Sick Desktop Computer "virus called tr/crypt.zpack.gen"

I love this web site but I hate when I have to use it.... I have been here a couple of times and you have helped solve both problems. This time my desktop running Windows XP is down. I think I have a a virus called tr/crypt.zpack.gen. I use AVIRA and the virus keeps popping up and wont go away. I am now getting an error message "critical error damaged hard drive clusters detected. private data is at risk" and the computer locks up. reboot and the same thing...

HELP

OTL logfile created on: 12/7/2010 10:54:17 PM - Run 2
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 34.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 47.00% Paging File free
Paging file location(s): c:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.90 Gb Total Space | 8.25 Gb Free Space | 14.76% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GATEWAY-0R10EG5
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/12/06 19:03:10 | 000,447,488 | ---- | M] (MEDIA Corporation) -- C:\Documents and Settings\Owner\Local Settings\temp\IGwqNKmplw.exe
PRC - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/10 20:55:45 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/02/18 10:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/11/19 22:29:16 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/05/05 05:19:44 | 000,616,408 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
PRC - [2009/05/05 05:19:38 | 001,622,488 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
PRC - [2008/10/15 12:31:53 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008/10/15 12:30:02 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2008/06/12 12:43:30 | 000,053,505 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\guardgui.exe
PRC - [2008/06/12 12:28:45 | 000,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/24 12:25:22 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/26 12:55:04 | 000,283,912 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
PRC - [2005/05/09 15:32:14 | 000,086,016 | ---- | M] (Musicmatch Inc.) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe
PRC - [2005/05/09 15:32:12 | 000,086,016 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
PRC - [2005/01/15 12:03:03 | 000,385,024 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Verizon Online\SupportCenter\SmartBridge\MotiveSB.exe
PRC - [2004/02/21 20:34:12 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2004/02/21 20:28:31 | 000,057,344 | ---- | M] (Lanovation) -- C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
PRC - [2004/01/08 09:50:00 | 000,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
PRC - [2002/06/18 23:05:38 | 000,684,032 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
PRC - [2002/06/03 16:03:24 | 000,094,208 | ---- | M] (OLYMPUS Optical Co.,Ltd) -- C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
PRC - [2002/05/02 09:03:16 | 000,020,563 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\LDCM\BIN\USM.exe
PRC - [2002/05/02 08:53:54 | 000,028,672 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\LDCM\BIN\IIDS.exe
PRC - [2002/03/28 14:35:22 | 000,065,536 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\BootStrap Agent\bsa.exe
PRC - [2002/03/18 05:34:42 | 000,364,544 | ---- | M] (Visual Networks) -- C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
PRC - [2002/03/18 05:34:42 | 000,102,400 | ---- | M] (Visual Networks) -- C:\Program Files\Verizon Online\Visual IP InSight\ipmon32.exe
PRC - [2001/11/07 12:25:54 | 000,020,480 | ---- | M] (BVRP Software) -- C:\Program Files\PhoneTools\capFax.exe

========== Modules (SafeList) ==========

MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/04/10 20:55:45 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2008/04/13 16:12:08 | 000,350,208 | ---- | M] () -- C:\WINDOWS\uyiwahazuyosegef.dll
MOD - [2008/04/13 16:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2007/04/19 13:21:40 | 000,116,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll
MOD - [2005/01/15 12:03:07 | 000,122,880 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Verizon Online\SupportCenter\SmartBridge\SBHook.dll
MOD - [2004/01/08 09:50:00 | 000,024,064 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\Scrolling\LGMSGHK.DLL
MOD - [2004/01/08 09:50:00 | 000,006,144 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\LgWndHk.dll
MOD - [2002/03/18 05:34:42 | 000,094,208 | ---- | M] (Visual Networks) -- C:\Program Files\Verizon Online\Visual IP InSight\iphook32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (win32sl)
SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/01 22:08:29 | 001,029,456 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/05/05 05:19:44 | 000,616,408 | ---- | M] () [Auto | Running] -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService)
SRV - [2008/10/15 12:31:53 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2008/10/15 12:30:02 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2007/09/26 12:55:04 | 000,283,912 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)
SRV - [2004/02/21 20:28:31 | 000,057,344 | ---- | M] (Lanovation) [Auto | Running] -- C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2004/02/21 20:21:07 | 000,045,056 | ---- | M] (LANovation) [On_Demand | Stopped] -- C:\WINDOWS\system32\PCTKRNT.SYS -- (PictureTaker)
SRV - [2003/03/03 13:33:40 | 000,143,360 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2002/05/02 09:06:28 | 000,020,480 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\LDCM\CI\CIMGR\CiMgrLdr.exe -- (Intel CI Manager)
SRV - [2002/05/02 09:01:34 | 000,036,947 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\LDCM\BIN\SSM.exe -- (Intel SSM)
SRV - [2002/05/02 08:53:54 | 000,028,672 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\LDCM\BIN\IIDS.exe -- (Intel IIDS)
SRV - [2002/03/28 14:35:22 | 000,065,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BootStrap Agent\Bsa.exe -- (Intel Bootstrap Agent)


========== Driver Services (SafeList) ==========

DRV - [2010/02/11 04:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/05/27 13:03:34 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/05/27 13:03:18 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2009/05/27 13:03:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2009/03/09 11:06:56 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/04/13 10:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2008/04/13 10:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/03/01 08:34:22 | 000,028,352 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2005/12/10 03:06:00 | 003,536,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/02/21 20:34:15 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2003/12/17 09:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/12/17 09:50:00 | 000,051,729 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (l8042pr2)
DRV - [2003/12/17 09:50:00 | 000,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS -- (LHidFlt2)
DRV - [2002/07/24 10:52:24 | 000,998,004 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2002/07/19 07:48:30 | 000,156,604 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2002/07/19 07:48:20 | 000,213,860 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2002/07/19 07:48:06 | 000,011,068 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2002/07/19 07:48:02 | 000,195,432 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2002/07/19 07:47:50 | 000,837,548 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2002/07/19 07:46:26 | 000,127,948 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2002/07/09 18:10:00 | 000,011,008 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\itchfltr.sys -- (itchfltr)
DRV - [2002/06/18 23:19:18 | 000,070,064 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2002/06/18 23:18:28 | 000,023,420 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2002/06/18 23:14:20 | 000,025,226 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2002/06/18 23:14:14 | 000,029,446 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2002/06/18 23:14:08 | 000,127,026 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2002/06/18 23:09:04 | 000,237,568 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2002/06/18 23:07:42 | 000,206,336 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2002/05/09 15:05:28 | 000,009,978 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cismbios.sys -- (CiSmBios)
DRV - [2001/08/17 05:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 05:28:00 | 000,871,388 | ---- | M] (BCM) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMDM.sys -- (BCMModem)
DRV - [2000/06/06 08:29:58 | 000,006,736 | ---- | M] (RioPort.com) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\RioPnP.sys -- (RioPNP)
DRV - [2000/03/22 20:42:24 | 000,044,192 | ---- | M] (PC-Doctor Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PcdrNt.sys -- (PcdrNt)
DRV - [1999/12/16 23:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

FF - HKLM\software\mozilla\Firefox\extensions\\{C5C3F750-206D-4189-BD90-D4C2EB0A6DF4}: C:\Documents and Settings\Owner\Local Settings\Application Data\{C5C3F750-206D-4189-BD90-D4C2EB0A6DF4} [2010/12/06 19:18:16 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2009/03/18 20:11:11 | 000,302,335 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10444 more lines...

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll ()
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [CapFax] C:\Program Files\PhoneTools\capFax.exe (BVRP Software)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IPInSightLAN 01] C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe (Visual Networks)
O4 - HKLM..\Run: [IPInSightMonitor 01] C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe (Visual Networks)
O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\Program\ADGJDet.exe ()
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [mm_server] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe (Musicmatch Inc.)
O4 - HKLM..\Run: [Motive SmartBridge] C:\Program Files\Verizon Online\SupportCenter\SmartBridge\MotiveSB.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Ozisiduraya] C:\WINDOWS\uyiwahazuyosegef.DLL ()
O4 - HKLM..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [User Space Manager] C:\Program Files\Intel\LDCM\BIN\USM.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc. )
O4 - HKCU..\Run: [ComcastAntispyClient] C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe ()
O4 - HKCU..\Run: [Efufadiyurega] C:\WINDOWS\dapdr32.DLL (Acronis)
O4 - HKCU..\Run: [IGwqNKmplw.exe] C:\Documents and Settings\Owner\Local Settings\temp\IGwqNKmplw.exe (MEDIA Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS Optical Co.,Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.exe (Verizon Internet Solutions)
O9 - Extra 'Tools' menuitem : Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.exe (Verizon Internet Solutions)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [You must be registered and logged in to see this link.] (QuickTime Object)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} [You must be registered and logged in to see this link.] (PCPitstop Utility)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} [You must be registered and logged in to see this link.] (Office Update Installation Engine)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (Reg Error: Key error.)

I was finaly able to run the OTL.... Its all there now.

Thanks.

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [You must be registered and logged in to see this link.] (QuickTime Object)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} [You must be registered and logged in to see this link.] (PCPitstop Utility)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} [You must be registered and logged in to see this link.] (Office Update Installation Engine)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8646A6AF-0AE4-4BF8-B716-DB1513803972} [You must be registered and logged in to see this link.] (SFImageUpload1_8.ImageUpload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_19)
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} [You must be registered and logged in to see this link.] (compid Class)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} [You must be registered and logged in to see this link.] (Create & Print ActiveX Plug-in)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - [You must be registered and logged in to see this link.]
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/01 10:03:55 | 000,000,619 | ---- | M] () - C:\autoAlbum.log -- [ NTFS ]
O32 - AutoRun File - [2004/02/21 20:15:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/08/22 00:16:40 | 000,000,143 | ---- | M] () - C:\AUTOLOG.REG -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/03/01 15:07:36 | 000,000,000 | ---D | M]
NetSvcs: Iprip - C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\System32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {abcdf74f-9a64-4e6e-b8eb-6e5a41de6550} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DBB3C81D-3C91-4a1e-BDDF-905B61C7CEDF} - Security Update for the Microsoft VM
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ctmp3 - C:\WINDOWS\system32\ctmp3.acm (Creative Technology Ltd.)
Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codecx.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (69537874164318208)

========== Files/Folders - Created Within 30 Days ==========

[2010/12/07 04:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/12/07 04:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Identities
[2010/12/06 20:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/12/06 20:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/12/06 19:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/12/06 19:25:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/12/06 19:25:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/12/06 19:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/12/06 19:18:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\{C5C3F750-206D-4189-BD90-D4C2EB0A6DF4}
[2010/12/06 19:01:48 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\test.exe
[2010/11/09 20:14:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Cook'n9
[2010/11/09 20:12:36 | 000,000,000 | ---D | C] -- C:\Program Files\Cook'n9
[2009/06/25 12:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/03/17 21:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/03/16 19:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/03/16 11:44:38 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/03/16 11:44:38 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2004/02/21 21:20:14 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/07 22:36:16 | 012,845,056 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/12/07 22:34:17 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Wzevumusetu.dat
[2010/12/07 22:33:45 | 000,001,475 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows Explorer.lnk
[2010/12/07 20:59:24 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/07 20:02:33 | 000,043,573 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/12/07 20:02:26 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/07 20:02:23 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/12/07 20:02:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/07 20:02:19 | 1340,985,344 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/07 20:01:26 | 000,023,304 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-00581102}.rfx
[2010/12/07 20:01:26 | 000,023,304 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-00581102}.rfx
[2010/12/07 20:01:26 | 000,018,648 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-00581102}.rfx
[2010/12/07 20:01:26 | 000,018,648 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000002-00001102-00000004-00581102}.rfx
[2010/12/07 20:01:26 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/12/07 20:01:26 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/12/07 20:01:26 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-00581102}.dat
[2010/12/07 20:01:26 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-00581102}.dat
[2010/12/07 20:00:43 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/12/07 19:40:19 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/07 19:19:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Kyuya.bin
[2010/12/06 11:35:10 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/12/02 13:57:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/30 22:08:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/11/14 10:12:54 | 000,000,088 | ---- | M] () -- C:\WINDOWS\Cook'n99.ini
[2010/11/10 05:57:39 | 000,524,020 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/11/10 05:57:39 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/10 05:57:39 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/09 20:29:23 | 000,000,411 | ---- | M] () -- C:\WINDOWS\COOK'N5.INI
[2010/11/09 20:27:57 | 001,585,480 | ---- | M] () -- C:\WINDOWS\cooknbackup.ck9
[2010/11/09 20:27:27 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Cook'n Recipe Organizer.lnk
[2010/11/09 20:16:25 | 017,498,618 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\junk.ckn
[2010/11/09 20:12:12 | 169,309,442 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\cookn9-42994.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/06 19:18:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Kyuya.bin
[2010/12/06 19:18:45 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Wzevumusetu.dat
[2010/11/09 20:27:27 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Cook'n Recipe Organizer.lnk
[2010/11/09 20:16:22 | 017,498,618 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\junk.ckn
[2010/01/24 14:45:37 | 000,000,971 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\BBMS_EXCEPTION.txt
[2009/03/22 18:47:51 | 000,000,411 | ---- | C] () -- C:\WINDOWS\COOK'N5.INI
[2009/03/22 18:46:10 | 000,000,088 | ---- | C] () -- C:\WINDOWS\Cook'n99.ini
[2008/07/07 21:13:40 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dsp_trc.dll
[2008/07/07 18:31:30 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\WavCodec.wff
[2008/03/15 13:02:56 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2008/03/15 13:00:02 | 000,000,060 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2008/03/15 13:00:01 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2007/09/26 13:54:44 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/09/30 06:43:15 | 000,005,510 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/09/30 06:43:15 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/03/06 00:53:03 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/02/18 08:39:12 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2006/02/18 08:39:12 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2006/02/18 08:39:12 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2006/02/18 08:39:12 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2006/02/10 08:04:39 | 012,845,056 | ---- | C] () -- C:\Documents and Settings\Owner\ntuser.dat
[2005/12/10 03:06:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/12/10 03:06:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/12/10 03:06:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/12/10 03:06:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/12/10 03:06:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/09/30 18:55:19 | 000,017,332 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/06/22 20:54:18 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2005/06/22 20:05:03 | 000,003,054 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/04/03 17:02:53 | 000,001,065 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\AdobeDLM.log
[2005/03/26 14:08:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\qpw.INI
[2005/01/11 21:31:38 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\ntuser.dat
[2005/01/11 21:31:38 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\ntuser.dat.LOG
[2004/12/19 21:58:41 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameD.txt
[2004/11/28 14:49:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2004/06/27 09:48:12 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/03/31 20:15:32 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/03/01 07:41:17 | 000,186,988 | ---- | C] () -- C:\Documents and Settings\Owner\~
[2004/02/26 18:22:33 | 000,417,792 | ---- | C] () -- C:\WINDOWS\System32\fxdb.dll
[2004/02/26 18:21:26 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\iduninst.dll
[2004/02/26 18:19:58 | 001,213,440 | ---- | C] () -- C:\WINDOWS\System32\opengl.dll
[2004/02/26 18:19:57 | 000,154,624 | ---- | C] () -- C:\WINDOWS\System32\glut.dll
[2004/02/26 18:19:56 | 000,315,904 | ---- | C] () -- C:\WINDOWS\System32\glu.dll
[2004/02/26 18:13:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Dssole.INI
[2004/02/22 01:14:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\dm.ini
[2004/02/22 00:44:47 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/02/21 21:44:02 | 000,000,024 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/02/21 21:43:49 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/02/21 21:38:30 | 000,000,020 | ---- | C] () -- C:\WINDOWS\InfModM.ini
[2004/02/21 21:32:14 | 000,000,104 | ---- | C] () -- C:\WINDOWS\CTRec.INI
[2004/02/21 21:21:49 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/02/21 21:20:46 | 000,053,024 | ---- | C] () -- C:\WINDOWS\System32\UPDDRV9X.DLL
[2004/02/21 21:20:39 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2004/02/21 21:20:36 | 000,037,727 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2004/02/21 21:20:36 | 000,000,092 | ---- | C] () -- C:\WINDOWS\System32\editinf.ini
[2004/02/21 21:20:33 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/02/21 21:19:44 | 000,000,317 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/02/21 20:47:10 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\CTPdeSrvps.dll
[2004/02/21 20:45:47 | 000,009,978 | ---- | C] () -- C:\WINDOWS\System32\drivers\cismbios.sys
[2004/02/21 20:45:39 | 000,014,756 | ---- | C] () -- C:\WINDOWS\System32\Ldcmrc16.dll
[2004/02/21 20:44:15 | 000,000,029 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2004/02/21 20:38:12 | 000,000,195 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/02/21 20:38:01 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\unzdll.dll
[2004/02/21 20:18:18 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Owner\ntuser.ini
[2004/02/21 20:18:17 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Owner\ntuser.dat.LOG
[2003/10/06 12:16:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2003/10/06 12:16:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2003/02/03 06:26:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2002/09/03 05:00:00 | 000,350,208 | ---- | C] () -- C:\WINDOWS\uyiwahazuyosegef.dll
[2002/09/03 05:00:00 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\kb.dll
[1998/08/16 06:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[1996/04/03 11:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/03/01 23:21:34 | 000,000,067 | --S- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 04:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 02:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
[2001/11/07 16:26:26 | 000,009,766 | ---- | M] (BVRP Software) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\wfxprint2000.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2005/06/05 21:06:15 | 000,001,554 | -H-- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2007/06/17 19:53:10 | 000,000,149 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Create & Print Home.url
[2008/09/10 14:43:26 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2004/09/12 16:17:26 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/02/21 20:20:07 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/11/09 20:12:12 | 169,309,442 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\cookn9-42994.exe
[2010/04/10 08:18:59 | 016,291,616 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Owner\Desktop\jre-6u19-windows-i586.exe
[2010/04/10 20:55:45 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/04/13 20:47:03 | 069,663,008 | ---- | M] ( ) -- C:\Documents and Settings\Owner\Desktop\setup_9.0.0.722_14.04.2010_07-11.exe
[2009/01/15 01:00:38 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\test.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2006/03/09 23:10:34 | 000,000,334 | ---- | M] () -- C:\Documents and Settings\Owner\Favorites\Candi's Work Downloads.lnk
[2004/09/12 16:17:27 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Owner\Favorites\Desktop.ini
[2007/11/07 06:07:47 | 000,000,456 | ---- | M] () -- C:\Documents and Settings\Owner\Favorites\Documents.lnk
[2008/07/07 20:32:38 | 000,000,458 | ---- | M] () -- C:\Documents and Settings\Owner\Favorites\NCH Audio and Telephony Software Page.lnk
[2009/06/04 21:49:27 | 000,000,268 | ---- | M] () -- C:\Documents and Settings\Owner\Favorites\NCH Audio and Telephony Software.lnk
[2009/06/04 21:57:02 | 000,000,228 | ---- | M] () -- C:\Documents and Settings\Owner\Favorites\NCH Software Download.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 16:12:08 | 000,003,584 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\kb.dll

