->859623D8 [unknown_code_page]

ntkrnlpa.exe-->SeSetAuthorizationCallbacks, Type: EAT modification 0x82D0E958-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->SeSetSecurityDescriptorInfo, Type: EAT modification 0x82D0E95C-->D77DF9CA [unknown_code_page]

ntkrnlpa.exe-->SeSetSecurityDescriptorInfoEx, Type: EAT modification 0x82D0E960-->8EA20B9E [unknown_code_page]

ntkrnlpa.exe-->SeSinglePrivilegeCheck, Type: EAT modification 0x82D0E964-->85964488 [unknown_code_page]

ntkrnlpa.exe-->SeSystemDefaultDacl, Type: EAT modification 0x82D0E968-->84D1FF04 [unknown_code_page]

ntkrnlpa.exe-->SeTokenImpersonationLevel, Type: EAT modification 0x82D0E96C-->82A0E003 [ntkrnlpa.exe]

ntkrnlpa.exe-->SeTokenIsAdmin, Type: EAT modification 0x82D0E970-->82A0E400 [ntkrnlpa.exe]

ntkrnlpa.exe-->SeTokenIsRestricted, Type: EAT modification 0x82D0E974-->82A0E065 [ntkrnlpa.exe]

ntkrnlpa.exe-->SeTokenIsWriteRestricted, Type: EAT modification 0x82D0E978-->85963C78 [unknown_code_page]

ntkrnlpa.exe-->SeTokenObjectType, Type: EAT modification 0x82D0E97C-->84D1FEFC [unknown_code_page]

ntkrnlpa.exe-->SeTokenType, Type: EAT modification 0x82D0E980-->82A0E003 [ntkrnlpa.exe]

ntkrnlpa.exe-->SeUnlockSubjectContext, Type: EAT modification 0x82D0E984-->82A0E200 [ntkrnlpa.exe]

ntkrnlpa.exe-->SeUnregisterLogonSessionTerminatedRoutine, Type: EAT modification 0x82D0E988-->82A0E118 [ntkrnlpa.exe]

ntkrnlpa.exe-->SeValidSecurityDescriptor, Type: EAT modification 0x82D0E98C-->85963638 [unknown_code_page]

ntkrnlpa.exe-->sprintf, Type: EAT modification 0x82D0EE3C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->srand, Type: EAT modification 0x82D0EE40-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->strcat, Type: EAT modification 0x82D0EE44-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->strchr, Type: EAT modification 0x82D0EE48-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->strcmp, Type: EAT modification 0x82D0EE4C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->strcpy, Type: EAT modification 0x82D0EE50-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->strlen, Type: EAT modification 0x82D0EE54-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->strncat, Type: EAT modification 0x82D0EE58-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->strncmp, Type: EAT modification 0x82D0EE5C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->strncpy, Type: EAT modification 0x82D0EE60-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->strrchr, Type: EAT modification 0x82D0EE64-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->strspn, Type: EAT modification 0x82D0EE68-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->strstr, Type: EAT modification 0x82D0EE6C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->swprintf, Type: EAT modification 0x82D0EE70-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->TmCancelPropagationRequest, Type: EAT modification 0x82D0E990-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->TmCommitComplete, Type: EAT modification 0x82D0E994-->D77DF9CA [unknown_code_page]

ntkrnlpa.exe-->TmCommitEnlistment, Type: EAT modification 0x82D0E998-->8EA20B9E [unknown_code_page]

ntkrnlpa.exe-->TmCommitTransaction, Type: EAT modification 0x82D0E99C-->859666E8 [unknown_code_page]

ntkrnlpa.exe-->TmCreateEnlistment, Type: EAT modification 0x82D0E9A0-->84D1FEF4 [unknown_code_page]

ntkrnlpa.exe-->TmCurrentTransaction, Type: EAT modification 0x82D0E9A4-->82A0E003 [ntkrnlpa.exe]

ntkrnlpa.exe-->TmDereferenceEnlistmentKey, Type: EAT modification 0x82D0E9A8-->82A0E400 [ntkrnlpa.exe]

ntkrnlpa.exe-->TmEnableCallbacks, Type: EAT modification 0x82D0E9AC-->82A0E061 [ntkrnlpa.exe]

ntkrnlpa.exe-->TmEndPropagationRequest, Type: EAT modification 0x82D0E9B0-->85965ED8 [unknown_code_page]

ntkrnlpa.exe-->TmEnlistmentObjectType, Type: EAT modification 0x82D0E9B4-->84D1FEEC [unknown_code_page]

ntkrnlpa.exe-->TmFreezeTransactions, Type: EAT modification 0x82D0E9B8-->82A0E003 [ntkrnlpa.exe]

ntkrnlpa.exe-->TmGetTransactionId, Type: EAT modification 0x82D0E9BC-->82A0E200 [ntkrnlpa.exe]

ntkrnlpa.exe-->TmInitializeResourceManager, Type: EAT modification 0x82D0E9C8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->TmInitializeTransaction, Type: EAT modification 0x82D0E9CC-->D77DF9CA [unknown_code_page]

