Jump to content

Recommended Posts

I had a HD go bad, and bought a brand new one. I installed a fresh version of windows 7. Not 10 minutes online, and I had popups, and yahoo redirects. A website I frequent was bought out, and the new owners supposedly have virus problems. People reported the site as no longer being safe on their computers.

First red flag was my background image was changed black box with red text saying my computer had been infected. As I browsed any site with links, every so many clicks, instead of going where I want, I get a popup saying your computer is infected(or so). When I click the "X", it redirects to this site:

16ixy15.jpg

The web address is http : //99.105.233.210:11066/index.html?u=141&t=1 or other similar forien IP addresses.

Google still seems fine, but any yahoo search, when I click on what I want, it redirects me.

Maywarebytes won't update giving me this error: MBAM_ERROR_UPDATING (12007, 0, WinHttpSendRequest)

Please, I NEED help!!!!! I've tried so many virus scanning programs and nothing comes back.

Link to post
Share on other sites

I am following this topic: http://forums.malwarebytes.org/index.php?showtopic=63486 and will be posting my logs shortly.

Welcome to Malwarebytes.

=====================

Download OTL to your desktop.

Double click on OTL to run it.

When the window appears, underneath Output at the top change it to Minimal Output.

Under the Standard Registry box change it to All.

Under Custom scan's and fixes section paste in the below in bold

netsvcs

%SYSTEMDRIVE%\*.*

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\system32\drivers\*.sys /90

%systemroot%\system32\Spool\prtprocs\w32x86\*.dll

Check the boxes beside LOP Check and Purity Check.

Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

Please download Rootkit Unhooker and save it to your desktop.

Double-click RKUnhookerLE.exe to run it.

Click the Report tab, then click Scan

Check Drivers, Stealth Code, Files, and Code Hooks

Uncheck the rest, then click OK

When prompted to Select Disks for Scan, make sure C:\ is checked and click OK

Wait till the scanner has finished then go File > Save Report

Save the report somewhere you can find it, typically your desktop. Click Close

Copy the entire contents of the report and paste it in your next reply.

Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Link to post
Share on other sites

OTL report:

OTL logfile created on: 9/28/2010 5:46:07 PM - Run 1

OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Kevin\Downloads

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 931.41 Gb Total Space | 908.26 Gb Free Space | 97.51% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

Drive I: | 465.76 Gb Total Space | 43.99 Gb Free Space | 9.44% Space Free | Partition Type: NTFS

Computer Name: KEVIN-PC

Current User Name: Kevin

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Kevin\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)

PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)

PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Windows\System32\sppsvc.exe (Microsoft Corporation)

PRC - C:\Windows\System32\CtHelper.exe (Creative Technology Ltd)

========== Modules (SafeList) ==========

MOD - C:\Users\Kevin\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)

MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)

MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)

MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)

MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)

MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)

MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)

MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)

MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)

MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)

MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)

SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)

SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)

SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)

SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)

SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)

SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)

SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)

SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)

SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)

SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)

SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)

SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)

SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)

SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)

SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)

SRV - (jswpsapi) -- C:\Program Files\NETGEAR\WNDA3100\jswpsapi.exe (Atheros Communications, Inc.)

========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\Users\Kevin\AppData\Local\Temp\catchme.sys File not found

DRV - (AvgTdiX) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgLdx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgMfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)

DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)

DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)

DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)

DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)

DRV - (cpuz134) -- C:\Windows\System32\drivers\cpuz134_x32.sys (Windows ® Win 7 DDK provider)

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)

DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)

DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)

DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)

DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)

DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)

DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)

DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)

DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)

DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)

DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)

DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)

DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)

DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)

DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)

DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)

DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)

DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)

DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)

DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)

DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)

DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)

DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)

DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)

DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)

DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)

DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)

DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)

DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)

DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)

DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)

DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)

DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)

DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)

DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)

DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)

DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)

DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)

DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)

DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)

DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)

DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)

DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)

DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)

DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)

DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)

DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)

DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)

DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)

DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)

DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)

DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)

DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)

DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)

DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)

DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)

DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)

DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)

DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)

DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)

DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)

DRV - (WNDA3100) -- C:\Windows\System32\drivers\WNDA31v.sys (Atheros Communications, Inc.)

DRV - (jswpslwf) -- C:\Windows\System32\drivers\jswpslwf.sys (Atheros Communications, Inc.)

DRV - (COMMONFX.DLL) -- C:\Windows\System32\COMMONFX.DLL (Creative Technology Ltd)

DRV - (CT20XUT.DLL) -- C:\Windows\System32\CT20XUT.DLL (Creative Technology Ltd.)

DRV - (CTHWIUT.DLL) -- C:\Windows\System32\CTHWIUT.DLL (Creative Technology Ltd.)

DRV - (CTEXFIFX.DLL) -- C:\Windows\System32\CTEXFIFX.DLL (Creative Technology Ltd.)

DRV - (CTEDSPSY.DLL) -- C:\Windows\System32\CTEDSPSY.DLL (Creative Technology Ltd)

DRV - (CTEDSPIO.DLL) -- C:\Windows\System32\CTEDSPIO.DLL (Creative Technology Ltd)

DRV - (CTEDSPFX.DLL) -- C:\Windows\System32\CTEDSPFX.DLL (Creative Technology Ltd)

DRV - (CTERFXFX.DLL) -- C:\Windows\System32\CTERFXFX.DLL (Creative Technology Ltd)

DRV - (CTEAPSFX.DLL) -- C:\Windows\System32\CTEAPSFX.DLL (Creative Technology Ltd)

DRV - (CTSBLFX.DLL) -- C:\Windows\System32\CTSBLFX.DLL (Creative Technology Ltd)

DRV - (CTAUDFX.DLL) -- C:\Windows\System32\CTAUDFX.DLL (Creative Technology Ltd)

DRV - (ctsfm2k) -- C:\Windows\System32\drivers\ctsfm2k.sys (Creative Technology Ltd)

DRV - (ossrv) -- C:\Windows\System32\drivers\ctoss2k.sys (Creative Technology Ltd.)

DRV - (hap17v2k) -- C:\Windows\System32\drivers\haP17v2k.sys (Creative Technology Ltd)

DRV - (hap16v2k) -- C:\Windows\System32\drivers\haP16v2k.sys (Creative Technology Ltd)

DRV - (ha10kx2k) -- C:\Windows\System32\drivers\ha10kx2k.sys (Creative Technology Ltd)

DRV - (emupia) -- C:\Windows\System32\drivers\emupia2k.sys (Creative Technology Ltd)

DRV - (ctprxy2k) -- C:\Windows\System32\drivers\ctprxy2k.sys (Creative Technology Ltd)

DRV - (ctdvda2k) -- C:\Windows\System32\drivers\ctdvda2k.sys (Creative Technology Ltd)

DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\System32\drivers\ctaud2k.sys (Creative Technology Ltd)

DRV - (ctac32k) -- C:\Windows\System32\drivers\ctac32k.sys (Creative Technology Ltd)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 44 45 4A 1D 72 55 CB 01 [binary data]

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "YouTube"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2

FF - prefs.js..extensions.enabledItems: {8ed952a0-199c-11d9-9669-0800200c9a66}:1.5.3

FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.8.0.12304

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.10

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/09/25 08:33:27 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/17 17:03:45 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/21 00:16:25 | 000,000,000 | ---D | M]

[2010/09/15 21:41:13 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Mozilla\Extensions

[2010/09/15 21:41:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010/09/27 02:14:41 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0zn30vt9.default\extensions

[2010/09/16 00:11:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0zn30vt9.default\extensions\{8ed952a0-199c-11d9-9669-0800200c9a66}

[2010/09/15 22:44:06 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0zn30vt9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/09/16 00:11:42 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0zn30vt9.default\extensions\toolbar@ask.com

[2010/09/16 02:29:40 | 000,004,140 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\0zn30vt9.default\searchplugins\youtube.xml

[2010/09/21 00:16:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/09/17 17:03:45 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010/09/21 00:16:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/09/17 17:03:44 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010/09/17 17:03:44 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2010/09/21 00:16:02 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2010/09/17 17:03:44 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2010/08/13 10:03:40 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

[2010/08/24 19:19:19 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2010/08/24 19:19:19 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2010/08/24 19:19:19 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/08/24 19:19:19 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2010/08/24 19:19:19 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2010/08/24 19:19:19 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2010/08/24 19:19:19 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/09/16 01:34:52 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AudioSetup] C:\Program Files\IDT\ECSXPV_5902_012208\setup.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [CTHelper] C:\Windows\System32\CtHelper.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKCU..\Run: [Google Update] C:\Users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.65.68 213.109.75.214 1.1.1.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - File not found

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)

NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/09/26 14:02:24 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Google

[2010/09/26 12:45:28 | 000,165,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys

[2010/09/26 12:45:28 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

[2010/09/26 12:45:27 | 000,046,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys

[2010/09/26 12:45:27 | 000,023,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys

[2010/09/26 12:45:24 | 000,050,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys

[2010/09/26 12:44:34 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

[2010/09/26 12:44:34 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2010/09/26 12:44:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software

[2010/09/26 12:44:13 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software

[2010/09/26 01:55:23 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2010/09/26 01:54:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2010/09/26 01:40:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe

[2010/09/26 01:40:10 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW

[2010/09/25 04:00:42 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll

[2010/09/25 04:00:39 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys

[2010/09/25 04:00:31 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys

[2010/09/25 04:00:28 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys

[2010/09/25 04:00:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg

[2010/09/25 03:56:25 | 000,000,000 | ---D | C] -- C:\Program Files\AVG

[2010/09/25 03:56:00 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9

[2010/09/24 16:59:38 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2010/09/21 01:00:16 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\ATI

[2010/09/21 01:00:16 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\ATI

[2010/09/21 01:00:16 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI

[2010/09/21 00:54:48 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies

[2010/09/21 00:54:45 | 000,000,000 | ---D | C] -- C:\Program Files\ATI

[2010/09/21 00:53:50 | 000,000,000 | ---D | C] -- C:\ATI

[2010/09/21 00:17:03 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\.minecraft

[2010/09/21 00:16:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2010/09/21 00:16:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2010/09/21 00:16:25 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll

[2010/09/21 00:16:25 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2010/09/21 00:16:25 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2010/09/21 00:16:25 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2010/09/21 00:16:01 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2010/09/20 16:02:09 | 000,020,328 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\System32\drivers\cpuz134_x32.sys

[2010/09/20 16:02:09 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID

[2010/09/18 22:04:07 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\WinRAR

[2010/09/18 22:03:48 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR

[2010/09/18 18:28:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft

[2010/09/18 18:28:18 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft

[2010/09/18 18:28:12 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive

[2010/09/18 18:27:34 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live

[2010/09/18 18:27:10 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH

[2010/09/18 18:27:01 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll

[2010/09/18 18:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition

[2010/09/18 18:24:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live

[2010/09/18 16:46:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2010/09/18 16:45:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe

[2010/09/18 16:45:01 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe

[2010/09/18 16:45:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR

[2010/09/18 16:44:31 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Adobe

[2010/09/18 15:46:30 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\New folder

[2010/09/17 23:18:36 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll

[2010/09/17 23:18:35 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll

[2010/09/17 23:18:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine

[2010/09/17 23:16:07 | 000,000,000 | ---D | C] -- C:\Program Files\WinAmp

[2010/09/17 20:47:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt

[2010/09/17 20:27:16 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Nero

[2010/09/17 20:26:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero

[2010/09/17 18:32:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield

[2010/09/17 18:31:39 | 000,000,000 | ---D | C] -- C:\Program Files\IDT

[2010/09/17 17:54:10 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}

[2010/09/17 08:16:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat

[2010/09/16 06:06:57 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe

[2010/09/16 06:06:57 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll

[2010/09/16 06:06:57 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll

[2010/09/16 03:19:00 | 000,197,632 | ---- | C] (Intel® Corporation) -- C:\Windows\System32\ir32_32.dll

[2010/09/16 03:19:00 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll

[2010/09/16 03:18:58 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe

[2010/09/16 03:18:53 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll

[2010/09/16 03:18:53 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys

[2010/09/16 03:18:47 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll

[2010/09/16 03:18:38 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll

[2010/09/16 03:18:37 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL

[2010/09/16 03:18:37 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe

[2010/09/16 03:18:37 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe

[2010/09/16 03:18:28 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll

[2010/09/16 03:18:26 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll

[2010/09/16 03:18:25 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll

[2010/09/16 03:18:25 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll

[2010/09/16 03:18:25 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax

[2010/09/16 03:18:25 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax

[2010/09/16 03:18:15 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll

[2010/09/16 03:18:14 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll

[2010/09/16 03:18:11 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll

[2010/09/16 03:18:11 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll

[2010/09/16 03:18:11 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll

[2010/09/16 03:18:10 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2010/09/16 03:18:10 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2010/09/16 03:18:07 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2010/09/16 03:18:07 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2010/09/16 03:18:07 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2010/09/16 03:18:07 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2010/09/16 03:18:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2010/09/16 03:18:07 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2010/09/16 03:18:07 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2010/09/16 03:18:07 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2010/09/16 03:17:58 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll

[2010/09/16 03:17:57 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll

[2010/09/16 03:17:56 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll

[2010/09/16 03:17:56 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe

[2010/09/16 03:17:56 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe

[2010/09/16 03:17:56 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe

[2010/09/16 03:17:56 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe

[2010/09/16 03:17:56 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll

[2010/09/16 03:17:56 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll

[2010/09/16 03:17:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2010/09/16 03:17:47 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2010/09/16 03:17:45 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2010/09/16 03:17:45 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll

[2010/09/16 03:17:45 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2010/09/16 01:37:08 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\temp

[2010/09/16 01:29:07 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2010/09/16 01:29:07 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2010/09/16 01:29:07 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2010/09/16 01:29:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2010/09/16 01:27:19 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/09/16 00:22:58 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Malwarebytes

[2010/09/16 00:20:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/09/16 00:20:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/09/16 00:20:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/09/16 00:20:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/09/15 23:07:09 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent

[2010/09/15 23:06:40 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\uTorrent

[2010/09/15 22:42:27 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Macromedia

[2010/09/15 22:42:27 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Adobe

[2010/09/15 22:22:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed

[2010/09/15 22:01:22 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2010/09/15 21:54:58 | 000,000,000 | ---D | C] -- C:\Windows\Panther

[2010/09/15 21:53:50 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2010/09/15 21:41:05 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Mozilla

[2010/09/15 21:41:05 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Mozilla

[2010/09/15 21:40:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2010/09/15 21:39:17 | 000,409,600 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll

[2010/09/15 21:39:17 | 000,114,688 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll

[2010/09/15 21:39:17 | 000,086,016 | ---- | C] (Creative Technology Ltd) -- C:\Windows\System32\cttele.dll

[2010/09/15 21:38:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\data

[2010/09/15 21:34:18 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Diagnostics

[2010/09/15 21:29:26 | 000,000,000 | -H-D | C] -- C:\Program Files\installshield installation information

[2010/09/15 21:29:26 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR

[2010/09/15 21:28:46 | 000,000,000 | -HSD | C] -- C:\Windows\Installer

[2010/09/15 21:28:43 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations

[2010/09/15 21:04:58 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\ElevatedDiagnostics

[2010/09/15 21:04:25 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Microsoft Games

[2010/09/15 21:02:28 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Searches

[2010/09/15 21:02:28 | 000,000,000 | -H-D | C] -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned

[2010/09/15 21:02:20 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Identities

[2010/09/15 21:02:19 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Contacts

[2010/09/15 21:02:14 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\VirtualStore

[2010/09/15 21:02:11 | 000,000,000 | --SD | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft

[2010/09/15 21:02:11 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Videos

[2010/09/15 21:02:11 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Saved Games

[2010/09/15 21:02:11 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Pictures

[2010/09/15 21:02:11 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Music

[2010/09/15 21:02:11 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Links

[2010/09/15 21:02:11 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Favorites

[2010/09/15 21:02:11 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Downloads

[2010/09/15 21:02:11 | 000,000,000 | R--D | C] -- C:\Users\Kevin\My Documents

[2010/09/15 21:02:11 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Desktop

[2010/09/15 21:02:11 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\AppData\Local\Temporary Internet Files

[2010/09/15 21:02:11 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\Templates

[2010/09/15 21:02:11 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\Start Menu

[2010/09/15 21:02:11 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\SendTo

[2010/09/15 21:02:11 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\Recent

[2010/09/15 21:02:11 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\PrintHood

[2010/09/15 21:02:11 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\NetHood

[2010/09/15 21:02:11 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\Documents\My Videos

[2010/09/15 21:02:11 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\Documents\My Pictures

[2010/09/15 21:02:11 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\Documents\My Music

[2010/09/15 21:02:11 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\My Documents

[2010/09/15 21:02:11 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\Local Settings

[2010/09/15 21:02:11 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\AppData\Local\History

[2010/09/15 21:02:11 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\Cookies

[2010/09/15 21:02:11 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\Application Data

[2010/09/15 21:02:11 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\AppData\Local\Application Data

[2010/09/15 21:02:11 | 000,000,000 | -H-D | C] -- C:\Users\Kevin\AppData

[2010/09/15 21:02:11 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Microsoft

[2010/09/15 21:02:11 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Media Center Programs

[2010/09/15 21:02:02 | 000,000,000 | ---D | C] -- C:\Recovery

[2010/09/15 20:58:30 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

[2010/09/15 20:56:21 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch

[2010/09/15 20:55:48 | 000,000,000 | -HSD | C] -- C:\System Volume Information

[2007/04/09 15:32:58 | 000,034,816 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll

========== Files - Modified Within 30 Days ==========

[2010/09/28 17:49:33 | 001,048,576 | -HS- | M] () -- C:\Users\Kevin\NTUSER.DAT

[2010/09/28 17:16:59 | 000,018,437 | ---- | M] () -- C:\Users\Kevin\Desktop\bookmarks7.html

[2010/09/28 17:09:32 | 000,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/09/28 17:09:32 | 000,615,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/09/28 17:09:32 | 000,103,496 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/09/28 17:07:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-630707196-4236480205-940679193-1000UA.job

[2010/09/28 16:54:39 | 000,010,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/09/28 16:54:39 | 000,010,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/09/28 14:15:55 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-630707196-4236480205-940679193-1000Core.job

[2010/09/28 08:13:36 | 065,401,937 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm

[2010/09/28 01:54:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/09/27 14:45:52 | 000,031,656 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000005-00000000-00000003-00001102-00000004-00541102}.rfx

[2010/09/27 14:45:52 | 000,031,656 | ---- | M] () -- C:\Windows\System32\BMXState-{00000005-00000000-00000003-00001102-00000004-00541102}.rfx

[2010/09/27 14:45:52 | 000,028,968 | ---- | M] () -- C:\Windows\System32\BMXCtrlState-{00000005-00000000-00000003-00001102-00000004-00541102}.rfx

[2010/09/27 14:45:52 | 000,028,968 | ---- | M] () -- C:\Windows\System32\BMXBkpCtrlState-{00000005-00000000-00000003-00001102-00000004-00541102}.rfx

[2010/09/27 14:45:52 | 000,011,564 | ---- | M] () -- C:\Windows\System32\DVCState-{00000005-00000000-00000003-00001102-00000004-00541102}.rfx

[2010/09/26 14:03:25 | 000,002,312 | ---- | M] () -- C:\Users\Kevin\Desktop\Google Chrome.lnk

[2010/09/26 12:45:28 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2010/09/26 12:45:24 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

[2010/09/26 02:57:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/09/26 02:56:59 | 1608,880,128 | -HS- | M] () -- C:\hiberfil.sys

[2010/09/26 01:53:21 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini

[2010/09/26 01:21:30 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/09/25 04:00:44 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll

[2010/09/25 04:00:44 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk

[2010/09/25 04:00:41 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys

[2010/09/25 04:00:31 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys

[2010/09/25 04:00:30 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys

[2010/09/25 04:00:28 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm

[2010/09/21 00:16:02 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll

[2010/09/21 00:16:02 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2010/09/21 00:16:02 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2010/09/21 00:16:02 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2010/09/20 16:02:09 | 000,001,022 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk

[2010/09/18 18:31:03 | 000,002,138 | ---- | M] () -- C:\Users\Kevin\Documents\J5.wlmp

[2010/09/18 18:26:39 | 000,000,020 | ---- | M] () -- C:\Windows\

Link to post
Share on other sites

rootkill unhooker report:

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows 7

Version 6.1.7600

Number of processors #2

==============================================

>Drivers

==============================================

0x8EE38000 C:\Windows\system32\DRIVERS\atikmdag.sys 4788224 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)

0x82A47000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)

0x82A47000 PnpManager 4259840 bytes

0x82A47000 RAW 4259840 bytes

0x82A47000 WMIxWDM 4259840 bytes

0x93BB0000 Win32k 2400256 bytes

0x93BB0000 C:\Windows\System32\win32k.sys 2400256 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0x88E0B000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)

0x88A1A000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)

0x93015000 C:\Windows\system32\drivers\ha10kx2k.sys 1089536 bytes (Creative Technology Ltd, Creative EMU10KX HAL (WDM))

0x8F2C9000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)

0x88C22000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)

0x8870A000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)

0x94955000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)

0x9CA86000 C:\Windows\system32\DRIVERS\WNDA31v.sys 598016 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)

0x9343B000 C:\Windows\system32\CTSBLFX.DLL 581632 bytes (Creative Technology Ltd, Creative SB FX Plug-in)

0x934C9000 C:\Windows\system32\CTAUDFX.DLL 569344 bytes (Creative Technology Ltd, Creative SB FX Plug-in)

0x94821000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)

0x8E144000 C:\Windows\system32\drivers\ctaud2k.sys 516096 bytes (Creative Technology Ltd, Creative WDM Audio Device Driver)

0x88637000 C:\Windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library)

0x8882D000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)

0x9CA1C000 C:\Windows\system32\drivers\spsys.sys 434176 bytes (Microsoft Corporation, security processor)

0x8E002000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)

0x88B87000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)

0x8D4CD000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x931A3000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)

0x93590000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)

0x8E0F9000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0x8895B000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)

0x888AC000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)

0x89B89000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)

0x8F59C000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)

0x886C8000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)

0x8D59D000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0x88F8E000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0x88CD9000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)

0x948F4000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)

0x8D461000 C:\Windows\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)

0x8F380000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)

0x8F3B9000 C:\Windows\system32\DRIVERS\e1e6032.sys 229376 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 6 deserialized driver)

0x82A10000 ACPI_HAL 225280 bytes

0x9CB3D000 C:\Windows\system32\drivers\aswMonFlt.sys 225280 bytes (AVAST Software, avast! File System Minifilter for Windows 2003/Vista)

0x82A10000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0x8E092000 C:\Windows\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)

0x8F434000 C:\Windows\system32\drivers\ctoss2k.sys 212992 bytes (Creative Technology Ltd., Creative OS Services Driver (WDM))

0x887B5000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0x8D400000 C:\Windows\system32\drivers\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)

0x88D69000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)

0x8D49B000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)

0x88F54000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)

0x9311F000 C:\Windows\system32\drivers\emupia2k.sys 192512 bytes (Creative Technology Ltd, E-mu Plug-in Architecture Driver (WDM))

0x8E1C2000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0x88D3C000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)

0x8F470000 C:\Windows\system32\DRIVERS\1394ohci.sys 180224 bytes (Microsoft Corporation, 1394 OpenHCI Driver)

0x88B49000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)

0x9CBC3000 C:\Windows\System32\Drivers\fastfat.SYS 172032 bytes (Microsoft Corporation, Fast FAT File System Driver)

0x88905000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0x9315F000 C:\Windows\system32\drivers\ctsfm2k.sys 167936 bytes (Creative Technology Ltd, SoundFont® Manager (WDM))

0x9CB74000 C:\Windows\System32\Drivers\aswSP.SYS 159744 bytes (AVAST Software, avast! self protection module)

0x88D9B000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)

0x88D17000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)

0x889DA000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)

0x948D1000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0x8F500000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0x94800000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)

0x8E0C6000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)

0x88600000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)

0x89A00000 C:\Windows\system32\DRIVERS\WUDFRd.sys 135168 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)

0x88C00000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0x8D52E000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)

0x93A40000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)

0x93188000 C:\Windows\system32\COMMONFX.DLL 110592 bytes (Creative Technology Ltd, Creative Common FX Plug-in)

0x89B44000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)

0x9492F000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)

0x8D560000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)

0x89B5F000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)

0x948A6000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)

0x8EE0F000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)

0x8E066000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)

0x8F49C000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, Parallel Port Driver)

0x8F4DD000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0x8F522000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0x8F53A000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0x8F551000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)

0x8D43F000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)

0x89ACD000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)

0x89B17000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 94208 bytes (Microsoft Corporation, USB Mass Storage Class Driver)

0x9CBAD000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)

0x889BB000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)

0x89AF1000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)

0x88B74000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0x89BDF000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)

0x8D57A000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0x8F4CB000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)

0x8E0E7000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)

0x948BF000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)

0x88FED000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)

0x93575000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes

0x88809000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)

0x9314E000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)

0x8893A000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)

0x886AF000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)

0x89B79000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)

0x88FD5000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)

0x89BCF000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)

0x8D58D000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)

0x8894B000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)

0x8EE00000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0x8E07E000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)

0x8D552000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)

0x887E9000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)

0x889AD000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0x88BE4000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)

0x8F58E000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)

0x8889E000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)

0x8F4BE000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)

0x93554000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)

0x8F572000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)

0x8F57F000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)

0x89BF2000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)

0x88A0C000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)

0x8D5F2000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)

0x89B0B000 C:\Windows\system32\DRIVERS\kbdhid.sys 49152 bytes (Microsoft Corporation, HID Keyboard Filter Driver)

0x88A00000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0x93561000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes

0x89AE6000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)

0x89B2E000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)

0x89B39000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)

0x88621000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)

0x8F4F5000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0x8D456000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)

0x8F3F1000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0x8892F000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)

0x9CBA3000 C:\Windows\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)

0x93586000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)

0x8D5E8000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)

0x8D5DE000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)

0x8F568000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)

0x949EC000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)

0x8F4B4000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)

0x88800000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)

0x889D1000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)

0x9356C000 C:\Windows\System32\Drivers\dump_atapi.sys 36864 bytes

0x88BF2000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)

0x9CBED000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0x93A10000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)

0x88F85000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)

0x888F4000 C:\Windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0x886C0000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)

0x8F468000 C:\Windows\system32\drivers\ctprxy2k.sys 32768 bytes (Creative Technology Ltd, Creative Proxy Device Driver (WDM))

0x88FE5000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)

0x80BD4000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)

0x888FD000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)

0x88DF5000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)

0x8881A000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)

0x88822000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)

0x88FCD000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)

0x88DEE000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)

0x89B04000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0x889A6000 C:\Windows\system32\DRIVERS\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)

0x88DE7000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)

0x9494A000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM Parallel Driver)

0x8D527000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)

0x8E08C000 C:\Windows\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)

0x9CB9E000 C:\Windows\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)

0x8D54D000 C:\Windows\system32\DRIVERS\jswpslwf.sys 20480 bytes (Atheros Communications, Inc., Atheros Security NDIS 6.0 Filter Driver)

0x94951000 C:\Windows\system32\drivers\cpuz134_x32.sys 16384 bytes (Windows ® Win 7 DDK provider, CPUID Driver)

0x9CB9B000 C:\Windows\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)

0x8F58C000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0x89AE4000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

==============================================

>Stealth

==============================================

0x072C0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Wizard.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 102400 bytes

0x08C60000 Hidden Image-->CLI.Aspect.OverDrive3.Graphics.Dashboard.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 1044480 bytes

0x080A0000 Hidden Image-->CLI.Component.Dashboard.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 1150976 bytes

0x006A0000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x87ADF458 ] PID: 2780, 118784 bytes

0x01470000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 118784 bytes

0x081C0000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Dashboard.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 135168 bytes

0x07350000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Dashboard.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 151552 bytes

0x07D30000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Wizard.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 1740800 bytes

0x07A30000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Wizard.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 217088 bytes

0x07380000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Dashboard.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 233472 bytes

0x00C30000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x87ADF458 ] PID: 2780, 28672 bytes

0x00C60000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x87ADF458 ] PID: 2780, 28672 bytes

0x00310000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 28672 bytes

0x00320000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 28672 bytes

0x03D80000 Hidden Image-->CLI.Component.Runtime.Shared.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 28672 bytes

0x044D0000 Hidden Image-->AEM.Server.Shared.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 28672 bytes

0x04510000 Hidden Image-->AEM.Plugin.Hotkeys.Shared.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 28672 bytes

0x04500000 Hidden Image-->AEM.Plugin.DPPE.Shared.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 28672 bytes

0x04520000 Hidden Image-->AEM.Plugin.WinMessages.Shared.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 28672 bytes

0x04590000 Hidden Image-->DEM.Graphics.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 28672 bytes

0x04580000 Hidden Image-->DEM.Foundation.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 28672 bytes

0x04700000 Hidden Image-->CLI.Caste.HydraVision.Shared.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 28672 bytes

0x04760000 Hidden Image-->AEM.Actions.CCAA.Shared.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 28672 bytes

0x04EE0000 Hidden Image-->DEM.OS.I0602.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 28672 bytes

0x04F10000 Hidden Image-->DEM.OS.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 28672 bytes

0x04F30000 Hidden Image-->ResourceManagement.Foundation.Private.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 28672 bytes

0x04F20000 Hidden Image-->DEM.Graphics.I0709.dll [ EPROCESS 0x87E9CAC0 ] PID: 3696, 28672 bytes

0x04F40000 Hidden Image-->AEM.Plugin.GD.Shared.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 28672 bytes

0x05080000 Hidden Image-->DEM.Graphics.I0804.dll [ EPROCESS 0x87E9CAC0 ] PID: 3696, 28672 bytes

0x05120000 Hidden Image-->CLI.Caste.Graphics.Runtime.Shared.Private.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 28672 bytes

0x05160000 Hidden Image-->DEM.Graphics.I0805.dll [ EPROCESS 0x87E9CAC0 ] PID: 3696, 28672 bytes

0x056A0000 Hidden Image-->DEM.Graphics.I0706.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 28672 bytes

0x056F0000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Shared.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 28672 bytes

0x056E0000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Runtime.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 28672 bytes

0x06910000 Hidden Image-->DEM.Graphics.I0712.dll [ EPROCESS 0x87E9CAC0 ] PID: 3696, 28672 bytes

0x06930000 Hidden Image-->DEM.Graphics.I0812.dll [ EPROCESS 0x87E9CAC0 ] PID: 3696, 28672 bytes

0x069E0000 Hidden Image-->APM.Foundation.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 28672 bytes

0x073E0000 Hidden Image-->atixclib.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 28672 bytes

0x06B50000 Hidden Image-->AEM.Plugin.EEU.Shared.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 28672 bytes

0x06A20000 Hidden Image-->CLI.Component.Runtime.Extension.EEU.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 28672 bytes

0x06B40000 Hidden Image-->AEM.Plugin.REG.Shared.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 28672 bytes

0x06B80000 Hidden Image-->CLI.Component.Client.Shared.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 28672 bytes

0x06B90000 Hidden Image-->CLI.Component.Wizard.Shared.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 28672 bytes

0x06CA0000 Hidden Image-->Branding.dll [ EPROCESS 0x87E9CAC0 ] PID: 3696, 28672 bytes

0x06E00000 Hidden Image-->CLI.Caste.Graphics.Wizard.Shared.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 28672 bytes

0x07340000 Hidden Image-->CLI.Caste.Graphics.Dashboard.Shared.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 28672 bytes

0x072F0000 Hidden Image-->CLI.Component.Dashboard.Shared.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 28672 bytes

0x072E0000 Hidden Image-->CLI.Caste.HydraVision.Wizard.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 28672 bytes

0x07310000 Hidden Image-->CLI.Component.Dashboard.Shared.Private.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 28672 bytes

0x083D0000 Hidden Image-->CLI.Caste.HydraVision.Dashboard.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 28672 bytes

0x04E90000 Hidden Image-->CLI.Caste.Graphics.Runtime.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 299008 bytes

0x03C60000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x87ADF458 ] PID: 2780, 36864 bytes

0x03D70000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x87ADF458 ] PID: 2780, 36864 bytes

0x002E0000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 36864 bytes

0x01450000 Hidden Image-->CLI.Foundation.XManifest.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 36864 bytes

0x03980000 Hidden Image-->AxInterop.WBOCXLib.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 36864 bytes