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/03/01 15:10:40 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/03/01 23:05:26 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2004/03/01 15:10:40 | 014,942,208 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/03/01 15:10:41 | 003,670,016 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2002/09/03 05:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2002/09/03 05:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[1996/04/03 11:33:26 | 000,005,248 | ---- | M] () -- C:\WINDOWS\system32\giveio.sys
[2002/09/03 05:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2002/09/03 05:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2002/09/03 05:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2002/09/03 05:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2002/09/03 05:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2002/09/03 05:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2002/09/03 05:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2002/09/03 05:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/03 21:45:08 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/03 21:45:14 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/03 21:45:10 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/03 21:45:15 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/03 21:45:12 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2004/02/21 20:21:07 | 000,045,056 | ---- | M] (LANovation) -- C:\WINDOWS\system32\PCTKRNT.SYS
[1999/12/16 23:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\PFMODNT.SYS
[2006/09/24 05:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\system32\speedfan.sys
[2008/04/13 10:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/08/31 05:42:52 | 001,852,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 16:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 16:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 16:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 16:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 16:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 16:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 16:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 16:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 16:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 16:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 16:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 16:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 16:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 16:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 16:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 04:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2001/11/07 16:26:26 | 000,009,766 | ---- | M] (BVRP Software) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\wfxprint2000.dll

< %SYSTEMDRIVE%\*.* >
[2010/12/07 20:02:17 | 000,032,476 | ---- | M] () -- C:\aaw7boot.log
[2007/12/01 10:03:55 | 000,000,619 | ---- | M] () -- C:\autoAlbum.log
[2004/02/21 20:15:07 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2002/08/22 00:16:40 | 000,000,143 | ---- | M] () -- C:\AUTOLOG.REG
[2007/07/06 16:03:15 | 015,357,454 | ---- | M] () -- C:\BHB 5486.wav
[2004/02/25 17:32:49 | 000,000,095 | ---- | M] () -- C:\BIOSID.TXT
[2006/02/12 16:34:51 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2009/03/16 06:51:52 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/02/21 13:58:00 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[1998/10/13 06:25:14 | 000,005,248 | ---- | M] () -- C:\BRCDFIND.EXE
[2004/08/03 22:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/04/11 06:54:13 | 000,011,392 | ---- | M] () -- C:\ComboFix.txt
[2004/02/21 20:15:07 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/11/01 15:30:23 | 155,567,790 | ---- | M] () -- C:\cookn9-42994.exe
[2004/02/21 20:48:22 | 000,000,188 | ---- | M] () -- C:\CtDrvIns.log
[2010/01/27 07:33:59 | 000,146,286 | ---- | M] () -- C:\DVD2Mp4_Log.txt
[2000/12/29 17:07:56 | 001,414,473 | ---- | M] () -- C:\flyer.dwg
[2010/12/07 20:02:19 | 1340,985,344 | -HS- | M] () -- C:\hiberfil.sys
[2003/12/08 12:15:56 | 000,028,672 | R--- | M] ( ) -- C:\hpqimgrc.resources.dll
[2002/10/28 15:54:36 | 000,000,362 | ---- | M] () -- C:\INSERTU.INI
[2004/02/21 20:15:07 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2004/02/21 20:34:45 | 000,000,547 | -H-- | M] () -- C:\IPH.PH
[2006/03/06 21:58:16 | 000,001,623 | ---- | M] () -- C:\iPod_log.txt
[2004/07/03 18:49:20 | 001,197,959 | ---- | M] (Visual Networks ) -- C:\IPVNMonInstaller.exe
[2010/04/10 08:35:48 | 000,012,875 | ---- | M] () -- C:\JavaRa.log
[2002/08/29 03:41:28 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\joy.cpl
[2002/09/03 05:00:00 | 000,025,852 | ---- | M] () -- C:\JOY.CP_
[2004/05/06 16:36:38 | 000,079,507 | ---- | M] () -- C:\JUNK
[2004/05/06 16:31:28 | 000,000,347 | ---- | M] () -- C:\JUNK.BK!
[2004/02/21 20:46:02 | 000,000,052 | -H-- | M] () -- C:\LDISCAN.CFG
[2004/02/21 20:15:07 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/09/12 15:52:27 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/10 14:29:32 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/12/07 20:02:17 | 402,653,184 | -HS- | M] () -- C:\pagefile.sys
[2002/10/11 01:23:22 | 000,473,600 | ---- | M] (Gateway Computers) -- C:\PINSERT.EXE
[2006/03/05 22:08:24 | 021,249,848 | ---- | M] (Apple Computer, Inc.) -- C:\QuickTimeInstaller.exe
[2004/03/16 07:55:21 | 000,012,213 | ---- | M] () -- C:\rjscncm.wp
[2002/05/02 16:58:36 | 000,006,912 | ---- | M] () -- C:\TCREAD.EXE
[2002/08/26 06:56:28 | 000,001,274 | ---- | M] () -- C:\XPHOME.T
[2005/06/22 20:54:03 | 000,001,188 | ---- | M] () -- C:\_Sid.txt
[1 C:\*.tmp files -> C:\*.tmp -> ]

< %PROGRAMFILES%\*. >
[2010/01/27 18:50:29 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/06/21 16:42:25 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2005/10/04 21:19:55 | 000,000,000 | ---D | M] -- C:\Program Files\Autodesk
[2009/03/16 12:00:27 | 000,000,000 | ---D | M] -- C:\Program Files\Avira
[2009/06/05 21:38:33 | 000,000,000 | ---D | M] -- C:\Program Files\AVS4YOU
[2010/07/14 14:13:53 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2004/02/26 18:21:02 | 000,000,000 | ---D | M] -- C:\Program Files\Borland
[2009/07/15 16:05:43 | 000,000,000 | ---D | M] -- C:\Program Files\CA
[2004/11/28 14:51:31 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2009/07/15 16:06:07 | 000,000,000 | ---D | M] -- C:\Program Files\Comcast
[2009/07/15 16:06:01 | 000,000,000 | ---D | M] -- C:\Program Files\comcasttb
[2009/07/15 16:03:38 | 000,000,000 | ---D | M] -- C:\Program Files\ComcastUI
[2010/04/11 06:50:21 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2004/02/21 20:13:07 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/11/09 20:05:58 | 000,000,000 | ---D | M] -- C:\Program Files\Cook'n
[2010/11/14 10:12:35 | 000,000,000 | ---D | M] -- C:\Program Files\Cook'n9
[2004/02/26 18:19:22 | 000,000,000 | ---D | M] -- C:\Program Files\Corel
[2004/02/21 21:18:25 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
[2006/02/18 08:39:08 | 000,000,000 | ---D | M] -- C:\Program Files\Cucusoft
[2004/02/21 20:51:26 | 000,000,000 | ---D | M] -- C:\Program Files\DVD
[2009/03/15 17:07:54 | 000,000,000 | ---D | M] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2009/03/18 19:53:21 | 000,000,000 | ---D | M] -- C:\Program Files\filehippo.com
[2004/02/21 20:30:25 | 000,000,000 | ---D | M] -- C:\Program Files\Gateway
[2010/09/26 04:58:01 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2005/06/22 20:32:32 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2004/02/22 00:02:27 | 000,000,000 | ---D | M] -- C:\Program Files\HighMAT CD Writing Wizard
[2007/11/22 08:51:44 | 000,000,000 | ---D | M] -- C:\Program Files\HOTLLAMA MEDIA
[2010/01/03 21:04:59 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2005/05/26 05:09:13 | 000,000,000 | ---D | M] -- C:\Program Files\IncrediMail
[2007/03/04 21:22:35 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2004/02/25 20:01:19 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2009/03/15 20:27:53 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/07/14 14:19:37 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/07/14 14:20:42 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2009/03/16 19:13:21 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/03/17 21:04:45 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2004/02/25 00:39:01 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2009/03/17 21:55:06 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/09/11 08:25:31 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/09/03 20:00:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2004/03/31 20:14:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2009/09/03 21:28:49 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2004/02/21 20:15:17 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2004/03/31 20:14:08 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/10/01 07:27:52 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2004/03/31 21:14:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Streets & Trips
[2004/03/31 21:12:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2004/03/31 21:11:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works Suite 2003
[2009/03/15 17:07:55 | 000,000,000 | ---D | M] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2004/02/22 00:56:15 | 000,000,000 | ---D | M] -- C:\Program Files\Motive
[2010/08/12 02:03:13 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/08/21 02:09:46 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/03/15 20:33:42 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2004/02/21 20:12:26 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2005/11/26 22:36:21 | 000,000,000 | ---D | M] -- C:\Program Files\MsnMusic
[2006/11/17 15:31:55 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2007/03/04 21:23:16 | 000,000,000 | ---D | M] -- C:\Program Files\MUSICMATCH
[2008/01/09 07:56:28 | 000,000,000 | ---D | M] -- C:\Program Files\MySpace
[2009/06/04 21:49:42 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Software
[2009/06/04 21:57:01 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Swift Sound
[2008/09/10 14:35:08 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2004/03/31 20:25:04 | 000,000,000 | ---D | M] -- C:\Program Files\OfficeUpdate11
[2004/03/07 18:57:01 | 000,000,000 | ---D | M] -- C:\Program Files\Olympus
[2004/02/21 20:13:49 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/05/12 02:02:14 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2006/09/30 06:45:25 | 000,000,000 | ---D | M] -- C:\Program Files\Overland
[2004/02/21 20:31:57 | 000,000,000 | ---D | M] -- C:\Program Files\pc-doctor for windows
[2008/03/15 13:01:14 | 000,000,000 | ---D | M] -- C:\Program Files\pdf995
[2007/10/17 20:55:15 | 000,000,000 | ---D | M] -- C:\Program Files\PhoneTools
[2010/04/15 20:40:07 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2004/02/21 20:34:11 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2009/08/21 02:09:36 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/01/24 14:44:22 | 000,000,000 | ---D | M] -- C:\Program Files\Research In Motion
[2004/02/21 20:40:40 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2009/03/15 17:07:55 | 000,000,000 | ---D | M] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2004/02/21 20:28:32 | 000,000,000 | ---D | M] -- C:\Program Files\SIFXINST
[2007/06/15 20:27:44 | 000,000,000 | ---D | M] -- C:\Program Files\SmartDraw 2007
[2008/07/07 21:13:40 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2009/03/25 20:14:10 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2009/03/15 17:07:55 | 000,000,000 | ---D | M] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2004/07/03 06:28:31 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2004/02/22 00:59:22 | 000,000,000 | ---D | M] -- C:\Program Files\Verizon Online
[2004/02/26 18:26:31 | 000,000,000 | ---D | M] -- C:\Program Files\WexTech
[2006/02/12 14:33:52 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Installer Clean Up
[2004/02/22 00:09:01 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal Viewer
[2009/09/03 20:01:08 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/09/03 20:00:22 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2008/09/10 14:34:59 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/03/15 20:50:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2005/06/29 09:20:09 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2004/02/21 20:15:18 | 000,000,000 | ---D | M] -- C:\Program Files\xerox

< %appdata%\*.* >
[2006/03/07 22:33:16 | 000,001,065 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\AdobeDLM.log
[2010/01/24 14:47:55 | 000,000,971 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\BBMS_EXCEPTION.txt
[2004/02/21 14:08:40 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini
[2005/04/03 17:05:08 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\dm.ini
[2010/06/09 11:19:56 | 000,066,368 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
[2006/09/30 06:43:27 | 000,005,510 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2008/07/21 20:09:51 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\WavCodec.wff


< MD5 for: AGP440.SYS >
[2004/09/12 15:44:46 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/10 14:20:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/09/12 15:44:46 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/09/10 14:20:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 22:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/03 22:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2002/09/03 05:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/09/12 15:44:46 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/10 14:20:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/09/12 15:44:46 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/09/10 14:20:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2002/09/03 05:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:disk.sys
[2004/09/12 15:44:46 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/09/10 14:20:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/09/12 15:44:46 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys
[2008/09/10 14:20:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/03 21:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 10:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 10:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/03 23:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/03 23:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/03 23:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2002/09/03 05:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:usbstor.sys
[2004/09/12 15:44:46 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/09/10 14:20:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2004/09/12 15:44:46 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:usbstor.sys
[2008/09/10 14:20:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/03 22:08:46 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 10:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 10:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-11-11 11:03:34
< End of report >

Hello.

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

ComboFix 10-12-08.02 - Owner 12/08/2010 19:26:04.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.819 [GMT -8:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\Adobe\AdobeUpdate .exe
c:\documents and settings\Owner\Application Data\Adobe\plugs
c:\documents and settings\Owner\Application Data\Adobe\plugs\KB296744296.exe
c:\documents and settings\Owner\Application Data\Adobe\plugs\KB296786531.exe
c:\documents and settings\Owner\System
c:\documents and settings\Owner\System\win_qs7.jqx
c:\documents and settings\Owner\System\win_qs8.jqx
c:\windows\dapdr32.dll
c:\windows\uyiwahazuyosegef.dll

Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\atapi.sys

Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\winlogon.exe

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\explorer.exe

.
((((((((((((((((((((((((( Files Created from 2010-11-09 to 2010-12-09 )))))))))))))))))))))))))))))))
.