ntkrnlpa.exe-->TmInitSystem, Type: EAT modification 0x82D0E9C0-->82A0E119 [ntkrnlpa.exe]

ntkrnlpa.exe-->TmInitSystemPhase2, Type: EAT modification 0x82D0E9C4-->85965898 [unknown_code_page]

ntkrnlpa.exe-->TmIsTransactionActive, Type: EAT modification 0x82D0E9D0-->8EA20B9E [unknown_code_page]

ntkrnlpa.exe-->TmpIsKTMCommitCoordinator, Type: EAT modification 0x82D0EA24-->8590C238 [unknown_code_page]

ntkrnlpa.exe-->TmPrepareComplete, Type: EAT modification 0x82D0E9DC-->82A0E003 [ntkrnlpa.exe]

ntkrnlpa.exe-->TmPrepareEnlistment, Type: EAT modification 0x82D0E9E0-->82A0E400 [ntkrnlpa.exe]

ntkrnlpa.exe-->TmPrePrepareComplete, Type: EAT modification 0x82D0E9D4-->85967948 [unknown_code_page]

ntkrnlpa.exe-->TmPrePrepareEnlistment, Type: EAT modification 0x82D0E9D8-->84D1FEE4 [unknown_code_page]

ntkrnlpa.exe-->TmPropagationComplete, Type: EAT modification 0x82D0E9E4-->82A0E062 [ntkrnlpa.exe]

ntkrnlpa.exe-->TmPropagationFailed, Type: EAT modification 0x82D0E9E8-->85967138 [unknown_code_page]

ntkrnlpa.exe-->TmReadOnlyEnlistment, Type: EAT modification 0x82D0E9EC-->84D1FEDC [unknown_code_page]

ntkrnlpa.exe-->TmRecoverEnlistment, Type: EAT modification 0x82D0E9F0-->82A0E003 [ntkrnlpa.exe]

ntkrnlpa.exe-->TmRecoverResourceManager, Type: EAT modification 0x82D0E9F4-->82A0E200 [ntkrnlpa.exe]

ntkrnlpa.exe-->TmRecoverTransactionManager, Type: EAT modification 0x82D0E9F8-->82A0E11A [ntkrnlpa.exe]

ntkrnlpa.exe-->TmReferenceEnlistmentKey, Type: EAT modification 0x82D0E9FC-->85966AF8 [unknown_code_page]

ntkrnlpa.exe-->TmRequestOutcomeEnlistment, Type: EAT modification 0x82D0EA00-->82A0E002 [ntkrnlpa.exe]

ntkrnlpa.exe-->TmResourceManagerObjectType, Type: EAT modification 0x82D0EA04-->D37CF9CF [unknown_code_page]

ntkrnlpa.exe-->TmRollbackComplete, Type: EAT modification 0x82D0EA08-->82A20B9E [ntkrnlpa.exe]

ntkrnlpa.exe-->TmRollbackEnlistment, Type: EAT modification 0x82D0EA0C-->82C047B0 [ntkrnlpa.exe]

ntkrnlpa.exe-->TmRollbackTransaction, Type: EAT modification 0x82D0EA10-->85AC0F40 [unknown_code_page]

ntkrnlpa.exe-->TmThawTransactions, Type: EAT modification 0x82D0EA18-->8AA20B9B [unknown_code_page]

ntkrnlpa.exe-->TmTransactionManagerObjectType, Type: EAT modification 0x82D0EA1C-->859B4E50 [unknown_code_page]

ntkrnlpa.exe-->TmTransactionObjectType, Type: EAT modification 0x82D0EA20-->82C61660 [ntkrnlpa.exe]

ntkrnlpa.exe-->tolower, Type: EAT modification 0x82D0EE74-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->toupper, Type: EAT modification 0x82D0EE78-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->towlower, Type: EAT modification 0x82D0EE7C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->towupper, Type: EAT modification 0x82D0EE80-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->vDbgPrintEx, Type: EAT modification 0x82D0EE84-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->vDbgPrintExWithPrefix, Type: EAT modification 0x82D0EE88-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->VerSetConditionMask, Type: EAT modification 0x82D0EA28-->8590C240 [unknown_code_page]

ntkrnlpa.exe-->VfFailDeviceNode, Type: EAT modification 0x82D0EA2C-->82BE5CB8 [ntkrnlpa.exe]

ntkrnlpa.exe-->VfFailDriver, Type: EAT modification 0x82D0EA30-->8599E050 [unknown_code_page]

ntkrnlpa.exe-->VfFailSystemBIOS, Type: EAT modification 0x82D0EA34-->829FE000 [unknown_code_page]

ntkrnlpa.exe-->VfIsVerificationEnabled, Type: EAT modification 0x82D0EA38-->82A0E153 [ntkrnlpa.exe]