0x04470000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 36864 bytes

0x04490000 Hidden Image-->Interop.WBOCXLib.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 36864 bytes

0x046E0000 Hidden Image-->CLI.Caste.HydraVision.Runtime.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 36864 bytes

0x04E70000 Hidden Image-->ACE.Graphics.DisplaysManager.Shared.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 36864 bytes

0x05140000 Hidden Image-->CLI.Aspect.CustomFormats.Graphics.Shared.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 36864 bytes

0x05980000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Shared.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 36864 bytes

0x05930000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Shared.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 36864 bytes

0x059B0000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Shared.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 36864 bytes

0x06430000 Hidden Image-->CLI.Aspect.OverDrive3.Graphics.Shared.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 36864 bytes

0x06900000 Hidden Image-->CLI.Aspect.PowerPlayDPPE.Graphics.Shared.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 36864 bytes

0x06CB0000 Hidden Image-->CLI.Component.Wizard.Shared.Private.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 36864 bytes

0x08370000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Dashboard.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 372736 bytes

0x07EE0000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Wizard.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 372736 bytes

0x06FC0000 Hidden Image-->CLI.Component.Wizard.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 413696 bytes

0x079C0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Wizard.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 413696 bytes

0x081F0000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Dashboard.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 446464 bytes

0x006D0000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x87ADF458 ] PID: 2780, 45056 bytes

0x007E0000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x87ADF458 ] PID: 2780, 45056 bytes

0x00300000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 45056 bytes

0x00540000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 45056 bytes

0x03DB0000 Hidden Image-->ATICCCom.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 45056 bytes

0x05150000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Runtime.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 45056 bytes

0x056D0000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Shared.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 45056 bytes

0x05950000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Runtime.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 45056 bytes

0x059A0000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Runtime.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 45056 bytes

0x088A0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Dashboard.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 462848 bytes

0x07940000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Wizard.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 503808 bytes

0x07030000 Hidden Image-->ResourceManagement.Foundation.Implementation.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 512000 bytes

0x03A90000 Hidden Image-->CLI.Component.Runtime.Shared.Private.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 53248 bytes

0x03CB0000 Hidden Image-->CLI.Foundation.Private.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 53248 bytes

0x03FF0000 Hidden Image-->AEM.Server.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 53248 bytes

0x044E0000 Hidden Image-->AEM.Plugin.Source.Kit.Server.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 53248 bytes

0x04570000 Hidden Image-->DEM.Graphics.I0601.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 53248 bytes

0x05130000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Shared.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 53248 bytes

0x05810000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Runtime.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 53248 bytes

0x05960000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Runtime.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 53248 bytes

0x068F0000 Hidden Image-->CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 53248 bytes

0x06B70000 Hidden Image-->CLI.Component.Client.Shared.Private.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 53248 bytes

0x06CC0000 Hidden Image-->CLI.Caste.Graphics.Wizard.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 53248 bytes

0x06E20000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Shared.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 53248 bytes

0x06F30000 Hidden Image-->CLI.Component.Systemtray.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 552960 bytes

0x08920000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Dashboard.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 602112 bytes

0x05990000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Shared.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 61440 bytes

0x059F0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Shared.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 61440 bytes

0x065A0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Shared.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 61440 bytes

0x068E0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Shared.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 61440 bytes

0x08650000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Dashboard.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 684032 bytes

0x007F0000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x87ADF458 ] PID: 2780, 69632 bytes

0x00520000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 69632 bytes

0x01490000 Hidden Image-->CLI.Component.SkinFactory.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 69632 bytes

0x04770000 Hidden Image-->CLI.Caste.Graphics.Shared.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 69632 bytes

0x06580000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Runtime.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 69632 bytes

0x069C0000 Hidden Image-->APM.Server.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 69632 bytes

0x07FF0000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Wizard.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 700416 bytes

0x084E0000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Dashboard.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 724992 bytes

0x05100000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Runtime.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 77824 bytes

0x056B0000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Shared.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 77824 bytes

0x06550000 Hidden Image-->CLI.Aspect.OverDrive3.Graphics.Runtime.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 77824 bytes

0x059C0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Runtime.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 77824 bytes

0x087D0000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Dashboard.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 806912 bytes

0x08A90000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Dashboard.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 823296 bytes

0x00370000 Hidden Image-->CLI.Foundation.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 86016 bytes

0x05680000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Runtime.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 86016 bytes

0x07320000 Hidden Image-->CLI.Caste.Graphics.Dashboard.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 86016 bytes

0x03960000 Hidden Image-->CLI.Component.Runtime.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 94208 bytes

0x05050000 Hidden Image-->ATIDEMOS.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 94208 bytes

0x068C0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Runtime.DLL [ EPROCESS 0x87E9CAC0 ] PID: 3696, 94208 bytes

==============================================

>Files

==============================================

!-->[Hidden] C:\Program Files\Alwil Software\Avast5\defs\10092801\acshort.map

!-->[Hidden] C:\Program Files\Alwil Software\Avast5\defs\10092801\algo.dll

!-->[Hidden] C:\Program Files\Alwil Software\Avast5\defs\10092801\ArPot.dll

!-->[Hidden] C:\Program Files\Alwil Software\Avast5\defs\10092801\aswAR.dll

!-->[Hidden] C:\Program Files\Alwil Software\Avast5\defs\10092801\aswBoot.dll

!-->[Hidden] C:\Program Files\Alwil Software\Avast5\defs\10092801\aswCleanerDLL.dll

!-->[Hidden] C:\Program Files\Alwil Software\Avast5\defs\10092801\aswCmnBS.dll

!-->[Hidden] C:\Program Files\Alwil Software\Avast5\defs\10092801\aswCmnIS.dll

!-->[Hidden] C:\Program Files\Alwil Software\Avast5\defs\10092801\aswCmnOS.dll

!-->[Hidden] C:\Program Files\Alwil Software\Avast5\defs\10092801\aswEngin.dll

!-->[Hidden] C:\Program Files\Alwil Software\Avast5\defs\10092801\aswRawFS.dll

!-->[Hidden] C:\Program Files\Alwil Software\Avast5\defs\10092801\aswScan.dll

!-->[Hidden] C:\Program Files\Alwil Software\Avast5\defs\10092801\certs.map

!-->[Hidden] C:\Program Files\Alwil Software\Avast5\defs\10092801\db_el.dat

!-->[Hidden] C:\Program Files\Alwil Software\Avast5\defs\10092801\db_java.dat

!-->[Hidden] C:\Program Files\Alwil Software\Avast5\defs\10092801\db_java.map

!-->[Hidden] C:\Program Files\Alwil Software\Avast5\defs\10092801\db_js.dat

!-->[Hidden] C:\Program Files\Alwil Software\Avast5\defs\10092801\db_js.map

!-->[Hidden] C:\Program Files\Alwil Software\Avast5\defs\10092801\db_mx4.dat

!-->[Hidden] C:\Program Files\Alwil Software\Avast5\defs\10092801\db_mx4.map

!-->[Hidden] C:\Program Files\Alwil Software\Avast5\defs\10092801\db_mx95.dat

!-->[Hidden] C:\Program Files\Alwil Software\Avast5\defs\10092801\db_mx95.map

!-->[Hidden] C:\Program Files\Alwil Software\Avast5\defs\10092801\db_o7.dat

!-->[Hidden] C:\Program Files\Alwil Software\Avast5\defs\10092801\db_o7.map

!-->[Hidden] C:\Program Files\Alwil Software\Avast5\defs\10092801\db_ob.dat

!-->[Hidden] C:\Program Files\Alwil Software\Avast5\defs\10092801\db_pe2.dat

!-->[Hidden] C:\Program Files\Alwil Software\Avast5\defs\10092801\db_swf.dat

!-->[Hidden] C:\Program Files\Alwil Software\Avast5\defs\10092801\db_swf.map

!-->[Hidden] C:\Program Files\Alwil Software\Avast5\defs\10092801\db_tx.dat

!-->[Hidden] C:\Program Files\Alwil Software\Avast5\defs\10092801\db_u.dat

!-->[Hidden] C:\Program Files\Alwil Software\Avast5\defs\10092801\db_w6.dat

!-->[Hidden] C:\Program Files\Alwil Software\Avast5\defs\10092801\db_w6.map

!-->[Hidden] C:\Program Files\Alwil Software\Avast5\defs\10092801\db_wh.dat

!-->[Hidden] C:\Program Files\Alwil Software\Avast5\defs\10092801\db_xtn.map

!-->[Hidden] C:\Program Files\Alwil Software\Avast5\defs\10092801\def.ini

!-->[Hidden] C:\Program Files\Alwil Software\Avast5\defs\10092801\dllcc.dat

!-->[Hidden] C:\Program Files\Alwil Software\Avast5\defs\10092801\exts.dll

!-->[Hidden] C:\Program Files\Alwil Software\Avast5\defs\10092801\fwAux.dll

!-->[Hidden] C:\Program Files\Alwil Software\Avast5\defs\10092801\list_d.txt

!-->[Hidden] C:\Program Files\Alwil Software\Avast5\defs\10092801\list_i.txt

!-->[Hidden] C:\Program Files\Alwil Software\Avast5\defs\10092801\lshe3.map

!-->[Hidden] C:\Program Files\Alwil Software\Avast5\defs\10092801\l_idx.map

!-->[Hidden] C:\Program Files\Alwil Software\Avast5\defs\10092801\l_nmp.map

!-->[Hidden] C:\Program Files\Alwil Software\Avast5\defs\10092801\Sf.bin

!-->[Hidden] C:\Program Files\Alwil Software\Avast5\defs\10092801\sl_idx.map

!-->[Hidden] C:\Program Files\Alwil Software\Avast5\defs\10092801\sl_nmp.map

!-->[Hidden] C:\Program Files\Alwil Software\Avast5\defs\10092801\s_idx.map

!-->[Hidden] C:\Program Files\Alwil Software\Avast5\defs\10092801\s_nmp.map

!-->[Hidden] C:\Program Files\Alwil Software\Avast5\defs\10092801\whitelist.db

!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_619139E1.exe_f8278082dd1f2349ad859f2de0bf288e48f089b0_1089b30a\Report.wer

!-->[Hidden] C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008cb

!-->[Hidden] C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008cc

!-->[Hidden] C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008cd

!-->[Hidden] C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008ce

!-->[Hidden] C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008cf

!-->[Hidden] C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008d0

!-->[Hidden] C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008d1

!-->[Hidden] C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008d2

!-->[Hidden] C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008d3

!-->[Hidden] C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008d4

!-->[Hidden] C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008d5

!-->[Hidden] C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008d6

!-->[Hidden] C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008d7

!-->[Hidden] C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008d8

!-->[Hidden] C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008d9

!-->[Hidden] C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008da

!-->[Hidden] C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008db

!-->[Hidden] C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008dc

!-->[Hidden] C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008dd

!-->[Hidden] C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008de

!-->[Hidden] C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008df

!-->[Hidden] C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008e0

!-->[Hidden] C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008e1

!-->[Hidden] C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008e2

!-->[Hidden] C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\10B1.tmp

!-->[Hidden] C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\10B2.tmp

!-->[Hidden] C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\10C3.tmp

!-->[Hidden] C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\10D3.tmp

!-->[Hidden] C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\10D4.tmp

!-->[Hidden] C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\10E5.tmp

!-->[Hidden] C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\10F6.tmp

!-->[Hidden] C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\10F7.tmp

!-->[Hidden] C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\1107.tmp

!-->[Hidden] C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\4DD3.tmp

!-->[Hidden] C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\4DE3.tmp

!-->[Hidden] C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\4DF4.tmp

!-->[Hidden] C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\4DF5.tmp

!-->[Hidden] C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\4E06.tmp

!-->[Hidden] C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\4E16.tmp

!-->[Hidden] C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\4E17.tmp

!-->[Hidden] C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\4E28.tmp

!-->[Hidden] C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\4E39.tmp

!-->[Hidden] C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal

!-->[Hidden] C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal

!-->[Hidden] C:\Windows\Prefetch\WERFAULT.EXE-E69F695A.pf

==============================================

>Hooks

==============================================

ntkrnlpa.exe+0x00222CF3, Type: Inline - RelativeJump 0x82C69CF3-->9CB87012 [aswSP.SYS]

ntkrnlpa.exe-->AlpcGetHeaderSize, Type: EAT modification 0x82D971A0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->AlpcGetMessageAttribute, Type: EAT modification 0x82D971A4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->AlpcInitializeMessageAttribute, Type: EAT modification 0x82D971A8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->atoi, Type: EAT modification 0x82D99124-->82F37052 [unknown_code_page]

ntkrnlpa.exe-->atol, Type: EAT modification 0x82D99128-->82E97043 [unknown_code_page]

ntkrnlpa.exe-->bsearch, Type: EAT modification 0x82D9912C-->82F77053 [unknown_code_page]

ntkrnlpa.exe-->CcCanIWrite, Type: EAT modification 0x82D971AC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcCoherencyFlushAndPurgeCache, Type: EAT modification 0x82D971B0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcCopyRead, Type: EAT modification 0x82D971B4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcCopyWrite, Type: EAT modification 0x82D971B8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcCopyWriteWontFlush, Type: EAT modification 0x82D971BC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcDeferWrite, Type: EAT modification 0x82D971C0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcFastCopyRead, Type: EAT modification 0x82D971C4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcFastCopyWrite, Type: EAT modification 0x82D971C8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcFastMdlReadWait, Type: EAT modification 0x82D971CC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcFlushCache, Type: EAT modification 0x82D971D0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcGetDirtyPages, Type: EAT modification 0x82D971D4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcGetFileObjectFromBcb, Type: EAT modification 0x82D971D8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcGetFileObjectFromSectionPtrs, Type: EAT modification 0x82D971DC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcGetFileObjectFromSectionPtrsRef, Type: EAT modification 0x82D971E0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcGetFlushedValidData, Type: EAT modification 0x82D971E4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcGetLsnForFileObject, Type: EAT modification 0x82D971E8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcInitializeCacheMap, Type: EAT modification 0x82D971EC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcIsThereDirtyData, Type: EAT modification 0x82D971F0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcIsThereDirtyDataEx, Type: EAT modification 0x82D971F4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcMapData, Type: EAT modification 0x82D971F8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcMdlRead, Type: EAT modification 0x82D971FC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcMdlReadComplete, Type: EAT modification 0x82D97200-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcMdlWriteAbort, Type: EAT modification 0x82D97204-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcMdlWriteComplete, Type: EAT modification 0x82D97208-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcPinMappedData, Type: EAT modification 0x82D9720C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcPinRead, Type: EAT modification 0x82D97210-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcPrepareMdlWrite, Type: EAT modification 0x82D97214-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcPreparePinWrite, Type: EAT modification 0x82D97218-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcPurgeCacheSection, Type: EAT modification 0x82D9721C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcRemapBcb, Type: EAT modification 0x82D97220-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcRepinBcb, Type: EAT modification 0x82D97224-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcScheduleReadAhead, Type: EAT modification 0x82D97228-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcSetAdditionalCacheAttributes, Type: EAT modification 0x82D9722C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcSetBcbOwnerPointer, Type: EAT modification 0x82D97230-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcSetDirtyPageThreshold, Type: EAT modification 0x82D97234-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcSetDirtyPinnedData, Type: EAT modification 0x82D97238-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcSetFileSizes, Type: EAT modification 0x82D9723C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcSetFileSizesEx, Type: EAT modification 0x82D97240-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcSetLogHandleForFile, Type: EAT modification 0x82D97244-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcSetParallelFlushFile, Type: EAT modification 0x82D97248-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcSetReadAheadGranularity, Type: EAT modification 0x82D9724C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcTestControl, Type: EAT modification 0x82D97250-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcUninitializeCacheMap, Type: EAT modification 0x82D97254-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcUnpinData, Type: EAT modification 0x82D97258-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcUnpinDataForThread, Type: EAT modification 0x82D9725C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcUnpinRepinnedBcb, Type: EAT modification 0x82D97260-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcWaitForCurrentLazyWriterActivity, Type: EAT modification 0x82D97264-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CcZeroData, Type: EAT modification 0x82D97268-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CmCallbackGetKeyObjectID, Type: EAT modification 0x82D9726C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CmGetBoundTransaction, Type: EAT modification 0x82D97270-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CmGetCallbackVersion, Type: EAT modification 0x82D97274-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CmKeyObjectType, Type: EAT modification 0x82D97278-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CmRegisterCallback, Type: EAT modification 0x82D9727C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CmRegisterCallbackEx, Type: EAT modification 0x82D97280-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CmSetCallbackObjectContext, Type: EAT modification 0x82D97284-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->CmUnRegisterCallback, Type: EAT modification 0x82D97288-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->DbgBreakPoint, Type: EAT modification 0x82D9728C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->DbgBreakPointWithStatus, Type: EAT modification 0x82D97290-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->DbgCommandString, Type: EAT modification 0x82D97294-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->DbgkLkmdRegisterCallback, Type: EAT modification 0x82D972B8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->DbgkLkmdUnregisterCallback, Type: EAT modification 0x82D972BC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->DbgLoadImageSymbols, Type: EAT modification 0x82D97298-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->DbgPrint, Type: EAT modification 0x82D9729C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->DbgPrintEx, Type: EAT modification 0x82D972A0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->DbgPrintReturnControlC, Type: EAT modification 0x82D972A4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->DbgPrompt, Type: EAT modification 0x82D972A8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->DbgQueryDebugFilterState, Type: EAT modification 0x82D972AC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->DbgSetDebugFilterState, Type: EAT modification 0x82D972B0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->DbgSetDebugPrintCallback, Type: EAT modification 0x82D972B4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EmClientQueryRuleState, Type: EAT modification 0x82D972C0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EmClientRuleDeregisterNotification, Type: EAT modification 0x82D972C4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EmClientRuleEvaluate, Type: EAT modification 0x82D972C8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EmClientRuleRegisterNotification, Type: EAT modification 0x82D972CC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EmpProviderRegister, Type: EAT modification 0x82D972E0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EmProviderDeregister, Type: EAT modification 0x82D972D0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EmProviderDeregisterEntry, Type: EAT modification 0x82D972D4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EmProviderRegister, Type: EAT modification 0x82D972D8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EmProviderRegisterEntry, Type: EAT modification 0x82D972DC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EtwActivityIdControl, Type: EAT modification 0x82D972E4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EtwEnableTrace, Type: EAT modification 0x82D972E8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EtwEventEnabled, Type: EAT modification 0x82D972EC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EtwProviderEnabled, Type: EAT modification 0x82D972F0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EtwRegister, Type: EAT modification 0x82D972F4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EtwRegisterClassicProvider, Type: EAT modification 0x82D972F8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EtwSendTraceBuffer, Type: EAT modification 0x82D972FC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EtwUnregister, Type: EAT modification 0x82D97300-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EtwWrite, Type: EAT modification 0x82D97304-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EtwWriteEndScenario, Type: EAT modification 0x82D97308-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EtwWriteEx, Type: EAT modification 0x82D9730C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EtwWriteStartScenario, Type: EAT modification 0x82D97310-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EtwWriteString, Type: EAT modification 0x82D97314-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->EtwWriteTransfer, Type: EAT modification 0x82D97318-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAcquireCacheAwarePushLockExclusive, Type: EAT modification 0x82D9731C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAcquireFastMutexUnsafe, Type: EAT modification 0x82D97028-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAcquireResourceExclusiveLite, Type: EAT modification 0x82D97320-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAcquireResourceSharedLite, Type: EAT modification 0x82D97324-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAcquireRundownProtection, Type: EAT modification 0x82D9702C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAcquireRundownProtectionCacheAware, Type: EAT modification 0x82D97030-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAcquireRundownProtectionCacheAwareEx, Type: EAT modification 0x82D97034-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAcquireRundownProtectionEx, Type: EAT modification 0x82D97038-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAcquireSharedStarveExclusive, Type: EAT modification 0x82D97328-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAcquireSharedWaitForExclusive, Type: EAT modification 0x82D9732C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAcquireSpinLockExclusive, Type: EAT modification 0x82D97330-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAcquireSpinLockExclusiveAtDpcLevel, Type: EAT modification 0x82D97334-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAcquireSpinLockShared, Type: EAT modification 0x82D97338-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAcquireSpinLockSharedAtDpcLevel, Type: EAT modification 0x82D9733C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAllocateCacheAwarePushLock, Type: EAT modification 0x82D97340-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAllocateCacheAwareRundownProtection, Type: EAT modification 0x82D97344-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAllocateFromPagedLookasideList, Type: EAT modification 0x82D97348-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAllocatePool, Type: EAT modification 0x82D9734C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAllocatePoolWithQuota, Type: EAT modification 0x82D97350-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAllocatePoolWithQuotaTag, Type: EAT modification 0x82D97354-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAllocatePoolWithTag, Type: EAT modification 0x82D97358-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExAllocatePoolWithTagPriority, Type: EAT modification 0x82D9735C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExConvertExclusiveToSharedLite, Type: EAT modification 0x82D97360-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExCreateCallback, Type: EAT modification 0x82D97364-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExDeleteLookasideListEx, Type: EAT modification 0x82D97368-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExDeleteNPagedLookasideList, Type: EAT modification 0x82D9736C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExDeletePagedLookasideList, Type: EAT modification 0x82D97370-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExDeleteResourceLite, Type: EAT modification 0x82D97374-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExDesktopObjectType, Type: EAT modification 0x82D97378-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExDisableResourceBoostLite, Type: EAT modification 0x82D9737C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExEnterCriticalRegionAndAcquireFastMutexUnsafe, Type: EAT modification 0x82D9703C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExEnterCriticalRegionAndAcquireResourceExclusive, Type: EAT modification 0x82D97380-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExEnterCriticalRegionAndAcquireResourceShared, Type: EAT modification 0x82D97384-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExEnterCriticalRegionAndAcquireSharedWaitForExclusive, Type: EAT modification 0x82D97388-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExEnterPriorityRegionAndAcquireResourceExclusive, Type: EAT modification 0x82D9738C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExEnterPriorityRegionAndAcquireResourceShared, Type: EAT modification 0x82D97390-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExEnumHandleTable, Type: EAT modification 0x82D97394-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExEventObjectType, Type: EAT modification 0x82D97398-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExExtendZone, Type: EAT modification 0x82D9739C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExfAcquirePushLockExclusive, Type: EAT modification 0x82D97094-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExfAcquirePushLockShared, Type: EAT modification 0x82D97098-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExFetchLicenseData, Type: EAT modification 0x82D973A0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->Exfi386InterlockedDecrementLong, Type: EAT modification 0x82D970D0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->Exfi386InterlockedExchangeUlong, Type: EAT modification 0x82D970D4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->Exfi386InterlockedIncrementLong, Type: EAT modification 0x82D970D8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExfInterlockedAddUlong, Type: EAT modification 0x82D9709C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExfInterlockedCompareExchange64, Type: EAT modification 0x82D970A0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExfInterlockedInsertHeadList, Type: EAT modification 0x82D970A4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExfInterlockedInsertTailList, Type: EAT modification 0x82D970A8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExfInterlockedPopEntryList, Type: EAT modification 0x82D970AC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExfInterlockedPushEntryList, Type: EAT modification 0x82D970B0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExfInterlockedRemoveHeadList, Type: EAT modification 0x82D970B4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExFlushLookasideListEx, Type: EAT modification 0x82D973A4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExFreeCacheAwarePushLock, Type: EAT modification 0x82D973A8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExFreeCacheAwareRundownProtection, Type: EAT modification 0x82D973AC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExFreePool, Type: EAT modification 0x82D973B0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExFreePoolWithTag, Type: EAT modification 0x82D973B4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExFreeToPagedLookasideList, Type: EAT modification 0x82D973B8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExfReleasePushLock, Type: EAT modification 0x82D970B8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExfReleasePushLockExclusive, Type: EAT modification 0x82D970BC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExfReleasePushLockShared, Type: EAT modification 0x82D970C0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExfTryAcquirePushLockShared, Type: EAT modification 0x82D970C4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExfTryToWakePushLock, Type: EAT modification 0x82D970C8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExfUnblockPushLock, Type: EAT modification 0x82D970CC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExGetCurrentProcessorCounts, Type: EAT modification 0x82D973BC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExGetCurrentProcessorCpuUsage, Type: EAT modification 0x82D973C0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExGetExclusiveWaiterCount, Type: EAT modification 0x82D973C4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExGetLicenseTamperState, Type: EAT modification 0x82D973C8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExGetPreviousMode, Type: EAT modification 0x82D973CC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExGetSharedWaiterCount, Type: EAT modification 0x82D973D0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->Exi386InterlockedDecrementLong, Type: EAT modification 0x82D974B8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->Exi386InterlockedExchangeUlong, Type: EAT modification 0x82D974BC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->Exi386InterlockedIncrementLong, Type: EAT modification 0x82D974C0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExiAcquireFastMutex, Type: EAT modification 0x82D970DC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInitializeLookasideListEx, Type: EAT modification 0x82D973D4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInitializeNPagedLookasideList, Type: EAT modification 0x82D973D8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInitializePagedLookasideList, Type: EAT modification 0x82D973DC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInitializePushLock, Type: EAT modification 0x82D973E0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInitializeResourceLite, Type: EAT modification 0x82D973E4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInitializeRundownProtection, Type: EAT modification 0x82D97040-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInitializeRundownProtectionCacheAware, Type: EAT modification 0x82D973E8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInitializeZone, Type: EAT modification 0x82D973EC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInterlockedAddLargeInteger, Type: EAT modification 0x82D973F0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInterlockedAddLargeStatistic, Type: EAT modification 0x82D97044-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInterlockedAddUlong, Type: EAT modification 0x82D973F4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInterlockedCompareExchange64, Type: EAT modification 0x82D97048-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInterlockedDecrementLong, Type: EAT modification 0x82D973F8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInterlockedExchangeUlong, Type: EAT modification 0x82D973FC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInterlockedExtendZone, Type: EAT modification 0x82D97400-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInterlockedFlushSList, Type: EAT modification 0x82D9704C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInterlockedIncrementLong, Type: EAT modification 0x82D97404-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInterlockedInsertHeadList, Type: EAT modification 0x82D97408-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInterlockedInsertTailList, Type: EAT modification 0x82D9740C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInterlockedPopEntryList, Type: EAT modification 0x82D97410-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInterlockedPopEntrySList, Type: EAT modification 0x82D97050-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInterlockedPushEntryList, Type: EAT modification 0x82D97414-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInterlockedPushEntrySList, Type: EAT modification 0x82D97054-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExInterlockedRemoveHeadList, Type: EAT modification 0x82D97418-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExiReleaseFastMutex, Type: EAT modification 0x82D970E0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExIsProcessorFeaturePresent, Type: EAT modification 0x82D9741C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExIsResourceAcquiredExclusiveLite, Type: EAT modification 0x82D97420-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExIsResourceAcquiredSharedLite, Type: EAT modification 0x82D97424-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExiTryToAcquireFastMutex, Type: EAT modification 0x82D970E4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExLocalTimeToSystemTime, Type: EAT modification 0x82D97428-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExNotifyCallback, Type: EAT modification 0x82D9742C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExQueryAttributeInformation, Type: EAT modification 0x82D97430-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExQueryPoolBlockSize, Type: EAT modification 0x82D97434-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExQueueWorkItem, Type: EAT modification 0x82D97438-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExRaiseAccessViolation, Type: EAT modification 0x82D9743C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExRaiseDatatypeMisalignment, Type: EAT modification 0x82D97440-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExRaiseException, Type: EAT modification 0x82D97444-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExRaiseHardError, Type: EAT modification 0x82D97448-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExRaiseStatus, Type: EAT modification 0x82D9744C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExRegisterAttributeInformationCallback, Type: EAT modification 0x82D97450-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExRegisterCallback, Type: EAT modification 0x82D97454-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExRegisterExtension, Type: EAT modification 0x82D97458-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReinitializeResourceLite, Type: EAT modification 0x82D9745C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReInitializeRundownProtection, Type: EAT modification 0x82D97058-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReInitializeRundownProtectionCacheAware, Type: EAT modification 0x82D9705C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReleaseCacheAwarePushLockExclusive, Type: EAT modification 0x82D97460-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReleaseFastMutexUnsafe, Type: EAT modification 0x82D97060-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReleaseFastMutexUnsafeAndLeaveCriticalRegion, Type: EAT modification 0x82D97064-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReleaseResourceAndLeaveCriticalRegion, Type: EAT modification 0x82D97068-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReleaseResourceAndLeavePriorityRegion, Type: EAT modification 0x82D9706C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReleaseResourceForThreadLite, Type: EAT modification 0x82D97464-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReleaseResourceLite, Type: EAT modification 0x82D97070-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReleaseRundownProtection, Type: EAT modification 0x82D97074-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReleaseRundownProtectionCacheAware, Type: EAT modification 0x82D97078-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReleaseRundownProtectionCacheAwareEx, Type: EAT modification 0x82D9707C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReleaseRundownProtectionEx, Type: EAT modification 0x82D97080-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReleaseSpinLockExclusive, Type: EAT modification 0x82D97468-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReleaseSpinLockExclusiveFromDpcLevel, Type: EAT modification 0x82D9746C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReleaseSpinLockShared, Type: EAT modification 0x82D97470-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExReleaseSpinLockSharedFromDpcLevel, Type: EAT modification 0x82D97474-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExRundownCompleted, Type: EAT modification 0x82D97084-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExRundownCompletedCacheAware, Type: EAT modification 0x82D97088-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExSemaphoreObjectType, Type: EAT modification 0x82D97478-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExSetLicenseTamperState, Type: EAT modification 0x82D9747C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExSetResourceOwnerPointer, Type: EAT modification 0x82D97480-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExSetResourceOwnerPointerEx, Type: EAT modification 0x82D97484-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExSetTimerResolution, Type: EAT modification 0x82D97488-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExSizeOfRundownProtectionCacheAware, Type: EAT modification 0x82D9748C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExSystemExceptionFilter, Type: EAT modification 0x82D97490-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExSystemTimeToLocalTime, Type: EAT modification 0x82D97494-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExTryConvertSharedSpinLockExclusive, Type: EAT modification 0x82D97498-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExUnregisterAttributeInformationCallback, Type: EAT modification 0x82D9749C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExUnregisterCallback, Type: EAT modification 0x82D974A0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExUnregisterExtension, Type: EAT modification 0x82D974A4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExUpdateLicenseData, Type: EAT modification 0x82D974A8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExUuidCreate, Type: EAT modification 0x82D974AC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExVerifySuite, Type: EAT modification 0x82D974B0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExWaitForRundownProtectionRelease, Type: EAT modification 0x82D9708C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExWaitForRundownProtectionReleaseCacheAware, Type: EAT modification 0x82D97090-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ExWindowStationObjectType, Type: EAT modification 0x82D974B4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FirstEntrySList, Type: EAT modification 0x82D974C4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAcknowledgeEcp, Type: EAT modification 0x82D974C8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAcquireFileExclusive, Type: EAT modification 0x82D974CC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAddBaseMcbEntry, Type: EAT modification 0x82D974D0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAddBaseMcbEntryEx, Type: EAT modification 0x82D974D4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAddLargeMcbEntry, Type: EAT modification 0x82D974D8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAddMcbEntry, Type: EAT modification 0x82D974DC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAddToTunnelCache, Type: EAT modification 0x82D974E0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAllocateExtraCreateParameter, Type: EAT modification 0x82D974E4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAllocateExtraCreateParameterFromLookasideList, Type: EAT modification 0x82D974E8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAllocateExtraCreateParameterList, Type: EAT modification 0x82D974EC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAllocateFileLock, Type: EAT modification 0x82D974F0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAllocatePool, Type: EAT modification 0x82D974F4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAllocatePoolWithQuota, Type: EAT modification 0x82D974F8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAllocatePoolWithQuotaTag, Type: EAT modification 0x82D974FC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAllocatePoolWithTag, Type: EAT modification 0x82D97500-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAllocateResource, Type: EAT modification 0x82D97504-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAreNamesEqual, Type: EAT modification 0x82D97508-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAreThereCurrentOrInProgressFileLocks, Type: EAT modification 0x82D9750C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlAreVolumeStartupApplicationsComplete, Type: EAT modification 0x82D97510-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlBalanceReads, Type: EAT modification 0x82D97514-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlCancellableWaitForMultipleObjects, Type: EAT modification 0x82D97518-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlCancellableWaitForSingleObject, Type: EAT modification 0x82D9751C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlChangeBackingFileObject, Type: EAT modification 0x82D97520-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlCheckLockForReadAccess, Type: EAT modification 0x82D97524-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlCheckLockForWriteAccess, Type: EAT modification 0x82D97528-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlCheckOplock, Type: EAT modification 0x82D9752C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlCheckOplockEx, Type: EAT modification 0x82D97530-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlCopyRead, Type: EAT modification 0x82D97534-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlCopyWrite, Type: EAT modification 0x82D97538-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlCreateSectionForDataScan, Type: EAT modification 0x82D9753C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlCurrentBatchOplock, Type: EAT modification 0x82D97540-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlCurrentOplock, Type: EAT modification 0x82D97544-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlCurrentOplockH, Type: EAT modification 0x82D97548-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlDeleteExtraCreateParameterLookasideList, Type: EAT modification 0x82D9754C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlDeleteKeyFromTunnelCache, Type: EAT modification 0x82D97550-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlDeleteTunnelCache, Type: EAT modification 0x82D97554-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlDeregisterUncProvider, Type: EAT modification 0x82D97558-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlDissectDbcs, Type: EAT modification 0x82D9755C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlDissectName, Type: EAT modification 0x82D97560-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlDoesDbcsContainWildCards, Type: EAT modification 0x82D97564-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlDoesNameContainWildCards, Type: EAT modification 0x82D97568-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlFastCheckLockForRead, Type: EAT modification 0x82D9756C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlFastCheckLockForWrite, Type: EAT modification 0x82D97570-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlFastUnlockAll, Type: EAT modification 0x82D97574-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlFastUnlockAllByKey, Type: EAT modification 0x82D97578-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlFastUnlockSingle, Type: EAT modification 0x82D9757C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlFindExtraCreateParameter, Type: EAT modification 0x82D97580-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlFindInTunnelCache, Type: EAT modification 0x82D97584-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlFreeExtraCreateParameter, Type: EAT modification 0x82D97588-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlFreeExtraCreateParameterList, Type: EAT modification 0x82D9758C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlFreeFileLock, Type: EAT modification 0x82D97590-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlGetEcpListFromIrp, Type: EAT modification 0x82D97594-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlGetFileSize, Type: EAT modification 0x82D97598-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlGetNextBaseMcbEntry, Type: EAT modification 0x82D9759C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlGetNextExtraCreateParameter, Type: EAT modification 0x82D975A0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlGetNextFileLock, Type: EAT modification 0x82D975A4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlGetNextLargeMcbEntry, Type: EAT modification 0x82D975A8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlGetNextMcbEntry, Type: EAT modification 0x82D975AC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlGetVirtualDiskNestingLevel, Type: EAT modification 0x82D975B0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlIncrementCcFastMdlReadWait, Type: EAT modification 0x82D975B4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlIncrementCcFastReadNotPossible, Type: EAT modification 0x82D975BC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlIncrementCcFastReadNoWait, Type: EAT modification 0x82D975B8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlIncrementCcFastReadResourceMiss, Type: EAT modification 0x82D975C0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlIncrementCcFastReadWait, Type: EAT modification 0x82D975C4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlInitExtraCreateParameterLookasideList, Type: EAT modification 0x82D975C8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlInitializeBaseMcb, Type: EAT modification 0x82D975CC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlInitializeBaseMcbEx, Type: EAT modification 0x82D975D0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlInitializeExtraCreateParameter, Type: EAT modification 0x82D975D4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlInitializeExtraCreateParameterList, Type: EAT modification 0x82D975D8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlInitializeFileLock, Type: EAT modification 0x82D975DC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlInitializeLargeMcb, Type: EAT modification 0x82D975E0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlInitializeMcb, Type: EAT modification 0x82D975E4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlInitializeOplock, Type: EAT modification 0x82D975E8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlInitializeTunnelCache, Type: EAT modification 0x82D975EC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlInsertExtraCreateParameter, Type: EAT modification 0x82D975F0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlInsertPerFileContext, Type: EAT modification 0x82D975F4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlInsertPerFileObjectContext, Type: EAT modification 0x82D975F8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlInsertPerStreamContext, Type: EAT modification 0x82D975FC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlIsDbcsInExpression, Type: EAT modification 0x82D97600-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlIsEcpAcknowledged, Type: EAT modification 0x82D97604-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlIsEcpFromUserMode, Type: EAT modification 0x82D97608-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlIsFatDbcsLegal, Type: EAT modification 0x82D9760C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlIsHpfsDbcsLegal, Type: EAT modification 0x82D97610-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlIsNameInExpression, Type: EAT modification 0x82D97614-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlIsNtstatusExpected, Type: EAT modification 0x82D97618-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlIsPagingFile, Type: EAT modification 0x82D9761C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlIsTotalDeviceFailure, Type: EAT modification 0x82D97620-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlLegalAnsiCharacterArray, Type: EAT modification 0x82D97624-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlLogCcFlushError, Type: EAT modification 0x82D97628-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlLookupBaseMcbEntry, Type: EAT modification 0x82D9762C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlLookupLargeMcbEntry, Type: EAT modification 0x82D97630-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlLookupLastBaseMcbEntry, Type: EAT modification 0x82D97634-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlLookupLastBaseMcbEntryAndIndex, Type: EAT modification 0x82D97638-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlLookupLastLargeMcbEntry, Type: EAT modification 0x82D9763C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlLookupLastLargeMcbEntryAndIndex, Type: EAT modification 0x82D97640-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlLookupLastMcbEntry, Type: EAT modification 0x82D97644-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlLookupMcbEntry, Type: EAT modification 0x82D97648-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlLookupPerFileContext, Type: EAT modification 0x82D9764C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlLookupPerFileObjectContext, Type: EAT modification 0x82D97650-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlLookupPerStreamContextInternal, Type: EAT modification 0x82D97654-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlMdlRead, Type: EAT modification 0x82D97658-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlMdlReadComplete, Type: EAT modification 0x82D9765C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlMdlReadCompleteDev, Type: EAT modification 0x82D97660-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlMdlReadDev, Type: EAT modification 0x82D97664-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlMdlWriteComplete, Type: EAT modification 0x82D97668-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlMdlWriteCompleteDev, Type: EAT modification 0x82D9766C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlMupGetProviderIdFromName, Type: EAT modification 0x82D97670-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlMupGetProviderInfoFromFileObject, Type: EAT modification 0x82D97674-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlNormalizeNtstatus, Type: EAT modification 0x82D97678-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlNotifyChangeDirectory, Type: EAT modification 0x82D9767C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlNotifyCleanup, Type: EAT modification 0x82D97680-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlNotifyCleanupAll, Type: EAT modification 0x82D97684-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlNotifyFilterChangeDirectory, Type: EAT modification 0x82D97688-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlNotifyFilterReportChange, Type: EAT modification 0x82D9768C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlNotifyFullChangeDirectory, Type: EAT modification 0x82D97690-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlNotifyFullReportChange, Type: EAT modification 0x82D97694-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlNotifyInitializeSync, Type: EAT modification 0x82D97698-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlNotifyReportChange, Type: EAT modification 0x82D9769C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlNotifyUninitializeSync, Type: EAT modification 0x82D976A0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlNotifyVolumeEvent, Type: EAT modification 0x82D976A4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlNotifyVolumeEventEx, Type: EAT modification 0x82D976A8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlNumberOfRunsInBaseMcb, Type: EAT modification 0x82D976AC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlNumberOfRunsInLargeMcb, Type: EAT modification 0x82D976B0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlNumberOfRunsInMcb, Type: EAT modification 0x82D976B4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlOplockBreakH, Type: EAT modification 0x82D976B8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlOplockBreakToNone, Type: EAT modification 0x82D976BC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlOplockBreakToNoneEx, Type: EAT modification 0x82D976C0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlOplockFsctrl, Type: EAT modification 0x82D976C4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlOplockFsctrlEx, Type: EAT modification 0x82D976C8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlOplockIsFastIoPossible, Type: EAT modification 0x82D976CC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlOplockIsSharedRequest, Type: EAT modification 0x82D976D0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlOplockKeysEqual, Type: EAT modification 0x82D976D4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlPostPagingFileStackOverflow, Type: EAT modification 0x82D976D8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlPostStackOverflow, Type: EAT modification 0x82D976DC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlPrepareMdlWrite, Type: EAT modification 0x82D976E0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlPrepareMdlWriteDev, Type: EAT modification 0x82D976E4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlPrivateLock, Type: EAT modification 0x82D976E8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlProcessFileLock, Type: EAT modification 0x82D976EC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlQueryMaximumVirtualDiskNestingLevel, Type: EAT modification 0x82D976F0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlRegisterFileSystemFilterCallbacks, Type: EAT modification 0x82D976F4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlRegisterFltMgrCalls, Type: EAT modification 0x82D976F8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlRegisterMupCalls, Type: EAT modification 0x82D976FC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlRegisterUncProvider, Type: EAT modification 0x82D97700-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlRegisterUncProviderEx, Type: EAT modification 0x82D97704-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlReleaseFile, Type: EAT modification 0x82D97708-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlRemoveBaseMcbEntry, Type: EAT modification 0x82D9770C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlRemoveDotsFromPath, Type: EAT modification 0x82D97710-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlRemoveExtraCreateParameter, Type: EAT modification 0x82D97714-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlRemoveLargeMcbEntry, Type: EAT modification 0x82D97718-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlRemoveMcbEntry, Type: EAT modification 0x82D9771C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlRemovePerFileContext, Type: EAT modification 0x82D97720-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlRemovePerFileObjectContext, Type: EAT modification 0x82D97724-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlRemovePerStreamContext, Type: EAT modification 0x82D97728-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlResetBaseMcb, Type: EAT modification 0x82D9772C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlResetLargeMcb, Type: EAT modification 0x82D97730-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlSetEcpListIntoIrp, Type: EAT modification 0x82D97734-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlSplitBaseMcb, Type: EAT modification 0x82D97738-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlSplitLargeMcb, Type: EAT modification 0x82D9773C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlSyncVolumes, Type: EAT modification 0x82D97740-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlTeardownPerFileContexts, Type: EAT modification 0x82D97744-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlTeardownPerStreamContexts, Type: EAT modification 0x82D97748-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlTruncateBaseMcb, Type: EAT modification 0x82D9774C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlTruncateLargeMcb, Type: EAT modification 0x82D97750-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlTruncateMcb, Type: EAT modification 0x82D97754-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlUninitializeBaseMcb, Type: EAT modification 0x82D97758-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlUninitializeFileLock, Type: EAT modification 0x82D9775C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlUninitializeLargeMcb, Type: EAT modification 0x82D97760-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlUninitializeMcb, Type: EAT modification 0x82D97764-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlUninitializeOplock, Type: EAT modification 0x82D97768-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->FsRtlValidateReparsePointBuffer, Type: EAT modification 0x82D9776C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->HalDispatchTable, Type: EAT modification 0x82D97770-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->HalExamineMBR, Type: EAT modification 0x82D970E8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->HalPrivateDispatchTable, Type: EAT modification 0x82D97774-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->HeadlessDispatch, Type: EAT modification 0x82D97778-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->HvlQueryConnection, Type: EAT modification 0x82D9777C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InbvAcquireDisplayOwnership, Type: EAT modification 0x82D97780-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InbvCheckDisplayOwnership, Type: EAT modification 0x82D97784-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InbvDisplayString, Type: EAT modification 0x82D97788-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InbvEnableBootDriver, Type: EAT modification 0x82D9778C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InbvEnableDisplayString, Type: EAT modification 0x82D97790-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InbvInstallDisplayStringFilter, Type: EAT modification 0x82D97794-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InbvIsBootDriverInstalled, Type: EAT modification 0x82D97798-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InbvNotifyDisplayOwnershipLost, Type: EAT modification 0x82D9779C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InbvResetDisplay, Type: EAT modification 0x82D977A0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InbvSetScrollRegion, Type: EAT modification 0x82D977A4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InbvSetTextColor, Type: EAT modification 0x82D977A8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InbvSolidColorFill, Type: EAT modification 0x82D977AC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InitSafeBootMode, Type: EAT modification 0x82D977B0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InterlockedCompareExchange, Type: EAT modification 0x82D970EC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InterlockedDecrement, Type: EAT modification 0x82D970F0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InterlockedExchange, Type: EAT modification 0x82D970F4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InterlockedExchangeAdd, Type: EAT modification 0x82D970F8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InterlockedIncrement, Type: EAT modification 0x82D970FC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InterlockedPopEntrySList, Type: EAT modification 0x82D97100-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->InterlockedPushEntrySList, Type: EAT modification 0x82D97104-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAcquireCancelSpinLock, Type: EAT modification 0x82D977B4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAcquireRemoveLockEx, Type: EAT modification 0x82D977B8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAcquireVpbSpinLock, Type: EAT modification 0x82D977BC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAdapterObjectType, Type: EAT modification 0x82D977C0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAdjustStackSizeForRedirection, Type: EAT modification 0x82D977C4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAllocateAdapterChannel, Type: EAT modification 0x82D977C8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAllocateController, Type: EAT modification 0x82D977CC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAllocateDriverObjectExtension, Type: EAT modification 0x82D977D0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAllocateErrorLogEntry, Type: EAT modification 0x82D977D4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAllocateIrp, Type: EAT modification 0x82D977D8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAllocateMdl, Type: EAT modification 0x82D977DC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAllocateMiniCompletionPacket, Type: EAT modification 0x82D977E0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAllocateSfioStreamIdentifier, Type: EAT modification 0x82D977E4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAllocateWorkItem, Type: EAT modification 0x82D977E8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoApplyPriorityInfoThread, Type: EAT modification 0x82D977EC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAssignResources, Type: EAT modification 0x82D977F0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAttachDevice, Type: EAT modification 0x82D977F4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAttachDeviceByPointer, Type: EAT modification 0x82D977F8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAttachDeviceToDeviceStack, Type: EAT modification 0x82D977FC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoAttachDeviceToDeviceStackSafe, Type: EAT modification 0x82D97800-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoBuildAsynchronousFsdRequest, Type: EAT modification 0x82D97804-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoBuildDeviceIoControlRequest, Type: EAT modification 0x82D97808-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoBuildPartialMdl, Type: EAT modification 0x82D9780C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoBuildSynchronousFsdRequest, Type: EAT modification 0x82D97810-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCallDriver, Type: EAT modification 0x82D97814-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCancelFileOpen, Type: EAT modification 0x82D97818-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCancelIrp, Type: EAT modification 0x82D9781C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCheckDesiredAccess, Type: EAT modification 0x82D97820-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCheckEaBufferValidity, Type: EAT modification 0x82D97824-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCheckFunctionAccess, Type: EAT modification 0x82D97828-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCheckQuerySetFileInformation, Type: EAT modification 0x82D9782C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCheckQuerySetVolumeInformation, Type: EAT modification 0x82D97830-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCheckQuotaBufferValidity, Type: EAT modification 0x82D97834-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCheckShareAccess, Type: EAT modification 0x82D97838-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCheckShareAccessEx, Type: EAT modification 0x82D9783C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoClearDependency, Type: EAT modification 0x82D97840-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoClearIrpExtraCreateParameter, Type: EAT modification 0x82D97844-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCompleteRequest, Type: EAT modification 0x82D97848-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoConnectInterrupt, Type: EAT modification 0x82D9784C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoConnectInterruptEx, Type: EAT modification 0x82D97850-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCreateArcName, Type: EAT modification 0x82D97854-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCreateController, Type: EAT modification 0x82D97858-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCreateDevice, Type: EAT modification 0x82D9785C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCreateDisk, Type: EAT modification 0x82D97860-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCreateDriver, Type: EAT modification 0x82D97864-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCreateFile, Type: EAT modification 0x82D97868-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCreateFileEx, Type: EAT modification 0x82D9786C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCreateFileSpecifyDeviceObjectHint, Type: EAT modification 0x82D97870-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCreateNotificationEvent, Type: EAT modification 0x82D97874-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCreateStreamFileObject, Type: EAT modification 0x82D97878-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCreateStreamFileObjectEx, Type: EAT modification 0x82D9787C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCreateStreamFileObjectLite, Type: EAT modification 0x82D97880-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCreateSymbolicLink, Type: EAT modification 0x82D97884-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCreateSynchronizationEvent, Type: EAT modification 0x82D97888-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCreateUnprotectedSymbolicLink, Type: EAT modification 0x82D9788C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCsqInitialize, Type: EAT modification 0x82D97890-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCsqInitializeEx, Type: EAT modification 0x82D97894-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCsqInsertIrp, Type: EAT modification 0x82D97898-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCsqInsertIrpEx, Type: EAT modification 0x82D9789C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCsqRemoveIrp, Type: EAT modification 0x82D978A0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoCsqRemoveNextIrp, Type: EAT modification 0x82D978A4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoDeleteAllDependencyRelations, Type: EAT modification 0x82D978A8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoDeleteController, Type: EAT modification 0x82D978AC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoDeleteDevice, Type: EAT modification 0x82D978B0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoDeleteDriver, Type: EAT modification 0x82D978B4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoDeleteSymbolicLink, Type: EAT modification 0x82D978B8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoDetachDevice, Type: EAT modification 0x82D978BC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoDeviceHandlerObjectSize, Type: EAT modification 0x82D978C0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoDeviceHandlerObjectType, Type: EAT modification 0x82D978C4-->82C080DC [ntkrnlpa.exe]