2010-12-07 03:18 . 2010-12-08 15:29 0 ----a-w- c:\windows\Kyuya.bin
2010-12-07 03:18 . 2010-12-07 03:18 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{C5C3F750-206D-4189-BD90-D4C2EB0A6DF4}
2010-11-10 04:12 . 2010-11-14 18:12 -------- d-----w- c:\program files\Cook'n9

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-01 23:30 . 2010-11-02 02:00 155567790 ----a-w- C:\cookn9-42994.exe
2010-09-18 19:23 . 2002-09-03 13:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2002-09-03 13:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2002-09-03 13:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2002-09-03 13:00 953856 ------w- c:\windows\system32\mfc40u.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ComcastAntispyClient"="c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-05-05 1622488]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-07-22 577602]
"User Space Manager"="c:\program files\Intel\LDCM\Bin\USM.exe" [2002-05-02 20563]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-02-22 26112]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-12 86016]
"Motive SmartBridge"="c:\progra~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe" [2005-01-15 385024]
"Jet Detection"="c:\program files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-10-04 28672]
"IPInSightMonitor 01"="c:\program files\Verizon Online\Visual IP InSight\IPMon32.exe" [2002-03-18 102400]
"IPInSightLAN 01"="c:\program files\Verizon Online\Visual IP InSight\IPClient.exe" [2002-03-18 364544]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"CapFax"="c:\program files\PhoneTools\CapFax.EXE" [2001-11-07 20480]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-06-19 684032]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-05-09 53248]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360]
"nwiz"="nwiz.exe" [2005-12-10 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-10 86016]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-02 524632]
"mm_server"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_server.exe" [2005-05-09 86016]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Device Detector 2.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2004-3-7 94208]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Intel\\LDCM\\BIN\\USM.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Cook'n9\\Cook'n.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1900:UDP"= 1900:UDP:*:Disabled:@xpsp2res.dll,-22007
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/17/2009 9:09 PM 64160]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [5/5/2009 5:19 AM 616408]
R2 CiSmBios;CiSmBios;c:\windows\system32\drivers\cismbios.sys [2/21/2004 8:45 PM 9978]
R2 Intel Bootstrap Agent;Intel Bootstrap Agent;c:\program files\Intel\BootStrap Agent\bsa.exe [2/21/2004 8:45 PM 65536]
R2 RioPNP;RioPNP;c:\windows\system32\drivers\RioPnP.sys [2/21/2004 8:48 PM 6736]
S2 gupdate1c9a6b15c4c2a8c;Google Update Service (gupdate1c9a6b15c4c2a8c);c:\program files\Google\Update\GoogleUpdate.exe [3/16/2009 7:35 PM 133104]
S3 iscFlash;iscFlash;\??\c:\windows\SYSTEM32\DRIVERS\iscflash.sys --> c:\windows\SYSTEM32\DRIVERS\iscflash.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 11:06 AM 1029456]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys --> c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - IPVNMon
.
Contents of the 'Scheduled Tasks' folder

2010-12-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 06:08]

2010-12-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-17 03:35]

2010-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-17 03:35]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {8646A6AF-0AE4-4BF8-B716-DB1513803972} - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Efufadiyurega - c:\windows\dapdr32.dll
HKLM-Run-Ozisiduraya - c:\windows\uyiwahazuyosegef.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-12-08 19:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, [You must be registered and logged in to see this link.]
Windows 5.1.2600 Disk: WDC_WD600BB-53CAA1 rev.17.07W17 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A2B4555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a2ba7b0]; MOV EAX, [0x8a2ba82c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8A297AB8]
3 CLASSPNP[0xF7657FD7] -> nt!IofCallDriver[0x804E13B9] -> \Device\0000006d[0x8A2A3EB0]
5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E13B9] -> [0x8A284D98]
\Driver\atapi[0x8A2688C0] -> IRP_MJ_CREATE -> 0x8A2B4555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD600BB-53CAA1______________________17.07W17#4457572d414d4638323133393839_037_0_0_0_0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A2B439B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4008)
c:\progra~1\VERIZO~1\SUPPOR~1\SMARTB~1\SBHook.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\CTsvcCDA.exe
c:\program files\Intel\LDCM\bin\IIDS.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Logitech\MouseWare\system\em_exec.exe
c:\program files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2010-12-08 20:06:23 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-09 04:06
ComboFix2.txt 2010-04-11 14:54
ComboFix3.txt 2009-03-16 15:08

Pre-Run: 8,489,010,176 bytes free
Post-Run: 10,072,457,728 bytes free

- - End Of File - - B0E3D739692CCAD99BCD947E06F22610

Hello.

Please download 7-Zip and install it. If you already have it, no need to reinstall.

Then, download RootkitUnhooker and save the setup to your Desktop.

• Right-click on the RootkitUnhooker setup and mouse-over 7-Zip then click Extract to "RKU***"
  
• Once that is done, enter the folder, and double-click on the setup file. Navigate through setup and finish.
  
• Once that is done, you will see another folder that was created inside the RKU folder. Enter that folder, and double-click on the randomly named file. (It will be alpha-numeric and have an EXE extension on it.)
  
• It will initialize itself and load the scanner. It will also install its driver. Please wait for the interface to begin.
  
• Once inside the interface, do not fix anything. Click on the Report tab.
  
• Next, click on the Scan button and a popup will show. Make sure all are checked, then click on OK. It will begin scanning. When it gets to the Files tab, it will ask you what drives to scan. Just select C:\ and hit OK.
  
• It will finish in about 5 minutes or a little longer depending on how badly infected the system is, or if your security software is enabled.
  
• When finished, it will show the report in the Report tab. Please copy all of it, and post it in your next reply. Depending on how large the log is, you may have to use two or three posts to get all the information in.
  

The file is way too big... to post all. Here is the first part...