ntkrnlpa.exe-->vsprintf, Type: EAT modification 0x82D0EE8C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->wcscat, Type: EAT modification 0x82D0EE90-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->wcschr, Type: EAT modification 0x82D0EE94-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->wcscmp, Type: EAT modification 0x82D0EE98-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->wcscpy, Type: EAT modification 0x82D0EE9C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->wcscspn, Type: EAT modification 0x82D0EEA0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->wcslen, Type: EAT modification 0x82D0EEA4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->wcsncat, Type: EAT modification 0x82D0EEA8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->wcsncmp, Type: EAT modification 0x82D0EEAC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->wcsncpy, Type: EAT modification 0x82D0EEB0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->wcsrchr, Type: EAT modification 0x82D0EEB4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->wcsspn, Type: EAT modification 0x82D0EEB8-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->wcsstr, Type: EAT modification 0x82D0EEBC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->wcstombs, Type: EAT modification 0x82D0EEC0-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->wctomb, Type: EAT modification 0x82D0EEC4-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->WheaAddErrorSource, Type: EAT modification 0x82D0EA54-->829FE000 [unknown_code_page]

ntkrnlpa.exe-->WheaGetErrorSource, Type: EAT modification 0x82D0EA58-->82A0E093 [ntkrnlpa.exe]

ntkrnlpa.exe-->WheaRegisterErrSrcInitializer, Type: EAT modification 0x82D0EA5C-->82A0E045 [ntkrnlpa.exe]

ntkrnlpa.exe-->WheaReportHwError, Type: EAT modification 0x82D0EA60-->82D1E01D [ntkrnlpa.exe]

ntkrnlpa.exe-->WmiGetClock, Type: EAT modification 0x82D0D194-->8590BFB0 [unknown_code_page]

ntkrnlpa.exe-->WmiQueryTraceInformation, Type: EAT modification 0x82D0EA64-->82A0E002 [ntkrnlpa.exe]

ntkrnlpa.exe-->WmiTraceMessage, Type: EAT modification 0x82D0EA68-->82BE5F90 [ntkrnlpa.exe]

ntkrnlpa.exe-->WmiTraceMessageVa, Type: EAT modification 0x82D0EA6C-->8599AF78 [unknown_code_page]

ntkrnlpa.exe-->WRITE_REGISTER_BUFFER_UCHAR, Type: EAT modification 0x82D0EA3C-->82A0E003 [ntkrnlpa.exe]

ntkrnlpa.exe-->WRITE_REGISTER_BUFFER_ULONG, Type: EAT modification 0x82D0EA40-->82A2E029 [ntkrnlpa.exe]

ntkrnlpa.exe-->WRITE_REGISTER_BUFFER_USHORT, Type: EAT modification 0x82D0EA44-->82C61A28 [ntkrnlpa.exe]

ntkrnlpa.exe-->WRITE_REGISTER_UCHAR, Type: EAT modification 0x82D0EA48-->82A0E003 [ntkrnlpa.exe]

ntkrnlpa.exe-->WRITE_REGISTER_ULONG, Type: EAT modification 0x82D0EA4C-->82BE6FD0 [ntkrnlpa.exe]

ntkrnlpa.exe-->WRITE_REGISTER_USHORT, Type: EAT modification 0x82D0EA50-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->XIPDispatch, Type: EAT modification 0x82D0EA70-->829FE000 [unknown_code_page]

ntkrnlpa.exe-->ZwAccessCheckAndAuditAlarm, Type: EAT modification 0x82D0EA74-->82A0E0B4 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwAddBootEntry, Type: EAT modification 0x82D0EA78-->82A0E00A [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwAddDriverEntry, Type: EAT modification 0x82D0EA7C-->82A9E032 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwAdjustPrivilegesToken, Type: EAT modification 0x82D0EA80-->8590C110 [unknown_code_page]

ntkrnlpa.exe-->ZwAlertThread, Type: EAT modification 0x82D0EA84-->82A0E001 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwAllocateLocallyUniqueId, Type: EAT modification 0x82D0EA88-->82BE71D8 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwAllocateVirtualMemory, Type: EAT modification 0x82D0EA8C-->85B620E8 [unknown_code_page]

ntkrnlpa.exe-->ZwAlpcAcceptConnectPort, Type: EAT modification 0x82D0EA90-->82FBE015 [unknown_code_page]

ntkrnlpa.exe-->ZwAlpcCancelMessage, Type: EAT modification 0x82D0EA94-->82A0F0A1 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwAlpcConnectPort, Type: EAT modification 0x82D0EA98-->82A0E059 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwAlpcCreatePort, Type: EAT modification 0x82D0EA9C-->82D6E016 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwAlpcCreatePortSection, Type: EAT modification 0x82D0EAA0-->85AFAC28 [unknown_code_page]

ntkrnlpa.exe-->ZwAlpcCreateResourceReserve, Type: EAT modification 0x82D0EAA4-->82A0E007 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwAlpcCreateSectionView, Type: EAT modification 0x82D0EAA8-->82BE5F90 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwAlpcCreateSecurityContext, Type: EAT modification 0x82D0EAAC-->85948458 [unknown_code_page]