ntkrnlpa.exe-->IoDisconnectInterrupt, Type: EAT modification 0x82D978CC-->92A5208C [unknown_code_page]

ntkrnlpa.exe-->IoDisconnectInterruptEx, Type: EAT modification 0x82D978D0-->8318706E [unknown_code_page]

ntkrnlpa.exe-->IoDriverObjectType, Type: EAT modification 0x82D978D4-->8316706B [unknown_code_page]

ntkrnlpa.exe-->IoDuplicateDependency, Type: EAT modification 0x82D978D8-->8310706E [unknown_code_page]

ntkrnlpa.exe-->IoEnqueueIrp, Type: EAT modification 0x82D978DC-->83057070 [unknown_code_page]

ntkrnlpa.exe-->IoEnumerateDeviceObjectList, Type: EAT modification 0x82D978E0-->8309702E [unknown_code_page]

ntkrnlpa.exe-->IoEnumerateRegisteredFiltersList, Type: EAT modification 0x82D978E4-->83097078 [unknown_code_page]

ntkrnlpa.exe-->IoFastQueryNetworkAttributes, Type: EAT modification 0x82D978E8-->82D1702D [ntkrnlpa.exe]

ntkrnlpa.exe-->IofCallDriver, Type: EAT modification 0x82D97118-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IofCompleteRequest, Type: EAT modification 0x82D9711C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoFileObjectType, Type: EAT modification 0x82D978EC-->82E5703E [unknown_code_page]

ntkrnlpa.exe-->IoForwardAndCatchIrp, Type: EAT modification 0x82D978F0-->8314706C [unknown_code_page]

ntkrnlpa.exe-->IoForwardIrpSynchronously, Type: EAT modification 0x82D978F4-->82EB7063 [unknown_code_page]

ntkrnlpa.exe-->IoFreeController, Type: EAT modification 0x82D978F8-->83187065 [unknown_code_page]

ntkrnlpa.exe-->IoFreeErrorLogEntry, Type: EAT modification 0x82D978FC-->83097048 [unknown_code_page]

ntkrnlpa.exe-->IoFreeIrp, Type: EAT modification 0x82D97900-->83087061 [unknown_code_page]

ntkrnlpa.exe-->IoFreeMdl, Type: EAT modification 0x82D97904-->83167065 [unknown_code_page]

ntkrnlpa.exe-->IoFreeMiniCompletionPacket, Type: EAT modification 0x82D97908-->830D7053 [unknown_code_page]

ntkrnlpa.exe-->IoFreeSfioStreamIdentifier, Type: EAT modification 0x82D9790C-->8309707A [unknown_code_page]

ntkrnlpa.exe-->IoFreeWorkItem, Type: EAT modification 0x82D97910-->82D47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetAffinityInterrupt, Type: EAT modification 0x82D97914-->82DC7078 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetAttachedDevice, Type: EAT modification 0x82D97918-->82E87032 [unknown_code_page]

ntkrnlpa.exe-->IoGetAttachedDeviceReference, Type: EAT modification 0x82D9791C-->82DB7039 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetBaseFileSystemDeviceObject, Type: EAT modification 0x82D97920-->82E57031 [unknown_code_page]

ntkrnlpa.exe-->IoGetBootDiskInformation, Type: EAT modification 0x82D97924-->82D17030 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetBootDiskInformationLite, Type: EAT modification 0x82D97928-->82E2702D [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetConfigurationInformation, Type: EAT modification 0x82D9792C-->82D67038 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetContainerInformation, Type: EAT modification 0x82D97930-->82D87041 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetCurrentProcess, Type: EAT modification 0x82D97934-->82D47037 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetDeviceAttachmentBaseRef, Type: EAT modification 0x82D97938-->82D47030 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetDeviceInterfaceAlias, Type: EAT modification 0x82D9793C-->82D17020 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetDeviceInterfaces, Type: EAT modification 0x82D97940-->82FF7020 [unknown_code_page]

Link to post
Share on other sites

Report was WAY too long, here's part 2

ntkrnlpa.exe-->IoGetDeviceNumaNode, Type: EAT modification 0x82D97944-->8318706E [unknown_code_page]

ntkrnlpa.exe-->IoGetDeviceObjectPointer, Type: EAT modification 0x82D97948-->8316706B [unknown_code_page]

ntkrnlpa.exe-->IoGetDeviceProperty, Type: EAT modification 0x82D9794C-->8310706E [unknown_code_page]

ntkrnlpa.exe-->IoGetDevicePropertyData, Type: EAT modification 0x82D97950-->83057070 [unknown_code_page]

ntkrnlpa.exe-->IoGetDeviceToVerify, Type: EAT modification 0x82D97954-->8309702E [unknown_code_page]

ntkrnlpa.exe-->IoGetDiskDeviceObject, Type: EAT modification 0x82D97958-->83097078 [unknown_code_page]

ntkrnlpa.exe-->IoGetDmaAdapter, Type: EAT modification 0x82D9795C-->82A4705D [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetDriverObjectExtension, Type: EAT modification 0x82D97960-->82E57045 [unknown_code_page]

ntkrnlpa.exe-->IoGetFileObjectGenericMapping, Type: EAT modification 0x82D97964-->82C47054 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetInitialStack, Type: EAT modification 0x82D97968-->8313706D [unknown_code_page]

ntkrnlpa.exe-->IoGetIoPriorityHint, Type: EAT modification 0x82D9796C-->830D7064 [unknown_code_page]

ntkrnlpa.exe-->IoGetIrpExtraCreateParameter, Type: EAT modification 0x82D97970-->830D7066 [unknown_code_page]

ntkrnlpa.exe-->IoGetLowerDeviceObject, Type: EAT modification 0x82D97974-->83057063 [unknown_code_page]

ntkrnlpa.exe-->IoGetOplockKeyContext, Type: EAT modification 0x82D97978-->830D7074 [unknown_code_page]

ntkrnlpa.exe-->IoGetPagingIoPriority, Type: EAT modification 0x82D97108-->8312706F [unknown_code_page]

ntkrnlpa.exe-->IoGetRelatedDeviceObject, Type: EAT modification 0x82D9797C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetRequestorProcess, Type: EAT modification 0x82D97980-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetRequestorProcessId, Type: EAT modification 0x82D97984-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetRequestorSessionId, Type: EAT modification 0x82D97988-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetSfioStreamIdentifier, Type: EAT modification 0x82D9798C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetStackLimits, Type: EAT modification 0x82D97990-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetSymlinkSupportInformation, Type: EAT modification 0x82D97994-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetTopLevelIrp, Type: EAT modification 0x82D97998-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoGetTransactionParameterBlock, Type: EAT modification 0x82D9799C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoInitializeIrp, Type: EAT modification 0x82D979A0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoInitializeRemoveLockEx, Type: EAT modification 0x82D979A4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoInitializeTimer, Type: EAT modification 0x82D979A8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoInitializeWorkItem, Type: EAT modification 0x82D979AC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoInvalidateDeviceRelations, Type: EAT modification 0x82D979B0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoInvalidateDeviceState, Type: EAT modification 0x82D979B4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoIsFileObjectIgnoringSharing, Type: EAT modification 0x82D979B8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoIsFileOriginRemote, Type: EAT modification 0x82D979BC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoIsOperationSynchronous, Type: EAT modification 0x82D979C0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoIsSystemThread, Type: EAT modification 0x82D979C4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoIsValidNameGraftingBuffer, Type: EAT modification 0x82D979C8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoIsWdmVersionAvailable, Type: EAT modification 0x82D979CC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoMakeAssociatedIrp, Type: EAT modification 0x82D979D0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoOpenDeviceInterfaceRegistryKey, Type: EAT modification 0x82D979D4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoOpenDeviceRegistryKey, Type: EAT modification 0x82D979D8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoPageRead, Type: EAT modification 0x82D979DC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoQueryDeviceDescription, Type: EAT modification 0x82D979E0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoQueryFileDosDeviceName, Type: EAT modification 0x82D979E4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoQueryFileInformation, Type: EAT modification 0x82D979E8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoQueryVolumeInformation, Type: EAT modification 0x82D979EC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoQueueThreadIrp, Type: EAT modification 0x82D979F0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoQueueWorkItem, Type: EAT modification 0x82D979F4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoQueueWorkItemEx, Type: EAT modification 0x82D979F8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoRaiseHardError, Type: EAT modification 0x82D979FC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoRaiseInformationalHardError, Type: EAT modification 0x82D97A00-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReadDiskSignature, Type: EAT modification 0x82D97A04-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReadOperationCount, Type: EAT modification 0x82D97A08-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReadPartitionTable, Type: EAT modification 0x82D9710C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReadPartitionTableEx, Type: EAT modification 0x82D97A0C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReadTransferCount, Type: EAT modification 0x82D97A10-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoRegisterBootDriverReinitialization, Type: EAT modification 0x82D97A14-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoRegisterContainerNotification, Type: EAT modification 0x82D97A18-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoRegisterDeviceInterface, Type: EAT modification 0x82D97A1C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoRegisterDriverReinitialization, Type: EAT modification 0x82D97A20-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoRegisterFileSystem, Type: EAT modification 0x82D97A24-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoRegisterFsRegistrationChange, Type: EAT modification 0x82D97A28-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoRegisterFsRegistrationChangeMountAware, Type: EAT modification 0x82D97A2C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoRegisterLastChanceShutdownNotification, Type: EAT modification 0x82D97A30-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoRegisterPlugPlayNotification, Type: EAT modification 0x82D97A34-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoRegisterPriorityCallback, Type: EAT modification 0x82D97A38-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoRegisterShutdownNotification, Type: EAT modification 0x82D97A3C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReleaseCancelSpinLock, Type: EAT modification 0x82D97A40-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReleaseRemoveLockAndWaitEx, Type: EAT modification 0x82D97A44-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReleaseRemoveLockEx, Type: EAT modification 0x82D97A48-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReleaseVpbSpinLock, Type: EAT modification 0x82D97A4C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoRemoveShareAccess, Type: EAT modification 0x82D97A50-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReplaceFileObjectName, Type: EAT modification 0x82D97A54-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReplacePartitionUnit, Type: EAT modification 0x82D97A58-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReportDetectedDevice, Type: EAT modification 0x82D97A5C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReportHalResourceUsage, Type: EAT modification 0x82D97A60-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReportResourceForDetection, Type: EAT modification 0x82D97A64-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReportResourceUsage, Type: EAT modification 0x82D97A68-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReportRootDevice, Type: EAT modification 0x82D97A6C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReportTargetDeviceChange, Type: EAT modification 0x82D97A70-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReportTargetDeviceChangeAsynchronous, Type: EAT modification 0x82D97A74-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoRequestDeviceEject, Type: EAT modification 0x82D97A78-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoRequestDeviceEjectEx, Type: EAT modification 0x82D97A7C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoRetrievePriorityInfo, Type: EAT modification 0x82D97A80-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoReuseIrp, Type: EAT modification 0x82D97A84-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetCompletionRoutineEx, Type: EAT modification 0x82D97A88-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetDependency, Type: EAT modification 0x82D97A8C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetDeviceInterfaceState, Type: EAT modification 0x82D97A90-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetDevicePropertyData, Type: EAT modification 0x82D97A94-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetDeviceToVerify, Type: EAT modification 0x82D97A98-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetFileObjectIgnoreSharing, Type: EAT modification 0x82D97A9C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetFileOrigin, Type: EAT modification 0x82D97AA0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetHardErrorOrVerifyDevice, Type: EAT modification 0x82D97AA4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetInformation, Type: EAT modification 0x82D97AA8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetIoCompletion, Type: EAT modification 0x82D97AAC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetIoCompletionEx, Type: EAT modification 0x82D97AB0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetIoPriorityHint, Type: EAT modification 0x82D97AB4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetIoPriorityHintIntoFileObject, Type: EAT modification 0x82D97AB8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetIoPriorityHintIntoThread, Type: EAT modification 0x82D97ABC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetIrpExtraCreateParameter, Type: EAT modification 0x82D97AC0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetOplockKeyContext, Type: EAT modification 0x82D97AC4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetPartitionInformation, Type: EAT modification 0x82D97110-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetPartitionInformationEx, Type: EAT modification 0x82D97AC8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetShareAccess, Type: EAT modification 0x82D97ACC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetShareAccessEx, Type: EAT modification 0x82D97AD0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetStartIoAttributes, Type: EAT modification 0x82D97AD4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetSystemPartition, Type: EAT modification 0x82D97AD8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetThreadHardErrorMode, Type: EAT modification 0x82D97ADC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSetTopLevelIrp, Type: EAT modification 0x82D97AE0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSizeofWorkItem, Type: EAT modification 0x82D97AE4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoStartNextPacket, Type: EAT modification 0x82D97AE8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoStartNextPacketByKey, Type: EAT modification 0x82D97AEC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoStartPacket, Type: EAT modification 0x82D97AF0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoStartTimer, Type: EAT modification 0x82D97AF4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoStatisticsLock, Type: EAT modification 0x82D97AF8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoStopTimer, Type: EAT modification 0x82D97AFC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSynchronousInvalidateDeviceRelations, Type: EAT modification 0x82D97B00-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoSynchronousPageWrite, Type: EAT modification 0x82D97B04-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoThreadToProcess, Type: EAT modification 0x82D97B08-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoTranslateBusAddress, Type: EAT modification 0x82D97B0C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoUninitializeWorkItem, Type: EAT modification 0x82D97B10-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoUnregisterContainerNotification, Type: EAT modification 0x82D97B14-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoUnregisterFileSystem, Type: EAT modification 0x82D97B18-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoUnregisterFsRegistrationChange, Type: EAT modification 0x82D97B1C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoUnregisterPlugPlayNotification, Type: EAT modification 0x82D97B20-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoUnregisterPlugPlayNotificationEx, Type: EAT modification 0x82D97B24-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoUnregisterPriorityCallback, Type: EAT modification 0x82D97B28-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoUnregisterShutdownNotification, Type: EAT modification 0x82D97B2C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoUpdateShareAccess, Type: EAT modification 0x82D97B30-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoValidateDeviceIoControlAccess, Type: EAT modification 0x82D97B34-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoVerifyPartitionTable, Type: EAT modification 0x82D97B38-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoVerifyVolume, Type: EAT modification 0x82D97B3C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoVolumeDeviceToDosName, Type: EAT modification 0x82D97B40-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoWithinStackLimits, Type: EAT modification 0x82D97B80-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoWMIAllocateInstanceIds, Type: EAT modification 0x82D97B44-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoWMIDeviceObjectToInstanceName, Type: EAT modification 0x82D97B48-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoWMIExecuteMethod, Type: EAT modification 0x82D97B4C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoWMIHandleToInstanceName, Type: EAT modification 0x82D97B50-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoWMIOpenBlock, Type: EAT modification 0x82D97B54-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoWMIQueryAllData, Type: EAT modification 0x82D97B58-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoWMIQueryAllDataMultiple, Type: EAT modification 0x82D97B5C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoWMIQuerySingleInstance, Type: EAT modification 0x82D97B60-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoWMIQuerySingleInstanceMultiple, Type: EAT modification 0x82D97B64-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoWMIRegistrationControl, Type: EAT modification 0x82D97B68-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoWMISetNotificationCallback, Type: EAT modification 0x82D97B6C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoWMISetSingleInstance, Type: EAT modification 0x82D97B70-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoWMISetSingleItem, Type: EAT modification 0x82D97B74-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoWMISuggestInstanceName, Type: EAT modification 0x82D97B78-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoWMIWriteEvent, Type: EAT modification 0x82D97B7C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoWriteErrorLogEntry, Type: EAT modification 0x82D97B84-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoWriteOperationCount, Type: EAT modification 0x82D97B88-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoWritePartitionTable, Type: EAT modification 0x82D97114-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoWritePartitionTableEx, Type: EAT modification 0x82D97B8C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->IoWriteTransferCount, Type: EAT modification 0x82D97B90-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->isdigit, Type: EAT modification 0x82D99130-->82D47020 [ntkrnlpa.exe]