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>SSDT State
==============================================
ntoskrnl.exe-->NtAcceptConnectPort, Type: Address change 0x805891F1-->80597012 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtAccessCheck, Type: Address change 0x805792D1-->80581B82 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtAccessCheckAndAuditAlarm, Type: Address change 0x8058C5E8-->8058A3B1 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtAccessCheckByType, Type: Address change 0x8058A52C-->805E0ADA [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtAccessCheckByTypeAndAuditAlarm, Type: Address change 0x80590AA6-->8058A438 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtAccessCheckByTypeResultList, Type: Address change 0x806383F2-->80640000 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtAccessCheckByTypeResultListAndAuditAlarm, Type: Address change 0x8063A583-->80642191 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtAccessCheckByTypeResultListAndAuditAlarmByHandle, Type: Address change 0x8063A5CC-->806421DA [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtAddAtom, Type: Address change 0x8057A8C4-->8057FA34 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtAddBootEntry, Type: Address change 0x80649391-->8064FEEB [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtAdjustGroupsToken, Type: Address change 0x80637BAD-->8063F7BF [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtAdjustPrivilegesToken, Type: Address change 0x805900C4-->80589C03 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtAlertResumeThread, Type: Address change 0x8062FCF4-->80637AD6 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtAlertThread, Type: Address change 0x8057ADAD-->8058395D [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtAllocateLocallyUniqueId, Type: Address change 0x80591876-->805E28DD [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtAllocateUserPhysicalPages, Type: Address change 0x80626C4D-->8062E76A [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtAllocateUuids, Type: Address change 0x805DD479-->805DE611 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtAllocateVirtualMemory, Type: Address change 0x80568FCA-->80570BC5 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtAreMappedFilesTheSame, Type: Address change 0x805D9817-->805E7CEE [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtAssignProcessToJobObject, Type: Address change 0x805A253D-->805E8E34 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtCallbackReturn, Type: Address change 0x804E2CC4-->804E4EE4 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtCancelDeviceWakeupRequest, Type: Address change 0x8062C4AE-->80633F02 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtCancelIoFile, Type: Address change 0x805C9BB6-->805D22DF [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtCancelTimer, Type: Address change 0x804ECFBC-->804EC842 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtClearEvent, Type: Address change 0x80569676-->805706C3 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtClose, Type: Address change 0x805678CD-->8056F8D7 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtCloseObjectAuditAlarm, Type: Address change 0x80590532-->80589FE1 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtCompactKeys, Type: Address change 0x8064EC88-->80656040 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtCompareTokens, Type: Address change 0x8058BA4E-->8058596E [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtCompleteConnectPort, Type: Address change 0x80589F39-->80594EDC [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtCompressKey, Type: Address change 0x8064EEF5-->806562AD [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtConnectPort, Type: Address change 0x8058C63A-->80584D73 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtContinue, Type: Address change 0x804E2006-->804E123F [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtCreateDebugObject, Type: Address change 0x8065A3C6-->80661712 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtCreateDirectoryObject, Type: Address change 0x805A2905-->805AF5B7 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtCreateEvent, Type: Address change 0x8056D752-->805744F6 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtCreateEventPair, Type: Address change 0x80649484-->8065053C [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtCreateFile, Type: Address change 0x8056CF98-->80573DFB [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtCreateIoCompletion, Type: Address change 0x8058A785-->805E04F5 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtCreateJobObject, Type: Address change 0x805AB234-->805DBB66 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtCreateJobSet, Type: Address change 0x8063019F-->80637F7D [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtCreateKey, Type: Address change 0x80570833-->F766787E [Lbd.sys]
ntoskrnl.exe-->NtCreateMailslotFile, Type: Address change 0x805D9708-->805DCD0F [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtCreateMutant, Type: Address change 0x80578217-->80582EA8 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtCreateNamedPipeFile, Type: Address change 0x8058412B-->8058DA4C [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtCreatePagingFile, Type: Address change 0x805BBE63-->805BA5CF [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtCreatePort, Type: Address change 0x80597609-->8059EE6E [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtCreateProcess, Type: Address change 0x805B14AC-->805B62C0 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtCreateProcessEx, Type: Address change 0x8057FE4C-->8059056D [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtCreateProfile, Type: Address change 0x80649ABB-->80650B73 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtCreateSection, Type: Address change 0x805652B3-->8056DB66 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtCreateSemaphore, Type: Address change 0x80572620-->8057F95B [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtCreateSymbolicLinkObject, Type: Address change 0x8059F586-->805E78DA [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtCreateThread, Type: Address change 0x80587A3C-->F7AA13B4 [Unknown module filename]
ntoskrnl.exe-->NtCreateTimer, Type: Address change 0x8059E63D-->8059DAF7 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtCreateToken, Type: Address change 0x805A8BDA-->805AC926 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtCreateWaitablePort, Type: Address change 0x805DB1D4-->805B039E [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtDebugActiveProcess, Type: Address change 0x8065B541-->80662889 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtDebugContinue, Type: Address change 0x8065B69B-->806629E3 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtDelayExecution, Type: Address change 0x80566410-->8056EB03 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtDeleteAtom, Type: Address change 0x8058C4E9-->8058771C [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtDeleteBootEntry, Type: Address change 0x8062C4AE-->80633F02 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtDeleteFile, Type: Address change 0x805D80BB-->805DB33C [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtDeleteKey, Type: Address change 0x80595316-->80599783 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtDeleteObjectAuditAlarm, Type: Address change 0x8063A627-->80642231 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtDeleteValueKey, Type: Address change 0x80592D64-->805983A2 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtDeviceIoControlFile, Type: Address change 0x805883AA-->F795E25D [IPVNMon.sys]
ntoskrnl.exe-->NtDisplayString, Type: Address change 0x805BF031-->805BBA82 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtDuplicateObject, Type: Address change 0x805717C5-->8057EDE5 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtDuplicateToken, Type: Address change 0x8057D1CB-->8058C373 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtEnumerateBootEntries, Type: Address change 0x80649391-->8064FEEB [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtEnumerateKey, Type: Address change 0x80570F41-->8057EC5A [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtEnumerateSystemEnvironmentValuesEx, Type: Address change 0x80648E1F-->8064FED7 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtEnumerateValueKey, Type: Address change 0x80589A67-->80594DB6 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtExtendSection, Type: Address change 0x80625A74-->8062D729 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtFilterToken, Type: Address change 0x805B0C90-->805D422D [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtFindAtom, Type: Address change 0x8058BCDE-->805E480C [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtFlushBuffersFile, Type: Address change 0x8058CB4D-->805836A7 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtFlushInstructionCache, Type: Address change 0x80577873-->8058C99A [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtFlushKey, Type: Address change 0x805DC640-->805DF24B [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtFlushVirtualMemory, Type: Address change 0x8059AD24-->805E954C [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtFlushWriteBuffer, Type: Address change 0x806274AF-->8062EFC7 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtFreeUserPhysicalPages, Type: Address change 0x80627002-->8062EB1D [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtFreeVirtualMemory, Type: Address change 0x805698F5-->805710BF [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtFsControlFile, Type: Address change 0x8057AC95-->8058274A [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtGetContextThread, Type: Address change 0x805E04D3-->80635A5D [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtGetDevicePowerState, Type: Address change 0x8062C4DB-->80633F33 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtGetPlugPlayEvent, Type: Address change 0x8059FE35-->805A12E4 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtGetWriteWatch, Type: Address change 0x8053B79D-->8053F757 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtImpersonateAnonymousToken, Type: Address change 0x8059762D-->8059EA22 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtImpersonateClientOfPort, Type: Address change 0x8058B4BA-->805852E1 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtImpersonateThread, Type: Address change 0x8057E821-->8058D42E [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtInitializeRegistry, Type: Address change 0x805A80E6-->805AFB71 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtInitiatePowerAction, Type: Address change 0x8062C293-->80633CE7 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtIsProcessInJob, Type: Address change 0x80630053-->80637E33 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtIsSystemResumeAutomatic, Type: Address change 0x8062C4C1-->80633F17 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtListenPort, Type: Address change 0x805AA775-->805AF9E0 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtLoadDriver, Type: Address change 0x805A3B73-->805AEDE2 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtLoadKey, Type: Address change 0x805AEE7B-->805D45C5 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtLoadKey2, Type: Address change 0x805AECB8-->805D4724 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtLockFile, Type: Address change 0x8058E224-->80587AE9 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtLockProductActivationKeys, Type: Address change 0x805B0E60-->805D3AA2 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtLockRegistryKey, Type: Address change 0x805D0F87-->805CCEFD [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtLockVirtualMemory, Type: Address change 0x805B02E2-->805B3F21 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtMakePermanentObject, Type: Address change 0x8059F9C2-->805E7AE2 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtMakeTemporaryObject, Type: Address change 0x8059F93F-->805E7BA9 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtMapUserPhysicalPages, Type: Address change 0x80626139-->8062DDC6 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtMapUserPhysicalPagesScatter, Type: Address change 0x8062660D-->8062E21F [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtMapViewOfSection, Type: Address change 0x80573D41-->8057A879 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtModifyBootEntry, Type: Address change 0x8062C4AE-->80633F02 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtNotifyChangeDirectoryFile, Type: Address change 0x8059112F-->80587D80 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtNotifyChangeKey, Type: Address change 0x8058EA94-->805E2166 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtNotifyChangeMultipleKeys, Type: Address change 0x8058EB5D-->805E1F78 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtOpenDirectoryObject, Type: Address change 0x80589E32-->8058EE56 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtOpenEvent, Type: Address change 0x8057DEC7-->8058E7F1 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtOpenEventPair, Type: Address change 0x80649577-->8065062F [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtOpenFile, Type: Address change 0x8056CF33-->80579CF1 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtOpenIoCompletion, Type: Address change 0x80616ADF-->80621403 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtOpenJobObject, Type: Address change 0x806303F7-->806381D5 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtOpenKey, Type: Address change 0x80568D48-->80572BDF [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtOpenMutant, Type: Address change 0x805782C5-->80582F56 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtOpenObjectAuditAlarm, Type: Address change 0x80595401-->805E3140 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtOpenProcess, Type: Address change 0x805719AC-->F7AA13A0 [Unknown module filename]
ntoskrnl.exe-->NtOpenProcessToken, Type: Address change 0x8056E0CD-->80578148 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtOpenProcessTokenEx, Type: Address change 0x8056E2C6-->8057809F [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtOpenSection, Type: Address change 0x805711B4-->80578DEE [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtOpenSemaphore, Type: Address change 0x8059F042-->805E7C60 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtOpenSymbolicLinkObject, Type: Address change 0x80589CFE-->8058EDD9 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtOpenThread, Type: Address change 0x8058E5C4-->F7AA13A5 [Unknown module filename]
ntoskrnl.exe-->NtOpenThreadToken, Type: Address change 0x8056DB6A-->805746D2 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtOpenThreadTokenEx, Type: Address change 0x8056DADB-->805745CF [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtOpenTimer, Type: Address change 0x806493AD-->80650465 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtPlugPlayControl, Type: Address change 0x805DB394-->8059CA7D [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtPowerInformation, Type: Address change 0x8059CA1E-->805AA1F0 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtPrivilegeCheck, Type: Address change 0x805DDA4E-->8059CD78 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtPrivilegeObjectAuditAlarm, Type: Address change 0x805DD2E8-->805DE757 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtPrivilegedServiceAuditAlarm, Type: Address change 0x805AA8B8-->805D36C7 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtProtectVirtualMemory, Type: Address change 0x80571E96-->8057F1C3 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtPulseEvent, Type: Address change 0x805DB12C-->805B02F6 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtQueryAttributesFile, Type: Address change 0x80574692-->80579F20 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtQueryBootEntryOrder, Type: Address change 0x80649391-->8064FEEB [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtQueryBootOptions, Type: Address change 0x80649391-->8064FEEB [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtQueryDebugFilterState, Type: Address change 0x804F7E5D-->804FABB1 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtQueryDefaultLocale, Type: Address change 0x80566B82-->8056F0D0 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtQueryDefaultUILanguage, Type: Address change 0x8057EC87-->8058E227 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtQueryDirectoryFile, Type: Address change 0x805722F6-->8057B814 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtQueryDirectoryObject, Type: Address change 0x8058458D-->8059480A [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtQueryEaFile, Type: Address change 0x80616D2C-->8062164C [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtQueryEvent, Type: Address change 0x80589EAF-->8058EBC0 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtQueryFullAttributesFile, Type: Address change 0x8057C9FA-->80580A06 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtQueryInformationAtom, Type: Address change 0x805D7798-->805B065E [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtQueryInformationFile, Type: Address change 0x80572E4F-->8057AB98 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtQueryInformationJobObject, Type: Address change 0x80580A8D-->80590C74 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtQueryInformationPort, Type: Address change 0x80623543-->8062B3D3 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtQueryInformationProcess, Type: Address change 0x8056DD08-->805747B6 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtQueryInformationThread, Type: Address change 0x8056BC5D-->80576860 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtQueryInformationToken, Type: Address change 0x8056E837-->80576F36 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtQueryInstallUILanguage, Type: Address change 0x8057E00B-->8058E95A [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtQueryIntervalProfile, Type: Address change 0x80649F6B-->80651023 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtQueryIoCompletion, Type: Address change 0x80616BA0-->806214C4 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtQueryKey, Type: Address change 0x80570C4A-->8057E85A [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtQueryMultipleValueKey, Type: Address change 0x8064E66B-->80655A23 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtQueryMutant, Type: Address change 0x806498F0-->806509A8 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtQueryObject, Type: Address change 0x8057F694-->8058F010 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtQueryOpenSubKeys, Type: Address change 0x8064E875-->80655C2D [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtQueryPerformanceCounter, Type: Address change 0x80567338-->805708A6 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtQueryQuotaInformationFile, Type: Address change 0x806175F3-->80621F03 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtQuerySection, Type: Address change 0x8057D6B6-->8058CDE7 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtQuerySecurityObject, Type: Address change 0x805DD8EE-->805DFD3E [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtQuerySemaphore, Type: Address change 0x806486EB-->8064F7AF [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtQuerySymbolicLinkObject, Type: Address change 0x80589B6F-->8058EC4A [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtQuerySystemEnvironmentValue, Type: Address change 0x80648E47-->8064FF13 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtQuerySystemEnvironmentValueEx, Type: Address change 0x80648E0C-->8064FEC1 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtQuerySystemInformation, Type: Address change 0x8057BE20-->8058B41A [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtQuerySystemTime, Type: Address change 0x8058A5B6-->8058F990 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtQueryTimer, Type: Address change 0x805873F2-->805E3F41 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtQueryTimerResolution, Type: Address change 0x805841F3-->80591B9D [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtQueryValueKey, Type: Address change 0x8056A1F9-->80572F19 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtQueryVirtualMemory, Type: Address change 0x8056E3C4-->8057C940 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtQueryVolumeInformationFile, Type: Address change 0x8056D1DB-->8057A03C [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtQueueApcThread, Type: Address change 0x8058A487-->805E3E9C [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtRaiseException, Type: Address change 0x804E204E-->804E1287 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtRaiseHardError, Type: Address change 0x80648427-->8064F4EB [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtReadFile, Type: Address change 0x805742F7-->8057495D [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtReadFileScatter, Type: Address change 0x805DA8DF-->806227D7 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtReadRequestData, Type: Address change 0x8058B7FF-->805857F9 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtReadVirtualMemory, Type: Address change 0x8057E4B8-->8058D26B [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtRegisterThreadTerminatePort, Type: Address change 0x80588189-->80596130 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtReleaseMutant, Type: Address change 0x8056647B-->8056EB6E [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtReleaseSemaphore, Type: Address change 0x8058BFFA-->80583298 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtRemoveIoCompletion, Type: Address change 0x80566F99-->8056F54C [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtRemoveProcessDebug, Type: Address change 0x8065B616-->8066295E [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtRenameKey, Type: Address change 0x8064EAEA-->80655EA2 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtReplaceKey, Type: Address change 0x8064F446-->806567FE [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtReplyPort, Type: Address change 0x8057CEC4-->8058C06C [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtReplyWaitReceivePort, Type: Address change 0x8056BA04-->80576817 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtReplyWaitReceivePortEx, Type: Address change 0x8056B51C-->8057632F [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtReplyWaitReplyPort, Type: Address change 0x80623622-->8062B4B2 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtRequestDeviceWakeup, Type: Address change 0x8062C43B-->80633E8F [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtRequestPort, Type: Address change 0x805DD6A4-->805E33BE [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtRequestWaitReplyPort, Type: Address change 0x80576EC6-->8057CD93 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtRequestWakeupLatency, Type: Address change 0x8062C234-->80633C88 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtResetEvent, Type: Address change 0x8059EC05-->8059DE63 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtResetWriteWatch, Type: Address change 0x8053BC32-->8053FBD2 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtRestoreKey, Type: Address change 0x8064EFDD-->80656395 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtResumeProcess, Type: Address change 0x8062FC94-->80637A76 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtResumeThread, Type: Address change 0x805880AF-->80596056 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtSaveKey, Type: Address change 0x8064F0DE-->80656496 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtSaveKeyEx, Type: Address change 0x8064F1C9-->80656581 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtSaveMergedKeys, Type: Address change 0x8064F2F6-->806566AE [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtSecureConnectPort, Type: Address change 0x805888DA-->80596848 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtSetBootEntryOrder, Type: Address change 0x80649391-->8064FEEB [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtSetBootOptions, Type: Address change 0x80649391-->8064FEEB [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtSetContextThread, Type: Address change 0x8062E057-->80635C83 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtSetDebugFilterState, Type: Address change 0x8065D15E-->80664340 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtSetDefaultHardErrorPort, Type: Address change 0x805D5707-->805B5BB1 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtSetDefaultLocale, Type: Address change 0x805AE977-->805DC1D3 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtSetDefaultUILanguage, Type: Address change 0x805AE91E-->805DC17A [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtSetEaFile, Type: Address change 0x8061727B-->80621B91 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtSetEvent, Type: Address change 0x805696C5-->80570634 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtSetEventBoostPriority, Type: Address change 0x80575B6E-->80576CA0 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtSetHighEventPair, Type: Address change 0x80649877-->8065092F [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtSetHighWaitLowEventPair, Type: Address change 0x80649797-->8065084F [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtSetInformationDebugObject, Type: Address change 0x8065AFB7-->806622FF [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtSetInformationFile, Type: Address change 0x80574B2A-->8058A47C [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtSetInformationJobObject, Type: Address change 0x805AB388-->805DBCBA [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtSetInformationKey, Type: Address change 0x8064E1CE-->80655586 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtSetInformationObject, Type: Address change 0x8057DF3D-->8058E8D9 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtSetInformationProcess, Type: Address change 0x8056DDD9-->80574B1F [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtSetInformationThread, Type: Address change 0x80575756-->80576AB3 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtSetInformationToken, Type: Address change 0x805A8772-->805ABFC0 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtSetIntervalProfile, Type: Address change 0x80649A97-->80650B4F [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtSetIoCompletion, Type: Address change 0x8056BEF1-->80576DE6 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtSetLdtEntries, Type: Address change 0x8062ED77-->8063698F [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtSetLowEventPair, Type: Address change 0x8064980B-->806508C3 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtSetLowWaitHighEventPair, Type: Address change 0x80649723-->806507DB [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtSetQuotaInformationFile, Type: Address change 0x806175C9-->80621ED9 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtSetSecurityObject, Type: Address change 0x8059B1F3-->805DFB3F [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtSetSystemEnvironmentValue, Type: Address change 0x806490E4-->806501B0 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtSetSystemEnvironmentValueEx, Type: Address change 0x80648E0C-->8064FEC1 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtSetSystemInformation, Type: Address change 0x805A7C5F-->805B0A14 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtSetSystemPowerState, Type: Address change 0x80667A0B-->8066F0E7 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtSetSystemTime, Type: Address change 0x80647D6F-->8064F19F [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtSetThreadExecutionState, Type: Address change 0x805E0242-->805EB1D2 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtSetTimer, Type: Address change 0x804E57AB-->804E7A55 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtSetTimerResolution, Type: Address change 0x805E08C8-->805EB498 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtSetUuidSeed, Type: Address change 0x805AAA9F-->805D3873 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtSetValueKey, Type: Address change 0x80572A6E-->F7667C10 [Lbd.sys]
ntoskrnl.exe-->NtSetVolumeInformationFile, Type: Address change 0x80617B0F-->80622417 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtShutdownSystem, Type: Address change 0x806474BB-->8064E8EB [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtSignalAndWaitForSingleObject, Type: Address change 0x805173A1-->8051C3B1 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtStartProfile, Type: Address change 0x80649D02-->80650DBA [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtStopProfile, Type: Address change 0x80649EBB-->80650F73 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtSuspendProcess, Type: Address change 0x8062FC39-->80637A1B [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtSuspendThread, Type: Address change 0x805E053E-->80637937 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtSystemDebugControl, Type: Address change 0x8064A01B-->806510D3 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtTerminateJobObject, Type: Address change 0x8063056D-->80638353 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtTerminateProcess, Type: Address change 0x805824CC-->F7AA13AF [Unknown module filename]
ntoskrnl.exe-->NtTerminateThread, Type: Address change 0x8057BA6F-->8059560C [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtTestAlert, Type: Address change 0x80587B96-->80595B3E [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtTraceEvent, Type: Address change 0x80545B50-->805499E0 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtTranslateFilePath, Type: Address change 0x80648E33-->8064FEFF [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtUnloadDriver, Type: Address change 0x80619F32-->80624AC4 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtUnloadKey, Type: Address change 0x8064DD32-->806550EA [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtUnloadKeyEx, Type: Address change 0x8064DF63-->8065531B [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtUnlockFile, Type: Address change 0x8058E384-->80587C49 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtUnlockVirtualMemory, Type: Address change 0x80627525-->8062F03B [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtUnmapViewOfSection, Type: Address change 0x805738C6-->8057A401 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtVdmControl, Type: Address change 0x805B7B07-->805B3552 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtWaitForDebugEvent, Type: Address change 0x8065AD00-->8066204A [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtWaitForMultipleObjects, Type: Address change 0x805666C6-->8056EC49 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtWaitForSingleObject, Type: Address change 0x8056617C-->8056DF62 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtWaitHighEventPair, Type: Address change 0x806496B7-->8065076F [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtWaitLowEventPair, Type: Address change 0x8064964B-->80650703 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtWriteFile, Type: Address change 0x80574DD5-->8058A6FD [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtWriteFileGather, Type: Address change 0x805DA515-->805D25CC [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtWriteRequestData, Type: Address change 0x8058B9EC-->8058587D [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtWriteVirtualMemory, Type: Address change 0x8057E60A-->F7AA13AA [Unknown module filename]
ntoskrnl.exe-->NtYieldExecution, Type: Address change 0x804F0EB6-->80515AB2 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtCreateKeyedEvent, Type: Address change 0x805CBE3D-->805C86C2 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtOpenKeyedEvent, Type: Address change 0x80581818-->805907BF [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtReleaseKeyedEvent, Type: Address change 0x8064A48F-->80651547 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtWaitForKeyedEvent, Type: Address change 0x8064A72A-->806517B2 [C:\WINDOWS\system32\ntoskrnl.exe]
ntoskrnl.exe-->NtQueryPortInformationProcess, Type: Address change 0x8062D835-->80635291 [C:\WINDOWS\system32\ntoskrnl.exe]
==============================================
>Shadow
>Shadow
==============================================
==============================================
>Processes
==============================================
0x8A302830 [4] System
0x88CA0590 [208] C:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)
0x889EA180 [468] C:\Program Files\Intel\LDCM\BIN\USM.exe (Intel(R) Corporation, Intel(R) LANDesk(R) Client Manager User Space Manager)
0x89E24530 [484] C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc., RealPlayer)
0x88EA1590 [500] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe (Motive Communications, Inc., Motive SmartBridge)
0x89E40DA0 [524] C:\Program Files\Verizon Online\Visual IP InSight\ipmon32.exe (Visual Networks, IP Monitor)
0x8A153DA0 [536] C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe (Visual Networks, IP Session Statistics)
0x89FCBB98 [544] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe (Musicmatch Inc., <Musicmatch System Tray Application>)
0x89E6B9D0 [556] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company, HP Framework Component Manager Service)
0x88DB6590 [588] C:\Program Files\PhoneTools\capFax.exe (BVRP Software, Surveillance Capture Fax)
0x89DD0BC8 [648] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe (Roxio, DirectCD Application)
0x88688440 [740] C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc., Bonjour Service)
0x89F28808 [752] C:\WINDOWS\system32\smss.exe (Microsoft Corporation, Windows NT Session Manager)
0x89D90638 [772] C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe (-, -)
0x88AD1628 [804] C:\WINDOWS\system32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
0x89E24020 [816] C:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x89E37CE8 [840] C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x88CFB468 [888] C:\WINDOWS\system32\services.exe (Microsoft Corporation, Services and Controller app)
0x89DCF240 [900] C:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x89E23C48 [968] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH, Antivirus On-Access Service)
0x89E4CDA0 [1080] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x89DAE3B8 [1152] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x88A51180 [1192] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc., Apple Mobile Device Service)
0x89E39AD0 [1252] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x88D36590 [1264] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH, Antivirus System Tray Tool)
0x88DEA590 [1340] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe (Musicmatch Inc., Musicmatch Music Server)
0x88E5F590 [1348] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x88B693C8 [1356] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc., -)
0x8A17FDA0 [1376] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited, RIM Auto Update)
0x8A17FB20 [1392] C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard, hpwuSchd Application)
0x89E366D8 [1416] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe (Musicmatch, Inc., Logging and tracing manager)
0x889CBAC8 [1456] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc., Java(TM) Update Scheduler)
0x88E1C590 [1472] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x89F13B30 [1496] C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe (Adobe Systems Incorporated, Adobe Acrobat SpeedLauncher)
0x889CD658 [1588] C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x89F2E960 [1668] C:\Program Files\QuickTime\QTTask.exe (Apple Inc., QuickTime Task)
0x89E37A18 [1680] C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS Optical Co.,Ltd, Device Detector 2)
0x88BA5BC0 [1700] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated, Adobe Reader and Acrobat Manager)
0x88EB0590 [1704] C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH, Antivirus Scheduler)
0x89DEDA30 [1788] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A157DA0 [1840] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc., iTunesHelper)
0x89DF3590 [1904] C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe (-, -)
0x89E3E840 [1972] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation, CTF Loader)
0x88B0CA70 [2064] C:\WINDOWS\system32\CTsvcCDA.EXE (Creative Technology Ltd, Creative Service for CDROM Access)
0x886605D8 [2120] C:\Documents and Settings\Owner\Desktop\RkU3.8.388.590\MustBeRandomlyNamed\gqE2eG8Q.exe (UG North, RKULE, SR2 Normandy)
0x88B3A630 [2176] C:\Program Files\Intel\BootStrap Agent\bsa.exe (Intel Corporation, Intel Bootstrap Agent)
0x88B41600 [2200] C:\WINDOWS\system32\wuauclt.exe (Microsoft Corporation, Windows Update)
0x89E75888 [2212] C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc., Logitech Events Handler Application)
0x88A5C6A8 [2276] C:\Program Files\Intel\LDCM\BIN\IIDS.exe (Intel(R) Corporation, Intel(R) LANDesk(R) Client Manager Internet Data Server)
0x88A77440 [2372] C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc., Java(TM) Quick Starter Service)
0x889FF820 [2580] C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation, NVIDIA Driver Helper Service, Version 81.98)
0x88AA1360 [2668] C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS (Lanovation, PrismXL Service)
0x8898EBC0 [2816] C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc., SupportSoft Agent Service)
0x89E0D658 [3104] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x88BA09A0 [3284] C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation, Windows User Mode Driver Manager)
0x88A74518 [3688] C:\Program Files\iPod\bin\iPodService.exe (Apple Inc., iPodService Module (32-bit))
==============================================
>Drivers
==============================================
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 3956736 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 81.98 )
0xB8D91000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 3538944 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 81.98 )
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2260992 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2260992 bytes
0x804D7000 RAW 2260992 bytes
0x804D7000 WMIxWDM 2260992 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB8C84000 C:\WINDOWS\System32\DRIVERS\BCMDM.sys 872448 bytes (BCM, Modem Device Driver)
0xB4FA7000 C:\WINDOWS\system32\drivers\ha10kx2k.sys 679936 bytes (Creative Technology Ltd, Creative EMU10KX HAL (WDM))
0xF7B52000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB8BE9000 C:\WINDOWS\system32\drivers\ctaud2k.sys 491520 bytes (Creative Technology Ltd, Creative WDM Audio Device Driver)
0xB4C5A000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB8AC1000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB4D9D000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA7F24000 C:\WINDOWS\System32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB4EB0000 C:\WINDOWS\System32\Drivers\cdudf_xp.SYS 237568 bytes (Roxio, CD-UDF NT Filesystem Driver)
0xB4D17000 C:\WINDOWS\System32\DRIVERS\tcpip6.sys 229376 bytes (Microsoft Corporation, IPv6 driver)
0xB4E43000 C:\WINDOWS\System32\Drivers\UdfReadr_xp.SYS 208896 bytes (Roxio, CD-UDF NT Filesystem Reader Driver)
0xF75A8000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA90A9000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7833000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA7A21000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB4CCA000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB4D4F000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB4D77000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB8B88000 C:\WINDOWS\System32\DRIVERS\e100b325.sys 147456 bytes (Intel Corporation, Intel(R) PRO/100 Adapter NDIS 5.1 driver)
0xA9E96000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB8BC5000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB8D59000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB8C61000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB4CF5000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806FF000 ACPI_HAL 134400 bytes
0x806FF000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF74A0000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB4F5A000 C:\WINDOWS\system32\drivers\ctsfm2k.sys 126976 bytes (Creative Technology Ltd, SoundFont(R) Manager (WDM))
0xF74D8000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB8B47000 C:\WINDOWS\System32\Drivers\pwd_2k.SYS 110592 bytes (Roxio, Win2000 Framework for Packet Write Driver)
0xF796D000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB8BAC000 C:\WINDOWS\system32\drivers\ctoss2k.sys 102400 bytes (Creative Technology Ltd., Creative OS Services Driver (WDM))
0xB4F79000 C:\WINDOWS\system32\drivers\emupia2k.sys 102400 bytes (Creative Technology Ltd, E-mu Plug-in Architecture Driver (WDM))
0xF7954000 IPVNMon.sys 102400 bytes (Visual Networks, IPVNMon)
0xF74C0000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA9E7E000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF7860000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB8B30000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB4F92000 C:\WINDOWS\system32\drivers\ctac32k.sys 86016 bytes (Creative Technology Ltd, Creative AC3 SW Decoder Device Driver (WDM))
0xA9044000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xA80E4000 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys 81920 bytes (Avira GmbH, Avira Minifilter Driver)
0xB8B74000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB8D7D000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB4DF6000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xB8B62000 C:\WINDOWS\System32\Drivers\Cdr4_xp.SYS 73728 bytes (Roxio, CDR4_XP CDR Helper)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF748E000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB4C49000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 69632 bytes (Avira GmbH, Avira Driver for RootKit Detection)
0xF7597000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB8B1F000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB5143000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB9E6A000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB2D2C000 C:\WINDOWS\System32\DRIVERS\LMouFlt2.sys 65536 bytes (Logitech, Inc., Logitech Filter Driver for Mouse Class.)
0xF76A7000 C:\WINDOWS\System32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF7607000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xB9E8A000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF7577000 C:\WINDOWS\System32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xB9E9A000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7667000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0xB9E5A000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB50E3000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF76E7000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7617000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF7657000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB29D8000 C:\WINDOWS\system32\DRIVERS\HPZid412.sys 53248 bytes (HP, IEEE-1284.4-1999 Driver (Windows 2000))
0xB9E4A000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7637000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB9E2A000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7677000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF7537000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB9E7A000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7627000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB9E3A000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF75F7000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF744E000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB9E0A000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7647000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB3170000 C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA364000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF7567000 C:\WINDOWS\system32\drivers\ip6fw.sys 36864 bytes (Microsoft Corporation, IPv6 Windows Firewall Driver)
0xB9E1A000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF7557000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA8D1E000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7587000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xB9418000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF77F7000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xB3429000 C:\WINDOWS\System32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xB9420000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB9410000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF77DF000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7707000 C:\WINDOWS\System32\Drivers\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB93E0000 C:\WINDOWS\system32\DRIVERS\RimSerial.sys 28672 bytes (Research in Motion Ltd, RIM Virtual Serial Driver)
0xB28DD000 C:\WINDOWS\System32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xB3421000 C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xB9408000 C:\WINDOWS\System32\Drivers\Cdralw2k.SYS 24576 bytes (Roxio, CDRAL for Windows 2000 Kernel Driver)
0xB9400000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xB28D5000 C:\WINDOWS\system32\DRIVERS\HPZius12.sys 24576 bytes (HP, 1284.4<->Usb Datalink Driver (Windows 2000))
0xB9139000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xB28CD000 C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys 24576 bytes (Logitech, Inc., Logitech HID Filter Driver.)
0xB9131000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF77FF000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xB9428000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF77E7000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB9121000 C:\WINDOWS\System32\Drivers\dvd_2K.SYS 20480 bytes (Roxio, DVD-RAM AddOn Driver)
0xB9129000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF77EF000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xB93F0000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7717000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB93E8000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xB93F8000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xAA755000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB2784000 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 16384 bytes (HP, IEEE-1284.4-1999 Print Class Driver)
0xB2788000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA7B8000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xBA7E4000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB63BE000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7943000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xB2FA9000 C:\WINDOWS\System32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xF789B000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xA8D7E000 C:\WINDOWS\System32\Drivers\CiSmBios.SYS 12288 bytes
0xAAB06000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xBA7FC000 C:\WINDOWS\System32\DRIVERS\gameenum.sys 12288 bytes (Microsoft Corporation, Game Port Enumerator)
0xB4E7E000 C:\WINDOWS\System32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8A210000 C:\WINDOWS\system32\KDCOM.DLL 12288 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xB2FA5000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA7EC000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB7024000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF792F000 C:\WINDOWS\System32\DRIVERS\tunmp.sys 12288 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0xB5F14000 C:\WINDOWS\System32\Drivers\ASCTRM.SYS 8192 bytes (Windows (R) 2000 DDK provider, TR Manager)
0xF798F000 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xF7A07000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF79C9000 C:\WINDOWS\system32\drivers\ctprxy2k.sys 8192 bytes (Creative Technology Ltd, Creative Proxy Device Driver (WDM))
0xAB986000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7A05000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7989000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7A09000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF799F000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xAD0F0000 C:\WINDOWS\System32\PfModNT.sys 8192 bytes (Creative Technology Ltd., PCI/ISA Device Info. Service)
0xF798B000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xAD08F000 C:\WINDOWS\System32\Drivers\RioPNP.SYS 8192 bytes (RioPort.com, RioPNP 300 driver for Windows NT)
0xF79CF000 C:\WINDOWS\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0xF79D1000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7A03000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7987000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA21C000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xA9F18000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xB9F05000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A4F000 PCIIde.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
!!!!!!!!!!!Hidden driver: 0x8A26139B ?_empty_? 3173 bytes
==============================================
>Stealth