ntkrnlpa.exe-->ZwAlpcDeletePortSection, Type: EAT modification 0x82D0EAB0-->829FE000 [unknown_code_page]

ntkrnlpa.exe-->ZwAlpcDeleteResourceReserve, Type: EAT modification 0x82D0EAB4-->82A0E0A1 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwAlpcDeleteSectionView, Type: EAT modification 0x82D0EAB8-->82A0E00A [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwAlpcDeleteSecurityContext, Type: EAT modification 0x82D0EABC-->82A9E032 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwAlpcDisconnectPort, Type: EAT modification 0x82D0EAC0-->82C61988 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwAlpcQueryInformation, Type: EAT modification 0x82D0EAC4-->82A0E001 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwAlpcSendWaitReceivePort, Type: EAT modification 0x82D0EAC8-->82BE5E58 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwAlpcSetInformation, Type: EAT modification 0x82D0EACC-->859FD540 [unknown_code_page]

ntkrnlpa.exe-->ZwAssignProcessToJobObject, Type: EAT modification 0x82D0EAD0-->829FE000 [unknown_code_page]

ntkrnlpa.exe-->ZwCancelIoFile, Type: EAT modification 0x82D0EAD4-->82A0E204 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwCancelTimer, Type: EAT modification 0x82D0EAD8-->82A0E007 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwClearEvent, Type: EAT modification 0x82D0EADC-->82A6E024 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwClose, Type: EAT modification 0x82D0EAE0-->82C618A8 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwCloseObjectAuditAlarm, Type: EAT modification 0x82D0EAE4-->82A0E001 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwCommitEnlistment, Type: EAT modification 0x82D0EAE8-->82BE5D88 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwCommitTransaction, Type: EAT modification 0x82D0EAEC-->85944F98 [unknown_code_page]

ntkrnlpa.exe-->ZwConnectPort, Type: EAT modification 0x82D0EAF0-->829FE000 [unknown_code_page]

ntkrnlpa.exe-->ZwCreateDirectoryObject, Type: EAT modification 0x82D0EAF4-->82A0E330 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwCreateEnlistment, Type: EAT modification 0x82D0EAF8-->82A0E005 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwCreateEvent, Type: EAT modification 0x82D0EAFC-->82A4E065 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwCreateFile, Type: EAT modification 0x82D0EB00-->8590BEF0 [unknown_code_page]

ntkrnlpa.exe-->ZwCreateIoCompletion, Type: EAT modification 0x82D0EB04-->82A0E001 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwCreateJobObject, Type: EAT modification 0x82D0EB08-->82BE5F28 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwCreateKey, Type: EAT modification 0x82D0EB0C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwCreateKeyTransacted, Type: EAT modification 0x82D0EB10-->829FE000 [unknown_code_page]

ntkrnlpa.exe-->ZwCreateResourceManager, Type: EAT modification 0x82D0EB14-->82A0E0C6 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwCreateSection, Type: EAT modification 0x82D0EB18-->82A0E009 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwCreateSymbolicLinkObject, Type: EAT modification 0x82D0EB1C-->82A8E038 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwCreateTimer, Type: EAT modification 0x82D0EB20-->8590BEB0 [unknown_code_page]

ntkrnlpa.exe-->ZwCreateTransaction, Type: EAT modification 0x82D0EB24-->82A0E002 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwCreateTransactionManager, Type: EAT modification 0x82D0EB28-->82BE6060 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwDeleteBootEntry, Type: EAT modification 0x82D0EB2C-->85AF78E8 [unknown_code_page]

ntkrnlpa.exe-->ZwDeleteDriverEntry, Type: EAT modification 0x82D0EB30-->829FE000 [unknown_code_page]

ntkrnlpa.exe-->ZwDeleteFile, Type: EAT modification 0x82D0EB34-->82A0E196 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwDeleteKey, Type: EAT modification 0x82D0EB38-->82A0E00C [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwDeleteValueKey, Type: EAT modification 0x82D0EB3C-->82ABE02A [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwDeviceIoControlFile, Type: EAT modification 0x82D0EB40-->8590C070 [unknown_code_page]

ntkrnlpa.exe-->ZwDisplayString, Type: EAT modification 0x82D0EB44-->82A0E003 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwDuplicateObject, Type: EAT modification 0x82D0EB48-->82BE6130 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwDuplicateToken, Type: EAT modification 0x82D0EB4C-->85BAA188 [unknown_code_page]

ntkrnlpa.exe-->ZwEnumerateBootEntries, Type: EAT modification 0x82D0EB50-->829FE000 [unknown_code_page]

ntkrnlpa.exe-->ZwEnumerateDriverEntries, Type: EAT modification 0x82D0EB54-->82A0E142 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwEnumerateKey, Type: EAT modification 0x82D0EB58-->82A0E00E [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwEnumerateTransactionObject, Type: EAT modification 0x82D0EB5C-->82ADE024 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwEnumerateValueKey, Type: EAT modification 0x82D0EB60-->85A29580 [unknown_code_page]