ntkrnlpa.exe-->islower, Type: EAT modification 0x82D99134-->82DC7078 [ntkrnlpa.exe]

ntkrnlpa.exe-->isprint, Type: EAT modification 0x82D99138-->82E97037 [unknown_code_page]

ntkrnlpa.exe-->isspace, Type: EAT modification 0x82D9913C-->82E77039 [unknown_code_page]

ntkrnlpa.exe-->isupper, Type: EAT modification 0x82D99140-->82E77041 [unknown_code_page]

ntkrnlpa.exe-->isxdigit, Type: EAT modification 0x82D99144-->82C47030 [ntkrnlpa.exe]

ntkrnlpa.exe-->KdChangeOption, Type: EAT modification 0x82D97B94-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KdDebuggerEnabled, Type: EAT modification 0x82D97B98-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KdDebuggerNotPresent, Type: EAT modification 0x82D97B9C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KdDisableDebugger, Type: EAT modification 0x82D97BA0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KdEnableDebugger, Type: EAT modification 0x82D97BA4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KdEnteredDebugger, Type: EAT modification 0x82D97BA8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KdPollBreakIn, Type: EAT modification 0x82D97BAC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KdPowerTransition, Type: EAT modification 0x82D97BB0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KdRefreshDebuggerNotPresent, Type: EAT modification 0x82D97BB4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KdSystemDebugControl, Type: EAT modification 0x82D97BB8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->Ke386CallBios, Type: EAT modification 0x82D97BBC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->Ke386IoSetAccessProcess, Type: EAT modification 0x82D97BC0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->Ke386QueryIoAccessMap, Type: EAT modification 0x82D97BC4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->Ke386SetIoAccessMap, Type: EAT modification 0x82D97BC8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeAcquireGuardedMutex, Type: EAT modification 0x82D97120-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeAcquireGuardedMutexUnsafe, Type: EAT modification 0x82D97124-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeAcquireInStackQueuedSpinLockAtDpcLevel, Type: EAT modification 0x82D97128-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeAcquireInStackQueuedSpinLockForDpc, Type: EAT modification 0x82D9712C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeAcquireInterruptSpinLock, Type: EAT modification 0x82D97BCC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeAcquireSpinLockAtDpcLevel, Type: EAT modification 0x82D97BD0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeAcquireSpinLockForDpc, Type: EAT modification 0x82D97130-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeAddGroupAffinityEx, Type: EAT modification 0x82D97BD4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeAddProcessorAffinityEx, Type: EAT modification 0x82D97BD8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeAddProcessorGroupAffinity, Type: EAT modification 0x82D97BDC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeAddSystemServiceTable, Type: EAT modification 0x82D97BE0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeAlertThread, Type: EAT modification 0x82D97BE4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeAllocateCalloutStack, Type: EAT modification 0x82D97BE8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeAllocateCalloutStackEx, Type: EAT modification 0x82D97BEC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeAndAffinityEx, Type: EAT modification 0x82D97BF0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeAndGroupAffinityEx, Type: EAT modification 0x82D97BF4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeAreAllApcsDisabled, Type: EAT modification 0x82D97BF8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeAreApcsDisabled, Type: EAT modification 0x82D97BFC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeAttachProcess, Type: EAT modification 0x82D97C00-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeBugCheck, Type: EAT modification 0x82D97C04-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeBugCheckEx, Type: EAT modification 0x82D97C08-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeCancelTimer, Type: EAT modification 0x82D97C0C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeCapturePersistentThreadState, Type: EAT modification 0x82D97C10-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeCheckProcessorAffinityEx, Type: EAT modification 0x82D97C14-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeCheckProcessorGroupAffinity, Type: EAT modification 0x82D97C18-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeClearEvent, Type: EAT modification 0x82D97C1C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeComplementAffinityEx, Type: EAT modification 0x82D97C20-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeCopyAffinityEx, Type: EAT modification 0x82D97C24-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeCountSetBitsAffinityEx, Type: EAT modification 0x82D97C28-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeCountSetBitsGroupAffinity, Type: EAT modification 0x82D97C2C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeDelayExecutionThread, Type: EAT modification 0x82D97C30-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeDeregisterBugCheckCallback, Type: EAT modification 0x82D97C34-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeDeregisterBugCheckReasonCallback, Type: EAT modification 0x82D97C38-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeDeregisterNmiCallback, Type: EAT modification 0x82D97C3C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeDeregisterProcessorChangeCallback, Type: EAT modification 0x82D97C40-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeDetachProcess, Type: EAT modification 0x82D97C44-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeEnterCriticalRegion, Type: EAT modification 0x82D97C48-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeEnterGuardedRegion, Type: EAT modification 0x82D97C4C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeEnterKernelDebugger, Type: EAT modification 0x82D97C50-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeEnumerateNextProcessor, Type: EAT modification 0x82D97C54-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeExpandKernelStackAndCallout, Type: EAT modification 0x82D97C58-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeExpandKernelStackAndCalloutEx, Type: EAT modification 0x82D97C5C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KefAcquireSpinLockAtDpcLevel, Type: EAT modification 0x82D97160-->C25BDC8B [unknown_code_page]

ntkrnlpa.exe-->KeFindConfigurationEntry, Type: EAT modification 0x82D97C60-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeFindConfigurationNextEntry, Type: EAT modification 0x82D97C64-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeFindFirstSetLeftAffinityEx, Type: EAT modification 0x82D97C68-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeFindFirstSetLeftGroupAffinity, Type: EAT modification 0x82D97C6C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeFindFirstSetRightGroupAffinity, Type: EAT modification 0x82D97C70-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeFirstGroupAffinityEx, Type: EAT modification 0x82D97C74-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeFlushEntireTb, Type: EAT modification 0x82D97C78-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeFlushQueuedDpcs, Type: EAT modification 0x82D97C7C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeFreeCalloutStack, Type: EAT modification 0x82D97C80-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeGenericCallDpc, Type: EAT modification 0x82D97C84-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeGetCurrentNodeNumber, Type: EAT modification 0x82D97C88-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeGetCurrentProcessorNumberEx, Type: EAT modification 0x82D97C8C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeGetCurrentThread, Type: EAT modification 0x82D97C90-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeGetPreviousMode, Type: EAT modification 0x82D97C94-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeGetProcessorIndexFromNumber, Type: EAT modification 0x82D97C98-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeGetProcessorNumberFromIndex, Type: EAT modification 0x82D97C9C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeGetRecommendedSharedDataAlignment, Type: EAT modification 0x82D97CA0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeGetXSaveFeatureFlags, Type: EAT modification 0x82D97CA4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeI386AbiosCall, Type: EAT modification 0x82D97CA8-->82C080EC [ntkrnlpa.exe]

ntkrnlpa.exe-->KeI386AllocateGdtSelectors, Type: EAT modification 0x82D97CAC-->B0F9DA67 [unknown_code_page]

ntkrnlpa.exe-->KeI386Call16BitCStyleFunction, Type: EAT modification 0x82D97CB0-->8EA5210C [unknown_code_page]

ntkrnlpa.exe-->KeI386Call16BitFunction, Type: EAT modification 0x82D97CB4-->82D75BB8 [ntkrnlpa.exe]

ntkrnlpa.exe-->Kei386EoiHelper, Type: EAT modification 0x82D9719C-->82DC7032 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeI386FlatToGdtSelector, Type: EAT modification 0x82D97CB8-->82C0834C [ntkrnlpa.exe]

ntkrnlpa.exe-->KeI386GetLid, Type: EAT modification 0x82D97CBC-->82A47003 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeI386MachineType, Type: EAT modification 0x82D97CC0-->82A47400 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeI386ReleaseGdtSelectors, Type: EAT modification 0x82D97CC4-->82A4705C [ntkrnlpa.exe]

ntkrnlpa.exe-->KeI386ReleaseLid, Type: EAT modification 0x82D97CC8-->82D753A8 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeI386SetGdtSelector, Type: EAT modification 0x82D97CCC-->82C08364 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInitializeAffinityEx, Type: EAT modification 0x82D97CD0-->82A47003 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInitializeApc, Type: EAT modification 0x82D97CD4-->82A47200 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInitializeCrashDumpHeader, Type: EAT modification 0x82D97CD8-->82A47029 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInitializeDeviceQueue, Type: EAT modification 0x82D97CDC-->82D74D68 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInitializeDpc, Type: EAT modification 0x82D97CE0-->82A47001 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInitializeEnumerationContext, Type: EAT modification 0x82D97CE4-->B0F9DA67 [unknown_code_page]

ntkrnlpa.exe-->KeInitializeEnumerationContextFromGroup, Type: EAT modification 0x82D97CE8-->8EA52189 [unknown_code_page]

ntkrnlpa.exe-->KeInitializeEvent, Type: EAT modification 0x82D97CEC-->82D76E18 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInitializeGuardedMutex, Type: EAT modification 0x82D97134-->82C0835C [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInitializeInterrupt, Type: EAT modification 0x82D97CF0-->82A47003 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInitializeMutant, Type: EAT modification 0x82D97CF4-->82A47400 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInitializeMutex, Type: EAT modification 0x82D97CF8-->82A47056 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInitializeQueue, Type: EAT modification 0x82D97CFC-->82D76608 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInitializeSemaphore, Type: EAT modification 0x82D97D00-->82C08374 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInitializeSpinLock, Type: EAT modification 0x82D97D04-->82A47003 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInitializeThreadedDpc, Type: EAT modification 0x82D97D08-->82A47200 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInitializeTimer, Type: EAT modification 0x82D97D0C-->82A4702A [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInitializeTimerEx, Type: EAT modification 0x82D97D10-->82D75FC8 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInsertByKeyDeviceQueue, Type: EAT modification 0x82D97D14-->82A52183 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInsertDeviceQueue, Type: EAT modification 0x82D97D18-->B0F9DA67 [unknown_code_page]

ntkrnlpa.exe-->KeInsertHeadQueue, Type: EAT modification 0x82D97D1C-->8EA52189 [unknown_code_page]

ntkrnlpa.exe-->KeInsertQueue, Type: EAT modification 0x82D97D20-->82D78078 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInsertQueueApc, Type: EAT modification 0x82D97D24-->82C0836C [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInsertQueueDpc, Type: EAT modification 0x82D97D28-->82A47003 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInterlockedClearProcessorAffinityEx, Type: EAT modification 0x82D97D2C-->82A47400 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInterlockedSetProcessorAffinityEx, Type: EAT modification 0x82D97D30-->82A47058 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInvalidateAllCaches, Type: EAT modification 0x82D97D34-->82D77868 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeInvalidateRangeAllCaches, Type: EAT modification 0x82D97138-->82C08384 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeIpiGenericCall, Type: EAT modification 0x82D97D38-->82A47003 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeIsAttachedProcess, Type: EAT modification 0x82D97D3C-->82A47200 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeIsEmptyAffinityEx, Type: EAT modification 0x82D97D40-->82A4702B [ntkrnlpa.exe]

ntkrnlpa.exe-->KeIsEqualAffinityEx, Type: EAT modification 0x82D97D44-->82D77228 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeIsExecutingDpc, Type: EAT modification 0x82D97D48-->8AA5219A [unknown_code_page]

ntkrnlpa.exe-->KeIsSingleGroupAffinityEx, Type: EAT modification 0x82D97D4C-->ACF8DA62 [unknown_code_page]

ntkrnlpa.exe-->KeIsSubsetAffinityEx, Type: EAT modification 0x82D97D50-->82A52189 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeIsWaitListEmpty, Type: EAT modification 0x82D97D54-->85BC8F30 [unknown_code_page]

ntkrnlpa.exe-->KeLeaveCriticalRegion, Type: EAT modification 0x82D97D58-->82D94A30 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeLoaderBlock, Type: EAT modification 0x82D97D60-->8AA5218C [unknown_code_page]

ntkrnlpa.exe-->KeNumberProcessors, Type: EAT modification 0x82D97D64-->82CAEEE8 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeOrAffinityEx, Type: EAT modification 0x82D97D68-->82CD5B50 [ntkrnlpa.exe]

ntkrnlpa.exe-->KePollFreezeExecution, Type: EAT modification 0x82D97D6C-->82A4700A [ntkrnlpa.exe]

ntkrnlpa.exe-->KeProfileInterrupt, Type: EAT modification 0x82D97D74-->C25BDCF1 [unknown_code_page]

ntkrnlpa.exe-->KePulseEvent, Type: EAT modification 0x82D97D7C-->82D77065 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeQueryActiveGroupCount, Type: EAT modification 0x82D97D80-->82D87032 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeQueryActiveProcessorAffinity, Type: EAT modification 0x82D97D84-->82A47038 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeQueryActiveProcessorCount, Type: EAT modification 0x82D97D88-->82A47063 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeQueryActiveProcessorCountEx, Type: EAT modification 0x82D97D8C-->C25BDCFE [unknown_code_page]

ntkrnlpa.exe-->KeQueryDpcWatchdogInformation, Type: EAT modification 0x82D97D94-->82DA705F [ntkrnlpa.exe]

ntkrnlpa.exe-->KeQueryGroupAffinity, Type: EAT modification 0x82D97D98-->82DA7038 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeQueryGroupAffinityEx, Type: EAT modification 0x82D97D9C-->82A47034 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeQueryHardwareCounterConfiguration, Type: EAT modification 0x82D97DA0-->82A47063 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeQueryHighestNodeNumber, Type: EAT modification 0x82D97DA4-->C25BDCFB [unknown_code_page]

ntkrnlpa.exe-->KeQueryLogicalProcessorRelationship, Type: EAT modification 0x82D97DAC-->82CB3338 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeQueryMaximumGroupCount, Type: EAT modification 0x82D97DB0-->82CEBD80 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeQueryMaximumProcessorCount, Type: EAT modification 0x82D97DB4-->82C99718 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeQueryMaximumProcessorCountEx, Type: EAT modification 0x82D97DB8-->82A47001 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeQueryNodeActiveAffinity, Type: EAT modification 0x82D97DBC-->C25BDCF8 [unknown_code_page]

ntkrnlpa.exe-->KeQueryPriorityThread, Type: EAT modification 0x82D97DC4-->82CEBD68 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeQueryRuntimeThread, Type: EAT modification 0x82D97DC8-->82CB3338 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeQuerySystemTime, Type: EAT modification 0x82D97DCC-->82C98B98 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeQueryTickCount, Type: EAT modification 0x82D97DD0-->82A47001 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeQueryTimeIncrement, Type: EAT modification 0x82D97DD4-->C25BDCE5 [unknown_code_page]

ntkrnlpa.exe-->KeRaiseUserException, Type: EAT modification 0x82D97DDC-->82DC7023 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeReadStateEvent, Type: EAT modification 0x82D97DE0-->82DB7036 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeReadStateMutant, Type: EAT modification 0x82D97DE4-->82A47032 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeReadStateMutex, Type: EAT modification 0x82D97DE8-->82A47063 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeReadStateQueue, Type: EAT modification 0x82D97DEC-->C25BDCE2 [unknown_code_page]

ntkrnlpa.exe-->KeReadStateTimer, Type: EAT modification 0x82D97DF4-->82CB33B8 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeRegisterBugCheckCallback, Type: EAT modification 0x82D97DF8-->82CEBDC8 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeRegisterBugCheckReasonCallback, Type: EAT modification 0x82D97DFC-->82C99718 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeRegisterNmiCallback, Type: EAT modification 0x82D97E00-->82A47001 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeRegisterProcessorChangeCallback, Type: EAT modification 0x82D97E04-->C25BDCEF [unknown_code_page]

ntkrnlpa.exe-->KeReleaseGuardedMutexUnsafe, Type: EAT modification 0x82D97140-->82CEBDB0 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeReleaseInStackQueuedSpinLockForDpc, Type: EAT modification 0x82D97144-->82CEBDE0 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeReleaseInStackQueuedSpinLockFromDpcLevel, Type: EAT modification 0x82D97148-->82C98B98 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeReleaseInterruptSpinLock, Type: EAT modification 0x82D97E08-->82A47007 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeReleaseMutant, Type: EAT modification 0x82D97E0C-->C25BDCEC [unknown_code_page]

ntkrnlpa.exe-->KeReleaseSemaphore, Type: EAT modification 0x82D97E14-->82CEBDC8 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeReleaseSpinLockForDpc, Type: EAT modification 0x82D9714C-->82CEBDF8 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeReleaseSpinLockFromDpcLevel, Type: EAT modification 0x82D97E18-->82C98C80 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeRemoveByKeyDeviceQueue, Type: EAT modification 0x82D97E1C-->82A47009 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeRemoveByKeyDeviceQueueIfBusy, Type: EAT modification 0x82D97E20-->C25BDCE9 [unknown_code_page]

ntkrnlpa.exe-->KeRemoveEntryDeviceQueue, Type: EAT modification 0x82D97E28-->82CEBDE0 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeRemoveGroupAffinityEx, Type: EAT modification 0x82D97E2C-->82CB33B8 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeRemoveProcessorAffinityEx, Type: EAT modification 0x82D97E30-->82C988A0 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeRemoveProcessorGroupAffinity, Type: EAT modification 0x82D97E34-->82A47003 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeRemoveQueue, Type: EAT modification 0x82D97E38-->C25BDC96 [unknown_code_page]

ntkrnlpa.exe-->KeRemoveQueueEx, Type: EAT modification 0x82D97E40-->82CE7059 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeRemoveSystemServiceTable, Type: EAT modification 0x82D97E44-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeResetEvent, Type: EAT modification 0x82D97E48-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeRestoreExtendedProcessorState, Type: EAT modification 0x82D97E4C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeRestoreFloatingPointState, Type: EAT modification 0x82D97E50-->C25BDC93 [unknown_code_page]

ntkrnlpa.exe-->KeRevertToUserAffinityThreadEx, Type: EAT modification 0x82D97E58-->82DC707A [ntkrnlpa.exe]

ntkrnlpa.exe-->KeRevertToUserGroupAffinityThread, Type: EAT modification 0x82D97E5C-->82DB7036 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeRundownQueue, Type: EAT modification 0x82D97E60-->82A47032 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSaveExtendedProcessorState, Type: EAT modification 0x82D97E64-->82A47063 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSaveFloatingPointState, Type: EAT modification 0x82D97E68-->C25BDC90 [unknown_code_page]

ntkrnlpa.exe-->KeServiceDescriptorTable, Type: EAT modification 0x82D97E70-->82DC7062 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSetActualBasePriorityThread, Type: EAT modification 0x82D97E74-->82DB7036 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSetAffinityThread, Type: EAT modification 0x82D97E78-->82A47032 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSetBasePriorityThread, Type: EAT modification 0x82D97E7C-->82A47063 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSetCoalescableTimer, Type: EAT modification 0x82D97E80-->C25BDC9D [unknown_code_page]

ntkrnlpa.exe-->KeSetEvent, Type: EAT modification 0x82D97E88-->82DC7038 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSetEventBoostPriority, Type: EAT modification 0x82D97E8C-->82DB7036 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSetHardwareCounterConfiguration, Type: EAT modification 0x82D97E90-->82A47032 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSetIdealProcessorThread, Type: EAT modification 0x82D97E94-->82A47063 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSetImportanceDpc, Type: EAT modification 0x82D97E98-->C25BDC9A [unknown_code_page]

ntkrnlpa.exe-->KeSetPriorityThread, Type: EAT modification 0x82D97EA0-->AF57D203 [unknown_code_page]

ntkrnlpa.exe-->KeSetProfileIrql, Type: EAT modification 0x82D97EA4-->AFA2E534 [unknown_code_page]

ntkrnlpa.exe-->KeSetSystemAffinityThread, Type: EAT modification 0x82D97EA8-->E2B0B475 [unknown_code_page]

ntkrnlpa.exe-->KeSetSystemGroupAffinityThread, Type: EAT modification 0x82D97EB0-->C25BDC87 [unknown_code_page]

ntkrnlpa.exe-->KeSetTargetProcessorDpcEx, Type: EAT modification 0x82D97EB8-->82CE701D [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSetTimeIncrement, Type: EAT modification 0x82D97EBC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSetTimer, Type: EAT modification 0x82D97EC0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSetTimerEx, Type: EAT modification 0x82D97EC4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSignalCallDpcDone, Type: EAT modification 0x82D97EC8-->C25BDC84 [unknown_code_page]

ntkrnlpa.exe-->KeStackAttachProcess, Type: EAT modification 0x82D97ED0-->82A4702C [ntkrnlpa.exe]

ntkrnlpa.exe-->KeStartDynamicProcessor, Type: EAT modification 0x82D97ED4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSubtractAffinityEx, Type: EAT modification 0x82D97ED8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeSynchronizeExecution, Type: EAT modification 0x82D97EDC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeTestAlertThread, Type: EAT modification 0x82D97EE0-->C25BDC81 [unknown_code_page]

ntkrnlpa.exe-->KeTickCount, Type: EAT modification 0x82D97EE4-->82DA7005 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeTryToAcquireGuardedMutex, Type: EAT modification 0x82D97154-->82DA7038 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeTryToAcquireSpinLockAtDpcLevel, Type: EAT modification 0x82D97158-->82A47034 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeUnstackDetachProcess, Type: EAT modification 0x82D97EE8-->82A47063 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeUpdateRunTime, Type: EAT modification 0x82D9715C-->C25BDC8E [unknown_code_page]

ntkrnlpa.exe-->KeUserModeCallback, Type: EAT modification 0x82D97EF0-->82D7706E [ntkrnlpa.exe]

ntkrnlpa.exe-->KeWaitForMultipleObjects, Type: EAT modification 0x82D97EF4-->82D87032 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeWaitForMutexObject, Type: EAT modification 0x82D97EF8-->82A47038 [ntkrnlpa.exe]

ntkrnlpa.exe-->KeWaitForSingleObject, Type: EAT modification 0x82D97EFC-->82A47063 [ntkrnlpa.exe]

ntkrnlpa.exe-->KiAcquireSpinLock, Type: EAT modification 0x82D97168-->82DB7036 [ntkrnlpa.exe]

ntkrnlpa.exe-->KiBugCheckData, Type: EAT modification 0x82D97F00-->82A47032 [ntkrnlpa.exe]

ntkrnlpa.exe-->KiCheckForKernelApcDelivery, Type: EAT modification 0x82D97F04-->82A47063 [ntkrnlpa.exe]

ntkrnlpa.exe-->KiCheckForSListAddress, Type: EAT modification 0x82D9716C-->C25BDC88 [unknown_code_page]

ntkrnlpa.exe-->KiDeliverApc, Type: EAT modification 0x82D97F0C-->82DD7053 [ntkrnlpa.exe]

ntkrnlpa.exe-->KiDispatchInterrupt, Type: EAT modification 0x82D97F10-->82D77036 [ntkrnlpa.exe]

ntkrnlpa.exe-->KiIpiServiceRoutine, Type: EAT modification 0x82D97F14-->82A47032 [ntkrnlpa.exe]

ntkrnlpa.exe-->KiReleaseSpinLock, Type: EAT modification 0x82D97170-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->KiUnexpectedInterrupt, Type: EAT modification 0x82D97F18-->C25BDCB5 [unknown_code_page]

ntkrnlpa.exe-->LdrEnumResources, Type: EAT modification 0x82D97F20-->82DC7026 [ntkrnlpa.exe]

ntkrnlpa.exe-->LdrFindResourceDirectory_U, Type: EAT modification 0x82D97F24-->82DB7036 [ntkrnlpa.exe]

ntkrnlpa.exe-->LdrFindResourceEx_U, Type: EAT modification 0x82D97F28-->82A47032 [ntkrnlpa.exe]

ntkrnlpa.exe-->LdrFindResource_U, Type: EAT modification 0x82D97F2C-->82A47063 [ntkrnlpa.exe]

ntkrnlpa.exe-->LdrResFindResource, Type: EAT modification 0x82D97F30-->C25BDCB2 [unknown_code_page]

ntkrnlpa.exe-->LdrResSearchResource, Type: EAT modification 0x82D97F38-->82FB7074 [unknown_code_page]

ntkrnlpa.exe-->LpcPortObjectType, Type: EAT modification 0x82D97F3C-->82E87049 [unknown_code_page]

ntkrnlpa.exe-->LpcReplyWaitReplyPort, Type: EAT modification 0x82D97F40-->82D47035 [ntkrnlpa.exe]

ntkrnlpa.exe-->LpcRequestPort, Type: EAT modification 0x82D97F44-->82A47036 [ntkrnlpa.exe]

ntkrnlpa.exe-->LpcRequestWaitReplyPort, Type: EAT modification 0x82D97F48-->C25BDCBF [unknown_code_page]

ntkrnlpa.exe-->LpcSendWaitReceivePort, Type: EAT modification 0x82D97F50-->82DC703E [ntkrnlpa.exe]

ntkrnlpa.exe-->LsaCallAuthenticationPackage, Type: EAT modification 0x82D97F54-->82DB7036 [ntkrnlpa.exe]

ntkrnlpa.exe-->LsaDeregisterLogonProcess, Type: EAT modification 0x82D97F58-->82A47032 [ntkrnlpa.exe]

ntkrnlpa.exe-->LsaFreeReturnBuffer, Type: EAT modification 0x82D97F5C-->82A47063 [ntkrnlpa.exe]

ntkrnlpa.exe-->LsaLogonUser, Type: EAT modification 0x82D97F60-->C25BDCBC [unknown_code_page]

ntkrnlpa.exe-->LsaRegisterLogonProcess, Type: EAT modification 0x82D97F68-->82DA7056 [ntkrnlpa.exe]

ntkrnlpa.exe-->mbstowcs, Type: EAT modification 0x82D99148-->82C4705D [ntkrnlpa.exe]

ntkrnlpa.exe-->mbtowc, Type: EAT modification 0x82D9914C-->82ED7050 [unknown_code_page]

ntkrnlpa.exe-->memchr, Type: EAT modification 0x82D99150-->82DE7044 [ntkrnlpa.exe]

ntkrnlpa.exe-->memcpy, Type: EAT modification 0x82D99154-->82D77020 [ntkrnlpa.exe]

ntkrnlpa.exe-->memcpy_s, Type: EAT modification 0x82D99158-->82DD7036 [ntkrnlpa.exe]

ntkrnlpa.exe-->memmove, Type: EAT modification 0x82D9915C-->82A47036 [ntkrnlpa.exe]

ntkrnlpa.exe-->memmove_s, Type: EAT modification 0x82D99160-->BF26BA6F [unknown_code_page]

ntkrnlpa.exe-->Mm64BitPhysicalAddress, Type: EAT modification 0x82D97F6C-->82DA7038 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmAddPhysicalMemory, Type: EAT modification 0x82D97F70-->82A47034 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmAddVerifierThunks, Type: EAT modification 0x82D97F74-->82A47063 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmAdjustWorkingSetSize, Type: EAT modification 0x82D97F78-->C25BDCB9 [unknown_code_page]

ntkrnlpa.exe-->MmAllocateContiguousMemorySpecifyCacheNode, Type: EAT modification 0x82D97F88-->B49AB7B5 [unknown_code_page]

ntkrnlpa.exe-->MmAllocateNonCachedMemory, Type: EAT modification 0x82D97F90-->C25BDCA6 [unknown_code_page]

ntkrnlpa.exe-->MmAllocatePagesForMdlEx, Type: EAT modification 0x82D97F98-->82A47001 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmBadPointer, Type: EAT modification 0x82D97F9C-->82CEBF98 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmBuildMdlForNonPagedPool, Type: EAT modification 0x82D97FA0-->82D940F0 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmCanFileBeTruncated, Type: EAT modification 0x82D97FA4-->82D9396A [ntkrnlpa.exe]

ntkrnlpa.exe-->MmCommitSessionMappedView, Type: EAT modification 0x82D97FA8-->C25BDCA3 [unknown_code_page]

ntkrnlpa.exe-->MmDoesFileHaveUserWritableReferences, Type: EAT modification 0x82D97FC0-->C25BDCA0 [unknown_code_page]

ntkrnlpa.exe-->MmForceSectionClosed, Type: EAT modification 0x82D97FC8-->82D8702F [ntkrnlpa.exe]

ntkrnlpa.exe-->MmFreeContiguousMemory, Type: EAT modification 0x82D97FCC-->82D47032 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmFreeContiguousMemorySpecifyCache, Type: EAT modification 0x82D97FD0-->82A47038 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmFreeMappingAddress, Type: EAT modification 0x82D97FD4-->82A47063 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmFreeNonCachedMemory, Type: EAT modification 0x82D97FD8-->C25BDCAD [unknown_code_page]

ntkrnlpa.exe-->MmGetPhysicalAddress, Type: EAT modification 0x82D97FE0-->82D97002 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmGetPhysicalMemoryRanges, Type: EAT modification 0x82D97FE4-->82D97030 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmGetSystemRoutineAddress, Type: EAT modification 0x82D97FE8-->82A47036 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmGetVirtualForPhysical, Type: EAT modification 0x82D97FEC-->82A47063 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmGrowKernelStack, Type: EAT modification 0x82D97FF0-->C25BDCAA [unknown_code_page]

ntkrnlpa.exe-->MmIsAddressValid, Type: EAT modification 0x82D97FF8-->82A47041 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmIsDriverVerifying, Type: EAT modification 0x82D97FFC-->85AF9F00 [unknown_code_page]

ntkrnlpa.exe-->MmIsDriverVerifyingByAddress, Type: EAT modification 0x82D98000-->85B80958 [unknown_code_page]

ntkrnlpa.exe-->MmIsIoSpaceActive, Type: EAT modification 0x82D98004-->82A47063 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmIsNonPagedSystemAddressValid, Type: EAT modification 0x82D98008-->C25BDF57 [unknown_code_page]

ntkrnlpa.exe-->MmIsVerifierEnabled, Type: EAT modification 0x82D98014-->C4F09E25 [unknown_code_page]

ntkrnlpa.exe-->MmLockPagableDataSection, Type: EAT modification 0x82D98018-->CF9F177B [unknown_code_page]

ntkrnlpa.exe-->MmLockPagableImageSection, Type: EAT modification 0x82D9801C-->BD58B98A [unknown_code_page]

ntkrnlpa.exe-->MmLockPagableSectionByHandle, Type: EAT modification 0x82D98020-->C25BDF54 [unknown_code_page]

ntkrnlpa.exe-->MmMapLockedPages, Type: EAT modification 0x82D98028-->82DA7047 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmMapLockedPagesSpecifyCache, Type: EAT modification 0x82D9802C-->82DA7038 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmMapLockedPagesWithReservedMapping, Type: EAT modification 0x82D98030-->82A47034 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmMapMemoryDumpMdl, Type: EAT modification 0x82D98034-->82A47063 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmMapUserAddressesToPage, Type: EAT modification 0x82D98038-->C25BDF51 [unknown_code_page]

ntkrnlpa.exe-->MmMapViewInSessionSpace, Type: EAT modification 0x82D98040-->82DC7020 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmMapViewInSystemSpace, Type: EAT modification 0x82D98044-->82DB7036 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmMapViewOfSection, Type: EAT modification 0x82D98048-->82A47032 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmMarkPhysicalMemoryAsBad, Type: EAT modification 0x82D9804C-->82A47063 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmMarkPhysicalMemoryAsGood, Type: EAT modification 0x82D98050-->C25BDF5E [unknown_code_page]

ntkrnlpa.exe-->MmPrefetchPages, Type: EAT modification 0x82D98058-->82D77035 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmProbeAndLockPages, Type: EAT modification 0x82D9805C-->82D87032 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmProbeAndLockProcessPages, Type: EAT modification 0x82D98060-->82A47038 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmProbeAndLockSelectedPages, Type: EAT modification 0x82D98064-->82A47063 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmProtectMdlSystemAddress, Type: EAT modification 0x82D98068-->C25BDF5B [unknown_code_page]

ntkrnlpa.exe-->MmResetDriverPaging, Type: EAT modification 0x82D98074-->BB50BB35 [unknown_code_page]

ntkrnlpa.exe-->MmRotatePhysicalView, Type: EAT modification 0x82D98078-->ED3DF0CF [unknown_code_page]