==============================================
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89D99970 ] TID: 112
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x88EDF598 ] TID: 140
0x80562520 Faked ServiceTable-->ctfmon.exe [ ETHREAD 0x89E3E408 ] TID: 156
0x80562520 Faked ServiceTable-->AdobeARM.exe [ ETHREAD 0x889DCB30 ] TID: 164
0x80562520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x88C96598 ] TID: 232
0x80562520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x88CC0598 ] TID: 244
0x80562520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x88D96598 ] TID: 248, 28842884 bytes
0x80562520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x88C90598 ] TID: 260
0x80562520 Faked ServiceTable-->avguard.exe [ ETHREAD 0x89E16020 ] TID: 264, 1319400 bytes
0x80562520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x88D78598 ] TID: 276
0x80562520 Faked ServiceTable-->avguard.exe [ ETHREAD 0x89F0EDA8 ] TID: 300
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88AEADA8 ] TID: 320
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x889BF2C8 ] TID: 328
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89E00DA8 ] TID: 336
0x80562520 Faked ServiceTable-->hpcmpmgr.exe [ ETHREAD 0x8A17BDA8 ] TID: 416
0x80562520 Faked ServiceTable-->jqs.exe [ ETHREAD 0x89F0EB30 ] TID: 420
0x80562520 Faked ServiceTable-->AdobeARM.exe [ ETHREAD 0x889BE3C8 ] TID: 440
0x80562520 Faked ServiceTable-->AdobeARM.exe [ ETHREAD 0x89E3B9F0 ] TID: 448
0x80562520 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x88B0C570 ] TID: 464
0x80562520 Faked ServiceTable-->avguard.exe [ ETHREAD 0x88A275A0 ] TID: 496
0x80562520 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x89E23110 ] TID: 508
0x80562520 Faked ServiceTable-->USM.exe [ ETHREAD 0x89DD4520 ] TID: 520, 5374021 bytes
0x80562520 Faked ServiceTable-->MotiveSB.exe [ ETHREAD 0x89078DA8 ] TID: 548
0x80562520 Faked ServiceTable-->realplay.exe [ ETHREAD 0x88CE2598 ] TID: 552
0x80562520 Faked ServiceTable-->MotiveSB.exe [ ETHREAD 0x8A1765C8 ] TID: 568
0x80562520 Faked ServiceTable-->IPClient.exe [ ETHREAD 0x88EAB598 ] TID: 576
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88A7C020 ] TID: 580
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88E7C598 ] TID: 600
0x80562520 Faked ServiceTable-->MotiveSB.exe [ ETHREAD 0x89DCD5A0 ] TID: 612
0x80562520 Faked ServiceTable-->IPClient.exe [ ETHREAD 0x88E74598 ] TID: 620
0x80562520 Faked ServiceTable-->capFax.exe [ ETHREAD 0x88B87898 ] TID: 636
0x80562520 Faked ServiceTable-->USM.exe [ ETHREAD 0x88EED598 ] TID: 640
0x80562520 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x88A53808 ] TID: 656
0x80562520 Faked ServiceTable-->MotiveSB.exe [ ETHREAD 0x88A15DA8 ] TID: 660
0x80562520 Faked ServiceTable-->wuauclt.exe [ ETHREAD 0x88A5FB30 ] TID: 672, 41115272 bytes
0x80562520 Faked ServiceTable-->IPClient.exe [ ETHREAD 0x89E5ABC8 ] TID: 676
0x80562520 Faked ServiceTable-->IPClient.exe [ ETHREAD 0x89DAE948 ] TID: 680, 8781830 bytes
0x80562520 Faked ServiceTable-->IPClient.exe [ ETHREAD 0x88BAAC38 ] TID: 684
0x80562520 Faked ServiceTable-->USM.exe [ ETHREAD 0x8A1708D0 ] TID: 688, 8781831 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89DCE4C8 ] TID: 716
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A154808 ] TID: 720, 8781831 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89D99BE8 ] TID: 724
0x80562520 Faked ServiceTable-->ipmon32.exe [ ETHREAD 0x89E2F888 ] TID: 736, 8781832 bytes
0x80562520 Faked ServiceTable-->smss.exe [ ETHREAD 0x8A1098E8 ] TID: 756
0x80562520 Faked ServiceTable-->smss.exe [ ETHREAD 0x89F75590 ] TID: 760, 8781832 bytes
0x80562520 Faked ServiceTable-->smss.exe [ ETHREAD 0x89F46DA8 ] TID: 764
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89E38818 ] TID: 768, 8781833 bytes
0x80562520 Faked ServiceTable-->ComcastAntiSpyService.exe [ ETHREAD 0x89DF2628 ] TID: 784
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89E1AB30 ] TID: 788, 8781833 bytes
0x80562520 Faked ServiceTable-->hpcmpmgr.exe [ ETHREAD 0x89E7E358 ] TID: 796
0x80562520 Faked ServiceTable-->ComcastAntiSpyService.exe [ ETHREAD 0x88A716C0 ] TID: 812, 8781836 bytes
0x80562520 Faked ServiceTable-->csrss.exe [ ETHREAD 0x89E541C8 ] TID: 828
0x80562520 Faked ServiceTable-->csrss.exe [ ETHREAD 0x88FB35A0 ] TID: 836, 8781838 bytes
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x88DB5598 ] TID: 852
0x80562520 Faked ServiceTable-->Directcd.exe [ ETHREAD 0x89E385A0 ] TID: 864, 8781839 bytes
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x88D7B598 ] TID: 868
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89E6D130 ] TID: 872, 8781839 bytes
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x88ED84D0 ] TID: 876
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8A143100 ] TID: 880, 8781840 bytes
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8A2191C0 ] TID: 884
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x89DC95C8 ] TID: 916, 8781849 bytes
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x88E83598 ] TID: 920
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x89DBEDA8 ] TID: 924, 8781851 bytes
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x89DC52B8 ] TID: 928
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x88C55598 ] TID: 932, 8781851 bytes
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89DBC628 ] TID: 936
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89DBFDA8 ] TID: 940, 8781853 bytes
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x88D22598 ] TID: 944
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89DEFDA8 ] TID: 948, 8781853 bytes
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x88D0A598 ] TID: 952
0x80562520 Faked ServiceTable-->reader_sl.exe [ ETHREAD 0x89DE5B80 ] TID: 956, 8781857 bytes
0x80562520 Faked ServiceTable-->AppleMobileDeviceService.exe [ ETHREAD 0x889D5BC8 ] TID: 960
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89E6CDA8 ] TID: 964, 8781858 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88A36630 ] TID: 976
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89DB3258 ] TID: 984, 8781858 bytes
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89FE5020 ] TID: 988
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x88A1C020 ] TID: 992, 8781860 bytes
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x889CC020 ] TID: 996
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x889D2020 ] TID: 1000, 8781860 bytes
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x88A82020 ] TID: 1004
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89DC42B8 ] TID: 1008, 8781865 bytes
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x88E824D8 ] TID: 1012
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x88D274A0 ] TID: 1016, 8781867 bytes
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89E4F7E8 ] TID: 1024
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x88EBA598 ] TID: 1028, 8781868 bytes
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x88D1D5A0 ] TID: 1032
0x80562520 Faked ServiceTable-->AppleMobileDeviceService.exe [ ETHREAD 0x889D4628 ] TID: 1040, 8781870 bytes
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x89E2B940 ] TID: 1044
0x80562520 Faked ServiceTable-->ComcastAntiSpyService.exe [ ETHREAD 0x89DF69F0 ] TID: 1048, 8781875 bytes
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x88D87598 ] TID: 1060
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x89DC02C0 ] TID: 1068, 8781887 bytes
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89DE5020 ] TID: 1072
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x89E4AAD0 ] TID: 1076
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89DC8BD0 ] TID: 1088, 25690115 bytes
0x80562520 Faked ServiceTable-->AppleMobileDeviceService.exe [ ETHREAD 0x88B3D958 ] TID: 1092
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x88E45598 ] TID: 1096
0x80562520 Faked ServiceTable-->ComcastAntiSpyService.exe [ ETHREAD 0x89DE7DA8 ] TID: 1100, 7536761 bytes
0x80562520 Faked ServiceTable-->avguard.exe [ ETHREAD 0x89F0C2A8 ] TID: 1112
0x80562520 Faked ServiceTable-->AdobeARM.exe [ ETHREAD 0x88B38C58 ] TID: 1116
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A175A48 ] TID: 1120, 7536761 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89E28860 ] TID: 1128
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88EBB598 ] TID: 1132, 8781914 bytes
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x88D9B598 ] TID: 1140, 3801155 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88DB7598 ] TID: 1160
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88EAF598 ] TID: 1164, 8781914 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88DB1598 ] TID: 1168
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88C77598 ] TID: 1172
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89D9D598 ] TID: 1176, 8781920 bytes
0x80562520 Faked ServiceTable-->MotiveSB.exe [ ETHREAD 0x889B6828 ] TID: 1184
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x890789A0 ] TID: 1188
0x80562520 Faked ServiceTable-->avguard.exe [ ETHREAD 0x88AFD808 ] TID: 1200, 8781922 bytes
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x89DF59E8 ] TID: 1212
0x80562520 Faked ServiceTable-->sprtcmd.exe [ ETHREAD 0x889A0A70 ] TID: 1216
0x80562520 Faked ServiceTable-->avguard.exe [ ETHREAD 0x89E22808 ] TID: 1220, 8781925 bytes
0x80562520 Faked ServiceTable-->avguard.exe [ ETHREAD 0x89E22590 ] TID: 1228, 458782 bytes
0x80562520 Faked ServiceTable-->avguard.exe [ ETHREAD 0x89E75CE8 ] TID: 1232
0x80562520 Faked ServiceTable-->mmtask.exe [ ETHREAD 0x89E4B2E0 ] TID: 1240, 8781928 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89FC6810 ] TID: 1248
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89F14D40 ] TID: 1260
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88F04598 ] TID: 1268, 8781933 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A1829C8 ] TID: 1272
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89E3D020 ] TID: 1276
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88D99598 ] TID: 1280, 8781935 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88D18598 ] TID: 1296
0x80562520 Faked ServiceTable-->mmtask.exe [ ETHREAD 0x89DD3DA8 ] TID: 1300
0x80562520 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x889D4950 ] TID: 1308, 8781940 bytes
0x80562520 Faked ServiceTable-->sprtsvc.exe [ ETHREAD 0x89EF8B30 ] TID: 1316
0x80562520 Faked ServiceTable-->ipmon32.exe [ ETHREAD 0x89DEE860 ] TID: 1320
0x80562520 Faked ServiceTable-->ipmon32.exe [ ETHREAD 0x8A17C7C0 ] TID: 1324, 8781943 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88CFC598 ] TID: 1328, 3342445 bytes
0x80562520 Faked ServiceTable-->ipmon32.exe [ ETHREAD 0x8A17CA38 ] TID: 1332
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88C89598 ] TID: 1368
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88E75598 ] TID: 1372
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89F22670 ] TID: 1384
0x80562520 Faked ServiceTable-->avgnt.exe [ ETHREAD 0x89DC3430 ] TID: 1396
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88AE9B30 ] TID: 1404
0x80562520 Faked ServiceTable-->mmtask.exe [ ETHREAD 0x89DC37F0 ] TID: 1408
0x80562520 Faked ServiceTable-->IPClient.exe [ ETHREAD 0x88A0E3D0 ] TID: 1420
0x80562520 Faked ServiceTable-->IPClient.exe [ ETHREAD 0x89E2DC48 ] TID: 1424
0x80562520 Faked ServiceTable-->RIMAutoUpdate.exe [ ETHREAD 0x89E48DA8 ] TID: 1432
0x80562520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x88B56808 ] TID: 1436
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88E0E598 ] TID: 1440
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88DC3598 ] TID: 1444
0x80562520 Faked ServiceTable-->sprtcmd.exe [ ETHREAD 0x89DACA80 ] TID: 1448
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88DD4598 ] TID: 1460
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88E09598 ] TID: 1464, 32 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88DE9598 ] TID: 1480
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88C85DA8 ] TID: 1484
0x80562520 Faked ServiceTable-->hpwuschd2.exe [ ETHREAD 0x89E4E5F0 ] TID: 1492
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88E9D598 ] TID: 1500, 3211314 bytes
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89D03DA8 ] TID: 1508, 196611 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88E6E598 ] TID: 1512, 851971 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88E04598 ] TID: 1524, 41 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88D63598 ] TID: 1532
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88E48598 ] TID: 1540
0x80562520 Faked ServiceTable-->DevDtct2.exe [ ETHREAD 0x89E3F598 ] TID: 1548, 3342445 bytes
0x80562520 Faked ServiceTable-->DevDtct2.exe [ ETHREAD 0x89DE6980 ] TID: 1552, 7077954 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88A10840 ] TID: 1556, 7536761 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88A0FAD0 ] TID: 1560
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x889ACCB0 ] TID: 1564
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88EA7598 ] TID: 1572
0x80562520 Faked ServiceTable-->jusched.exe [ ETHREAD 0x89E028D8 ] TID: 1580, 10 bytes
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x88CB9598 ] TID: 1592, 64 bytes
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x88DB3598 ] TID: 1596, 70 bytes
0x80562520 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x889D3570 ] TID: 1608
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88F02598 ] TID: 1612, 16386 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88A1DDA8 ] TID: 1616
0x80562520 Faked ServiceTable-->MMDiag.exe [ ETHREAD 0x89DDFA08 ] TID: 1632, 4915316 bytes
0x80562520 Faked ServiceTable-->ComcastAntiSpy.exe [ ETHREAD 0x89DBA508 ] TID: 1636
0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x889CC938 ] TID: 1640
0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x889EFDA8 ] TID: 1648
0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x88A10CB0 ] TID: 1652, 45 bytes
0x80562520 Faked ServiceTable-->DevDtct2.exe [ ETHREAD 0x89D92B80 ] TID: 1672, 458784 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88D6F598 ] TID: 1676
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x88E60598 ] TID: 1692, 7733313 bytes
0x80562520 Faked ServiceTable-->RIMAutoUpdate.exe [ ETHREAD 0x89F5E998 ] TID: 1716
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x88F59598 ] TID: 1720
0x80562520 Faked ServiceTable-->sched.exe [ ETHREAD 0x88DF6598 ] TID: 1724
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88996558 ] TID: 1736
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89BCF9A0 ] TID: 1744
0x80562520 Faked ServiceTable-->sched.exe [ ETHREAD 0x88E66598 ] TID: 1748
0x80562520 Faked ServiceTable-->sched.exe [ ETHREAD 0x88CF7598 ] TID: 1752
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88BA4DA8 ] TID: 1804
0x80562520 Faked ServiceTable-->reader_sl.exe [ ETHREAD 0x89E42678 ] TID: 1824
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88DDF9A0 ] TID: 1828
0x80562520 Faked ServiceTable-->AdobeARM.exe [ ETHREAD 0x89E21590 ] TID: 1832
0x80562520 Faked ServiceTable-->RIMAutoUpdate.exe [ ETHREAD 0x89E57020 ] TID: 1836
0x80562520 Faked ServiceTable-->realplay.exe [ ETHREAD 0x889F0BC8 ] TID: 1844
0x80562520 Faked ServiceTable-->MotiveSB.exe [ ETHREAD 0x88A4A808 ] TID: 1856, 489760 bytes
0x80562520 Faked ServiceTable-->QTTask.exe [ ETHREAD 0x89F2E6E8 ] TID: 1868
0x80562520 Faked ServiceTable-->avgnt.exe [ ETHREAD 0x889B2978 ] TID: 1876, 41118080 bytes
0x80562520 Faked ServiceTable-->AdobeARM.exe [ ETHREAD 0x89BBCDA8 ] TID: 1880
0x80562520 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x89F1A778 ] TID: 1884, 41265408 bytes
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x89DF12F0 ] TID: 1896
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89DE2BD0 ] TID: 1900, 716608 bytes
0x80562520 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x8A189DA8 ] TID: 1928
0x80562520 Faked ServiceTable-->QTTask.exe [ ETHREAD 0x88A829E8 ] TID: 1932
0x80562520 Faked ServiceTable-->AdobeARM.exe [ ETHREAD 0x89D9B730 ] TID: 1936
0x80562520 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x8A15FB30 ] TID: 1940
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x88CD6598 ] TID: 1948
0x80562520 Faked ServiceTable-->Directcd.exe [ ETHREAD 0x89F9C808 ] TID: 1952
0x80562520 Faked ServiceTable-->Directcd.exe [ ETHREAD 0x89DBA780 ] TID: 1956
0x80562520 Faked ServiceTable-->Directcd.exe [ ETHREAD 0x89DBA9F8 ] TID: 1960
0x80562520 Faked ServiceTable-->ComcastAntiSpy.exe [ ETHREAD 0x889AC618 ] TID: 1964
0x80562520 Faked ServiceTable-->ComcastAntiSpyService.exe [ ETHREAD 0x8A17B590 ] TID: 1980, 931808 bytes
0x80562520 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x889D4BC8 ] TID: 1992
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x88C84598 ] TID: 2020, 44742752 bytes
0x80562520 Faked ServiceTable-->csrss.exe [ ETHREAD 0x88A0A7E8 ] TID: 2028
0x80562520 Faked ServiceTable-->mm_server.exe [ ETHREAD 0x89E405E0 ] TID: 2032
0x80562520 Faked ServiceTable-->sprtcmd.exe [ ETHREAD 0x89E59BC8 ] TID: 2036
0x80562520 Faked ServiceTable-->mDNSResponder.exe [ ETHREAD 0x88A74DA8 ] TID: 2052
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x89E18DA8 ] TID: 2056
0x80562520 Faked ServiceTable-->MotiveSB.exe [ ETHREAD 0x88A9BDA8 ] TID: 2072, 44770048 bytes
0x80562520 Faked ServiceTable-->CTsvcCDA.EXE [ ETHREAD 0x89E74D48 ] TID: 2080
0x80562520 Faked ServiceTable-->CTsvcCDA.EXE [ ETHREAD 0x889D5728 ] TID: 2084, 7602254 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89DF8B30 ] TID: 2092
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89F0C9D8 ] TID: 2100
0x80562520 Faked ServiceTable-->mDNSResponder.exe [ ETHREAD 0x8899ADA8 ] TID: 2128
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88684628 ] TID: 2148
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88B39950 ] TID: 2172
0x80562520 Faked ServiceTable-->MotiveSB.exe [ ETHREAD 0x88A9B5A0 ] TID: 2180, 3801155 bytes
0x80562520 Faked ServiceTable-->bsa.exe [ ETHREAD 0x88A3E778 ] TID: 2224
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88AA3DA8 ] TID: 2248
0x80562520 Faked ServiceTable-->bsa.exe [ ETHREAD 0x88AA33B0 ] TID: 2252
0x80562520 Faked ServiceTable-->bsa.exe [ ETHREAD 0x88682020 ] TID: 2256
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88B426D8 ] TID: 2264
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x889C7020 ] TID: 2268
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8899BC70 ] TID: 2272
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88A3CB38 ] TID: 2288
0x80562520 Faked ServiceTable-->bsa.exe [ ETHREAD 0x88AA3020 ] TID: 2296
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88A226B8 ] TID: 2308
0x80562520 Faked ServiceTable-->EM_EXEC.EXE [ ETHREAD 0x8A16ACA8 ] TID: 2312
0x80562520 Faked ServiceTable-->IIDS.exe [ ETHREAD 0x88A007C0 ] TID: 2324
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88684020 ] TID: 2328
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88A759F0 ] TID: 2344
0x80562520 Faked ServiceTable-->iPodService.exe [ ETHREAD 0x88995DA8 ] TID: 2356
0x80562520 Faked ServiceTable-->IIDS.exe [ ETHREAD 0x88A26960 ] TID: 2360
0x80562520 Faked ServiceTable-->IIDS.exe [ ETHREAD 0x88A00DA8 ] TID: 2368
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88684DA8 ] TID: 2392
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88AD5628 ] TID: 2408
0x80562520 Faked ServiceTable-->iPodService.exe [ ETHREAD 0x88AE6020 ] TID: 2412
0x80562520 Faked ServiceTable-->iPodService.exe [ ETHREAD 0x889958E0 ] TID: 2428
0x80562520 Faked ServiceTable-->iPodService.exe [ ETHREAD 0x889B88A0 ] TID: 2432
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88A60020 ] TID: 2452
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88A9C7C0 ] TID: 2456
0x80562520 Faked ServiceTable-->IIDS.exe [ ETHREAD 0x88A5DDA8 ] TID: 2472
0x80562520 Faked ServiceTable-->jqs.exe [ ETHREAD 0x88A595E0 ] TID: 2476
0x80562520 Faked ServiceTable-->IIDS.exe [ ETHREAD 0x88A1F400 ] TID: 2480
0x80562520 Faked ServiceTable-->EM_EXEC.EXE [ ETHREAD 0x88AA2BC8 ] TID: 2484
0x80562520 Faked ServiceTable-->bsa.exe [ ETHREAD 0x89EF7640 ] TID: 2488
0x80562520 Faked ServiceTable-->sprtsvc.exe [ ETHREAD 0x89F09BC8 ] TID: 2524
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88AD5DA8 ] TID: 2536
0x80562520 Faked ServiceTable-->jqs.exe [ ETHREAD 0x88A54020 ] TID: 2556
0x80562520 Faked ServiceTable-->jqs.exe [ ETHREAD 0x88A21598 ] TID: 2564
0x80562520 Faked ServiceTable-->iPodService.exe [ ETHREAD 0x89E1C828 ] TID: 2572
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x889FD808 ] TID: 2608
0x80562520 Faked ServiceTable-->nvsvc32.exe [ ETHREAD 0x88AA4650 ] TID: 2612
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88A6A480 ] TID: 2616, 886680 bytes
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x88A33830 ] TID: 2624, 548952 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88A0B458 ] TID: 2628
0x80562520 Faked ServiceTable-->iPodService.exe [ ETHREAD 0x889C6668 ] TID: 2640
0x80562520 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x88A3C020 ] TID: 2644
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A0DFDA8 ] TID: 2648
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89E6A9F8 ] TID: 2652
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88ADBDA8 ] TID: 2664
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88AE1DA8 ] TID: 2680
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A19A9F0 ] TID: 2684
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x886808D8 ] TID: 2688
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x8A0EC3B0 ] TID: 2696
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x8A13F7B8 ] TID: 2700
0x80562520 Faked ServiceTable-->iPodService.exe [ ETHREAD 0x889B7020 ] TID: 2704
0x80562520 Faked ServiceTable-->iPodService.exe [ ETHREAD 0x889B7B30 ] TID: 2708
0x80562520 Faked ServiceTable-->iPodService.exe [ ETHREAD 0x889B78B8 ] TID: 2712
0x80562520 Faked ServiceTable-->PRISMXL.SYS [ ETHREAD 0x8898FDA8 ] TID: 2724
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x886673B0 ] TID: 2748
0x80562520 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x889C7C10 ] TID: 2752
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x889909E8 ] TID: 2756
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x88A34BC8 ] TID: 2760
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x88A34770 ] TID: 2764
0x80562520 Faked ServiceTable-->PRISMXL.SYS [ ETHREAD 0x88A5DB30 ] TID: 2776
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88666BC8 ] TID: 2780
0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x8867CB30 ] TID: 2796
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8867C8B8 ] TID: 2848
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8867E7D8 ] TID: 2864
0x80562520 Faked ServiceTable-->wuauclt.exe [ ETHREAD 0x889A3980 ] TID: 2868
0x80562520 Faked ServiceTable-->wuauclt.exe [ ETHREAD 0x889FDDA8 ] TID: 2884
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8898E6D0 ] TID: 2888
0x80562520 Faked ServiceTable-->wuauclt.exe [ ETHREAD 0x88ADDDA8 ] TID: 2896
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x88A02BD8 ] TID: 2920
0x80562520 Faked ServiceTable-->wuauclt.exe [ ETHREAD 0x8868BB38 ] TID: 2936
0x80562520 Faked ServiceTable-->wuauclt.exe [ ETHREAD 0x88A60DA8 ] TID: 2948
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88AD9BC8 ] TID: 2952
0x80562520 Faked ServiceTable-->wuauclt.exe [ ETHREAD 0x8A0EC9E8 ] TID: 2956
0x80562520 Faked ServiceTable-->wuauclt.exe [ ETHREAD 0x88A5FDA8 ] TID: 2960
0x80562520 Faked ServiceTable-->sprtsvc.exe [ ETHREAD 0x88AA1B80 ] TID: 2976
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8899D020 ] TID: 2996
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88A9EB38 ] TID: 3048
0x80562520 Faked ServiceTable-->sprtcmd.exe [ ETHREAD 0x88AFBDA8 ] TID: 3092
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89E117B0 ] TID: 3096