ntkrnlpa.exe-->ZwFlushBuffersFile, Type: EAT modification 0x82D0EB64-->82A0E001 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwFlushInstructionCache, Type: EAT modification 0x82D0EB68-->82BE5DF0 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwFlushKey, Type: EAT modification 0x82D0EB6C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwFlushVirtualMemory, Type: EAT modification 0x82D0EB70-->829FE000 [unknown_code_page]

ntkrnlpa.exe-->ZwFreeVirtualMemory, Type: EAT modification 0x82D0EB74-->82A0E18A [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwFsControlFile, Type: EAT modification 0x82D0EB78-->82A0E006 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwGetNotificationResourceManager, Type: EAT modification 0x82D0EB7C-->82A5E02A [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwImpersonateAnonymousToken, Type: EAT modification 0x82D0EB80-->82C617A8 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwInitiatePowerAction, Type: EAT modification 0x82D0EB84-->82A0E002 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwIsProcessInJob, Type: EAT modification 0x82D0EB88-->82BE6FD0 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwLoadDriver, Type: EAT modification 0x82D0EB8C-->85902048 [unknown_code_page]

ntkrnlpa.exe-->ZwLoadKey, Type: EAT modification 0x82D0EB90-->829FE000 [unknown_code_page]

ntkrnlpa.exe-->ZwLoadKeyEx, Type: EAT modification 0x82D0EB94-->82A0E1E0 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwLockProductActivationKeys, Type: EAT modification 0x82D0EB98-->82A0E045 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwMakeTemporaryObject, Type: EAT modification 0x82D0EB9C-->82D1E01D [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwMapViewOfSection, Type: EAT modification 0x82D0EBA0-->85A296C0 [unknown_code_page]

ntkrnlpa.exe-->ZwModifyBootEntry, Type: EAT modification 0x82D0EBA4-->82A0E001 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwModifyDriverEntry, Type: EAT modification 0x82D0EBA8-->82BE6FD0 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwNotifyChangeKey, Type: EAT modification 0x82D0EBAC-->85B5A0E8 [unknown_code_page]

ntkrnlpa.exe-->ZwOpenDirectoryObject, Type: EAT modification 0x82D0EBB0-->82A2E001 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwOpenEnlistment, Type: EAT modification 0x82D0EBB4-->82A20D96 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwOpenEvent, Type: EAT modification 0x82D0EBB8-->82A0E045 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwOpenFile, Type: EAT modification 0x82D0EBBC-->82D1E01D [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwOpenJobObject, Type: EAT modification 0x82D0EBC0-->85A296A0 [unknown_code_page]

ntkrnlpa.exe-->ZwOpenKey, Type: EAT modification 0x82D0EBC4-->82A0E003 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwOpenKeyTransacted, Type: EAT modification 0x82D0EBC8-->82BE6268 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwOpenProcess, Type: EAT modification 0x82D0EBCC-->85BAD6B8 [unknown_code_page]

ntkrnlpa.exe-->ZwOpenProcessToken, Type: EAT modification 0x82D0EBD0-->836EE02A [unknown_code_page]

ntkrnlpa.exe-->ZwOpenProcessTokenEx, Type: EAT modification 0x82D0EBD4-->82A0E4DB [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwOpenResourceManager, Type: EAT modification 0x82D0EBD8-->82A0E011 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwOpenSection, Type: EAT modification 0x82D0EBDC-->82B0E03C [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwOpenSymbolicLinkObject, Type: EAT modification 0x82D0EBE0-->82C61A28 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwOpenThread, Type: EAT modification 0x82D0EBE4-->82A0E007 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwOpenThreadToken, Type: EAT modification 0x82D0EBE8-->82BE5D88 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwOpenThreadTokenEx, Type: EAT modification 0x82D0EBEC-->85B46DD0 [unknown_code_page]

ntkrnlpa.exe-->ZwOpenTimer, Type: EAT modification 0x82D0EBF0-->829FE000 [unknown_code_page]

ntkrnlpa.exe-->ZwOpenTransaction, Type: EAT modification 0x82D0EBF4-->82A0E073 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwOpenTransactionManager, Type: EAT modification 0x82D0EBF8-->82A0E005 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwPowerInformation, Type: EAT modification 0x82D0EBFC-->82A4E032 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwPrepareComplete, Type: EAT modification 0x82D0EC04-->82A0E001 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwPrepareEnlistment, Type: EAT modification 0x82D0EC08-->82BE5CB8 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwPrePrepareEnlistment, Type: EAT modification 0x82D0EC00-->859B4EB8 [unknown_code_page]

ntkrnlpa.exe-->ZwPulseEvent, Type: EAT modification 0x82D0EC0C-->85A9C050 [unknown_code_page]

ntkrnlpa.exe-->ZwQueryBootEntryOrder, Type: EAT modification 0x82D0EC10-->82A8E007 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwQueryBootOptions, Type: EAT modification 0x82D0EC14-->82A0E270 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwQueryDefaultLocale, Type: EAT modification 0x82D0EC18-->82A0E003 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwQueryDefaultUILanguage, Type: EAT modification 0x82D0EC1C-->82A2E029 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwQueryDirectoryFile, Type: EAT modification 0x82D0EC20-->859B50F8 [unknown_code_page]