ntkrnlpa.exe-->MmSecureVirtualMemory, Type: EAT modification 0x82D98080-->C25BDF58 [unknown_code_page]

ntkrnlpa.exe-->MmSetBankedSection, Type: EAT modification 0x82D98088-->82D7703B [ntkrnlpa.exe]

ntkrnlpa.exe-->MmSizeOfMdl, Type: EAT modification 0x82D9808C-->82D87032 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmSystemRangeStart, Type: EAT modification 0x82D98090-->82A47038 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmTrimAllSystemPagableMemory, Type: EAT modification 0x82D98094-->82A47063 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmUnlockPagableImageSection, Type: EAT modification 0x82D98098-->C25BDF45 [unknown_code_page]

ntkrnlpa.exe-->MmUnmapIoSpace, Type: EAT modification 0x82D980A0-->82D7706B [ntkrnlpa.exe]

ntkrnlpa.exe-->MmUnmapLockedPages, Type: EAT modification 0x82D980A4-->82D87032 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmUnmapReservedMapping, Type: EAT modification 0x82D980A8-->82A47038 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmUnmapVideoDisplay, Type: EAT modification 0x82D980AC-->82A47063 [ntkrnlpa.exe]

ntkrnlpa.exe-->MmUnmapViewInSessionSpace, Type: EAT modification 0x82D980B0-->C25BDF42 [unknown_code_page]

ntkrnlpa.exe-->MmUnmapViewOfSection, Type: EAT modification 0x82D980B8-->AF57D203 [unknown_code_page]

ntkrnlpa.exe-->MmUnsecureVirtualMemory, Type: EAT modification 0x82D980BC-->AFA2E534 [unknown_code_page]

ntkrnlpa.exe-->MmUserProbeAddress, Type: EAT modification 0x82D980C0-->E2B0B475 [unknown_code_page]

ntkrnlpa.exe-->NlsLeadByteInfo, Type: EAT modification 0x82D980C8-->C25BDF4F [unknown_code_page]

ntkrnlpa.exe-->NlsMbOemCodePageTag, Type: EAT modification 0x82D980D0-->82A56FFF [ntkrnlpa.exe]

ntkrnlpa.exe-->NlsOemCodePage, Type: EAT modification 0x82D980D4-->82A47001 [ntkrnlpa.exe]

ntkrnlpa.exe-->NlsOemLeadByteInfo, Type: EAT modification 0x82D980D8-->82CC6F00 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtAddAtom, Type: EAT modification 0x82D980DC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtAdjustPrivilegesToken, Type: EAT modification 0x82D980E0-->C25BDF4C [unknown_code_page]

ntkrnlpa.exe-->NtAllocateUuids, Type: EAT modification 0x82D980E8-->82A47001 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtAllocateVirtualMemory, Type: EAT modification 0x82D980EC-->82CEC0E8 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtBuildGUID, Type: EAT modification 0x82D980F0-->82D940F0 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtBuildLab, Type: EAT modification 0x82D980F4-->82D9396A [ntkrnlpa.exe]

ntkrnlpa.exe-->NtBuildNumber, Type: EAT modification 0x82D980F8-->C25BDF49 [unknown_code_page]

ntkrnlpa.exe-->NtCommitComplete, Type: EAT modification 0x82D98100-->82DC7044 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtCommitEnlistment, Type: EAT modification 0x82D98104-->82DB7036 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtCommitTransaction, Type: EAT modification 0x82D98108-->82A47032 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtConnectPort, Type: EAT modification 0x82D9810C-->82A47063 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtCreateEnlistment, Type: EAT modification 0x82D98110-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtCreateEvent, Type: EAT modification 0x82D98114-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtCreateFile, Type: EAT modification 0x82D98118-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtCreateResourceManager, Type: EAT modification 0x82D9811C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtCreateSection, Type: Inline - RelativeJump 0x82C77D63-->9CB899D6 [aswSP.SYS]

ntkrnlpa.exe-->NtCreateSection, Type: EAT modification 0x82D98120-->A301DB60 [unknown_code_page]

ntkrnlpa.exe-->NtCreateTransaction, Type: EAT modification 0x82D98124-->8AA5210E [unknown_code_page]

ntkrnlpa.exe-->NtCreateTransactionManager, Type: EAT modification 0x82D98128-->82D93248 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtDeleteAtom, Type: EAT modification 0x82D9812C-->82CD5B50 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtDeleteFile, Type: EAT modification 0x82D98130-->82A4700B [ntkrnlpa.exe]

ntkrnlpa.exe-->NtDuplicateObject, Type: EAT modification 0x82D98138-->C24A43D1 [unknown_code_page]

ntkrnlpa.exe-->NtEnumerateTransactionObject, Type: EAT modification 0x82D98140-->82A47005 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtFindAtom, Type: EAT modification 0x82D98144-->82A4700D [ntkrnlpa.exe]

ntkrnlpa.exe-->NtFreeVirtualMemory, Type: EAT modification 0x82D98148-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtFreezeTransactions, Type: EAT modification 0x82D9814C-->85BFD158 [unknown_code_page]

ntkrnlpa.exe-->NtFsControlFile, Type: EAT modification 0x82D98150-->84A77E2B [unknown_code_page]

ntkrnlpa.exe-->NtGetEnvironmentVariableEx, Type: EAT modification 0x82D98154-->B5D2A11A [unknown_code_page]

ntkrnlpa.exe-->NtGetNotificationResourceManager, Type: EAT modification 0x82D98158-->B0D8A12E [unknown_code_page]

ntkrnlpa.exe-->NtGlobalFlag, Type: EAT modification 0x82D9815C-->B0D69E33 [unknown_code_page]

ntkrnlpa.exe-->NtLockFile, Type: EAT modification 0x82D98160-->82A4A632 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtMakePermanentObject, Type: EAT modification 0x82D98164-->82A47079 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtMapViewOfSection, Type: EAT modification 0x82D98168-->C24A43DB [unknown_code_page]

ntkrnlpa.exe-->NtOpenEnlistment, Type: EAT modification 0x82D98170-->82CEC198 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtOpenFile, Type: EAT modification 0x82D98174-->82A46FFF [halmacpi.dll]

ntkrnlpa.exe-->NtOpenProcess, Type: EAT modification 0x82D98178-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtOpenProcessToken, Type: EAT modification 0x82D9817C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtOpenProcessTokenEx, Type: EAT modification 0x82D98180-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtOpenResourceManager, Type: EAT modification 0x82D98184-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtOpenThread, Type: EAT modification 0x82D98188-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtOpenThreadToken, Type: EAT modification 0x82D9818C-->82A4EFFF [ntkrnlpa.exe]

ntkrnlpa.exe-->NtOpenThreadTokenEx, Type: EAT modification 0x82D98190-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtOpenTransaction, Type: EAT modification 0x82D98194-->82CD6790 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtOpenTransactionManager, Type: EAT modification 0x82D98198-->C24A43C5 [unknown_code_page]

ntkrnlpa.exe-->NtPrepareComplete, Type: EAT modification 0x82D981A4-->82C47054 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtPrepareEnlistment, Type: EAT modification 0x82D981A8-->8313706D [unknown_code_page]

ntkrnlpa.exe-->NtPrePrepareEnlistment, Type: EAT modification 0x82D981A0-->82E57045 [unknown_code_page]

ntkrnlpa.exe-->NtPropagationComplete, Type: EAT modification 0x82D981AC-->830D7064 [unknown_code_page]

ntkrnlpa.exe-->NtPropagationFailed, Type: EAT modification 0x82D981B0-->830D7066 [unknown_code_page]

ntkrnlpa.exe-->NtQueryDirectoryFile, Type: EAT modification 0x82D981B4-->83057063 [unknown_code_page]

ntkrnlpa.exe-->NtQueryEaFile, Type: EAT modification 0x82D981B8-->830D7074 [unknown_code_page]

ntkrnlpa.exe-->NtQueryEnvironmentVariableInfoEx, Type: EAT modification 0x82D981BC-->8312706F [unknown_code_page]

ntkrnlpa.exe-->NtQueryInformationAtom, Type: EAT modification 0x82D981C0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtQueryInformationEnlistment, Type: EAT modification 0x82D981C4-->C0A4AE00 [unknown_code_page]

ntkrnlpa.exe-->NtQueryInformationFile, Type: EAT modification 0x82D981C8-->C24A43CF [unknown_code_page]

ntkrnlpa.exe-->NtQueryInformationResourceManager, Type: EAT modification 0x82D981D0-->82E57045 [unknown_code_page]

ntkrnlpa.exe-->NtQueryInformationThread, Type: EAT modification 0x82D981D4-->82C47054 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtQueryInformationToken, Type: EAT modification 0x82D981D8-->8313706D [unknown_code_page]

ntkrnlpa.exe-->NtQueryInformationTransaction, Type: EAT modification 0x82D981DC-->830D7064 [unknown_code_page]

ntkrnlpa.exe-->NtQueryInformationTransactionManager, Type: EAT modification 0x82D981E0-->830D7066 [unknown_code_page]

ntkrnlpa.exe-->NtQueryQuotaInformationFile, Type: EAT modification 0x82D981E4-->83057063 [unknown_code_page]

ntkrnlpa.exe-->NtQuerySecurityAttributesToken, Type: EAT modification 0x82D981E8-->830D7074 [unknown_code_page]

ntkrnlpa.exe-->NtQuerySecurityObject, Type: EAT modification 0x82D981EC-->8312706F [unknown_code_page]

ntkrnlpa.exe-->NtQuerySystemInformation, Type: EAT modification 0x82D981F0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtQuerySystemInformationEx, Type: EAT modification 0x82D981F4-->C0A4AE00 [unknown_code_page]

ntkrnlpa.exe-->NtQueryVolumeInformationFile, Type: EAT modification 0x82D981F8-->C24A43C9 [unknown_code_page]

ntkrnlpa.exe-->NtReadOnlyEnlistment, Type: EAT modification 0x82D98200-->8C4E8A20 [unknown_code_page]

ntkrnlpa.exe-->NtRecoverEnlistment, Type: EAT modification 0x82D98204-->82A46FFF [halmacpi.dll]

ntkrnlpa.exe-->NtRecoverResourceManager, Type: EAT modification 0x82D98208-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtRecoverTransactionManager, Type: EAT modification 0x82D9820C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtRequestPort, Type: EAT modification 0x82D98210-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtRequestWaitReplyPort, Type: EAT modification 0x82D98214-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtRollbackComplete, Type: EAT modification 0x82D98218-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtRollbackEnlistment, Type: EAT modification 0x82D9821C-->82A4EFFF [ntkrnlpa.exe]

ntkrnlpa.exe-->NtRollbackTransaction, Type: EAT modification 0x82D98220-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtSetEaFile, Type: EAT modification 0x82D98224-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtSetEvent, Type: EAT modification 0x82D98228-->C24A43B3 [unknown_code_page]

ntkrnlpa.exe-->NtSetInformationFile, Type: EAT modification 0x82D98230-->82CEC1C8 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtSetInformationProcess, Type: EAT modification 0x82D98234-->82A46FFF [halmacpi.dll]

ntkrnlpa.exe-->NtSetInformationResourceManager, Type: EAT modification 0x82D98238-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtSetInformationThread, Type: EAT modification 0x82D9823C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtSetInformationToken, Type: EAT modification 0x82D98240-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtSetInformationTransaction, Type: EAT modification 0x82D98244-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtSetQuotaInformationFile, Type: EAT modification 0x82D98248-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtSetSecurityObject, Type: EAT modification 0x82D9824C-->82A4EFFF [ntkrnlpa.exe]

ntkrnlpa.exe-->NtSetVolumeInformationFile, Type: EAT modification 0x82D98250-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtShutdownSystem, Type: EAT modification 0x82D98254-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtThawTransactions, Type: EAT modification 0x82D98258-->C24A43BD [unknown_code_page]

ntkrnlpa.exe-->NtTraceEvent, Type: EAT modification 0x82D98260-->82CEC6D8 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtUnlockFile, Type: EAT modification 0x82D98264-->82A46FFF [halmacpi.dll]

ntkrnlpa.exe-->NtVdmControl, Type: EAT modification 0x82D98268-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtWaitForSingleObject, Type: EAT modification 0x82D9826C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->NtWriteFile, Type: EAT modification 0x82D98270-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObAssignSecurity, Type: EAT modification 0x82D98274-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObCheckCreateObjectAccess, Type: EAT modification 0x82D98278-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObCheckObjectAccess, Type: EAT modification 0x82D9827C-->82A4EFFF [ntkrnlpa.exe]

ntkrnlpa.exe-->ObCloseHandle, Type: EAT modification 0x82D98280-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObCreateObject, Type: EAT modification 0x82D98284-->C0A4AE00 [unknown_code_page]

ntkrnlpa.exe-->ObCreateObjectType, Type: EAT modification 0x82D98288-->C24A43A7 [unknown_code_page]

ntkrnlpa.exe-->ObDereferenceObject, Type: EAT modification 0x82D98290-->82A47002 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObDereferenceObjectDeferDelete, Type: EAT modification 0x82D98294-->85BC4E90 [unknown_code_page]

ntkrnlpa.exe-->ObDereferenceObjectDeferDeleteWithTag, Type: EAT modification 0x82D98298-->82A47010 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObDereferenceSecurityDescriptor, Type: EAT modification 0x82D9829C-->85BFAFD8 [unknown_code_page]

ntkrnlpa.exe-->ObfDereferenceObject, Type: EAT modification 0x82D97174-->82A4EFFF [ntkrnlpa.exe]

ntkrnlpa.exe-->ObfDereferenceObjectWithTag, Type: EAT modification 0x82D97178-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObFindHandleForObject, Type: EAT modification 0x82D982A0-->85BFAF38 [unknown_code_page]

ntkrnlpa.exe-->ObfReferenceObject, Type: EAT modification 0x82D9717C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObfReferenceObjectWithTag, Type: EAT modification 0x82D97180-->C24A4395 [unknown_code_page]

ntkrnlpa.exe-->ObGetFilterVersion, Type: EAT modification 0x82D982A4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObGetObjectSecurity, Type: EAT modification 0x82D982A8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObGetObjectType, Type: EAT modification 0x82D982AC-->85AF7EA8 [unknown_code_page]

ntkrnlpa.exe-->ObInsertObject, Type: EAT modification 0x82D982B0-->82A47003 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObIsDosDeviceLocallyMapped, Type: EAT modification 0x82D982B4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObIsKernelHandle, Type: EAT modification 0x82D982B8-->C24A43A1 [unknown_code_page]

ntkrnlpa.exe-->ObMakeTemporaryObject, Type: Inline - RelativeJump 0x82C4FFBF-->9CB855D4 [aswSP.SYS]

ntkrnlpa.exe-->ObMakeTemporaryObject, Type: EAT modification 0x82D982C0-->82CEC5B8 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObOpenObjectByName, Type: EAT modification 0x82D982C4-->82A46FFF [halmacpi.dll]

ntkrnlpa.exe-->ObOpenObjectByPointer, Type: EAT modification 0x82D982C8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObOpenObjectByPointerWithTag, Type: EAT modification 0x82D982CC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObQueryNameInfo, Type: EAT modification 0x82D982D0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObQueryNameString, Type: EAT modification 0x82D982D4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObQueryObjectAuditingByHandle, Type: EAT modification 0x82D982D8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObReferenceObjectByHandle, Type: EAT modification 0x82D982DC-->82A4EFFF [ntkrnlpa.exe]

ntkrnlpa.exe-->ObReferenceObjectByHandleWithTag, Type: EAT modification 0x82D982E0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObReferenceObjectByName, Type: EAT modification 0x82D982E4-->C0A4AE00 [unknown_code_page]

ntkrnlpa.exe-->ObReferenceObjectByPointer, Type: EAT modification 0x82D982E8-->C24A43AB [unknown_code_page]

ntkrnlpa.exe-->ObReferenceSecurityDescriptor, Type: EAT modification 0x82D982F0-->8C4E8AD0 [unknown_code_page]

ntkrnlpa.exe-->ObRegisterCallbacks, Type: EAT modification 0x82D982F4-->82A46FFF [halmacpi.dll]

ntkrnlpa.exe-->ObReleaseObjectSecurity, Type: EAT modification 0x82D982F8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObSetHandleAttributes, Type: EAT modification 0x82D982FC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObSetSecurityDescriptorInfo, Type: EAT modification 0x82D98300-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObSetSecurityObjectByPointer, Type: EAT modification 0x82D98304-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ObUnRegisterCallbacks, Type: EAT modification 0x82D98308-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PcwAddInstance, Type: EAT modification 0x82D98310-->82A47002 [ntkrnlpa.exe]

ntkrnlpa.exe-->PcwCloseInstance, Type: EAT modification 0x82D98314-->85BC4E90 [unknown_code_page]

ntkrnlpa.exe-->PcwCreateInstance, Type: EAT modification 0x82D98318-->82A47010 [ntkrnlpa.exe]

ntkrnlpa.exe-->PcwRegister, Type: EAT modification 0x82D9831C-->85BBF940 [unknown_code_page]

ntkrnlpa.exe-->PcwUnregister, Type: EAT modification 0x82D98320-->85BBF8A0 [unknown_code_page]

ntkrnlpa.exe-->PfFileInfoNotify, Type: EAT modification 0x82D98324-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PfxFindPrefix, Type: EAT modification 0x82D98328-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PfxInitialize, Type: EAT modification 0x82D9832C-->85AF7E50 [unknown_code_page]

ntkrnlpa.exe-->PfxInsertPrefix, Type: EAT modification 0x82D98330-->82A47004 [ntkrnlpa.exe]

ntkrnlpa.exe-->PfxRemovePrefix, Type: EAT modification 0x82D98334-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoCallDriver, Type: EAT modification 0x82D98338-->C24A439F [unknown_code_page]

ntkrnlpa.exe-->PoClearPowerRequest, Type: EAT modification 0x82D98340-->8C4E8760 [unknown_code_page]

ntkrnlpa.exe-->PoCreatePowerRequest, Type: EAT modification 0x82D98344-->82A46FFF [halmacpi.dll]

ntkrnlpa.exe-->PoDeletePowerRequest, Type: EAT modification 0x82D98348-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoDisableSleepStates, Type: EAT modification 0x82D9834C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoEndDeviceBusy, Type: EAT modification 0x82D98350-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoGetSystemWake, Type: EAT modification 0x82D98354-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoQueryWatchdogTime, Type: EAT modification 0x82D98358-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoQueueShutdownWorkItem, Type: EAT modification 0x82D9835C-->82A4EFFF [ntkrnlpa.exe]

ntkrnlpa.exe-->PoReenableSleepStates, Type: EAT modification 0x82D98360-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoRegisterDeviceForIdleDetection, Type: EAT modification 0x82D98364-->C0A4AE00 [unknown_code_page]

ntkrnlpa.exe-->PoRegisterDeviceNotify, Type: EAT modification 0x82D98368-->C24A4399 [unknown_code_page]

ntkrnlpa.exe-->PoRegisterSystemState, Type: EAT modification 0x82D98370-->82E57045 [unknown_code_page]

ntkrnlpa.exe-->PoRequestPowerIrp, Type: EAT modification 0x82D98374-->82C47054 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoRequestShutdownEvent, Type: EAT modification 0x82D98378-->8313706D [unknown_code_page]

ntkrnlpa.exe-->PoSetDeviceBusyEx, Type: EAT modification 0x82D9837C-->830D7064 [unknown_code_page]

ntkrnlpa.exe-->PoSetFixedWakeSource, Type: EAT modification 0x82D98380-->830D7066 [unknown_code_page]

ntkrnlpa.exe-->PoSetHiberRange, Type: EAT modification 0x82D98384-->83057063 [unknown_code_page]

ntkrnlpa.exe-->PoSetPowerRequest, Type: EAT modification 0x82D98388-->830D7074 [unknown_code_page]

ntkrnlpa.exe-->PoSetPowerState, Type: EAT modification 0x82D9838C-->8312706F [unknown_code_page]

ntkrnlpa.exe-->PoSetSystemState, Type: EAT modification 0x82D98390-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoSetSystemWake, Type: EAT modification 0x82D98394-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoShutdownBugCheck, Type: EAT modification 0x82D98398-->C24A4383 [unknown_code_page]

ntkrnlpa.exe-->PoStartNextPowerIrp, Type: EAT modification 0x82D983A0-->82E57045 [unknown_code_page]

ntkrnlpa.exe-->PoUnregisterPowerSettingCallback, Type: EAT modification 0x82D983A4-->82C47054 [ntkrnlpa.exe]

ntkrnlpa.exe-->PoUnregisterSystemState, Type: EAT modification 0x82D983A8-->8313706D [unknown_code_page]

ntkrnlpa.exe-->PoUserShutdownInitiated, Type: EAT modification 0x82D983AC-->830D7064 [unknown_code_page]

ntkrnlpa.exe-->ProbeForRead, Type: EAT modification 0x82D983B0-->830D7066 [unknown_code_page]

ntkrnlpa.exe-->ProbeForWrite, Type: EAT modification 0x82D983B4-->83057063 [unknown_code_page]

ntkrnlpa.exe-->PsAcquireProcessExitSynchronization, Type: EAT modification 0x82D983B8-->830D7074 [unknown_code_page]

ntkrnlpa.exe-->PsAssignImpersonationToken, Type: EAT modification 0x82D983BC-->8312706F [unknown_code_page]

ntkrnlpa.exe-->PsChargePoolQuota, Type: EAT modification 0x82D983C0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsChargeProcessCpuCycles, Type: EAT modification 0x82D983C4-->C0A4AE00 [unknown_code_page]

ntkrnlpa.exe-->PsChargeProcessNonPagedPoolQuota, Type: EAT modification 0x82D983C8-->C24A438D [unknown_code_page]

ntkrnlpa.exe-->PsChargeProcessPoolQuota, Type: EAT modification 0x82D983D0-->82CEC3A8 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsCreateSystemThread, Type: EAT modification 0x82D983D4-->82A46FFF [halmacpi.dll]

ntkrnlpa.exe-->PsDereferenceImpersonationToken, Type: EAT modification 0x82D983D8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsDereferencePrimaryToken, Type: EAT modification 0x82D983DC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsDisableImpersonation, Type: EAT modification 0x82D983E0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsEnterPriorityRegion, Type: EAT modification 0x82D983E4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsEstablishWin32Callouts, Type: EAT modification 0x82D983E8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetContextThread, Type: EAT modification 0x82D983EC-->82A4EFFF [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetCurrentProcess, Type: EAT modification 0x82D983F0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetCurrentProcessId, Type: EAT modification 0x82D983F4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetCurrentProcessSessionId, Type: EAT modification 0x82D983F8-->C24A4377 [unknown_code_page]

ntkrnlpa.exe-->PsGetCurrentThread, Type: EAT modification 0x82D98400-->82E57045 [unknown_code_page]

ntkrnlpa.exe-->PsGetCurrentThreadId, Type: EAT modification 0x82D98404-->82C47054 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetCurrentThreadPreviousMode, Type: EAT modification 0x82D98408-->8313706D [unknown_code_page]

ntkrnlpa.exe-->PsGetCurrentThreadProcess, Type: EAT modification 0x82D9840C-->830D7064 [unknown_code_page]

ntkrnlpa.exe-->PsGetCurrentThreadProcessId, Type: EAT modification 0x82D98410-->830D7066 [unknown_code_page]

ntkrnlpa.exe-->PsGetCurrentThreadStackBase, Type: EAT modification 0x82D98414-->83057063 [unknown_code_page]

ntkrnlpa.exe-->PsGetCurrentThreadStackLimit, Type: EAT modification 0x82D98418-->830D7074 [unknown_code_page]

ntkrnlpa.exe-->PsGetCurrentThreadTeb, Type: EAT modification 0x82D9841C-->8312706F [unknown_code_page]

ntkrnlpa.exe-->PsGetCurrentThreadWin32Thread, Type: EAT modification 0x82D98420-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetCurrentThreadWin32ThreadAndEnterCriticalRegion, Type: EAT modification 0x82D98424-->C0A4AE00 [unknown_code_page]

ntkrnlpa.exe-->PsGetJobLock, Type: EAT modification 0x82D98428-->C24A4371 [unknown_code_page]

ntkrnlpa.exe-->PsGetJobUIRestrictionsClass, Type: EAT modification 0x82D98430-->82CEC408 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetProcessCreateTimeQuadPart, Type: EAT modification 0x82D98434-->82A46FFF [halmacpi.dll]

ntkrnlpa.exe-->PsGetProcessDebugPort, Type: EAT modification 0x82D98438-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetProcessExitProcessCalled, Type: EAT modification 0x82D9843C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetProcessExitStatus, Type: EAT modification 0x82D98440-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetProcessExitTime, Type: EAT modification 0x82D98444-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetProcessId, Type: EAT modification 0x82D98448-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetProcessImageFileName, Type: EAT modification 0x82D9844C-->82A4EFFF [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetProcessInheritedFromUniqueProcessId, Type: EAT modification 0x82D98450-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetProcessJob, Type: EAT modification 0x82D98454-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetProcessPeb, Type: EAT modification 0x82D98458-->C24A437B [unknown_code_page]

ntkrnlpa.exe-->PsGetProcessSectionBaseAddress, Type: EAT modification 0x82D98460-->82CEC558 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetProcessSecurityPort, Type: EAT modification 0x82D98464-->82A46FFF [halmacpi.dll]

ntkrnlpa.exe-->PsGetProcessSessionId, Type: EAT modification 0x82D98468-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetProcessSessionIdEx, Type: EAT modification 0x82D9846C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetProcessWin32Process, Type: EAT modification 0x82D98470-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetProcessWin32WindowStation, Type: EAT modification 0x82D98474-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetThreadFreezeCount, Type: EAT modification 0x82D98478-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetThreadHardErrorsAreDisabled, Type: EAT modification 0x82D9847C-->82A4EFFF [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetThreadId, Type: EAT modification 0x82D98480-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsGetThreadProcess, Type: EAT modification 0x82D98484-->C0A4AE00 [unknown_code_page]

ntkrnlpa.exe-->PsGetThreadProcessId, Type: EAT modification 0x82D98488-->C24A4365 [unknown_code_page]

ntkrnlpa.exe-->PsGetThreadTeb, Type: EAT modification 0x82D98490-->8C4E88C0 [unknown_code_page]

ntkrnlpa.exe-->PsGetThreadWin32Thread, Type: EAT modification 0x82D98494-->82A46FFF [halmacpi.dll]

ntkrnlpa.exe-->PsGetVersion, Type: EAT modification 0x82D98498-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsImpersonateClient, Type: EAT modification 0x82D9849C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsInitialSystemProcess, Type: EAT modification 0x82D984A0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsIsCurrentThreadPrefetching, Type: EAT modification 0x82D984A4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsIsProcessBeingDebugged, Type: EAT modification 0x82D984A8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsIsProtectedProcess, Type: EAT modification 0x82D984AC-->82A4EFFF [ntkrnlpa.exe]

ntkrnlpa.exe-->PsIsSystemProcess, Type: EAT modification 0x82D984B0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsIsSystemThread, Type: EAT modification 0x82D984B4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsIsThreadImpersonating, Type: EAT modification 0x82D984B8-->C24A436F [unknown_code_page]

ntkrnlpa.exe-->PsJobType, Type: EAT modification 0x82D984C0-->82CEC618 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsLeavePriorityRegion, Type: EAT modification 0x82D984C4-->82A46FFF [halmacpi.dll]

ntkrnlpa.exe-->PsLookupProcessByProcessId, Type: EAT modification 0x82D984C8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsLookupProcessThreadByCid, Type: EAT modification 0x82D984CC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsLookupThreadByThreadId, Type: EAT modification 0x82D984D0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->psMUITest, Type: EAT modification 0x82D99168-->830D70E6 [unknown_code_page]

ntkrnlpa.exe-->PsProcessType, Type: EAT modification 0x82D984D4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsQueryProcessExceptionFlags, Type: EAT modification 0x82D984D8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsReferenceImpersonationToken, Type: EAT modification 0x82D984DC-->82A4EFFF [ntkrnlpa.exe]

ntkrnlpa.exe-->PsReferencePrimaryToken, Type: EAT modification 0x82D984E0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsReferenceProcessFilePointer, Type: EAT modification 0x82D984E4-->C0A4AE00 [unknown_code_page]

ntkrnlpa.exe-->PsReleaseProcessExitSynchronization, Type: EAT modification 0x82D984E8-->C24A4369 [unknown_code_page]

ntkrnlpa.exe-->PsRemoveLoadImageNotifyRoutine, Type: EAT modification 0x82D984F0-->8C4E87B8 [unknown_code_page]

ntkrnlpa.exe-->PsRestoreImpersonation, Type: EAT modification 0x82D984F4-->82A46FFF [halmacpi.dll]

ntkrnlpa.exe-->PsResumeProcess, Type: EAT modification 0x82D984F8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsReturnPoolQuota, Type: EAT modification 0x82D984FC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsReturnProcessNonPagedPoolQuota, Type: EAT modification 0x82D98500-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsReturnProcessPagedPoolQuota, Type: EAT modification 0x82D98504-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsRevertThreadToSelf, Type: EAT modification 0x82D98508-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsRevertToSelf, Type: EAT modification 0x82D9850C-->82A4EFFF [ntkrnlpa.exe]

ntkrnlpa.exe-->PsSetContextThread, Type: EAT modification 0x82D98510-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsSetCreateProcessNotifyRoutine, Type: EAT modification 0x82D98514-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsSetCreateProcessNotifyRoutineEx, Type: EAT modification 0x82D98518-->C24A4353 [unknown_code_page]

ntkrnlpa.exe-->PsSetCurrentThreadPrefetching, Type: EAT modification 0x82D98520-->8C4E8918 [unknown_code_page]

ntkrnlpa.exe-->PsSetJobUIRestrictionsClass, Type: EAT modification 0x82D98524-->82A46FFF [halmacpi.dll]

ntkrnlpa.exe-->PsSetLegoNotifyRoutine, Type: EAT modification 0x82D98528-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsSetLoadImageNotifyRoutine, Type: EAT modification 0x82D9852C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsSetProcessPriorityByClass, Type: EAT modification 0x82D98530-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsSetProcessPriorityClass, Type: EAT modification 0x82D98534-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsSetProcessSecurityPort, Type: EAT modification 0x82D98538-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsSetProcessWin32Process, Type: EAT modification 0x82D9853C-->82A4EFFF [ntkrnlpa.exe]

ntkrnlpa.exe-->PsSetProcessWindowStation, Type: EAT modification 0x82D98540-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsSetThreadHardErrorsAreDisabled, Type: EAT modification 0x82D98544-->C0A4AE00 [unknown_code_page]

ntkrnlpa.exe-->PsSetThreadWin32Thread, Type: EAT modification 0x82D98548-->C24A435D [unknown_code_page]

ntkrnlpa.exe-->PsTerminateSystemThread, Type: EAT modification 0x82D98550-->82E57045 [unknown_code_page]

ntkrnlpa.exe-->PsThreadType, Type: EAT modification 0x82D98554-->82C47054 [ntkrnlpa.exe]

ntkrnlpa.exe-->PsUILanguageComitted, Type: EAT modification 0x82D98558-->8313706D [unknown_code_page]

ntkrnlpa.exe-->PsWrapApcWow64Thread, Type: EAT modification 0x82D9855C-->830D7064 [unknown_code_page]

ntkrnlpa.exe-->qsort, Type: EAT modification 0x82D9916C-->83087064 [unknown_code_page]

ntkrnlpa.exe-->rand, Type: EAT modification 0x82D99170-->83127065 [unknown_code_page]

ntkrnlpa.exe-->READ_REGISTER_BUFFER_UCHAR, Type: EAT modification 0x82D98560-->830D7066 [unknown_code_page]

ntkrnlpa.exe-->READ_REGISTER_BUFFER_ULONG, Type: EAT modification 0x82D98564-->83057063 [unknown_code_page]

ntkrnlpa.exe-->READ_REGISTER_BUFFER_USHORT, Type: EAT modification 0x82D98568-->830D7074 [unknown_code_page]

ntkrnlpa.exe-->READ_REGISTER_UCHAR, Type: EAT modification 0x82D9856C-->8312706F [unknown_code_page]

ntkrnlpa.exe-->READ_REGISTER_ULONG, Type: EAT modification 0x82D98570-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->READ_REGISTER_USHORT, Type: EAT modification 0x82D98574-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlAbsoluteToSelfRelativeSD, Type: EAT modification 0x82D98578-->C24A4347 [unknown_code_page]

ntkrnlpa.exe-->RtlAddAccessAllowedAceEx, Type: EAT modification 0x82D98580-->8C4E8A78 [unknown_code_page]

ntkrnlpa.exe-->RtlAddAce, Type: EAT modification 0x82D98584-->82A46FFF [halmacpi.dll]

ntkrnlpa.exe-->RtlAddAtomToAtomTable, Type: EAT modification 0x82D98588-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlAddRange, Type: EAT modification 0x82D9858C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlAllocateHeap, Type: EAT modification 0x82D98590-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlAnsiCharToUnicodeChar, Type: EAT modification 0x82D98594-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlAnsiStringToUnicodeSize, Type: EAT modification 0x82D98598-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlAnsiStringToUnicodeString, Type: EAT modification 0x82D9859C-->82A4EFFF [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlAppendAsciizToString, Type: EAT modification 0x82D985A0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlAppendStringToString, Type: EAT modification 0x82D985A4-->C0A4AE00 [unknown_code_page]

ntkrnlpa.exe-->RtlAppendUnicodeStringToString, Type: EAT modification 0x82D985A8-->C24A4341 [unknown_code_page]

ntkrnlpa.exe-->RtlAreAllAccessesGranted, Type: EAT modification 0x82D985B0-->82E57045 [unknown_code_page]

ntkrnlpa.exe-->RtlAreAnyAccessesGranted, Type: EAT modification 0x82D985B4-->82C47054 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlAreBitsClear, Type: EAT modification 0x82D985B8-->8313706D [unknown_code_page]

ntkrnlpa.exe-->RtlAreBitsSet, Type: EAT modification 0x82D985BC-->830D7064 [unknown_code_page]

ntkrnlpa.exe-->RtlAssert, Type: EAT modification 0x82D985C0-->830D7066 [unknown_code_page]

ntkrnlpa.exe-->RtlCaptureContext, Type: EAT modification 0x82D985C4-->83057063 [unknown_code_page]

ntkrnlpa.exe-->RtlCaptureStackBackTrace, Type: EAT modification 0x82D985C8-->830D7074 [unknown_code_page]

ntkrnlpa.exe-->RtlCharToInteger, Type: EAT modification 0x82D985CC-->8312706F [unknown_code_page]

ntkrnlpa.exe-->RtlCheckRegistryKey, Type: EAT modification 0x82D985D0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlClearAllBits, Type: EAT modification 0x82D985D4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlClearBit, Type: EAT modification 0x82D985D8-->C24A434B [unknown_code_page]

ntkrnlpa.exe-->RtlCmDecodeMemIoResource, Type: EAT modification 0x82D985E0-->8C4E8868 [unknown_code_page]

ntkrnlpa.exe-->RtlCmEncodeMemIoResource, Type: EAT modification 0x82D985E4-->82A46FFF [halmacpi.dll]

ntkrnlpa.exe-->RtlCompareAltitudes, Type: EAT modification 0x82D985E8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlCompareMemory, Type: EAT modification 0x82D985EC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlCompareMemoryUlong, Type: EAT modification 0x82D985F0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlCompareString, Type: EAT modification 0x82D985F4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlCompareUnicodeString, Type: EAT modification 0x82D985F8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlCompareUnicodeStrings, Type: EAT modification 0x82D985FC-->82A4EFFF [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlCompressBuffer, Type: EAT modification 0x82D98600-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlCompressChunks, Type: EAT modification 0x82D98604-->C0A4AE00 [unknown_code_page]

ntkrnlpa.exe-->RtlComputeCrc32, Type: EAT modification 0x82D98608-->C24A4335 [unknown_code_page]

ntkrnlpa.exe-->RtlConvertLongToLargeInteger, Type: EAT modification 0x82D98610-->82E57045 [unknown_code_page]

ntkrnlpa.exe-->RtlConvertSidToUnicodeString, Type: EAT modification 0x82D98614-->82C47054 [ntkrnlpa.exe]