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89E00B30 ] TID: 3168
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88AD9728 ] TID: 3184
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88B8C020 ] TID: 3200
0x80562520 Faked ServiceTable-->ComcastAntiSpyService.exe [ ETHREAD 0x88A78020 ] TID: 3208
0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x88A38950 ] TID: 3220
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89072BC8 ] TID: 3224
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x889BD640 ] TID: 3252
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x886667A0 ] TID: 3296
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88666528 ] TID: 3300
0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x88A29DA8 ] TID: 3304
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8898D8C0 ] TID: 3308
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x88A3D528 ] TID: 3332
0x80562520 Faked ServiceTable-->avguard.exe [ ETHREAD 0x8A0EDB98 ] TID: 3360
0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x88A6FBC8 ] TID: 3384, 7864368 bytes
0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x88A6F3B0 ] TID: 3388
0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x88A6F770 ] TID: 3412
0x80562520 Faked ServiceTable-->wdfmgr.exe [ ETHREAD 0x889F67C8 ] TID: 3416
0x80562520 Faked ServiceTable-->alg.exe [ ETHREAD 0x88A9B958 ] TID: 3440
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x889CABC8 ] TID: 3456
0x80562520 Faked ServiceTable-->alg.exe [ ETHREAD 0x889DA5E0 ] TID: 3460
0x80562520 Faked ServiceTable-->alg.exe [ ETHREAD 0x889DA368 ] TID: 3464
0x80562520 Faked ServiceTable-->alg.exe [ ETHREAD 0x88A698B8 ] TID: 3468
0x80562520 Faked ServiceTable-->alg.exe [ ETHREAD 0x88665AA8 ] TID: 3472
0x80562520 Faked ServiceTable-->alg.exe [ ETHREAD 0x88A4B788 ] TID: 3476
0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x88B0D808 ] TID: 3488
0x80562520 Faked ServiceTable-->wdfmgr.exe [ ETHREAD 0x8A0E2DA8 ] TID: 3492
0x80562520 Faked ServiceTable-->jqs.exe [ ETHREAD 0x88B0D368 ] TID: 3504
0x80562520 Faked ServiceTable-->MotiveSB.exe [ ETHREAD 0x88A9A020 ] TID: 3560
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8898D648 ] TID: 3576
0x80562520 Faked ServiceTable-->AdobeARM.exe [ ETHREAD 0x889B59E8 ] TID: 3580
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88A9AA88 ] TID: 3588
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88A6AAA0 ] TID: 3592
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x88A56638 ] TID: 3604
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x889BE8B8 ] TID: 3624
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8865A338 ] TID: 3628
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x88A0A428 ] TID: 3668, 7602254 bytes
0x80562520 Faked ServiceTable-->wdfmgr.exe [ ETHREAD 0x8A18A4E0 ] TID: 3684
0x80562520 Faked ServiceTable-->wdfmgr.exe [ ETHREAD 0x889EC020 ] TID: 3692
0x80562520 Faked ServiceTable-->wdfmgr.exe [ ETHREAD 0x8A18A908 ] TID: 3696
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88994638 ] TID: 3712
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8899D9E8 ] TID: 3716
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8899D770 ] TID: 3720
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A14A310 ] TID: 3752
0x80562520 Faked ServiceTable-->iPodService.exe [ ETHREAD 0x889B7DA8 ] TID: 3796, 589827 bytes
0x80562520 Faked ServiceTable-->IPClient.exe [ ETHREAD 0x8A0ECDA8 ] TID: 3800
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8898BB30 ] TID: 3840
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88A06BE8 ] TID: 3860
0x80562520 Faked ServiceTable-->sprtsvc.exe [ ETHREAD 0x88B3C8A8 ] TID: 3864
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88686B00 ] TID: 3872
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x889ED9E8 ] TID: 3884
0x80562520 Faked ServiceTable-->avguard.exe [ ETHREAD 0x88B8B630 ] TID: 3928, 41465288 bytes
0x80562520 Faked ServiceTable-->avguard.exe [ ETHREAD 0x88A42B40 ] TID: 3932, 5439575 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88A0B020 ] TID: 3944
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x886657B0 ] TID: 3960
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88B69818 ] TID: 3964
0x80562520 Faked ServiceTable-->avguard.exe [ ETHREAD 0x886857E8 ] TID: 3968
0x80562520 Faked ServiceTable-->avguard.exe [ ETHREAD 0x88685570 ] TID: 3972
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89F8D9E8 ] TID: 3976
0x80562520 Faked ServiceTable-->avguard.exe [ ETHREAD 0x889BC670 ] TID: 3980
0x80562520 Faked ServiceTable-->avguard.exe [ ETHREAD 0x8A1497C0 ] TID: 3984
0x80562520 Faked ServiceTable-->avguard.exe [ ETHREAD 0x89F8D020 ] TID: 3996
0x80562520 Faked ServiceTable-->avguard.exe [ ETHREAD 0x89E7D680 ] TID: 4004
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89E6A3C8 ] TID: 4008
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89E1ADA8 ] TID: 4012
0x80562520 Faked ServiceTable-->avguard.exe [ ETHREAD 0x8A14B310 ] TID: 4016
0x80562520 Faked ServiceTable-->avguard.exe [ ETHREAD 0x886864C8 ] TID: 4024
0x80562520 Faked ServiceTable-->avguard.exe [ ETHREAD 0x88B42BC8 ] TID: 4036
0x80562520 Faked ServiceTable-->avguard.exe [ ETHREAD 0x88B8BBE0 ] TID: 4044
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89F08B30 ] TID: 4048
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89DC6450 ] TID: 4052
0x80562520 Faked ServiceTable-->avguard.exe [ ETHREAD 0x8A14A590 ] TID: 4056
0x80562520 Faked ServiceTable-->avguard.exe [ ETHREAD 0x8867BBC8 ] TID: 4060
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89F08318 ] TID: 4064
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89E61020 ] TID: 4072
0x80562520 Faked ServiceTable-->avguard.exe [ ETHREAD 0x88ADABC8 ] TID: 4076
0x80562520 Faked ServiceTable-->avguard.exe [ ETHREAD 0x89DCBDA8 ] TID: 4080
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89F05640 ] TID: 4084
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89E5FB38 ] TID: 4088, 223 bytes
0x80562520 Faked ServiceTable-->avguard.exe [ ETHREAD 0x889C3DA8 ] TID: 4092
0xF74C0000 WARNING: suspicious driver modification [atapi.sys::0x8A26139B]
==============================================
>Files
==============================================
!-->[Hidden] C:\CABS\9522927\APPS
!-->[Hidden] C:\CABS\9522927\PRO100
!-->[Hidden] C:\CABS\9522927\PRO1000
!-->[Hidden] C:\Config.Msi
!-->[Hidden] C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch
!-->[Hidden] C:\Documents and Settings\All Users\.cookn
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Adobe\Acrobat
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Adobe\Reader
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Adobe\Updater6
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Apple
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Apple Computer
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\TEMP\AVGUARD_4d091ce1
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_4b3a691f
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\AVS4YOU
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Cook'n
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Malwarebytes
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\MSDAIPP
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Cm
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Office
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\PlayReady
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\WLSetup
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\pdf995
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Research In Motion
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Sun
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\SupportSoft
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Viewpoint
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86
!-->[Hidden] C:\Documents and Settings\All Users\Documents\microsoft
!-->[Hidden] C:\Documents and Settings\All Users\Documents\My Music
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Audio Related Programs
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Autodesk
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\BlackBerry
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Canon PhotoRecord
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Canon Utilities
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Comcast
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Golden Records Vinyl to CD Converter
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\HP
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Intel Network Adapters
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Tools
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Musicmatch
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\MySpace
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\NCH Software Suite
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\NCH Toolbox
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Olympus DSS Player 2002
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Rootkit Unhooker LE
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Software995
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Sony Digital Voice Editor
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Sony Player Plug-in for WMP
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Utilities
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\WavePad
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\WordPerfect Office 2000
!-->[Hidden] C:\Documents and Settings\Default User\Application Data\Macromedia
!-->[Hidden] C:\Documents and Settings\Default User\Application Data\Macromedia
!-->[Hidden] C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch
!-->[Hidden] C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch
!-->[Hidden] C:\Documents and Settings\Default User\Local Settings\Application Data\Adobe
!-->[Hidden] C:\Documents and Settings\Default User\Local Settings\Application Data\Adobe
!-->[Hidden] C:\Documents and Settings\Guest
!-->[Hidden] C:\Documents and Settings\LocalService\Application Data\Adobe
!-->[Hidden] C:\Documents and Settings\LocalService\Application Data\Identities
!-->[Hidden] C:\Documents and Settings\LocalService\Application Data\Macromedia
!-->[Hidden] C:\Documents and Settings\LocalService\Application Data\Microsoft\Internet Explorer\Quick Launch
!-->[Hidden] C:\Documents and Settings\LocalService\Application Data\Microsoft\Internet Explorer\UserData
!-->[Hidden] C:\Documents and Settings\LocalService\Desktop
!-->[Hidden] C:\Documents and Settings\LocalService\Favorites
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Feeds
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Internet Explorer
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows Live Contacts
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows Live Mail
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows Media
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\MSHist012008032620080327
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\MSHist012010120620101207
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\MSHist012010120720101208
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8HQGIPP7
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\9WXJJPU0
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OVMES9LC
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TYOVEJ4H
!-->[Hidden] C:\Documents and Settings\LocalService\Start Menu
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Apple Computer
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\WWXNXMSA\67.15.218.106\syndicate\bighealthtree
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\WWXNXMSA\admin.brightcove.com
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\WWXNXMSA\ak.c.ooyala.com
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\WWXNXMSA\cdn.gigya.com
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\WWXNXMSA\cdn.visiblemeasures.com
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\WWXNXMSA\cdn2.telemetryverification.net
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\WWXNXMSA\convoad.technoratimedia.com
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\WWXNXMSA\convoad.technoratimedia.net
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\WWXNXMSA\core.videoegg.com
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\WWXNXMSA\flash.quantserve.com
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\WWXNXMSA\games-fe14.gamesville.com
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\WWXNXMSA\i2.current.com
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\WWXNXMSA\is1.j.tv2n.net
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\WWXNXMSA\media.scanscout.com
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\WWXNXMSA\media1.break.com
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\WWXNXMSA\player.onescreen.net\1.6
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\WWXNXMSA\player.videopublishing.com
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\WWXNXMSA\s.ytimg.com
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\WWXNXMSA\secure-us.imrworldwide.com
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\WWXNXMSA\static.scanscout.com
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\WWXNXMSA\static2.filmannex.com
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\WWXNXMSA\ui.mevio.com
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\WWXNXMSA\vdassets.bitgravity.com
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\WWXNXMSA\vizu.com
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\WWXNXMSA\vox-static.liverail.com
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\WWXNXMSA\[You must be registered and logged in to see this link.]
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\WWXNXMSA\[You must be registered and logged in to see this link.]
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\WWXNXMSA\[You must be registered and logged in to see this link.]
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\WWXNXMSA\[You must be registered and logged in to see this link.]
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#admin.brightcove.com
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ak.c.ooyala.com
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.gigya.com
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.visiblemeasures.com
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn1.telemetryverification.net
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn2.telemetryverification.net
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#convoad.technoratimedia.com
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#core.videoegg.com
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flash.quantserve.com
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#i2.current.com
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#is1.j.tv2n.net
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#media.scanscout.com
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#media1.break.com
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#player.videopublishing.com
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s.ytimg.com
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#secure-us.imrworldwide.com
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.scanscout.com
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static2.filmannex.com
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ui.mevio.com
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#vdassets.bitgravity.com
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#vizu.com
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#vox-static.liverail.com
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#[You must be registered and logged in to see this link.]
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#[You must be registered and logged in to see this link.]
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#[You must be registered and logged in to see this link.]
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#[You must be registered and logged in to see this link.]
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Microsoft\Internet Explorer\Quick Launch
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@3199033383.pub.ezanga[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@77.79.13[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@abmr[2].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@admonkey.dapper[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@adnxs[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@amgdgt[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@b3.mookie1[2].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@bestofyoutube.mevio[2].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@bighealthtree[2].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@bluekai[2].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[2].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[3].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@crux.mevio[2].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@demr.opt.fimserve[2].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@displaymarketplace[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@exelator[2].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@fimserve[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@kontera[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@mathtag[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@mevio[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@mmismm[2].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@mybloglog[2].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@opt.fimserve[2].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@p-td[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[2].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@qydjuk[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@sharethis[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@shefinds[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@technoratimedia[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@turn[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@vindicosuite[2].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@voicefive[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@[You must be registered and logged in to see this link.]
!-->[Hidden] C:\Documents and Settings\NetworkService\Cookies\system@yahoo[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Silverlight
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\63WLBL3K\avatar[1].png
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\63WLBL3K\basandroid-us-e[1].png
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\63WLBL3K\beacon[4].js
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\63WLBL3K\Green_Tea_Breast_Cancer__30sec__787[1].jpg
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\63WLBL3K\health[1].xml
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\63WLBL3K\meviounderground-us-e[1].png
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\70K5GHS6\0840a10f83d9aeb30792b3315acc5fd6a31b6b67[1].jpg
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\70K5GHS6\1103[1].jpg
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\70K5GHS6\1472e5c6d464938d113b1a1f7ae5cbfb1de0f6ba[1].jpg
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\70K5GHS6\167600[1].jpg
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\70K5GHS6\278ce2b539717632359538c00a911f15ba51d0af[1].jpg
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\70K5GHS6\72ae762005a228beaa4cb42f1feddd88bcd1df38[1].jpg
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\70K5GHS6\81ffed493b5cf37b6e942659a2a17e5962691f37[1].jpg
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\70K5GHS6\avatar[1].png
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\70K5GHS6\checkBrowser[2].htm
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\70K5GHS6\ht_landing[1].txt
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9I63Y800
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\DUY5OV07\kvvchoiceselect%3Dtrue%3B%3B%3Bkvtakeover%3Dtrue;loc=100;noperf=1;target=_blank;cc=2;sub1=1784397;sub2=1784399;sub3=1784401;sub4=1784398;misc=368367014[1]]
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GK8VSLM7\10%2F12%2F08%2Fcharlize-theron-lists%3Bkvmn%3D93305284%3Bkvtid%3D16g0muh1efmphu%3Bkvseg%3D99999%3A50212%3A50224%3Bnodecode%3Dyes%3Blink%3D;ord=905585851[1]5
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\IME3XSMF
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JOTZ6SHY
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LYNSQMW4
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UICZL9JY\kvvchoiceselect%3Dtrue%3B%3B%3Bkvtakeover%3Dtrue;loc=100;noperf=1;target=_blank;cc=2;sub1=1784397;sub2=1784399;sub3=1784401;sub4=1784398;misc=194263596[1]50
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UICZL9JY\TtwtCKIFFhqFlVuBq930w7n8TUTJu43g_JeS27vXNV3LoQ4BMCf_6lYvtF8XkUcTFY7nAvxa8AYJODSe2EIt8FgiKOaJkhW-V4Lgu-qX2T4yF-s39qPib4n7RiOP0hLjkWh1ZtbJJOvl3DE5_xpJ[1].htm8
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZF66FNN8\npl=y;kvcmsid%3D19751868%3Bkvpg=housingwatch%2F2010%2F12%2F08%2Fcharlize-theron-lists;kvmn=93305285;target=_blank;aduho=480;grp=905598734;misc=905598734[1]4
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZF66FNN8\npl=y;kvcmsid%3D19751868%3Bkvpg=housingwatch%2F2010%2F12%2F08%2Fcharlize-theron-lists;kvmn=93306712;target=_blank;aduho=480;grp=905598734;misc=905598734[1]4
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZF66FNN8\ue%3Bkvvchoiceselect%3Dtrue%3B%3B%3Bkvtakeover%3Dtrue;loc=100;noperf=1;target=_blank;cc=2;sub1=394427;sub2=394426;sub3=394424;sub4=394425;misc=766984872[1]4
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Adobe\Acrobat\6.0\Messages
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Adobe\Acrobat\7.0
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Adobe\Acrobat\9.0\Forms
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Adobe\Acrobat\9.0\Security
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Adobe\Acrobat\9.0\Synchronizer
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Adobe\AIR\Updater
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Adobe\ESD
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Adobe\Flash Player
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Adobe\Linguistics
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Adobe\LogTransport2
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Apple Computer\Logs
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Apple Computer\MobileSync
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Apple Computer\Preferences
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Apple Computer\SyncServices
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Autodesk
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\AVS4YOU
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\CallingID
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\comcasttb
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Google
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Help
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\HpUpdate
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Macromedia
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Malwarebytes
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Microsoft\AddIns
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Microsoft\Clip Organizer
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Microsoft\CLR Security Config
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Microsoft\Excel
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Microsoft\Forms