ntkrnlpa.exe-->ZwQueryDirectoryObject, Type: EAT modification 0x82D0EC24-->82A0E003 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwQueryDriverEntryOrder, Type: EAT modification 0x82D0EC28-->82BE5DF0 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwQueryEaFile, Type: EAT modification 0x82D0EC2C-->85A75838 [unknown_code_page]

ntkrnlpa.exe-->ZwQueryFullAttributesFile, Type: EAT modification 0x82D0EC30-->829FE000 [unknown_code_page]

ntkrnlpa.exe-->ZwQueryInformationEnlistment, Type: EAT modification 0x82D0EC34-->82A0E12C [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwQueryInformationFile, Type: EAT modification 0x82D0EC38-->82A0E006 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwQueryInformationJobObject, Type: EAT modification 0x82D0EC3C-->82A5E02A [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwQueryInformationProcess, Type: EAT modification 0x82D0EC40-->85AFAAE8 [unknown_code_page]

ntkrnlpa.exe-->ZwQueryInformationResourceManager, Type: EAT modification 0x82D0EC44-->82A0E001 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwQueryInformationThread, Type: EAT modification 0x82D0EC48-->82BE5C50 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwQueryInformationToken, Type: EAT modification 0x82D0EC4C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwQueryInformationTransaction, Type: EAT modification 0x82D0EC50-->829FE000 [unknown_code_page]

ntkrnlpa.exe-->ZwQueryInformationTransactionManager, Type: EAT modification 0x82D0EC54-->82A0E0DF [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwQueryInstallUILanguage, Type: EAT modification 0x82D0EC58-->82A0E002 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwQueryKey, Type: EAT modification 0x82D0EC5C-->82A1E03E [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwQueryLicenseValue, Type: EAT modification 0x82D0EC60-->8590C0B0 [unknown_code_page]

ntkrnlpa.exe-->ZwQueryObject, Type: EAT modification 0x82D0EC64-->82A0E002 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwQuerySection, Type: EAT modification 0x82D0EC68-->82BE5D88 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwQuerySecurityObject, Type: EAT modification 0x82D0EC6C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwQuerySymbolicLinkObject, Type: EAT modification 0x82D0EC70-->829FE000 [unknown_code_page]

ntkrnlpa.exe-->ZwQuerySystemInformation, Type: EAT modification 0x82D0EC74-->82A0E0E8 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwQueryValueKey, Type: EAT modification 0x82D0EC78-->82A0E005 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwQueryVirtualMemory, Type: EAT modification 0x82D0EC7C-->82A4E032 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwQueryVolumeInformationFile, Type: EAT modification 0x82D0EC80-->8590C230 [unknown_code_page]

ntkrnlpa.exe-->ZwReadFile, Type: EAT modification 0x82D0EC84-->82A0E002 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwRecoverEnlistment, Type: EAT modification 0x82D0EC88-->82BE5D20 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwRecoverResourceManager, Type: EAT modification 0x82D0EC8C-->8599D008 [unknown_code_page]

ntkrnlpa.exe-->ZwRecoverTransactionManager, Type: EAT modification 0x82D0EC90-->829FE000 [unknown_code_page]

ntkrnlpa.exe-->ZwRemoveIoCompletion, Type: EAT modification 0x82D0EC94-->82A0E137 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwRemoveIoCompletionEx, Type: EAT modification 0x82D0EC98-->82A0E004 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwReplaceKey, Type: EAT modification 0x82D0EC9C-->82A3E03F [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwRequestPort, Type: EAT modification 0x82D0ECA0-->8590BE70 [unknown_code_page]

ntkrnlpa.exe-->ZwRequestWaitReplyPort, Type: EAT modification 0x82D0ECA4-->82A0E001 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwResetEvent, Type: EAT modification 0x82D0ECA8-->82BE5DF0 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwRestoreKey, Type: EAT modification 0x82D0ECAC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwRollbackEnlistment, Type: EAT modification 0x82D0ECB0-->829FE000 [unknown_code_page]

ntkrnlpa.exe-->ZwRollbackTransaction, Type: EAT modification 0x82D0ECB4-->82A0E0D2 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwSaveKey, Type: EAT modification 0x82D0ECB8-->82A0E006 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwSaveKeyEx, Type: EAT modification 0x82D0ECBC-->82A5E02A [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwSecureConnectPort, Type: EAT modification 0x82D0ECC0-->8590C0D0 [unknown_code_page]

ntkrnlpa.exe-->ZwSetBootEntryOrder, Type: EAT modification 0x82D0ECC4-->82A0E002 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwSetBootOptions, Type: EAT modification 0x82D0ECC8-->82BE5CB8 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwSetDefaultLocale, Type: EAT modification 0x82D0ECCC-->859B2968 [unknown_code_page]