Link to post
Share on other sites

Part 3 of 3

ntkrnlpa.exe-->RtlConvertUlongToLargeInteger, Type: EAT modification 0x82D98618-->8313706D [unknown_code_page]

ntkrnlpa.exe-->RtlCopyLuid, Type: EAT modification 0x82D9861C-->830D7064 [unknown_code_page]

ntkrnlpa.exe-->RtlCopyLuidAndAttributesArray, Type: EAT modification 0x82D98620-->830D7066 [unknown_code_page]

ntkrnlpa.exe-->RtlCopyRangeList, Type: EAT modification 0x82D98624-->83057063 [unknown_code_page]

ntkrnlpa.exe-->RtlCopySid, Type: EAT modification 0x82D98628-->830D7074 [unknown_code_page]

ntkrnlpa.exe-->RtlCopySidAndAttributesArray, Type: EAT modification 0x82D9862C-->8312706F [unknown_code_page]

ntkrnlpa.exe-->RtlCopyString, Type: EAT modification 0x82D98630-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlCopyUnicodeString, Type: EAT modification 0x82D98634-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlCreateAcl, Type: EAT modification 0x82D98638-->C24A433F [unknown_code_page]

ntkrnlpa.exe-->RtlCreateHashTable, Type: EAT modification 0x82D98640-->82CEC8B8 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlCreateHeap, Type: EAT modification 0x82D98644-->82A46FFF [halmacpi.dll]

ntkrnlpa.exe-->RtlCreateRegistryKey, Type: EAT modification 0x82D98648-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlCreateSecurityDescriptor, Type: EAT modification 0x82D9864C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlCreateSystemVolumeInformationFolder, Type: EAT modification 0x82D98650-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlCreateUnicodeString, Type: EAT modification 0x82D98654-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlCustomCPToUnicodeN, Type: EAT modification 0x82D98658-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlDecompressBuffer, Type: EAT modification 0x82D9865C-->82A4EFFF [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlDecompressChunks, Type: EAT modification 0x82D98660-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlDecompressFragment, Type: EAT modification 0x82D98664-->C0A4AE00 [unknown_code_page]

ntkrnlpa.exe-->RtlDelete, Type: EAT modification 0x82D98668-->C24A4339 [unknown_code_page]

ntkrnlpa.exe-->RtlDeleteAtomFromAtomTable, Type: EAT modification 0x82D98670-->8C4E8BD8 [unknown_code_page]

ntkrnlpa.exe-->RtlDeleteElementGenericTable, Type: EAT modification 0x82D98674-->82A46FFF [halmacpi.dll]

ntkrnlpa.exe-->RtlDeleteElementGenericTableAvl, Type: EAT modification 0x82D98678-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlDeleteHashTable, Type: EAT modification 0x82D9867C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlDeleteNoSplay, Type: EAT modification 0x82D98680-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlDeleteOwnersRanges, Type: EAT modification 0x82D98684-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlDeleteRange, Type: EAT modification 0x82D98688-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlDeleteRegistryValue, Type: EAT modification 0x82D9868C-->82A4EFFF [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlDescribeChunk, Type: EAT modification 0x82D98690-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlDestroyAtomTable, Type: EAT modification 0x82D98694-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlDestroyHeap, Type: EAT modification 0x82D98698-->C24A4323 [unknown_code_page]

ntkrnlpa.exe-->RtlDowncaseUnicodeString, Type: EAT modification 0x82D986A0-->8C4E8B28 [unknown_code_page]

ntkrnlpa.exe-->RtlDuplicateUnicodeString, Type: EAT modification 0x82D986A4-->82A46FFF [halmacpi.dll]

ntkrnlpa.exe-->RtlEmptyAtomTable, Type: EAT modification 0x82D986A8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlEndEnumerationHashTable, Type: EAT modification 0x82D986AC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlEndWeakEnumerationHashTable, Type: EAT modification 0x82D986B0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlEnlargedIntegerMultiply, Type: EAT modification 0x82D986B4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlEnlargedUnsignedDivide, Type: EAT modification 0x82D986B8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlEnlargedUnsignedMultiply, Type: EAT modification 0x82D986BC-->82A4EFFF [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlEnumerateEntryHashTable, Type: EAT modification 0x82D986C0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlEnumerateGenericTable, Type: EAT modification 0x82D986C4-->C0A4AE00 [unknown_code_page]

ntkrnlpa.exe-->RtlEnumerateGenericTableAvl, Type: EAT modification 0x82D986C8-->C24A432D [unknown_code_page]

ntkrnlpa.exe-->RtlEnumerateGenericTableWithoutSplaying, Type: EAT modification 0x82D986D0-->82E57045 [unknown_code_page]

ntkrnlpa.exe-->RtlEnumerateGenericTableWithoutSplayingAvl, Type: EAT modification 0x82D986D4-->82C47054 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlEqualLuid, Type: EAT modification 0x82D986D8-->8313706D [unknown_code_page]

ntkrnlpa.exe-->RtlEqualSid, Type: EAT modification 0x82D986DC-->830D7064 [unknown_code_page]

ntkrnlpa.exe-->RtlEqualString, Type: EAT modification 0x82D986E0-->830D7066 [unknown_code_page]

ntkrnlpa.exe-->RtlEqualUnicodeString, Type: EAT modification 0x82D986E4-->83057063 [unknown_code_page]

ntkrnlpa.exe-->RtlEthernetAddressToStringA, Type: EAT modification 0x82D986E8-->830D7074 [unknown_code_page]

ntkrnlpa.exe-->RtlEthernetAddressToStringW, Type: EAT modification 0x82D986EC-->8312706F [unknown_code_page]

ntkrnlpa.exe-->RtlEthernetStringToAddressA, Type: EAT modification 0x82D986F0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlEthernetStringToAddressW, Type: EAT modification 0x82D986F4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlExpandHashTable, Type: EAT modification 0x82D986F8-->C24A4317 [unknown_code_page]

ntkrnlpa.exe-->RtlExtendedLargeIntegerDivide, Type: EAT modification 0x82D98700-->82E57045 [unknown_code_page]

ntkrnlpa.exe-->RtlExtendedMagicDivide, Type: EAT modification 0x82D98704-->82C47054 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlFillMemory, Type: EAT modification 0x82D98708-->8313706D [unknown_code_page]

ntkrnlpa.exe-->RtlFillMemoryUlong, Type: EAT modification 0x82D9870C-->830D7064 [unknown_code_page]

ntkrnlpa.exe-->RtlFillMemoryUlonglong, Type: EAT modification 0x82D98710-->830D7066 [unknown_code_page]

ntkrnlpa.exe-->RtlFindAceByType, Type: EAT modification 0x82D98714-->83057063 [unknown_code_page]

ntkrnlpa.exe-->RtlFindClearBits, Type: EAT modification 0x82D98718-->830D7074 [unknown_code_page]

ntkrnlpa.exe-->RtlFindClearBitsAndSet, Type: EAT modification 0x82D9871C-->8312706F [unknown_code_page]

ntkrnlpa.exe-->RtlFindClearRuns, Type: EAT modification 0x82D98720-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlFindClosestEncodableLength, Type: EAT modification 0x82D98724-->C0A4AE00 [unknown_code_page]

ntkrnlpa.exe-->RtlFindFirstRunClear, Type: EAT modification 0x82D98728-->C24A4311 [unknown_code_page]

ntkrnlpa.exe-->RtlFindLeastSignificantBit, Type: EAT modification 0x82D98730-->82CEC708 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlFindLongestRunClear, Type: EAT modification 0x82D98734-->82A46FFF [halmacpi.dll]

ntkrnlpa.exe-->RtlFindMessage, Type: EAT modification 0x82D98738-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlFindMostSignificantBit, Type: EAT modification 0x82D9873C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlFindNextForwardRunClear, Type: EAT modification 0x82D98740-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlFindRange, Type: EAT modification 0x82D98744-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlFindSetBits, Type: EAT modification 0x82D98748-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlFindSetBitsAndClear, Type: EAT modification 0x82D9874C-->82A4EFFF [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlFindUnicodePrefix, Type: EAT modification 0x82D98750-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlFormatCurrentUserKeyPath, Type: EAT modification 0x82D98754-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlFormatMessage, Type: EAT modification 0x82D98758-->C24A431B [unknown_code_page]

ntkrnlpa.exe-->RtlFreeHeap, Type: EAT modification 0x82D98760-->82E57045 [unknown_code_page]

ntkrnlpa.exe-->RtlFreeOemString, Type: EAT modification 0x82D98764-->82C47054 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlFreeRangeList, Type: EAT modification 0x82D98768-->8313706D [unknown_code_page]

ntkrnlpa.exe-->RtlFreeUnicodeString, Type: EAT modification 0x82D9876C-->830D7064 [unknown_code_page]

ntkrnlpa.exe-->RtlGenerate8dot3Name, Type: EAT modification 0x82D98774-->83057063 [unknown_code_page]

ntkrnlpa.exe-->RtlGetAce, Type: EAT modification 0x82D98778-->830D7074 [unknown_code_page]

ntkrnlpa.exe-->RtlGetCallersAddress, Type: EAT modification 0x82D9877C-->8312706F [unknown_code_page]

ntkrnlpa.exe-->RtlGetCompressionWorkSpaceSize, Type: EAT modification 0x82D98780-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlGetDaclSecurityDescriptor, Type: EAT modification 0x82D98784-->C0A4AE00 [unknown_code_page]

ntkrnlpa.exe-->RtlGetDefaultCodePage, Type: EAT modification 0x82D98788-->C24A4305 [unknown_code_page]

ntkrnlpa.exe-->RtlGetElementGenericTableAvl, Type: EAT modification 0x82D98790-->82CEC768 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlGetEnabledExtendedFeatures, Type: EAT modification 0x82D98794-->82A46FFF [halmacpi.dll]

ntkrnlpa.exe-->RtlGetFirstRange, Type: EAT modification 0x82D98798-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlGetGroupSecurityDescriptor, Type: EAT modification 0x82D9879C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlGetIntegerAtom, Type: EAT modification 0x82D987A0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlGetLastRange, Type: EAT modification 0x82D987A4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlGetNextEntryHashTable, Type: EAT modification 0x82D987A8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlGetNextRange, Type: EAT modification 0x82D987AC-->82A4EFFF [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlGetNtGlobalFlags, Type: EAT modification 0x82D987B0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlGetOwnerSecurityDescriptor, Type: EAT modification 0x82D987B4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlGetProductInfo, Type: EAT modification 0x82D987B8-->C24A430F [unknown_code_page]

ntkrnlpa.exe-->RtlGetSetBootStatusData, Type: EAT modification 0x82D987C0-->82CEC378 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlGetThreadLangIdByIndex, Type: EAT modification 0x82D987C4-->82A46FFF [halmacpi.dll]

ntkrnlpa.exe-->RtlGetVersion, Type: EAT modification 0x82D987C8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlGUIDFromString, Type: EAT modification 0x82D98770-->830D7066 [unknown_code_page]

ntkrnlpa.exe-->RtlHashUnicodeString, Type: EAT modification 0x82D987CC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIdnToAscii, Type: EAT modification 0x82D987D0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIdnToNameprepUnicode, Type: EAT modification 0x82D987D4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIdnToUnicode, Type: EAT modification 0x82D987D8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlImageDirectoryEntryToData, Type: EAT modification 0x82D987DC-->82A4EFFF [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlImageNtHeader, Type: EAT modification 0x82D987E0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlInitAnsiString, Type: EAT modification 0x82D987E4-->C0A4AE00 [unknown_code_page]

ntkrnlpa.exe-->RtlInitAnsiStringEx, Type: EAT modification 0x82D987E8-->C24A4309 [unknown_code_page]

ntkrnlpa.exe-->RtlInitEnumerationHashTable, Type: EAT modification 0x82D987F0-->8C4E86B0 [unknown_code_page]

ntkrnlpa.exe-->RtlInitializeBitMap, Type: EAT modification 0x82D98804-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlInitializeGenericTable, Type: EAT modification 0x82D98808-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlInitializeGenericTableAvl, Type: EAT modification 0x82D9880C-->82A4EFFF [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlInitializeRangeList, Type: EAT modification 0x82D98810-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlInitializeSid, Type: EAT modification 0x82D98814-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlInitializeUnicodePrefix, Type: EAT modification 0x82D98818-->C24A42F3 [unknown_code_page]

ntkrnlpa.exe-->RtlInitString, Type: EAT modification 0x82D987F4-->82A46FFF [halmacpi.dll]

ntkrnlpa.exe-->RtlInitUnicodeString, Type: EAT modification 0x82D987F8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlInitUnicodeStringEx, Type: EAT modification 0x82D987FC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlInitWeakEnumerationHashTable, Type: EAT modification 0x82D98800-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlInsertElementGenericTableAvl, Type: EAT modification 0x82D98820-->82E57045 [unknown_code_page]

ntkrnlpa.exe-->RtlInsertElementGenericTableFull, Type: EAT modification 0x82D98824-->82C47054 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlInsertElementGenericTableFullAvl, Type: EAT modification 0x82D98828-->8313706D [unknown_code_page]

ntkrnlpa.exe-->RtlInsertEntryHashTable, Type: EAT modification 0x82D9882C-->830D7064 [unknown_code_page]

ntkrnlpa.exe-->RtlInsertUnicodePrefix, Type: EAT modification 0x82D98830-->830D7066 [unknown_code_page]

ntkrnlpa.exe-->RtlInt64ToUnicodeString, Type: EAT modification 0x82D98834-->83057063 [unknown_code_page]

ntkrnlpa.exe-->RtlIntegerToChar, Type: EAT modification 0x82D98838-->830D7074 [unknown_code_page]

ntkrnlpa.exe-->RtlIntegerToUnicode, Type: EAT modification 0x82D9883C-->8312706F [unknown_code_page]

ntkrnlpa.exe-->RtlIntegerToUnicodeString, Type: EAT modification 0x82D98840-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlInvertRangeList, Type: EAT modification 0x82D98844-->C0A4AE00 [unknown_code_page]

ntkrnlpa.exe-->RtlInvertRangeListEx, Type: EAT modification 0x82D98848-->C24A42FD [unknown_code_page]

ntkrnlpa.exe-->RtlIoEncodeMemIoResource, Type: EAT modification 0x82D98850-->82CEC828 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIpv4AddressToStringA, Type: EAT modification 0x82D98854-->82A46FFF [halmacpi.dll]

ntkrnlpa.exe-->RtlIpv4AddressToStringExA, Type: EAT modification 0x82D98858-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIpv4AddressToStringExW, Type: EAT modification 0x82D9885C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIpv4AddressToStringW, Type: EAT modification 0x82D98860-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIpv4StringToAddressA, Type: EAT modification 0x82D98864-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIpv4StringToAddressExA, Type: EAT modification 0x82D98868-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIpv4StringToAddressExW, Type: EAT modification 0x82D9886C-->82A4EFFF [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIpv4StringToAddressW, Type: EAT modification 0x82D98870-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIpv6AddressToStringA, Type: EAT modification 0x82D98874-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIpv6AddressToStringExA, Type: EAT modification 0x82D98878-->C24A42E7 [unknown_code_page]

ntkrnlpa.exe-->RtlIpv6AddressToStringW, Type: EAT modification 0x82D98880-->8C4E8C30 [unknown_code_page]

ntkrnlpa.exe-->RtlIpv6StringToAddressA, Type: EAT modification 0x82D98884-->82A46FFF [halmacpi.dll]

ntkrnlpa.exe-->RtlIpv6StringToAddressExA, Type: EAT modification 0x82D98888-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIpv6StringToAddressExW, Type: EAT modification 0x82D9888C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIpv6StringToAddressW, Type: EAT modification 0x82D98890-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIsGenericTableEmpty, Type: EAT modification 0x82D98894-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIsGenericTableEmptyAvl, Type: EAT modification 0x82D98898-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIsNameLegalDOS8Dot3, Type: EAT modification 0x82D9889C-->82A4EFFF [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIsNormalizedString, Type: EAT modification 0x82D988A0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlIsNtDdiVersionAvailable, Type: EAT modification 0x82D988A4-->C0A4AE00 [unknown_code_page]

ntkrnlpa.exe-->RtlIsRangeAvailable, Type: EAT modification 0x82D988A8-->C24A42E1 [unknown_code_page]

ntkrnlpa.exe-->RtlIsValidOemCharacter, Type: EAT modification 0x82D988B0-->82E57045 [unknown_code_page]

ntkrnlpa.exe-->RtlLargeIntegerAdd, Type: EAT modification 0x82D988B4-->82C47054 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlLargeIntegerArithmeticShift, Type: EAT modification 0x82D988B8-->8313706D [unknown_code_page]

ntkrnlpa.exe-->RtlLargeIntegerDivide, Type: EAT modification 0x82D988BC-->830D7064 [unknown_code_page]

ntkrnlpa.exe-->RtlLargeIntegerNegate, Type: EAT modification 0x82D988C0-->830D7066 [unknown_code_page]

ntkrnlpa.exe-->RtlLargeIntegerShiftLeft, Type: EAT modification 0x82D988C4-->83057063 [unknown_code_page]

ntkrnlpa.exe-->RtlLargeIntegerShiftRight, Type: EAT modification 0x82D988C8-->830D7074 [unknown_code_page]

ntkrnlpa.exe-->RtlLargeIntegerSubtract, Type: EAT modification 0x82D988CC-->8312706F [unknown_code_page]

ntkrnlpa.exe-->RtlLengthRequiredSid, Type: EAT modification 0x82D988D0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlLengthSecurityDescriptor, Type: EAT modification 0x82D988D4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlLengthSid, Type: EAT modification 0x82D988D8-->C24A42EB [unknown_code_page]

ntkrnlpa.exe-->RtlLocalTimeToSystemTime, Type: EAT modification 0x82D988E0-->8C4E8970 [unknown_code_page]

ntkrnlpa.exe-->RtlLockBootStatusData, Type: EAT modification 0x82D988E4-->82A46FFF [halmacpi.dll]

ntkrnlpa.exe-->RtlLookupAtomInAtomTable, Type: EAT modification 0x82D988E8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlLookupElementGenericTable, Type: EAT modification 0x82D988EC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlLookupElementGenericTableAvl, Type: EAT modification 0x82D988F0-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlLookupElementGenericTableFull, Type: EAT modification 0x82D988F4-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlLookupElementGenericTableFullAvl, Type: EAT modification 0x82D988F8-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlLookupEntryHashTable, Type: EAT modification 0x82D988FC-->82A4EFFF [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlLookupFirstMatchingElementGenericTableAvl, Type: EAT modification 0x82D98900-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlMapGenericMask, Type: EAT modification 0x82D98904-->C0A4AE00 [unknown_code_page]

ntkrnlpa.exe-->RtlMapSecurityErrorToNtStatus, Type: EAT modification 0x82D98908-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlMergeRangeLists, Type: EAT modification 0x82D9890C-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlMoveMemory, Type: EAT modification 0x82D98910-->A601D860 [unknown_code_page]

ntkrnlpa.exe-->RtlMultiByteToUnicodeN, Type: EAT modification 0x82D98914-->8AA5208E [unknown_code_page]

ntkrnlpa.exe-->RtlMultiByteToUnicodeSize, Type: EAT modification 0x82D98918-->85B7CDE0 [unknown_code_page]

ntkrnlpa.exe-->RtlNextUnicodePrefix, Type: EAT modification 0x82D9891C-->82D7A678 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlNormalizeString, Type: EAT modification 0x82D98920-->82A4700C [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlNtStatusToDosErrorNoTeb, Type: EAT modification 0x82D98928-->BF26BD79 [unknown_code_page]

ntkrnlpa.exe-->RtlNumberGenericTableElementsAvl, Type: EAT modification 0x82D98930-->82DE7017 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlNumberOfClearBits, Type: EAT modification 0x82D98934-->82F9705C [unknown_code_page]

ntkrnlpa.exe-->RtlNumberOfSetBits, Type: EAT modification 0x82D98938-->83097073 [unknown_code_page]

ntkrnlpa.exe-->RtlNumberOfSetBitsUlongPtr, Type: EAT modification 0x82D9893C-->83177072 [unknown_code_page]

ntkrnlpa.exe-->RtlOemStringToCountedUnicodeString, Type: EAT modification 0x82D98940-->82EF705C [unknown_code_page]

ntkrnlpa.exe-->RtlOemStringToUnicodeSize, Type: EAT modification 0x82D98944-->831A7065 [unknown_code_page]

ntkrnlpa.exe-->RtlOemStringToUnicodeString, Type: EAT modification 0x82D98948-->83127069 [unknown_code_page]

ntkrnlpa.exe-->RtlOemToUnicodeN, Type: EAT modification 0x82D9894C-->82E5705C [unknown_code_page]

ntkrnlpa.exe-->RtlOwnerAcesPresent, Type: EAT modification 0x82D98950-->83147070 [unknown_code_page]

ntkrnlpa.exe-->RtlPinAtomInAtomTable, Type: EAT modification 0x82D98954-->83057044 [unknown_code_page]

ntkrnlpa.exe-->RtlPrefetchMemoryNonTemporal, Type: EAT modification 0x82D97184-->83057074 [unknown_code_page]

ntkrnlpa.exe-->RtlPrefixString, Type: EAT modification 0x82D98958-->82F0705C [unknown_code_page]

ntkrnlpa.exe-->RtlPrefixUnicodeString, Type: EAT modification 0x82D9895C-->8307706F [unknown_code_page]

ntkrnlpa.exe-->RtlQueryAtomInAtomTable, Type: EAT modification 0x82D98960-->83107061 [unknown_code_page]

ntkrnlpa.exe-->RtlQueryDynamicTimeZoneInformation, Type: EAT modification 0x82D98964-->82EB705C [unknown_code_page]

ntkrnlpa.exe-->RtlQueryElevationFlags, Type: EAT modification 0x82D98968-->8313706F [unknown_code_page]

ntkrnlpa.exe-->RtlQueryModuleInformation, Type: EAT modification 0x82D9896C-->83107067 [unknown_code_page]

ntkrnlpa.exe-->RtlQueryRegistryValues, Type: EAT modification 0x82D98970-->83007065 [unknown_code_page]

ntkrnlpa.exe-->RtlQueryTimeZoneInformation, Type: EAT modification 0x82D98974-->830C7043 [unknown_code_page]

ntkrnlpa.exe-->RtlRaiseException, Type: EAT modification 0x82D98978-->83137072 [unknown_code_page]

ntkrnlpa.exe-->RtlRandom, Type: EAT modification 0x82D9897C-->8309706D [unknown_code_page]

ntkrnlpa.exe-->RtlRandomEx, Type: EAT modification 0x82D98980-->82F9705C [unknown_code_page]

ntkrnlpa.exe-->RtlRealPredecessor, Type: EAT modification 0x82D98984-->83097073 [unknown_code_page]

ntkrnlpa.exe-->RtlRealSuccessor, Type: EAT modification 0x82D98988-->82C47072 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlRemoveEntryHashTable, Type: EAT modification 0x82D9898C-->83057044 [unknown_code_page]

ntkrnlpa.exe-->RtlRemoveUnicodePrefix, Type: EAT modification 0x82D98990-->83057074 [unknown_code_page]

ntkrnlpa.exe-->RtlReplaceSidInSd, Type: EAT modification 0x82D98994-->82E8705C [unknown_code_page]

ntkrnlpa.exe-->RtlReserveChunk, Type: EAT modification 0x82D98998-->830A7065 [unknown_code_page]

ntkrnlpa.exe-->RtlRunOnceBeginInitialize, Type: EAT modification 0x82D9899C-->83197061 [unknown_code_page]

ntkrnlpa.exe-->RtlRunOnceComplete, Type: EAT modification 0x82D989A0-->8318706C [unknown_code_page]

ntkrnlpa.exe-->RtlRunOnceExecuteOnce, Type: EAT modification 0x82D989A4-->82FB705C [unknown_code_page]

ntkrnlpa.exe-->RtlRunOnceInitialize, Type: EAT modification 0x82D989A8-->83067065 [unknown_code_page]

ntkrnlpa.exe-->RtlSecondsSince1970ToTime, Type: EAT modification 0x82D989AC-->82E87020 [unknown_code_page]

ntkrnlpa.exe-->RtlSecondsSince1980ToTime, Type: EAT modification 0x82D989B0-->83187061 [unknown_code_page]

ntkrnlpa.exe-->RtlSelfRelativeToAbsoluteSD, Type: EAT modification 0x82D989B8-->82D17061 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlSelfRelativeToAbsoluteSD2, Type: EAT modification 0x82D989B4-->8313706A [unknown_code_page]

ntkrnlpa.exe-->RtlSetAllBits, Type: EAT modification 0x82D989BC-->83167075 [unknown_code_page]

ntkrnlpa.exe-->RtlSetBit, Type: EAT modification 0x82D989C0-->8305706E [unknown_code_page]

ntkrnlpa.exe-->RtlSetBits, Type: EAT modification 0x82D989C4-->82A4706C [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlSetDaclSecurityDescriptor, Type: EAT modification 0x82D989C8-->83087064 [unknown_code_page]

ntkrnlpa.exe-->RtlSetDynamicTimeZoneInformation, Type: EAT modification 0x82D989CC-->BF26BD64 [unknown_code_page]

ntkrnlpa.exe-->RtlSetOwnerSecurityDescriptor, Type: EAT modification 0x82D989D4-->8305702C [unknown_code_page]

ntkrnlpa.exe-->RtlSetSaclSecurityDescriptor, Type: EAT modification 0x82D989D8-->83097067 [unknown_code_page]

ntkrnlpa.exe-->RtlSetTimeZoneInformation, Type: EAT modification 0x82D989DC-->82D1702D [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlSidHashInitialize, Type: EAT modification 0x82D989E0-->82F1703E [unknown_code_page]

ntkrnlpa.exe-->RtlSidHashLookup, Type: EAT modification 0x82D989E4-->82F1704F [unknown_code_page]

ntkrnlpa.exe-->RtlSizeHeap, Type: EAT modification 0x82D989E8-->82ED702E [unknown_code_page]

ntkrnlpa.exe-->RtlSplay, Type: EAT modification 0x82D989EC-->8314706D [unknown_code_page]

ntkrnlpa.exe-->RtlStringFromGUID, Type: EAT modification 0x82D989F0-->8309706C [unknown_code_page]

ntkrnlpa.exe-->RtlSubAuthorityCountSid, Type: EAT modification 0x82D989F4-->8309706D [unknown_code_page]

ntkrnlpa.exe-->RtlSubAuthoritySid, Type: EAT modification 0x82D989F8-->8318706E [unknown_code_page]

ntkrnlpa.exe-->RtlSubtreePredecessor, Type: EAT modification 0x82D989FC-->83187061 [unknown_code_page]

ntkrnlpa.exe-->RtlSubtreeSuccessor, Type: EAT modification 0x82D98A00-->83137069 [unknown_code_page]

ntkrnlpa.exe-->RtlSystemTimeToLocalTime, Type: EAT modification 0x82D98A04-->82D2706E [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlTestBit, Type: EAT modification 0x82D98A08-->82F07044 [unknown_code_page]

ntkrnlpa.exe-->RtlTimeFieldsToTime, Type: EAT modification 0x82D98A0C-->82C4704C [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlTimeToElapsedTimeFields, Type: EAT modification 0x82D98A10-->82C4705B [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlTimeToSecondsSince1970, Type: EAT modification 0x82D98A14-->82F47045 [unknown_code_page]

ntkrnlpa.exe-->RtlTimeToSecondsSince1980, Type: EAT modification 0x82D98A18-->82F37052 [unknown_code_page]

ntkrnlpa.exe-->RtlTimeToTimeFields, Type: EAT modification 0x82D98A1C-->82E97043 [unknown_code_page]

ntkrnlpa.exe-->RtlTraceDatabaseAdd, Type: EAT modification 0x82D98A20-->82F77053 [unknown_code_page]

ntkrnlpa.exe-->RtlTraceDatabaseCreate, Type: EAT modification 0x82D98A24-->82D47020 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlTraceDatabaseDestroy, Type: EAT modification 0x82D98A28-->82DC7078 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlTraceDatabaseEnumerate, Type: EAT modification 0x82D98A2C-->82E57037 [unknown_code_page]

ntkrnlpa.exe-->RtlTraceDatabaseFind, Type: EAT modification 0x82D98A30-->82EA7044 [unknown_code_page]

ntkrnlpa.exe-->RtlTraceDatabaseLock, Type: EAT modification 0x82D98A34-->82D97034 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlTraceDatabaseUnlock, Type: EAT modification 0x82D98A38-->82C47038 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlTraceDatabaseValidate, Type: EAT modification 0x82D98A3C-->82C4705D [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlUlongByteSwap, Type: EAT modification 0x82D97188-->82DE7044 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlUlonglongByteSwap, Type: EAT modification 0x82D9718C-->82D67020 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlUnicodeStringToAnsiSize, Type: EAT modification 0x82D98A44-->82DC7037 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlUnicodeStringToAnsiString, Type: EAT modification 0x82D98A48-->82A47030 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlUnicodeStringToCountedOemString, Type: EAT modification 0x82D98A4C-->BF26BD13 [unknown_code_page]