!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Microsoft\IdentityCRL
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Microsoft\Installer
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Microsoft\Media Player\Skins
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Microsoft\MSN Messenger
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Microsoft\Office
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Microsoft\Proof
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Microsoft\Speech
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Microsoft\Templates
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Microsoft\Windows Messenger
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Microsoft\Word
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Move Networks
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Mozilla
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Musicmatch\Jukebox
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Musicmatch\Plugins\Portables\Iomega_3
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Musicmatch\Plugins\Portables\LyraHD_4\LyraHDD
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Musicmatch\Plugins\Portables\WMDM9_2\Icons
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\MySpace
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\OverDrive
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\pdf995
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Research In Motion
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\SmartDraw
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Sun\Java\jre1.6.0_19
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\U3
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Viewpoint
!-->[Hidden] C:\Documents and Settings\Owner\Application Data\Walgreens
!-->[Hidden] C:\Documents and Settings\Owner\Desktop\JavaRa
!-->[Hidden] C:\Documents and Settings\Owner\Desktop\RkU3.8.388.590
!-->[Hidden] C:\Documents and Settings\Owner\Favorites\Comcast Links
!-->[Hidden] C:\Documents and Settings\Owner\Favorites\Corel on the Web
!-->[Hidden] C:\Documents and Settings\Owner\Favorites\Goats
!-->[Hidden] C:\Documents and Settings\Owner\Favorites\Microsoft Websites
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe\Acrobat\7.0
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe\Acrobat\9.0
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe\Color
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe\Updater6
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Apple
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\ApplicationHistory
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Google
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Help
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\HP
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\IM
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\IsolatedStorage
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Feeds
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Feeds Cache
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\racacagimo@msn.com
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Office
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Silverlight
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Contacts
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Media\10.0
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Works
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\Musicmatch
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\SupportSoft
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Application Data\WMTools Downloaded Files
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Apps
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012004022720040228
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012004052720040528
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012004080720040808
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012004100820041009
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012004111120041112
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012005021120050212
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012008032620080327