ntkrnlpa.exe-->ZwSetDefaultUILanguage, Type: EAT modification 0x82D0ECD0-->829FE000 [unknown_code_page]

ntkrnlpa.exe-->ZwSetDriverEntryOrder, Type: EAT modification 0x82D0ECD4-->82A0E128 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwSetEaFile, Type: EAT modification 0x82D0ECD8-->82A0E003 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwSetEvent, Type: EAT modification 0x82D0ECDC-->82A2E029 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwSetInformationEnlistment, Type: EAT modification 0x82D0ECE0-->859B5038 [unknown_code_page]

ntkrnlpa.exe-->ZwSetInformationFile, Type: EAT modification 0x82D0ECE4-->82A0E003 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwSetInformationJobObject, Type: EAT modification 0x82D0ECE8-->82BE5D20 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwSetInformationObject, Type: EAT modification 0x82D0ECEC-->859422D8 [unknown_code_page]

ntkrnlpa.exe-->ZwSetInformationProcess, Type: EAT modification 0x82D0ECF0-->829FE000 [unknown_code_page]

ntkrnlpa.exe-->ZwSetInformationThread, Type: EAT modification 0x82D0ECF4-->82A0E0B7 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwSetInformationTransaction, Type: EAT modification 0x82D0ECF8-->82A0E004 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwSetSecurityObject, Type: EAT modification 0x82D0ECFC-->82A3E03F [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwSetSystemInformation, Type: EAT modification 0x82D0ED00-->8590BEF0 [unknown_code_page]

ntkrnlpa.exe-->ZwSetSystemTime, Type: EAT modification 0x82D0ED04-->82A0E001 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwSetTimer, Type: EAT modification 0x82D0ED08-->82BE6060 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwSetValueKey, Type: EAT modification 0x82D0ED0C-->85B38610 [unknown_code_page]

ntkrnlpa.exe-->ZwSetVolumeInformationFile, Type: EAT modification 0x82D0ED10-->829FE000 [unknown_code_page]

ntkrnlpa.exe-->ZwTerminateJobObject, Type: EAT modification 0x82D0ED14-->82A0E095 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwTerminateProcess, Type: EAT modification 0x82D0ED18-->82A0E00C [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwTranslateFilePath, Type: EAT modification 0x82D0ED1C-->82ABE02A [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwUnloadDriver, Type: EAT modification 0x82D0ED20-->859B5178 [unknown_code_page]

ntkrnlpa.exe-->ZwUnloadKey, Type: EAT modification 0x82D0ED24-->82A0E001 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwUnloadKeyEx, Type: EAT modification 0x82D0ED28-->82BE5FF8 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwUnmapViewOfSection, Type: EAT modification 0x82D0ED2C-->85935B18 [unknown_code_page]

ntkrnlpa.exe-->ZwWaitForMultipleObjects, Type: EAT modification 0x82D0ED30-->829FE000 [unknown_code_page]

ntkrnlpa.exe-->ZwWaitForSingleObject, Type: EAT modification 0x82D0ED34-->82A0E094 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwWriteFile, Type: EAT modification 0x82D0ED38-->82A0E00B [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwYieldExecution, Type: EAT modification 0x82D0ED3C-->82AAE02E [ntkrnlpa.exe]

ntkrnlpa.exe-->_abnormal_termination, Type: EAT modification 0x82D0ED4C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->_alldiv, Type: EAT modification 0x82D0ED50-->829FE000 [unknown_code_page]

ntkrnlpa.exe-->_alldvrm, Type: EAT modification 0x82D0ED54-->82A0E0DF [ntkrnlpa.exe]

ntkrnlpa.exe-->_allmul, Type: EAT modification 0x82D0ED58-->82A0E006 [ntkrnlpa.exe]

ntkrnlpa.exe-->_alloca_probe, Type: EAT modification 0x82D0ED5C-->82A5E02A [ntkrnlpa.exe]

ntkrnlpa.exe-->_alloca_probe_16, Type: EAT modification 0x82D0ED60-->8590C210 [unknown_code_page]

ntkrnlpa.exe-->_alloca_probe_8, Type: EAT modification 0x82D0ED64-->82A0E002 [ntkrnlpa.exe]

ntkrnlpa.exe-->_allrem, Type: EAT modification 0x82D0ED68-->82BE5D20 [ntkrnlpa.exe]

ntkrnlpa.exe-->_allshl, Type: EAT modification 0x82D0ED6C-->859B3B20 [unknown_code_page]

ntkrnlpa.exe-->_allshr, Type: EAT modification 0x82D0ED70-->829FE000 [unknown_code_page]

ntkrnlpa.exe-->_aulldiv, Type: EAT modification 0x82D0ED74-->82A0E137 [ntkrnlpa.exe]

ntkrnlpa.exe-->_aulldvrm, Type: EAT modification 0x82D0ED78-->82A0E004 [ntkrnlpa.exe]

ntkrnlpa.exe-->_aullrem, Type: EAT modification 0x82D0ED7C-->82A3E03F [ntkrnlpa.exe]