ntkrnlpa.exe-->RtlUnicodeStringToOemSize, Type: EAT modification 0x82D98A54-->830D7074 [unknown_code_page]

ntkrnlpa.exe-->RtlUnicodeStringToOemString, Type: EAT modification 0x82D98A58-->83087064 [unknown_code_page]

ntkrnlpa.exe-->RtlUnicodeToCustomCPN, Type: EAT modification 0x82D98A5C-->83127065 [unknown_code_page]

ntkrnlpa.exe-->RtlUnicodeToMultiByteN, Type: EAT modification 0x82D98A60-->82ED7020 [unknown_code_page]

ntkrnlpa.exe-->RtlUnicodeToMultiByteSize, Type: EAT modification 0x82D98A64-->8305706D [unknown_code_page]

ntkrnlpa.exe-->RtlUnicodeToOemN, Type: EAT modification 0x82D98A68-->83097067 [unknown_code_page]

ntkrnlpa.exe-->RtlUnicodeToUTF8N, Type: EAT modification 0x82D98A6C-->BF26BD0F [unknown_code_page]

ntkrnlpa.exe-->RtlUnwind, Type: EAT modification 0x82D98A74-->82E77041 [unknown_code_page]

ntkrnlpa.exe-->RtlUpcaseUnicodeChar, Type: EAT modification 0x82D98A78-->82ED702E [unknown_code_page]

ntkrnlpa.exe-->RtlUpcaseUnicodeString, Type: EAT modification 0x82D98A7C-->8314706D [unknown_code_page]

ntkrnlpa.exe-->RtlUpcaseUnicodeStringToAnsiString, Type: EAT modification 0x82D98A80-->8309706C [unknown_code_page]

ntkrnlpa.exe-->RtlUpcaseUnicodeStringToCountedOemString, Type: EAT modification 0x82D98A84-->8309706D [unknown_code_page]

ntkrnlpa.exe-->RtlUpcaseUnicodeStringToOemString, Type: EAT modification 0x82D98A88-->8318706E [unknown_code_page]

ntkrnlpa.exe-->RtlUpcaseUnicodeToCustomCPN, Type: EAT modification 0x82D98A8C-->83187061 [unknown_code_page]

ntkrnlpa.exe-->RtlUpcaseUnicodeToMultiByteN, Type: EAT modification 0x82D98A90-->83137069 [unknown_code_page]

ntkrnlpa.exe-->RtlUpcaseUnicodeToOemN, Type: EAT modification 0x82D98A94-->82D2706E [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlUpperChar, Type: EAT modification 0x82D98A98-->82F07044 [unknown_code_page]

ntkrnlpa.exe-->RtlUpperString, Type: EAT modification 0x82D98A9C-->82C4704C [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlUshortByteSwap, Type: EAT modification 0x82D97190-->82C4705B [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlUTF8ToUnicodeN, Type: EAT modification 0x82D98A40-->82ED7050 [unknown_code_page]

ntkrnlpa.exe-->RtlValidateUnicodeString, Type: EAT modification 0x82D98AAC-->82F77053 [unknown_code_page]

ntkrnlpa.exe-->RtlValidRelativeSecurityDescriptor, Type: EAT modification 0x82D98AA0-->82F47045 [unknown_code_page]

ntkrnlpa.exe-->RtlValidSecurityDescriptor, Type: EAT modification 0x82D98AA4-->82F37052 [unknown_code_page]

ntkrnlpa.exe-->RtlValidSid, Type: EAT modification 0x82D98AA8-->82E97043 [unknown_code_page]

ntkrnlpa.exe-->RtlVerifyVersionInfo, Type: EAT modification 0x82D98AB0-->82D47020 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlVolumeDeviceToDosName, Type: EAT modification 0x82D98AB4-->82DC7078 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlWalkFrameChain, Type: EAT modification 0x82D98AB8-->82E97037 [unknown_code_page]

ntkrnlpa.exe-->RtlWeaklyEnumerateEntryHashTable, Type: EAT modification 0x82D98ABC-->82E77039 [unknown_code_page]

ntkrnlpa.exe-->RtlWriteRegistryValue, Type: EAT modification 0x82D98AC0-->82E77041 [unknown_code_page]

ntkrnlpa.exe-->RtlxAnsiStringToUnicodeSize, Type: EAT modification 0x82D98ACC-->82ED7050 [unknown_code_page]

ntkrnlpa.exe-->RtlxOemStringToUnicodeSize, Type: EAT modification 0x82D98AD0-->82DE7044 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlxUnicodeStringToAnsiSize, Type: EAT modification 0x82D98AD4-->82D77020 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlxUnicodeStringToOemSize, Type: EAT modification 0x82D98AD8-->82DD7036 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlZeroHeap, Type: EAT modification 0x82D98AC4-->82C47030 [ntkrnlpa.exe]

ntkrnlpa.exe-->RtlZeroMemory, Type: EAT modification 0x82D98AC8-->82C4705D [ntkrnlpa.exe]

ntkrnlpa.exe-->SeAccessCheck, Type: EAT modification 0x82D98ADC-->82A47036 [ntkrnlpa.exe]

ntkrnlpa.exe-->SeAccessCheckEx, Type: EAT modification 0x82D98AE0-->BF26BD00 [unknown_code_page]

ntkrnlpa.exe-->SeAccessCheckWithHint, Type: EAT modification 0x82D98AE8-->830D7028 [unknown_code_page]

ntkrnlpa.exe-->SeAppendPrivileges, Type: EAT modification 0x82D98AEC-->83087064 [unknown_code_page]

ntkrnlpa.exe-->SeAssignSecurity, Type: EAT modification 0x82D98AF0-->83127065 [unknown_code_page]

ntkrnlpa.exe-->SeAssignSecurityEx, Type: EAT modification 0x82D98AF4-->82ED7020 [unknown_code_page]

ntkrnlpa.exe-->SeAuditHardLinkCreation, Type: EAT modification 0x82D98AF8-->8305706D [unknown_code_page]

ntkrnlpa.exe-->SeAuditHardLinkCreationWithTransaction, Type: EAT modification 0x82D98AFC-->83097067 [unknown_code_page]

ntkrnlpa.exe-->SeAuditingAnyFileEventsWithContext, Type: EAT modification 0x82D98B04-->82F2703E [unknown_code_page]

ntkrnlpa.exe-->SeAuditingFileEvents, Type: EAT modification 0x82D98B08-->82FB7045 [unknown_code_page]

ntkrnlpa.exe-->SeAuditingFileEventsWithContext, Type: EAT modification 0x82D98B0C-->82E97041 [unknown_code_page]

ntkrnlpa.exe-->SeAuditingFileOrGlobalEvents, Type: EAT modification 0x82D98B10-->BF26BD3A [unknown_code_page]

ntkrnlpa.exe-->SeAuditingHardLinkEventsWithContext, Type: EAT modification 0x82D98B18-->83127056 [unknown_code_page]

ntkrnlpa.exe-->SeAuditingWithTokenForSubcategory, Type: EAT modification 0x82D97194-->83057064 [unknown_code_page]

ntkrnlpa.exe-->SeAuditTransactionStateChange, Type: EAT modification 0x82D98B00-->82D1702D [ntkrnlpa.exe]

ntkrnlpa.exe-->SeCaptureSecurityDescriptor, Type: EAT modification 0x82D98B1C-->830D7074 [unknown_code_page]

ntkrnlpa.exe-->SeCaptureSubjectContext, Type: EAT modification 0x82D98B20-->8312706F [unknown_code_page]

ntkrnlpa.exe-->SeCaptureSubjectContextEx, Type: EAT modification 0x82D98B24-->82E8702E [unknown_code_page]

ntkrnlpa.exe-->SeCloseObjectAuditAlarm, Type: EAT modification 0x82D98B28-->82F0704C [unknown_code_page]

ntkrnlpa.exe-->SeCloseObjectAuditAlarmForNonObObject, Type: EAT modification 0x82D98B2C-->82FF7020 [unknown_code_page]

ntkrnlpa.exe-->SeComputeAutoInheritByObjectType, Type: EAT modification 0x82D98B30-->82E97020 [unknown_code_page]

ntkrnlpa.exe-->SeCreateAccessState, Type: EAT modification 0x82D98B34-->82F67050 [unknown_code_page]

ntkrnlpa.exe-->SeCreateAccessStateEx, Type: EAT modification 0x82D98B38-->82E7704F [unknown_code_page]

ntkrnlpa.exe-->SeCreateClientSecurity, Type: EAT modification 0x82D98B3C-->82F77045 [unknown_code_page]

ntkrnlpa.exe-->SeCreateClientSecurityFromSubjectContext, Type: EAT modification 0x82D98B40-->82C47053 [ntkrnlpa.exe]

ntkrnlpa.exe-->SeDeassignSecurity, Type: EAT modification 0x82D98B44-->831C7030 [unknown_code_page]

ntkrnlpa.exe-->SeDeleteAccessState, Type: EAT modification 0x82D98B48-->82DB7038 [ntkrnlpa.exe]

ntkrnlpa.exe-->SeDeleteObjectAuditAlarm, Type: EAT modification 0x82D98B4C-->82E87041 [unknown_code_page]

ntkrnlpa.exe-->SeDeleteObjectAuditAlarmWithTransaction, Type: EAT modification 0x82D98B50-->82D87046 [ntkrnlpa.exe]

ntkrnlpa.exe-->SeExamineSacl, Type: EAT modification 0x82D98B54-->82DC7035 [ntkrnlpa.exe]

ntkrnlpa.exe-->SeExports, Type: EAT modification 0x82D98B58-->83017020 [unknown_code_page]

ntkrnlpa.exe-->SeFilterToken, Type: EAT modification 0x82D98B5C-->82F47020 [unknown_code_page]

ntkrnlpa.exe-->SeFreePrivileges, Type: EAT modification 0x82D98B60-->82E87049 [unknown_code_page]

ntkrnlpa.exe-->SeGetLinkedToken, Type: EAT modification 0x82D98B64-->82C4703A [ntkrnlpa.exe]

ntkrnlpa.exe-->SeImpersonateClient, Type: EAT modification 0x82D98B68-->82DB7032 [ntkrnlpa.exe]

ntkrnlpa.exe-->SeImpersonateClientEx, Type: EAT modification 0x82D98B6C-->82D47038 [ntkrnlpa.exe]

ntkrnlpa.exe-->SeLocateProcessImageName, Type: EAT modification 0x82D98B70-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->SeLockSubjectContext, Type: EAT modification 0x82D98B74-->BF26BD2D [unknown_code_page]

ntkrnlpa.exe-->SeOpenObjectAuditAlarm, Type: EAT modification 0x82D98B7C-->830D7145 [unknown_code_page]

ntkrnlpa.exe-->SeOpenObjectAuditAlarmForNonObObject, Type: EAT modification 0x82D98B80-->83087064 [unknown_code_page]

ntkrnlpa.exe-->SeOpenObjectAuditAlarmWithTransaction, Type: EAT modification 0x82D98B84-->83127065 [unknown_code_page]

ntkrnlpa.exe-->SeOpenObjectForDeleteAuditAlarm, Type: EAT modification 0x82D98B88-->82ED7020 [unknown_code_page]

ntkrnlpa.exe-->SeOpenObjectForDeleteAuditAlarmWithTransaction, Type: EAT modification 0x82D98B8C-->8305706D [unknown_code_page]

ntkrnlpa.exe-->SePrivilegeCheck, Type: EAT modification 0x82D98B90-->83097067 [unknown_code_page]

ntkrnlpa.exe-->SePrivilegeObjectAuditAlarm, Type: EAT modification 0x82D98B94-->82D1702D [ntkrnlpa.exe]

ntkrnlpa.exe-->SePublicDefaultDacl, Type: EAT modification 0x82D98B98-->82E8703E [unknown_code_page]

ntkrnlpa.exe-->SeQueryAuthenticationIdToken, Type: EAT modification 0x82D98B9C-->82F17045 [unknown_code_page]

ntkrnlpa.exe-->SeQueryInformationToken, Type: EAT modification 0x82D98BA0-->82EB702E [unknown_code_page]

ntkrnlpa.exe-->SeQuerySecurityAttributesToken, Type: EAT modification 0x82D98BA4-->83057072 [unknown_code_page]

ntkrnlpa.exe-->SeQuerySecurityDescriptorInfo, Type: EAT modification 0x82D98BA8-->830C7070 [unknown_code_page]

ntkrnlpa.exe-->SeQuerySessionIdToken, Type: EAT modification 0x82D98BAC-->83077069 [unknown_code_page]

ntkrnlpa.exe-->SeRegisterLogonSessionTerminatedRoutine, Type: EAT modification 0x82D98BB0-->82D27073 [ntkrnlpa.exe]

ntkrnlpa.exe-->SeReleaseSecurityDescriptor, Type: EAT modification 0x82D98BB4-->BF26BD25 [unknown_code_page]

ntkrnlpa.exe-->SeReportSecurityEvent, Type: EAT modification 0x82D98BBC-->82D2706B [ntkrnlpa.exe]

ntkrnlpa.exe-->SeReportSecurityEventWithSubCategory, Type: EAT modification 0x82D98BC0-->82F07044 [unknown_code_page]

ntkrnlpa.exe-->SeSetAccessStateGenericMapping, Type: EAT modification 0x82D98BC4-->82C4704C [ntkrnlpa.exe]

ntkrnlpa.exe-->SeSetAuditParameter, Type: EAT modification 0x82D98BC8-->82C4705B [ntkrnlpa.exe]

ntkrnlpa.exe-->SeSetSecurityAttributesToken, Type: EAT modification 0x82D98BCC-->82F47045 [unknown_code_page]

ntkrnlpa.exe-->SeSetSecurityDescriptorInfo, Type: EAT modification 0x82D98BD0-->82F37052 [unknown_code_page]

ntkrnlpa.exe-->SeSetSecurityDescriptorInfoEx, Type: EAT modification 0x82D98BD4-->82E97043 [unknown_code_page]

ntkrnlpa.exe-->SeSinglePrivilegeCheck, Type: EAT modification 0x82D98BD8-->82F77053 [unknown_code_page]

ntkrnlpa.exe-->SeSrpAccessCheck, Type: EAT modification 0x82D98BDC-->82D47020 [ntkrnlpa.exe]

ntkrnlpa.exe-->SeSystemDefaultDacl, Type: EAT modification 0x82D98BE0-->82DC7078 [ntkrnlpa.exe]

ntkrnlpa.exe-->SeTokenImpersonationLevel, Type: EAT modification 0x82D98BE4-->82E97037 [unknown_code_page]

ntkrnlpa.exe-->SeTokenIsAdmin, Type: EAT modification 0x82D98BE8-->82E77039 [unknown_code_page]

ntkrnlpa.exe-->SeTokenIsRestricted, Type: EAT modification 0x82D98BEC-->82E77041 [unknown_code_page]

ntkrnlpa.exe-->SeTokenIsWriteRestricted, Type: EAT modification 0x82D98BF0-->82C47030 [ntkrnlpa.exe]

ntkrnlpa.exe-->SeTokenObjectType, Type: EAT modification 0x82D98BF4-->82C4705D [ntkrnlpa.exe]

ntkrnlpa.exe-->SeTokenType, Type: EAT modification 0x82D98BF8-->82ED7050 [unknown_code_page]

ntkrnlpa.exe-->SeUnlockSubjectContext, Type: EAT modification 0x82D98BFC-->82DE7044 [ntkrnlpa.exe]

ntkrnlpa.exe-->SeUnregisterLogonSessionTerminatedRoutine, Type: EAT modification 0x82D98C00-->82D77020 [ntkrnlpa.exe]

ntkrnlpa.exe-->SeValidSecurityDescriptor, Type: EAT modification 0x82D98C04-->82DD7036 [ntkrnlpa.exe]

ntkrnlpa.exe-->sprintf, Type: EAT modification 0x82D99174-->82ED7020 [unknown_code_page]

ntkrnlpa.exe-->sprintf_s, Type: EAT modification 0x82D99178-->8305706D [unknown_code_page]

ntkrnlpa.exe-->srand, Type: EAT modification 0x82D9917C-->83097067 [unknown_code_page]

ntkrnlpa.exe-->sscanf_s, Type: EAT modification 0x82D99180-->82D1702D [ntkrnlpa.exe]

ntkrnlpa.exe-->strcat, Type: EAT modification 0x82D99184-->82E8703E [unknown_code_page]

ntkrnlpa.exe-->strcat_s, Type: EAT modification 0x82D99188-->82F17045 [unknown_code_page]

ntkrnlpa.exe-->strchr, Type: EAT modification 0x82D9918C-->82EB702E [unknown_code_page]

ntkrnlpa.exe-->strcmp, Type: EAT modification 0x82D99190-->83057072 [unknown_code_page]

ntkrnlpa.exe-->strcpy, Type: EAT modification 0x82D99194-->830C7070 [unknown_code_page]

ntkrnlpa.exe-->strcpy_s, Type: EAT modification 0x82D99198-->BF26BA68 [unknown_code_page]

ntkrnlpa.exe-->strncat, Type: EAT modification 0x82D991A0-->82D47128 [ntkrnlpa.exe]

ntkrnlpa.exe-->strncat_s, Type: EAT modification 0x82D991A4-->82D47037 [ntkrnlpa.exe]

ntkrnlpa.exe-->strncmp, Type: EAT modification 0x82D991A8-->82D27036 [ntkrnlpa.exe]

ntkrnlpa.exe-->strncpy, Type: EAT modification 0x82D991AC-->82F07044 [unknown_code_page]

ntkrnlpa.exe-->strncpy_s, Type: EAT modification 0x82D991B0-->82C4704C [ntkrnlpa.exe]

ntkrnlpa.exe-->strnlen, Type: EAT modification 0x82D991B4-->82C4705B [ntkrnlpa.exe]

ntkrnlpa.exe-->strrchr, Type: EAT modification 0x82D991B8-->82F47045 [unknown_code_page]

ntkrnlpa.exe-->strspn, Type: EAT modification 0x82D991BC-->82F37052 [unknown_code_page]

ntkrnlpa.exe-->strstr, Type: EAT modification 0x82D991C0-->82E97043 [unknown_code_page]

ntkrnlpa.exe-->strtok_s, Type: EAT modification 0x82D991C4-->82F77053 [unknown_code_page]

ntkrnlpa.exe-->swprintf, Type: EAT modification 0x82D991C8-->82D47020 [ntkrnlpa.exe]

ntkrnlpa.exe-->swprintf_s, Type: EAT modification 0x82D991CC-->82DC7078 [ntkrnlpa.exe]

ntkrnlpa.exe-->swscanf_s, Type: EAT modification 0x82D991D0-->82E97037 [unknown_code_page]

ntkrnlpa.exe-->TmCancelPropagationRequest, Type: EAT modification 0x82D98C08-->82A47036 [ntkrnlpa.exe]

ntkrnlpa.exe-->TmCommitComplete, Type: EAT modification 0x82D98C0C-->BF26BDDA [unknown_code_page]

ntkrnlpa.exe-->TmCommitTransaction, Type: EAT modification 0x82D98C14-->830D70AD [unknown_code_page]

ntkrnlpa.exe-->TmCreateEnlistment, Type: EAT modification 0x82D98C18-->83087064 [unknown_code_page]

ntkrnlpa.exe-->TmCurrentTransaction, Type: EAT modification 0x82D98C1C-->83127065 [unknown_code_page]

ntkrnlpa.exe-->TmDereferenceEnlistmentKey, Type: EAT modification 0x82D98C20-->82ED7020 [unknown_code_page]

ntkrnlpa.exe-->TmEnableCallbacks, Type: EAT modification 0x82D98C24-->8305706D [unknown_code_page]

ntkrnlpa.exe-->TmEndPropagationRequest, Type: EAT modification 0x82D98C28-->83097067 [unknown_code_page]

ntkrnlpa.exe-->TmEnlistmentObjectType, Type: EAT modification 0x82D98C2C-->82D1702D [ntkrnlpa.exe]

ntkrnlpa.exe-->TmFreezeTransactions, Type: EAT modification 0x82D98C30-->82F1703E [unknown_code_page]

ntkrnlpa.exe-->TmGetTransactionId, Type: EAT modification 0x82D98C34-->82F1704F [unknown_code_page]

ntkrnlpa.exe-->TmInitializeResourceManager, Type: EAT modification 0x82D98C40-->8309706C [unknown_code_page]

ntkrnlpa.exe-->TmInitializeTransaction, Type: EAT modification 0x82D98C44-->8309706D [unknown_code_page]

ntkrnlpa.exe-->TmInitSystem, Type: EAT modification 0x82D98C38-->82ED702E [unknown_code_page]

ntkrnlpa.exe-->TmInitSystemPhase2, Type: EAT modification 0x82D98C3C-->8314706D [unknown_code_page]

ntkrnlpa.exe-->TmIsTransactionActive, Type: EAT modification 0x82D98C48-->8318706E [unknown_code_page]

ntkrnlpa.exe-->TmpIsKTMCommitCoordinator, Type: EAT modification 0x82D98C9C-->82DD7036 [ntkrnlpa.exe]

ntkrnlpa.exe-->TmPrepareComplete, Type: EAT modification 0x82D98C54-->82D2706E [ntkrnlpa.exe]

ntkrnlpa.exe-->TmPrepareEnlistment, Type: EAT modification 0x82D98C58-->82F07044 [unknown_code_page]

ntkrnlpa.exe-->TmPrePrepareComplete, Type: EAT modification 0x82D98C4C-->83187061 [unknown_code_page]

ntkrnlpa.exe-->TmPrePrepareEnlistment, Type: EAT modification 0x82D98C50-->83137069 [unknown_code_page]

ntkrnlpa.exe-->TmPropagationComplete, Type: EAT modification 0x82D98C5C-->BF26BDD0 [unknown_code_page]

ntkrnlpa.exe-->TmReadOnlyEnlistment, Type: EAT modification 0x82D98C64-->82F47080 [unknown_code_page]

ntkrnlpa.exe-->TmRecoverEnlistment, Type: EAT modification 0x82D98C68-->82F37052 [unknown_code_page]

ntkrnlpa.exe-->TmRecoverResourceManager, Type: EAT modification 0x82D98C6C-->82E97043 [unknown_code_page]

ntkrnlpa.exe-->TmRecoverTransactionManager, Type: EAT modification 0x82D98C70-->82F77053 [unknown_code_page]

ntkrnlpa.exe-->TmReferenceEnlistmentKey, Type: EAT modification 0x82D98C74-->82D47020 [ntkrnlpa.exe]

ntkrnlpa.exe-->TmRequestOutcomeEnlistment, Type: EAT modification 0x82D98C78-->82DC7078 [ntkrnlpa.exe]

ntkrnlpa.exe-->TmResourceManagerObjectType, Type: EAT modification 0x82D98C7C-->82E97037 [unknown_code_page]

ntkrnlpa.exe-->TmRollbackComplete, Type: EAT modification 0x82D98C80-->82E77039 [unknown_code_page]

ntkrnlpa.exe-->TmRollbackEnlistment, Type: EAT modification 0x82D98C84-->82E77041 [unknown_code_page]

ntkrnlpa.exe-->TmRollbackTransaction, Type: EAT modification 0x82D98C88-->82C47030 [ntkrnlpa.exe]

ntkrnlpa.exe-->TmSetCurrentTransaction, Type: EAT modification 0x82D98C8C-->82C4705D [ntkrnlpa.exe]

ntkrnlpa.exe-->TmThawTransactions, Type: EAT modification 0x82D98C90-->82ED7050 [unknown_code_page]

ntkrnlpa.exe-->TmTransactionManagerObjectType, Type: EAT modification 0x82D98C94-->82DE7044 [ntkrnlpa.exe]

ntkrnlpa.exe-->TmTransactionObjectType, Type: EAT modification 0x82D98C98-->82D77020 [ntkrnlpa.exe]

ntkrnlpa.exe-->tolower, Type: EAT modification 0x82D991D4-->82E77039 [unknown_code_page]

ntkrnlpa.exe-->toupper, Type: EAT modification 0x82D991D8-->82E77041 [unknown_code_page]

ntkrnlpa.exe-->towlower, Type: EAT modification 0x82D991DC-->82C47030 [ntkrnlpa.exe]

ntkrnlpa.exe-->towupper, Type: EAT modification 0x82D991E0-->82C4705D [ntkrnlpa.exe]

ntkrnlpa.exe-->vDbgPrintEx, Type: EAT modification 0x82D991E4-->82ED7050 [unknown_code_page]

ntkrnlpa.exe-->vDbgPrintExWithPrefix, Type: EAT modification 0x82D991E8-->82DE7044 [ntkrnlpa.exe]

ntkrnlpa.exe-->VerSetConditionMask, Type: EAT modification 0x82D98CA0-->82A47036 [ntkrnlpa.exe]

ntkrnlpa.exe-->VfFailDeviceNode, Type: EAT modification 0x82D98CA4-->BF26BDC7 [unknown_code_page]

ntkrnlpa.exe-->VfFailSystemBIOS, Type: EAT modification 0x82D98CAC-->830D7087 [unknown_code_page]

ntkrnlpa.exe-->VfIsVerificationEnabled, Type: EAT modification 0x82D98CB0-->83087064 [unknown_code_page]

ntkrnlpa.exe-->vsprintf, Type: EAT modification 0x82D991EC-->82D77020 [ntkrnlpa.exe]

ntkrnlpa.exe-->vsprintf_s, Type: EAT modification 0x82D991F0-->82DD7036 [ntkrnlpa.exe]

ntkrnlpa.exe-->vswprintf_s, Type: EAT modification 0x82D991F4-->82A47036 [ntkrnlpa.exe]

ntkrnlpa.exe-->wcscat, Type: EAT modification 0x82D991F8-->BF26BA1C [unknown_code_page]

ntkrnlpa.exe-->wcschr, Type: EAT modification 0x82D99200-->82DE7158 [ntkrnlpa.exe]

ntkrnlpa.exe-->wcscmp, Type: EAT modification 0x82D99204-->82FB705C [unknown_code_page]

ntkrnlpa.exe-->wcscpy, Type: EAT modification 0x82D99208-->83127069 [unknown_code_page]

ntkrnlpa.exe-->wcscpy_s, Type: EAT modification 0x82D9920C-->83137064 [unknown_code_page]

ntkrnlpa.exe-->wcscspn, Type: EAT modification 0x82D99210-->83177077 [unknown_code_page]

ntkrnlpa.exe-->wcslen, Type: EAT modification 0x82D99214-->8317705C [unknown_code_page]

ntkrnlpa.exe-->wcsncat, Type: EAT modification 0x82D99218-->83177079 [unknown_code_page]

ntkrnlpa.exe-->wcsncat_s, Type: EAT modification 0x82D9921C-->83097074 [unknown_code_page]

ntkrnlpa.exe-->wcsncmp, Type: EAT modification 0x82D99220-->82D7706D [ntkrnlpa.exe]

ntkrnlpa.exe-->wcsncpy, Type: EAT modification 0x82D99224-->83007032 [unknown_code_page]

ntkrnlpa.exe-->wcsncpy_s, Type: EAT modification 0x82D99228-->83057043 [unknown_code_page]

ntkrnlpa.exe-->wcsnlen, Type: EAT modification 0x82D9922C-->82F67074 [unknown_code_page]

ntkrnlpa.exe-->wcsrchr, Type: EAT modification 0x82D99230-->8313706F [unknown_code_page]

ntkrnlpa.exe-->wcsspn, Type: EAT modification 0x82D99234-->83007074 [unknown_code_page]

ntkrnlpa.exe-->wcsstr, Type: EAT modification 0x82D99238-->82D5707B [ntkrnlpa.exe]

ntkrnlpa.exe-->wcstombs, Type: EAT modification 0x82D9923C-->82DB7032 [ntkrnlpa.exe]

ntkrnlpa.exe-->wcstoul, Type: EAT modification 0x82D99240-->BF26BA13 [unknown_code_page]

ntkrnlpa.exe-->WheaAddErrorSource, Type: EAT modification 0x82D98CCC-->82ED7078 [unknown_code_page]

ntkrnlpa.exe-->WheaConfigureErrorSource, Type: EAT modification 0x82D98CD0-->8318706E [unknown_code_page]

ntkrnlpa.exe-->WheaGetErrorSource, Type: EAT modification 0x82D98CD4-->83167065 [unknown_code_page]

ntkrnlpa.exe-->WheaInitializeRecordHeader, Type: EAT modification 0x82D98CD8-->8314706F [unknown_code_page]

ntkrnlpa.exe-->WheaReportHwError, Type: EAT modification 0x82D98CDC-->82FB702E [unknown_code_page]

ntkrnlpa.exe-->WmiGetClock, Type: EAT modification 0x82D97198-->82F37042 [unknown_code_page]

ntkrnlpa.exe-->WmiQueryTraceInformation, Type: EAT modification 0x82D98CE0-->82FC7043 [unknown_code_page]

ntkrnlpa.exe-->WmiTraceMessage, Type: EAT modification 0x82D98CE4-->830D704C [unknown_code_page]

ntkrnlpa.exe-->WmiTraceMessageVa, Type: EAT modification 0x82D98CE8-->82D27062 [ntkrnlpa.exe]

ntkrnlpa.exe-->WRITE_REGISTER_BUFFER_UCHAR, Type: EAT modification 0x82D98CB4-->83127065 [unknown_code_page]

ntkrnlpa.exe-->WRITE_REGISTER_BUFFER_ULONG, Type: EAT modification 0x82D98CB8-->82ED7020 [unknown_code_page]

ntkrnlpa.exe-->WRITE_REGISTER_BUFFER_USHORT, Type: EAT modification 0x82D98CBC-->8305706D [unknown_code_page]

ntkrnlpa.exe-->WRITE_REGISTER_UCHAR, Type: EAT modification 0x82D98CC0-->83097067 [unknown_code_page]

ntkrnlpa.exe-->WRITE_REGISTER_ULONG, Type: EAT modification 0x82D98CC4-->82D1702D [ntkrnlpa.exe]

ntkrnlpa.exe-->WRITE_REGISTER_USHORT, Type: EAT modification 0x82D98CC8-->82E5703E [unknown_code_page]

ntkrnlpa.exe-->XIPDispatch, Type: EAT modification 0x82D98CEC-->82F07044 [unknown_code_page]

ntkrnlpa.exe-->ZwAccessCheckAndAuditAlarm, Type: EAT modification 0x82D98CF0-->82C4704C [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwAddBootEntry, Type: EAT modification 0x82D98CF4-->82C4705B [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwAddDriverEntry, Type: EAT modification 0x82D98CF8-->82F47045 [unknown_code_page]

ntkrnlpa.exe-->ZwAdjustPrivilegesToken, Type: EAT modification 0x82D98CFC-->82F37052 [unknown_code_page]

ntkrnlpa.exe-->ZwAlertThread, Type: EAT modification 0x82D98D00-->BF26BDFB [unknown_code_page]

ntkrnlpa.exe-->ZwAllocateVirtualMemory, Type: EAT modification 0x82D98D08-->82D47095 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwAlpcAcceptConnectPort, Type: EAT modification 0x82D98D0C-->82DC7078 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwAlpcCancelMessage, Type: EAT modification 0x82D98D10-->82E97037 [unknown_code_page]

ntkrnlpa.exe-->ZwAlpcConnectPort, Type: EAT modification 0x82D98D14-->82E77039 [unknown_code_page]

ntkrnlpa.exe-->ZwAlpcCreatePort, Type: EAT modification 0x82D98D18-->82E77041 [unknown_code_page]

ntkrnlpa.exe-->ZwAlpcCreatePortSection, Type: EAT modification 0x82D98D1C-->82C47030 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwAlpcCreateResourceReserve, Type: EAT modification 0x82D98D20-->82C4705D [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwAlpcCreateSectionView, Type: EAT modification 0x82D98D24-->82ED7050 [unknown_code_page]

ntkrnlpa.exe-->ZwAlpcCreateSecurityContext, Type: EAT modification 0x82D98D28-->82DE7044 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwAlpcDeletePortSection, Type: EAT modification 0x82D98D2C-->82D77020 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwAlpcDeleteResourceReserve, Type: EAT modification 0x82D98D30-->82DD7036 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwAlpcDeleteSectionView, Type: EAT modification 0x82D98D34-->82A47036 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwAlpcDeleteSecurityContext, Type: EAT modification 0x82D98D38-->BF26BDF4 [unknown_code_page]