ntkrnlpa.exe-->_aullshr, Type: EAT modification 0x82D0ED80-->8590C0D0 [unknown_code_page]

ntkrnlpa.exe-->_chkstk, Type: EAT modification 0x82D0ED84-->82A0E003 [ntkrnlpa.exe]

ntkrnlpa.exe-->_CIcos, Type: EAT modification 0x82D0ED40-->8590C130 [unknown_code_page]

ntkrnlpa.exe-->_CIsin, Type: EAT modification 0x82D0ED44-->82A0E001 [ntkrnlpa.exe]

ntkrnlpa.exe-->_CIsqrt, Type: EAT modification 0x82D0ED48-->82BE5DF0 [ntkrnlpa.exe]

ntkrnlpa.exe-->_except_handler2, Type: EAT modification 0x82D0ED88-->82BE5DF0 [ntkrnlpa.exe]

ntkrnlpa.exe-->_except_handler3, Type: EAT modification 0x82D0ED8C-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->_global_unwind2, Type: EAT modification 0x82D0ED90-->829FE000 [unknown_code_page]

ntkrnlpa.exe-->_itoa, Type: EAT modification 0x82D0ED94-->82A0E0C5 [ntkrnlpa.exe]

ntkrnlpa.exe-->_itow, Type: EAT modification 0x82D0ED98-->82A0E006 [ntkrnlpa.exe]

ntkrnlpa.exe-->_local_unwind2, Type: EAT modification 0x82D0ED9C-->82A5E02A [ntkrnlpa.exe]

ntkrnlpa.exe-->_purecall, Type: EAT modification 0x82D0EDA0-->82C618C8 [ntkrnlpa.exe]

ntkrnlpa.exe-->_snprintf, Type: EAT modification 0x82D0EDA4-->82A0E002 [ntkrnlpa.exe]

ntkrnlpa.exe-->_snwprintf, Type: EAT modification 0x82D0EDA8-->82BE5DF0 [ntkrnlpa.exe]

ntkrnlpa.exe-->_stricmp, Type: EAT modification 0x82D0EDAC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->_strlwr, Type: EAT modification 0x82D0EDB0-->829FE000 [unknown_code_page]

ntkrnlpa.exe-->_strnicmp, Type: EAT modification 0x82D0EDB4-->82A0E103 [ntkrnlpa.exe]

ntkrnlpa.exe-->_strnset, Type: EAT modification 0x82D0EDB8-->82A0E006 [ntkrnlpa.exe]

ntkrnlpa.exe-->_strrev, Type: EAT modification 0x82D0EDBC-->82A5E02A [ntkrnlpa.exe]

ntkrnlpa.exe-->_strset, Type: EAT modification 0x82D0EDC0-->859B4ED8 [unknown_code_page]

ntkrnlpa.exe-->_strtoui64, Type: EAT modification 0x82D0EDC4-->82A0E002 [ntkrnlpa.exe]

ntkrnlpa.exe-->_strupr, Type: EAT modification 0x82D0EDC8-->82BE5DF0 [ntkrnlpa.exe]

ntkrnlpa.exe-->_swprintf, Type: EAT modification 0x82D0EDCC-->85BC9978 [unknown_code_page]

ntkrnlpa.exe-->_vsnprintf, Type: EAT modification 0x82D0EDD0-->829FE000 [unknown_code_page]

ntkrnlpa.exe-->_vsnwprintf, Type: EAT modification 0x82D0EDD4-->82A0E0E3 [ntkrnlpa.exe]

ntkrnlpa.exe-->_vswprintf, Type: EAT modification 0x82D0EDD8-->82A0E006 [ntkrnlpa.exe]

ntkrnlpa.exe-->_wcsicmp, Type: EAT modification 0x82D0EDDC-->82A5E02A [ntkrnlpa.exe]

ntkrnlpa.exe-->_wcslwr, Type: EAT modification 0x82D0EDE0-->82C617C8 [ntkrnlpa.exe]

ntkrnlpa.exe-->_wcsnicmp, Type: EAT modification 0x82D0EDE4-->82A0E001 [ntkrnlpa.exe]

ntkrnlpa.exe-->_wcsnset, Type: EAT modification 0x82D0EDE8-->82BE5DF0 [ntkrnlpa.exe]

ntkrnlpa.exe-->_wcsrev, Type: EAT modification 0x82D0EDEC-->82A0E000 [ntkrnlpa.exe]

ntkrnlpa.exe-->_wcsupr, Type: EAT modification 0x82D0EDF0-->829FE000 [unknown_code_page]

[1484]AvastSvc.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - PushRet 0x762FA84F-->00000000 [unknown_code_page]

Link to post
Share on other sites

  • 2 weeks later...

Hi Elise.

Thanks again for your patience with this thread. I was called away for work again, with unfortunately no PC to come online and let you know... Right now I am copying the reoccurring Warnings and Errors and will paste my reply tomorrow as it's 12am here at the moment.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.