ntkrnlpa.exe-->ZwAlpcQueryInformation, Type: EAT modification 0x82D98D40-->830D709A [unknown_code_page]

ntkrnlpa.exe-->ZwAlpcSendWaitReceivePort, Type: EAT modification 0x82D98D44-->83087064 [unknown_code_page]

ntkrnlpa.exe-->ZwAlpcSetInformation, Type: EAT modification 0x82D98D48-->83127065 [unknown_code_page]

ntkrnlpa.exe-->ZwAssignProcessToJobObject, Type: EAT modification 0x82D98D4C-->82ED7020 [unknown_code_page]

ntkrnlpa.exe-->ZwCancelIoFile, Type: EAT modification 0x82D98D50-->8305706D [unknown_code_page]

ntkrnlpa.exe-->ZwCancelTimer, Type: EAT modification 0x82D98D54-->83097067 [unknown_code_page]

ntkrnlpa.exe-->ZwClearEvent, Type: EAT modification 0x82D98D58-->82D1702D [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwClose, Type: EAT modification 0x82D98D5C-->82F2703E [unknown_code_page]

ntkrnlpa.exe-->ZwCloseObjectAuditAlarm, Type: EAT modification 0x82D98D60-->82FB7045 [unknown_code_page]

ntkrnlpa.exe-->ZwCommitComplete, Type: EAT modification 0x82D98D64-->82E97041 [unknown_code_page]

ntkrnlpa.exe-->ZwCommitEnlistment, Type: EAT modification 0x82D98D68-->82D2704D [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwCommitTransaction, Type: EAT modification 0x82D98D6C-->83137046 [unknown_code_page]

ntkrnlpa.exe-->ZwConnectPort, Type: EAT modification 0x82D98D70-->83127075 [unknown_code_page]

ntkrnlpa.exe-->ZwCreateDirectoryObject, Type: EAT modification 0x82D98D74-->83057064 [unknown_code_page]

ntkrnlpa.exe-->ZwCreateEnlistment, Type: EAT modification 0x82D98D78-->830D7074 [unknown_code_page]

ntkrnlpa.exe-->ZwCreateEvent, Type: EAT modification 0x82D98D7C-->8312706F [unknown_code_page]

ntkrnlpa.exe-->ZwCreateFile, Type: EAT modification 0x82D98D80-->82E8702E [unknown_code_page]

ntkrnlpa.exe-->ZwCreateIoCompletion, Type: EAT modification 0x82D98D84-->82F0704C [unknown_code_page]

ntkrnlpa.exe-->ZwCreateJobObject, Type: EAT modification 0x82D98D88-->82FF7020 [unknown_code_page]

ntkrnlpa.exe-->ZwCreateKey, Type: EAT modification 0x82D98D8C-->82E97020 [unknown_code_page]

ntkrnlpa.exe-->ZwCreateKeyTransacted, Type: EAT modification 0x82D98D90-->82F67050 [unknown_code_page]

ntkrnlpa.exe-->ZwCreateResourceManager, Type: EAT modification 0x82D98D94-->82E7704F [unknown_code_page]

ntkrnlpa.exe-->ZwCreateSection, Type: EAT modification 0x82D98D98-->82F77045 [unknown_code_page]

ntkrnlpa.exe-->ZwCreateSymbolicLinkObject, Type: EAT modification 0x82D98D9C-->82C47053 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwCreateTimer, Type: EAT modification 0x82D98DA0-->831C7030 [unknown_code_page]

ntkrnlpa.exe-->ZwCreateTransaction, Type: EAT modification 0x82D98DA4-->82DB7038 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwCreateTransactionManager, Type: EAT modification 0x82D98DA8-->BF26BDE6 [unknown_code_page]

ntkrnlpa.exe-->ZwDeleteDriverEntry, Type: EAT modification 0x82D98DB0-->82D470AA [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwDeleteFile, Type: EAT modification 0x82D98DB4-->83017020 [unknown_code_page]

ntkrnlpa.exe-->ZwDeleteKey, Type: EAT modification 0x82D98DB8-->82F47020 [unknown_code_page]

ntkrnlpa.exe-->ZwDeleteValueKey, Type: EAT modification 0x82D98DBC-->82E87049 [unknown_code_page]

ntkrnlpa.exe-->ZwDeviceIoControlFile, Type: EAT modification 0x82D98DC0-->82C4703A [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwDisplayString, Type: EAT modification 0x82D98DC4-->82DA7033 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwDuplicateObject, Type: EAT modification 0x82D98DC8-->82DA7039 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwDuplicateToken, Type: EAT modification 0x82D98DCC-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwEnumerateBootEntries, Type: EAT modification 0x82D98DD0-->BF26BDE1 [unknown_code_page]

ntkrnlpa.exe-->ZwEnumerateKey, Type: EAT modification 0x82D98DD8-->830D704E [unknown_code_page]

ntkrnlpa.exe-->ZwEnumerateTransactionObject, Type: EAT modification 0x82D98DDC-->83087064 [unknown_code_page]

ntkrnlpa.exe-->ZwEnumerateValueKey, Type: EAT modification 0x82D98DE0-->83127065 [unknown_code_page]

ntkrnlpa.exe-->ZwFlushBuffersFile, Type: EAT modification 0x82D98DE4-->82ED7020 [unknown_code_page]

ntkrnlpa.exe-->ZwFlushInstructionCache, Type: EAT modification 0x82D98DE8-->8305706D [unknown_code_page]

ntkrnlpa.exe-->ZwFlushKey, Type: EAT modification 0x82D98DEC-->83097067 [unknown_code_page]

ntkrnlpa.exe-->ZwFlushVirtualMemory, Type: EAT modification 0x82D98DF0-->82D1702D [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwFreeVirtualMemory, Type: EAT modification 0x82D98DF4-->82ED703E [unknown_code_page]

ntkrnlpa.exe-->ZwFsControlFile, Type: EAT modification 0x82D98DF8-->8318706E [unknown_code_page]

ntkrnlpa.exe-->ZwGetNotificationResourceManager, Type: EAT modification 0x82D98DFC-->83167065 [unknown_code_page]

ntkrnlpa.exe-->ZwImpersonateAnonymousToken, Type: EAT modification 0x82D98E00-->8314706F [unknown_code_page]

ntkrnlpa.exe-->ZwInitiatePowerAction, Type: EAT modification 0x82D98E04-->82FB702E [unknown_code_page]

ntkrnlpa.exe-->ZwIsProcessInJob, Type: EAT modification 0x82D98E08-->82F37042 [unknown_code_page]

ntkrnlpa.exe-->ZwLoadDriver, Type: EAT modification 0x82D98E0C-->82FC7043 [unknown_code_page]

ntkrnlpa.exe-->ZwLoadKey, Type: EAT modification 0x82D98E10-->830D704C [unknown_code_page]

ntkrnlpa.exe-->ZwLoadKeyEx, Type: EAT modification 0x82D98E14-->82D27062 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwLockFile, Type: EAT modification 0x82D98E18-->82F07044 [unknown_code_page]

ntkrnlpa.exe-->ZwLockProductActivationKeys, Type: EAT modification 0x82D98E1C-->82C4704C [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwMakeTemporaryObject, Type: EAT modification 0x82D98E20-->82C4705B [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwMapViewOfSection, Type: EAT modification 0x82D98E24-->82F47045 [unknown_code_page]

ntkrnlpa.exe-->ZwModifyBootEntry, Type: EAT modification 0x82D98E28-->82F37052 [unknown_code_page]

ntkrnlpa.exe-->ZwModifyDriverEntry, Type: EAT modification 0x82D98E2C-->82E97043 [unknown_code_page]

ntkrnlpa.exe-->ZwNotifyChangeKey, Type: EAT modification 0x82D98E30-->82F77053 [unknown_code_page]

ntkrnlpa.exe-->ZwNotifyChangeSession, Type: EAT modification 0x82D98E34-->82D47020 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwOpenDirectoryObject, Type: EAT modification 0x82D98E38-->82DC7078 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwOpenEnlistment, Type: EAT modification 0x82D98E3C-->82E97037 [unknown_code_page]

ntkrnlpa.exe-->ZwOpenEvent, Type: EAT modification 0x82D98E40-->82E77039 [unknown_code_page]

ntkrnlpa.exe-->ZwOpenFile, Type: EAT modification 0x82D98E44-->82E77041 [unknown_code_page]

ntkrnlpa.exe-->ZwOpenJobObject, Type: EAT modification 0x82D98E48-->82C47030 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwOpenKey, Type: EAT modification 0x82D98E4C-->82C4705D [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwOpenKeyEx, Type: EAT modification 0x82D98E50-->BF26BD91 [unknown_code_page]

ntkrnlpa.exe-->ZwOpenKeyTransactedEx, Type: EAT modification 0x82D98E58-->82D770BF [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwOpenProcess, Type: EAT modification 0x82D98E5C-->82DD7036 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwOpenProcessToken, Type: EAT modification 0x82D98E60-->82A47036 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwOpenProcessTokenEx, Type: EAT modification 0x82D98E64-->82A47000 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwOpenResourceManager, Type: EAT modification 0x82D98E68-->BF26BD8E [unknown_code_page]

ntkrnlpa.exe-->ZwOpenSession, Type: EAT modification 0x82D98E70-->830D70D3 [unknown_code_page]

ntkrnlpa.exe-->ZwOpenSymbolicLinkObject, Type: EAT modification 0x82D98E74-->83087064 [unknown_code_page]

ntkrnlpa.exe-->ZwOpenThread, Type: EAT modification 0x82D98E78-->83127065 [unknown_code_page]

ntkrnlpa.exe-->ZwOpenThreadToken, Type: EAT modification 0x82D98E7C-->82ED7020 [unknown_code_page]

ntkrnlpa.exe-->ZwOpenThreadTokenEx, Type: EAT modification 0x82D98E80-->8305706D [unknown_code_page]

ntkrnlpa.exe-->ZwOpenTimer, Type: EAT modification 0x82D98E84-->83097067 [unknown_code_page]

ntkrnlpa.exe-->ZwOpenTransaction, Type: EAT modification 0x82D98E88-->82D1702D [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwOpenTransactionManager, Type: EAT modification 0x82D98E8C-->82E5703E [unknown_code_page]

ntkrnlpa.exe-->ZwPowerInformation, Type: EAT modification 0x82D98E90-->82F17045 [unknown_code_page]

ntkrnlpa.exe-->ZwPrepareComplete, Type: EAT modification 0x82D98E9C-->83097076 [unknown_code_page]

ntkrnlpa.exe-->ZwPrepareEnlistment, Type: EAT modification 0x82D98EA0-->82D27072 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwPrePrepareComplete, Type: EAT modification 0x82D98E94-->82F7702E [unknown_code_page]

ntkrnlpa.exe-->ZwPrePrepareEnlistment, Type: EAT modification 0x82D98E98-->83167065 [unknown_code_page]

ntkrnlpa.exe-->ZwPropagationComplete, Type: EAT modification 0x82D98EA4-->830C7053 [unknown_code_page]

ntkrnlpa.exe-->ZwPropagationFailed, Type: EAT modification 0x82D98EA8-->83167061 [unknown_code_page]

ntkrnlpa.exe-->ZwPulseEvent, Type: EAT modification 0x82D98EAC-->83087065 [unknown_code_page]

ntkrnlpa.exe-->ZwQueryBootEntryOrder, Type: EAT modification 0x82D98EB0-->82E8702E [unknown_code_page]

ntkrnlpa.exe-->ZwQueryBootOptions, Type: EAT modification 0x82D98EB4-->82F0704C [unknown_code_page]

ntkrnlpa.exe-->ZwQueryDefaultLocale, Type: EAT modification 0x82D98EB8-->82FF7020 [unknown_code_page]

ntkrnlpa.exe-->ZwQueryDefaultUILanguage, Type: EAT modification 0x82D98EBC-->82E97020 [unknown_code_page]

ntkrnlpa.exe-->ZwQueryDirectoryFile, Type: EAT modification 0x82D98EC0-->82F67050 [unknown_code_page]

ntkrnlpa.exe-->ZwQueryDirectoryObject, Type: EAT modification 0x82D98EC4-->82E7704F [unknown_code_page]

ntkrnlpa.exe-->ZwQueryDriverEntryOrder, Type: EAT modification 0x82D98EC8-->82F77045 [unknown_code_page]

ntkrnlpa.exe-->ZwQueryEaFile, Type: EAT modification 0x82D98ECC-->82C47053 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwQueryFullAttributesFile, Type: EAT modification 0x82D98ED0-->831C7030 [unknown_code_page]

ntkrnlpa.exe-->ZwQueryInformationEnlistment, Type: EAT modification 0x82D98ED4-->82DB7038 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwQueryInformationFile, Type: EAT modification 0x82D98ED8-->82DD7045 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwQueryInformationJobObject, Type: EAT modification 0x82D98EDC-->82E57043 [unknown_code_page]

ntkrnlpa.exe-->ZwQueryInformationProcess, Type: EAT modification 0x82D98EE0-->82D47043 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwQueryInformationResourceManager, Type: EAT modification 0x82D98EE4-->83017020 [unknown_code_page]

ntkrnlpa.exe-->ZwQueryInformationThread, Type: EAT modification 0x82D98EE8-->82F47020 [unknown_code_page]

ntkrnlpa.exe-->ZwQueryInformationToken, Type: EAT modification 0x82D98EEC-->82E87049 [unknown_code_page]

ntkrnlpa.exe-->ZwQueryInformationTransaction, Type: EAT modification 0x82D98EF0-->82C4703A [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwQueryInformationTransactionManager, Type: EAT modification 0x82D98EF4-->82DA7033 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwQueryInstallUILanguage, Type: EAT modification 0x82D98EF8-->BF26BDBC [unknown_code_page]

ntkrnlpa.exe-->ZwQueryLicenseValue, Type: EAT modification 0x82D98F00-->BF2670D4 [unknown_code_page]

ntkrnlpa.exe-->ZwQueryQuotaInformationFile, Type: EAT modification 0x82D98F08-->830D70F9 [unknown_code_page]

ntkrnlpa.exe-->ZwQuerySection, Type: EAT modification 0x82D98F0C-->83087064 [unknown_code_page]

ntkrnlpa.exe-->ZwQuerySecurityAttributesToken, Type: EAT modification 0x82D98F10-->83127065 [unknown_code_page]

ntkrnlpa.exe-->ZwQuerySecurityObject, Type: EAT modification 0x82D98F14-->82ED7020 [unknown_code_page]

ntkrnlpa.exe-->ZwQuerySymbolicLinkObject, Type: EAT modification 0x82D98F18-->8305706D [unknown_code_page]

ntkrnlpa.exe-->ZwQuerySystemInformation, Type: EAT modification 0x82D98F1C-->83097067 [unknown_code_page]

ntkrnlpa.exe-->ZwQueryValueKey, Type: EAT modification 0x82D98F20-->82D1702D [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwQueryVirtualMemory, Type: EAT modification 0x82D98F24-->82E8703E [unknown_code_page]

ntkrnlpa.exe-->ZwQueryVolumeInformationFile, Type: EAT modification 0x82D98F28-->82F17045 [unknown_code_page]

ntkrnlpa.exe-->ZwReadFile, Type: EAT modification 0x82D98F2C-->82EB702E [unknown_code_page]

ntkrnlpa.exe-->ZwReadOnlyEnlistment, Type: EAT modification 0x82D98F30-->83057072 [unknown_code_page]

ntkrnlpa.exe-->ZwRecoverEnlistment, Type: EAT modification 0x82D98F34-->830C7070 [unknown_code_page]

ntkrnlpa.exe-->ZwRecoverResourceManager, Type: EAT modification 0x82D98F38-->83077069 [unknown_code_page]

ntkrnlpa.exe-->ZwRecoverTransactionManager, Type: EAT modification 0x82D98F3C-->82D27073 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwRemoveIoCompletion, Type: EAT modification 0x82D98F40-->82D47049 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwRemoveIoCompletionEx, Type: EAT modification 0x82D98F44-->82D47038 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwReplaceKey, Type: EAT modification 0x82D98F48-->82D27034 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwRequestPort, Type: EAT modification 0x82D98F4C-->83107064 [unknown_code_page]

ntkrnlpa.exe-->ZwRequestWaitReplyPort, Type: EAT modification 0x82D98F50-->82C4706C [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwResetEvent, Type: EAT modification 0x82D98F54-->82C4705B [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwRestoreKey, Type: EAT modification 0x82D98F58-->82F47045 [unknown_code_page]

ntkrnlpa.exe-->ZwRollbackComplete, Type: EAT modification 0x82D98F5C-->82F37052 [unknown_code_page]

ntkrnlpa.exe-->ZwRollbackEnlistment, Type: EAT modification 0x82D98F60-->82E97043 [unknown_code_page]

ntkrnlpa.exe-->ZwRollbackTransaction, Type: EAT modification 0x82D98F64-->82F77053 [unknown_code_page]

ntkrnlpa.exe-->ZwSaveKey, Type: EAT modification 0x82D98F68-->82D47020 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwSaveKeyEx, Type: EAT modification 0x82D98F6C-->82DC7078 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwSecureConnectPort, Type: EAT modification 0x82D98F70-->82E97037 [unknown_code_page]

ntkrnlpa.exe-->ZwSetBootEntryOrder, Type: EAT modification 0x82D98F74-->82E77039 [unknown_code_page]

ntkrnlpa.exe-->ZwSetBootOptions, Type: EAT modification 0x82D98F78-->82E77041 [unknown_code_page]

ntkrnlpa.exe-->ZwSetDefaultLocale, Type: EAT modification 0x82D98F7C-->82C47030 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwSetDefaultUILanguage, Type: EAT modification 0x82D98F80-->82C4705D [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwSetDriverEntryOrder, Type: EAT modification 0x82D98F84-->82ED7050 [unknown_code_page]

ntkrnlpa.exe-->ZwSetEaFile, Type: EAT modification 0x82D98F88-->82DE7044 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwSetEvent, Type: EAT modification 0x82D98F8C-->82D77020 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwSetInformationEnlistment, Type: EAT modification 0x82D98F90-->82DD7036 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwSetInformationFile, Type: EAT modification 0x82D98F94-->82A47036 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwSetInformationJobObject, Type: EAT modification 0x82D98F98-->BF26BDA8 [unknown_code_page]

ntkrnlpa.exe-->ZwSetInformationProcess, Type: EAT modification 0x82D98FA0-->BF26BDA7 [unknown_code_page]

ntkrnlpa.exe-->ZwSetInformationThread, Type: EAT modification 0x82D98FA8-->831270E9 [unknown_code_page]

ntkrnlpa.exe-->ZwSetInformationToken, Type: EAT modification 0x82D98FAC-->82ED7020 [unknown_code_page]

ntkrnlpa.exe-->ZwSetInformationTransaction, Type: EAT modification 0x82D98FB0-->8305706D [unknown_code_page]

ntkrnlpa.exe-->ZwSetQuotaInformationFile, Type: EAT modification 0x82D98FB4-->83097067 [unknown_code_page]

ntkrnlpa.exe-->ZwSetSecurityObject, Type: EAT modification 0x82D98FB8-->82D1702D [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwSetSystemInformation, Type: EAT modification 0x82D98FBC-->82E8703E [unknown_code_page]

ntkrnlpa.exe-->ZwSetSystemTime, Type: EAT modification 0x82D98FC0-->82F17045 [unknown_code_page]

ntkrnlpa.exe-->ZwSetTimer, Type: EAT modification 0x82D98FC4-->82EB702E [unknown_code_page]

ntkrnlpa.exe-->ZwSetTimerEx, Type: EAT modification 0x82D98FC8-->83057072 [unknown_code_page]

ntkrnlpa.exe-->ZwSetValueKey, Type: EAT modification 0x82D98FCC-->830C7070 [unknown_code_page]

ntkrnlpa.exe-->ZwSetVolumeInformationFile, Type: EAT modification 0x82D98FD0-->83077069 [unknown_code_page]

ntkrnlpa.exe-->ZwTerminateJobObject, Type: EAT modification 0x82D98FD4-->82D27073 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwTerminateProcess, Type: EAT modification 0x82D98FD8-->82D47049 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwTraceEvent, Type: EAT modification 0x82D98FDC-->82D47037 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwTranslateFilePath, Type: EAT modification 0x82D98FE0-->82D27039 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwUnloadDriver, Type: EAT modification 0x82D98FE4-->83107064 [unknown_code_page]

ntkrnlpa.exe-->ZwUnloadKey, Type: EAT modification 0x82D98FE8-->82C4706C [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwUnloadKeyEx, Type: EAT modification 0x82D98FEC-->82C4705B [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwUnlockFile, Type: EAT modification 0x82D98FF0-->82F47045 [unknown_code_page]

ntkrnlpa.exe-->ZwUnmapViewOfSection, Type: EAT modification 0x82D98FF4-->82F37052 [unknown_code_page]

ntkrnlpa.exe-->ZwWaitForMultipleObjects, Type: EAT modification 0x82D98FF8-->82E97043 [unknown_code_page]

ntkrnlpa.exe-->ZwWaitForSingleObject, Type: EAT modification 0x82D98FFC-->82F77053 [unknown_code_page]

ntkrnlpa.exe-->ZwWriteFile, Type: EAT modification 0x82D99000-->82D47020 [ntkrnlpa.exe]

ntkrnlpa.exe-->ZwYieldExecution, Type: EAT modification 0x82D99004-->82DC7078 [ntkrnlpa.exe]

ntkrnlpa.exe-->_abnormal_termination, Type: EAT modification 0x82D99014-->82C47030 [ntkrnlpa.exe]

ntkrnlpa.exe-->_alldiv, Type: EAT modification 0x82D99018-->82C4705D [ntkrnlpa.exe]

ntkrnlpa.exe-->_alldvrm, Type: EAT modification 0x82D9901C-->82ED7050 [unknown_code_page]

ntkrnlpa.exe-->_allmul, Type: EAT modification 0x82D99020-->82DE7044 [ntkrnlpa.exe]

ntkrnlpa.exe-->_alloca_probe, Type: EAT modification 0x82D99024-->82D77020 [ntkrnlpa.exe]

ntkrnlpa.exe-->_alloca_probe_16, Type: EAT modification 0x82D99028-->82DD7036 [ntkrnlpa.exe]

ntkrnlpa.exe-->_alloca_probe_8, Type: EAT modification 0x82D9902C-->82A47036 [ntkrnlpa.exe]

ntkrnlpa.exe-->_allrem, Type: EAT modification 0x82D99030-->BF26BA55 [unknown_code_page]

ntkrnlpa.exe-->_allshr, Type: EAT modification 0x82D99038-->830D7132 [unknown_code_page]

ntkrnlpa.exe-->_aulldiv, Type: EAT modification 0x82D9903C-->83087064 [unknown_code_page]

ntkrnlpa.exe-->_aulldvrm, Type: EAT modification 0x82D99040-->83127065 [unknown_code_page]

ntkrnlpa.exe-->_aullrem, Type: EAT modification 0x82D99044-->82ED7020 [unknown_code_page]

ntkrnlpa.exe-->_aullshr, Type: EAT modification 0x82D99048-->BF26BA52 [unknown_code_page]

ntkrnlpa.exe-->_CIcos, Type: EAT modification 0x82D99008-->82E97037 [unknown_code_page]

ntkrnlpa.exe-->_CIsin, Type: EAT modification 0x82D9900C-->82E77039 [unknown_code_page]

ntkrnlpa.exe-->_CIsqrt, Type: EAT modification 0x82D99010-->82E77041 [unknown_code_page]

ntkrnlpa.exe-->_except_handler2, Type: EAT modification 0x82D99050-->82D170FE [ntkrnlpa.exe]

ntkrnlpa.exe-->_except_handler3, Type: EAT modification 0x82D99054-->82E8703E [unknown_code_page]

ntkrnlpa.exe-->_global_unwind2, Type: EAT modification 0x82D99058-->82F17045 [unknown_code_page]

ntkrnlpa.exe-->_i64toa_s, Type: EAT modification 0x82D9905C-->82EB702E [unknown_code_page]

ntkrnlpa.exe-->_i64tow_s, Type: EAT modification 0x82D99060-->83057072 [unknown_code_page]

ntkrnlpa.exe-->_itoa, Type: EAT modification 0x82D99064-->830C7070 [unknown_code_page]

ntkrnlpa.exe-->_itoa_s, Type: EAT modification 0x82D99068-->83077069 [unknown_code_page]

ntkrnlpa.exe-->_itow, Type: EAT modification 0x82D9906C-->82D27073 [ntkrnlpa.exe]

ntkrnlpa.exe-->_itow_s, Type: EAT modification 0x82D99070-->82D47049 [ntkrnlpa.exe]

ntkrnlpa.exe-->_local_unwind2, Type: EAT modification 0x82D99074-->82D57037 [ntkrnlpa.exe]

ntkrnlpa.exe-->_ltoa_s, Type: EAT modification 0x82D99078-->82D27032 [ntkrnlpa.exe]

ntkrnlpa.exe-->_ltow_s, Type: EAT modification 0x82D9907C-->83107064 [unknown_code_page]

ntkrnlpa.exe-->_makepath_s, Type: EAT modification 0x82D99080-->82C4706C [ntkrnlpa.exe]

ntkrnlpa.exe-->_purecall, Type: EAT modification 0x82D99084-->82C4705B [ntkrnlpa.exe]

ntkrnlpa.exe-->_snprintf, Type: EAT modification 0x82D99088-->82F47045 [unknown_code_page]

ntkrnlpa.exe-->_snprintf_s, Type: EAT modification 0x82D9908C-->82F37052 [unknown_code_page]

ntkrnlpa.exe-->_snscanf_s, Type: EAT modification 0x82D99090-->82E97043 [unknown_code_page]

ntkrnlpa.exe-->_snwprintf, Type: EAT modification 0x82D99094-->82F77053 [unknown_code_page]

ntkrnlpa.exe-->_snwprintf_s, Type: EAT modification 0x82D99098-->82D47020 [ntkrnlpa.exe]

ntkrnlpa.exe-->_snwscanf_s, Type: EAT modification 0x82D9909C-->82DC7078 [ntkrnlpa.exe]

ntkrnlpa.exe-->_splitpath_s, Type: EAT modification 0x82D990A0-->82E97037 [unknown_code_page]

ntkrnlpa.exe-->_stricmp, Type: EAT modification 0x82D990A4-->82E77039 [unknown_code_page]

ntkrnlpa.exe-->_strlwr, Type: EAT modification 0x82D990A8-->82E77041 [unknown_code_page]

ntkrnlpa.exe-->_strnicmp, Type: EAT modification 0x82D990AC-->82C47030 [ntkrnlpa.exe]

ntkrnlpa.exe-->_strnset, Type: EAT modification 0x82D990B0-->82C4705D [ntkrnlpa.exe]

ntkrnlpa.exe-->_strnset_s, Type: EAT modification 0x82D990B4-->82ED7050 [unknown_code_page]

ntkrnlpa.exe-->_strrev, Type: EAT modification 0x82D990B8-->82DE7044 [ntkrnlpa.exe]

ntkrnlpa.exe-->_strset, Type: EAT modification 0x82D990BC-->82D77020 [ntkrnlpa.exe]

ntkrnlpa.exe-->_strset_s, Type: EAT modification 0x82D990C0-->82DD7036 [ntkrnlpa.exe]

ntkrnlpa.exe-->_strtoui64, Type: EAT modification 0x82D990C4-->82A47036 [ntkrnlpa.exe]

ntkrnlpa.exe-->_strupr, Type: EAT modification 0x82D990C8-->BF26BA42 [unknown_code_page]

ntkrnlpa.exe-->_ui64toa_s, Type: EAT modification 0x82D990D0-->830D710C [unknown_code_page]

ntkrnlpa.exe-->_ui64tow_s, Type: EAT modification 0x82D990D4-->83087064 [unknown_code_page]

ntkrnlpa.exe-->_ultoa_s, Type: EAT modification 0x82D990D8-->83127065 [unknown_code_page]

ntkrnlpa.exe-->_ultow_s, Type: EAT modification 0x82D990DC-->82ED7020 [unknown_code_page]

ntkrnlpa.exe-->_vsnprintf, Type: EAT modification 0x82D990E0-->8305706D [unknown_code_page]

ntkrnlpa.exe-->_vsnprintf_s, Type: EAT modification 0x82D990E4-->83097067 [unknown_code_page]

ntkrnlpa.exe-->_vsnwprintf, Type: EAT modification 0x82D990E8-->82D1702D [ntkrnlpa.exe]

ntkrnlpa.exe-->_vsnwprintf_s, Type: EAT modification 0x82D990EC-->82E8703E [unknown_code_page]

ntkrnlpa.exe-->_vswprintf, Type: EAT modification 0x82D990F0-->BF26BA7D [unknown_code_page]

ntkrnlpa.exe-->_wcslwr, Type: EAT modification 0x82D990F8-->83057113 [unknown_code_page]

ntkrnlpa.exe-->_wcsnicmp, Type: EAT modification 0x82D990FC-->830C7070 [unknown_code_page]

ntkrnlpa.exe-->_wcsnset, Type: EAT modification 0x82D99100-->83077069 [unknown_code_page]

ntkrnlpa.exe-->_wcsnset_s, Type: EAT modification 0x82D99104-->82D27073 [ntkrnlpa.exe]

ntkrnlpa.exe-->_wcsrev, Type: EAT modification 0x82D99108-->82D47049 [ntkrnlpa.exe]

ntkrnlpa.exe-->_wcsset_s, Type: EAT modification 0x82D9910C-->82D47038 [ntkrnlpa.exe]

ntkrnlpa.exe-->_wcsupr, Type: EAT modification 0x82D99110-->82D27035 [ntkrnlpa.exe]

ntkrnlpa.exe-->_wmakepath_s, Type: EAT modification 0x82D99114-->83107064 [unknown_code_page]

ntkrnlpa.exe-->_wsplitpath_s, Type: EAT modification 0x82D99118-->82C4706C [ntkrnlpa.exe]

ntkrnlpa.exe-->_wtoi, Type: EAT modification 0x82D9911C-->82C4705B [ntkrnlpa.exe]

ntkrnlpa.exe-->_wtol, Type: EAT modification 0x82D99120-->82F47045 [unknown_code_page]

[1112]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x771B5206-->00000000 [shell32.dll]

[1112]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x771B5296-->00000000 [shell32.dll]

[1112]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x771B5456-->00000000 [shell32.dll]

[1148]AvastSvc.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - PushRet 0x77313162-->00000000 [unknown_code_page]

[4480]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x771B5206-->00000000 [shell32.dll]

[4480]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x771B5296-->00000000 [shell32.dll]

[4480]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x771B5456-->00000000 [shell32.dll]

[4972]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x771B5206-->00000000 [shell32.dll]

[4972]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x771B5296-->00000000 [shell32.dll]

[4972]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x771B5456-->00000000 [shell32.dll]

[6404]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x771B5206-->00000000 [shell32.dll]

[6404]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x771B5296-->00000000 [shell32.dll]

[6404]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x771B5456-->00000000 [shell32.dll]

[7328]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x771B5206-->00000000 [shell32.dll]

[7328]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x771B5296-->00000000 [shell32.dll]

[7328]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x771B5456-->00000000 [shell32.dll]

[7716]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x771B5206-->00000000 [shell32.dll]

[7716]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x771B5296-->00000000 [shell32.dll]

[7716]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x771B5456-->00000000 [shell32.dll]

Link to post
Share on other sites

Hi,

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done with your internet connection disabled, so you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.

It sounds like a case of Zlob/DNSchanger that change the router's DNS settings.

1. Very important: First disconnect your computer from the internet.

2. Router Reset: Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).

3. Reset the IP/DNS settings of your interent connection:

  • Go to Start -> Control Panel -> Double click on Network Connections.
  • Right click on your default connection (usually Local Area Connection or Wireless Network Connection) and select Properties.
  • Select the General tab.
  • Double click on Internet Protocol (TCP/IP).
    • Under General tab:
      • Select "Obtain an IP address automatically".
      • Select "Obtain DNS server address automatically".

    [*]Click OK twice to save the settings.

    [*]Reboot if you had to change any setting.

4. Flush the DNS cache:

  • Click the Start logo in the bottom left corner of the screen
  • Click on Run
  • In the command window copy/paste the following:
    ipconfig /flushdns


  • Then hit enter.
  • Exit the command window.

5. Reconnect: Once you have followed all the above steps you can reconnect your computer to the internet.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:
    Click me
    If you can't disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.