!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012008061720080618
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012009020920090210
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\3LS3JJD6\6;qcseg=2675;qcseg=2674;qcseg=2673;qcseg=2672;qcseg=2160;qcseg=1629;qcseg=1628;qcseg=1627;qcseg=1626;qcseg=1619;qcseg=1618;qcseg=1608;qcseg=1544;ord=290066458304[1]2
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\TOGF0GNB\6;qcseg=2675;qcseg=2674;qcseg=2673;qcseg=2672;qcseg=2160;qcseg=1629;qcseg=1628;qcseg=1627;qcseg=1626;qcseg=1619;qcseg=1618;qcseg=1608;qcseg=1544;ord=290066458304[1]7
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\TOGF0GNB\6;qcseg=2675;qcseg=2674;qcseg=2673;qcseg=2672;qcseg=2160;qcseg=1629;qcseg=1628;qcseg=1627;qcseg=1626;qcseg=1619;qcseg=1618;qcseg=1608;qcseg=1544;ord=290066458304[2]7
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.MSO
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\X255P7H3
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\temp\DefaultEmoticons
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\temp\hsperfdata_Owner
!-->[Hidden] C:\Documents and Settings\Owner\Local Settings\temp\Icons
!-->[Hidden] C:\Documents and Settings\Owner\My Documents\All Files\Family History Stuff
!-->[Hidden] C:\Documents and Settings\Owner\My Documents\All Files\Feb 21 2004 (D)\Old computer files (Ray and Candi)\My Documents\RAY\Car Maintenance
!-->[Hidden] C:\Documents and Settings\Owner\My Documents\All Files\Misc Junk\WORK\Templates
!-->[Hidden] C:\Documents and Settings\Owner\My Documents\All Files\Music before i-pod
!-->[Hidden] C:\Documents and Settings\Owner\My Documents\All Files\Ray Stuff
!-->[Hidden] C:\Documents and Settings\Owner\My Documents\Backup-(2009-08-31).ipd::$DATA
!-->[Hidden] C:\Documents and Settings\Owner\My Documents\Cook'n9
!-->[Hidden] C:\Documents and Settings\Owner\My Documents\Corel User Files
!-->[Hidden] C:\Documents and Settings\Owner\My Documents\My Music\From Tapes\Misc
!-->[Hidden] C:\Documents and Settings\Owner\My Documents\My Music\iTunes
!-->[Hidden] C:\Documents and Settings\Owner\My Documents\My Music\My Playlists
!-->[Hidden] C:\Documents and Settings\Owner\My Documents\My Music\NEED TO CONVERT TO IPOD
!-->[Hidden] C:\Documents and Settings\Owner\My Documents\My Music\Various Artists
!-->[Hidden] C:\Documents and Settings\Owner\My Documents\My Pictures\Adobe
!-->[Hidden] C:\Documents and Settings\Owner\My Documents\My Pictures\aerial of house
!-->[Hidden] C:\Documents and Settings\Owner\My Documents\My Pictures\ash-tree-place-sewer
!-->[Hidden] C:\Documents and Settings\Owner\My Documents\My Pictures\BlackBerry
!-->[Hidden] C:\Documents and Settings\Owner\My Documents\My Pictures\draft-memo
!-->[Hidden] C:\Documents and Settings\Owner\My Documents\My Pictures\drive-pipe-crossing-sketch
!-->[Hidden] C:\Documents and Settings\Owner\My Documents\My Pictures\Flescher Photos
!-->[Hidden] C:\Documents and Settings\Owner\My Documents\My Pictures\iPod Photo Cache
!-->[Hidden] C:\Documents and Settings\Owner\My Documents\My Pictures\ipod-pictures
!-->[Hidden] C:\Documents and Settings\Owner\My Documents\My Pictures\mom scan 1
!-->[Hidden] C:\Documents and Settings\Owner\My Documents\My Pictures\mom scan 3
!-->[Hidden] C:\Documents and Settings\Owner\My Documents\My Pictures\mom scan 5
!-->[Hidden] C:\Documents and Settings\Owner\My Documents\My Pictures\mom scan 6
!-->[Hidden] C:\Documents and Settings\Owner\My Documents\My Pictures\mom scan 7
!-->[Hidden] C:\Documents and Settings\Owner\My Documents\My Pictures\mom scan 8
!-->[Hidden] C:\Documents and Settings\Owner\My Documents\My Scans\2007-11 (Nov)
!-->[Hidden] C:\Documents and Settings\Owner\My Documents\My Scans\2009-12 (Dec)
!-->[Hidden] C:\Documents and Settings\Owner\My Documents\My Videos
!-->[Hidden] C:\Documents and Settings\Owner\My Documents\MySpaceIM Pics
!-->[Hidden] C:\Documents and Settings\Owner\NetHood\c on Office Computer (Gateway-0r10eg5)
!-->[Hidden] C:\Documents and Settings\Owner\NetHood\My Documents on Office Computer (Gateway-0r10eg5)
!-->[Hidden] C:\Documents and Settings\Owner\NetHood\My Music main on Office Computer (Gateway-0r10eg5)
!-->[Hidden] C:\Documents and Settings\Owner\NetHood\My Web Sites on MSN
!-->[Hidden] C:\Documents and Settings\Owner\NetHood\Owner on Office Computer (Gateway-0r10eg5)
!-->[Hidden] C:\Documents and Settings\Owner\NetHood\SharedDocs on Office Computer (Gateway-0r10eg5)
!-->[Hidden] C:\Documents and Settings\Owner\Recent\SharedDocs on Candi's laptop (Laptop)
!-->[Hidden] C:\Documents and Settings\Owner\Recent\SharedDocs on Candi's laptop (Laptop) (2)
!-->[Hidden] C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\System Tools
!-->[Hidden] C:\Documents and Settings\Owner\Start Menu\Programs\Administrative Tools
!-->[Hidden] C:\Documents and Settings\Owner\Start Menu\Programs\HP
!-->[Hidden] C:\Documents and Settings\Owner\Start Menu\Programs\OverDrive Media Console
!-->[Hidden] C:\Documents and Settings\Owner\Start Menu\Programs\SEMD Demo
!-->[Hidden] C:\Documents and Settings\Owner\Start Menu\Programs\SmartDraw 2007
!-->[Hidden] C:\Documents and Settings\Owner\Tracing
!-->[Hidden] C:\Documents and Settings\Owner\WINDOWS
!-->[Hidden] C:\Not sure if i can delete\02549d44d86603af7f1b45
!-->[Hidden] C:\Not sure if i can delete\638ab4f455c873deeb66c96f
!-->[Hidden] C:\Not sure if i can delete\b41e55436217c16cdf35af0749
!-->[Hidden] C:\Not sure if i can delete\b95a596e66c6e713bbb1
!-->[Hidden] C:\Not sure if i can delete\Config.Msi
!-->[Hidden] C:\Not sure if i can delete\DSSPlayer
!-->[Hidden] C:\Not sure if i can delete\f71909ad98d3b5cccf46688f4645e2f5
!-->[Hidden] C:\Our Programs
!-->[Hidden] C:\Program Files\7-Zip
!-->[Hidden] C:\Program Files\Adobe\Acrobat 7.0
!-->[Hidden] C:\Program Files\Adobe\Acrobat.com
!-->[Hidden] C:\Program Files\Adobe\Reader 9.0
!-->[Hidden] C:\Program Files\Adobe\{AC76BA86-0000-0000-7AC5-6028747ADE00}
!-->[Hidden] C:\Program Files\Apple Software Update
!-->[Hidden] C:\Program Files\Autodesk
!-->[Hidden] C:\Program Files\Avira\AntiVir PersonalEdition Classic\EVENTDB
!-->[Hidden] C:\Program Files\AVS4YOU
!-->[Hidden] C:\Program Files\Bonjour
!-->[Hidden] C:\Program Files\Borland
!-->[Hidden] C:\Program Files\CA
!-->[Hidden] C:\Program Files\Canon
!-->[Hidden] C:\Program Files\Comcast
!-->[Hidden] C:\Program Files\comcasttb
!-->[Hidden] C:\Program Files\ComcastUI
!-->[Hidden] C:\Program Files\Common Files\Adobe\Acrobat
!-->[Hidden] C:\Program Files\Common Files\Adobe\ARM
!-->[Hidden] C:\Program Files\Common Files\Adobe\Help
!-->[Hidden] C:\Program Files\Common Files\Adobe\Updater6
!-->[Hidden] C:\Program Files\Common Files\Apple
!-->[Hidden] C:\Program Files\Common Files\Autodesk Shared
!-->[Hidden] C:\Program Files\Common Files\AVSMedia
!-->[Hidden] C:\Program Files\Common Files\Designer
!-->[Hidden] C:\Program Files\Common Files\Hewlett-Packard
!-->[Hidden] C:\Program Files\Common Files\HP
!-->[Hidden] C:\Program Files\Common Files\InstallShield\Driver
!-->[Hidden] C:\Program Files\Common Files\InstallShield\Professional\RunTime\11
!-->[Hidden] C:\Program Files\Common Files\Java
!-->[Hidden] C:\Program Files\Common Files\LHSPF
!-->[Hidden] C:\Program Files\Common Files\Logitech\Scrolling
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\CDO
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\Dashboard Components
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1026
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1027
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1029
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1030
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1032
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1035
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1037
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1038
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1043
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1044
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1045
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1046
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1048
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1049
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1050
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1051
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1053
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1054
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1055
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1058
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1060
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1061
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1062
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1063
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1081
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\2068
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\2070
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\2074
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\3076
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\Euro
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\Grphflt
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\Information Retrieval
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\MSClientDataMgr
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\MSORun
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\MSSearch
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\Office10
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\Proof
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\Reference Titles
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\Smart Tag
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\Themes
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\VBA
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\VC
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\Web Components
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\Web Folders\1033
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\web server extensions\50
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\Windows Live
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\Works Shared
!-->[Hidden] C:\Program Files\Common Files\Research In Motion
!-->[Hidden] C:\Program Files\Common Files\Roxio Shared
!-->[Hidden] C:\Program Files\Common Files\scanner
!-->[Hidden] C:\Program Files\Common Files\SupportSoft
!-->[Hidden] C:\Program Files\Common Files\System\mui
!-->[Hidden] C:\Program Files\Common Files\System\Ole DB\resources
!-->[Hidden] C:\Program Files\Common Files\WexTech Shared
!-->[Hidden] C:\Program Files\Common Files\Windows Live
!-->[Hidden] C:\Program Files\Cook'n
!-->[Hidden] C:\Program Files\Cook'n9
!-->[Hidden] C:\Program Files\Corel
!-->[Hidden] C:\Program Files\Creative\SBAudigy\Recorder\Recordings
!-->[Hidden] C:\Program Files\Cucusoft
!-->[Hidden] C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
!-->[Hidden] C:\Program Files\Gateway\HPA\GWMenu
!-->[Hidden] C:\Program Files\Google
!-->[Hidden] C:\Program Files\Hewlett-Packard
!-->[Hidden] C:\Program Files\HOTLLAMA MEDIA
!-->[Hidden] C:\Program Files\HP
!-->[Hidden] C:\Program Files\IncrediMail
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{1E8CF57A-24E8-4A97-9564-A8F1956C447B}
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{26BDE7D8-93F0-4A07-AD47-1707DB417941}
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{3D047C15-C859-45F7-81CE-F2681778069B}(2)
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{501BADCD-F8F7-44CB-AC3F-6ED25C1A28B5}(2)
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{5E07AA24-F906-49AF-93BC-F35F786F3DA9}
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{76E6BBAA-25E6-4BFC-9613-75A5CACE2940}
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}(2)
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{DE286975-ACF1-45B8-9EF7-34E162B2C817}
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}
!-->[Hidden] C:\Program Files\Intel\ANS
!-->[Hidden] C:\Program Files\Intel\NCS
!-->[Hidden] C:\Program Files\Internet Explorer\en-US
!-->[Hidden] C:\Program Files\Internet Explorer\MUI\041e
!-->[Hidden] C:\Program Files\iPod
!-->[Hidden] C:\Program Files\iTunes
!-->[Hidden] C:\Program Files\Java\jre6\lib\zi\Antarctica
!-->[Hidden] C:\Program Files\Java\jre6\lib\zi\Asia
!-->[Hidden] C:\Program Files\Java\jre6\lib\zi\Atlantic
!-->[Hidden] C:\Program Files\Java\jre6\lib\zi\Australia
!-->[Hidden] C:\Program Files\Java\jre6\lib\zi\Etc
!-->[Hidden] C:\Program Files\Java\jre6\lib\zi\Europe
!-->[Hidden] C:\Program Files\Java\jre6\lib\zi\Indian
!-->[Hidden] C:\Program Files\Java\jre6\lib\zi\Pacific
!-->[Hidden] C:\Program Files\Java\jre6\lib\zi\SystemV
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware\Languages
!-->[Hidden] C:\Program Files\Microsoft
!-->[Hidden] C:\Program Files\Microsoft ActiveSync
!-->[Hidden] C:\Program Files\Microsoft CAPICOM 2.1.0.2
!-->[Hidden] C:\Program Files\Microsoft Office
!-->[Hidden] C:\Program Files\Microsoft Silverlight
!-->[Hidden] C:\Program Files\Microsoft Streets & Trips
!-->[Hidden] C:\Program Files\Microsoft Works Suite 2003
!-->[Hidden] C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
!-->[Hidden] C:\Program Files\MSBuild
!-->[Hidden] C:\Program Files\MsnMusic
!-->[Hidden] C:\Program Files\MSXML 4.0
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\Components
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\CurrentUser
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\Help
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\Html
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\Images
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\Playlist
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\Plugins
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\Printing
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\Projects
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\Server
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\Setup
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\Skins
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\TEMP
!-->[Hidden] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\Tutorial
!-->[Hidden] C:\Program Files\MUSICMATCH\Musicmatch Update
!-->[Hidden] C:\Program Files\MySpace
!-->[Hidden] C:\Program Files\NCH Software
!-->[Hidden] C:\Program Files\NCH Swift Sound\Express
!-->[Hidden] C:\Program Files\NCH Swift Sound\Golden
!-->[Hidden] C:\Program Files\NCH Swift Sound\Scribe\Help
!-->[Hidden] C:\Program Files\NCH Swift Sound\Switch
!-->[Hidden] C:\Program Files\NCH Swift Sound\TexTally
!-->[Hidden] C:\Program Files\NCH Swift Sound\ToolBox
!-->[Hidden] C:\Program Files\NCH Swift Sound\WavePad
!-->[Hidden] C:\Program Files\OfficeUpdate11
!-->[Hidden] C:\Program Files\Olympus
!-->[Hidden] C:\Program Files\Overland
!-->[Hidden] C:\Program Files\pdf995
!-->[Hidden] C:\Program Files\QuickTime\PictureViewer.Resources
!-->[Hidden] C:\Program Files\QuickTime\Plugins
!-->[Hidden] C:\Program Files\QuickTime\PropertyPanels
!-->[Hidden] C:\Program Files\QuickTime\QTComponents
!-->[Hidden] C:\Program Files\QuickTime\QTSystem
!-->[Hidden] C:\Program Files\QuickTime\QuickTimePlayer.Resources
!-->[Hidden] C:\Program Files\Real\RealPlayer\Msg\0_1175545881
!-->[Hidden] C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList
!-->[Hidden] C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\SubsetList
!-->[Hidden] C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5
!-->[Hidden] C:\Program Files\Research In Motion
!-->[Hidden] C:\Program Files\SDHelper (Spybot - Search & Destroy)
!-->[Hidden] C:\Program Files\SmartDraw 2007
!-->[Hidden] C:\Program Files\Sony
!-->[Hidden] C:\Program Files\TeaTimer (Spybot - Search & Destroy)
!-->[Hidden] C:\Program Files\Uninstall Information\mupdate
!-->[Hidden] C:\Program Files\Verizon Online\SupportCenter\incidents\804295064.1@gateway-0r10eg5\5
!-->[Hidden] C:\Program Files\Verizon Online\SupportCenter\SmartBridge\Original
!-->[Hidden] C:\Program Files\WexTech
!-->[Hidden] C:\Program Files\Windows Installer Clean Up
!-->[Hidden] C:\Program Files\Windows Live SkyDrive
!-->[Hidden] C:\Program Files\Windows Live\Contacts
!-->[Hidden] C:\Program Files\Windows Live\Installer
!-->[Hidden] C:\Program Files\Windows Live\Mail
!-->[Hidden] C:\Program Files\Windows Live\Messenger
!-->[Hidden] C:\Program Files\Windows Media Player\sample playlists
!-->[Hidden] C:\Qoobox\BackEnv\appdata.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\cache.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Cookies.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\desktop.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\favorites.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\History.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\localappdata.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\localsettings.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Music.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\mypictures.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\NetHood.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\personal.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Pictures.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\PrintHood.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Profiles.Folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\programs.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Recent.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\SendTo.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\SetPath.bat
!-->[Hidden] C:\Qoobox\BackEnv\startmenu.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\startup.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\SysPath.dat
!-->[Hidden] C:\Qoobox\BackEnv\templates.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\VikPev00
!-->[Hidden] C:\Qoobox\Quarantine\C\Documents and Settings\Owner
!-->[Hidden] C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers
!-->[Hidden] C:\System Volume Information\_restore{A2B76C8A-8BBE-4520-829B-A06527F816EA}\RP2
!-->[Hidden] C:\System Volume Information\_restore{A2B76C8A-8BBE-4520-829B-A06527F816EA}\RP3
!-->[Hidden] C:\System Volume Information\_restore{A2B76C8A-8BBE-4520-829B-A06527F816EA}\RP4
!-->[Hidden] C:\WINDOWS\$hf_mig$
!-->[Hidden] C:\WINDOWS\$MSI31Uninstall_KB893803v2$
!-->[Hidden] C:\WINDOWS\$NtServicePackUninstall$
!-->[Hidden] C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
!-->[Hidden] C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB2115168$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB2121546$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB2141007$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB2158563$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB2160329$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB2229593$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB2259922$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB2279986$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB2286198$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB2296011$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB2345886$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB2347290$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB2360937$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB2378111_WM9$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB2387149$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB826939$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB828741$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB834707$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB835732$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB837001$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB839643-DirectX9$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB839645$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB840315$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB840374$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB841873$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB842773$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB873339$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB883939$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB885835$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB885884$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB886185$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB887742$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB890046$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB890175$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB893756$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB894391$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB896358$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB896422$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB896423$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB896424$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB896428$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB896688$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB899587$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB899591$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB900485$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB900725$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB901017$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB901214$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB902400$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB904706$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB904942$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB905414$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB905749$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB908531$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB910437$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB911280$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB911567$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB913580$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB914388$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB914389$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB914440$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB915865$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB916281$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB916595$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB917159$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB917344$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB917422$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB917734_WMP10$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB917953$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB918118$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB918439$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB918899$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB919007$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB920213$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB920214$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB920670$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB920683$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB920685$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB920872$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB921398$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB921503$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB921883$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB922582$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB922616$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB922760$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB922819$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB923191$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB923414$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB923561$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB923689$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB923694$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB923980$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB924191$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB924270$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB924496$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB924667$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB925398_WMP64$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB925454$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB925486$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB925902$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB926247$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB926255$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB926436$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB927779$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB927802$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB927891$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB928090$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB928255$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB928843$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB929123$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB929338$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB930916$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB931768$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB931836$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB932823-v3$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB933360$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB933566$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB933729$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB935839$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB935840$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB936021$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB936357$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB936782_WMP10$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB937143$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB938127$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB938464$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB938828$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB938829$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB939653$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB941202$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB941569$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB941644$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB941693$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB942763$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB943055$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB943460$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB943460_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB943485$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB944653$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB945553$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB946026$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB946648_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB948590$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB948881$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB950749$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB950760$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB950762$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB950762_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB950974$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB950974_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951066$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951066_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951072-v2$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951376$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951376-v2$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951376-v2_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951376_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951698$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951698_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951748$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951748_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951978$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB952004$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB952069_WM9$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB952287$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB952287_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB952954$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB952954_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB953155$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB953839$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB954155_WM9$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB954211$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB954459$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB954600$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB955069$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB955839$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB956391$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB956572$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB956744$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB956803$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB956841$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB956844$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB957095$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB957097$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB958644$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB958690$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB958869$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB959426$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB960225$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB960715$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB960803$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB960859$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB961118$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB961371$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB961373$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB961503$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB967715$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB968816_WM9$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB969059$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB969947$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB970430$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB971468$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB971557$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB971633$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB971657$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973346$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973354$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973507$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973687$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973815$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973869$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973904$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB974112$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB974318$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB974571$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB975025$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB975558_WM8$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB975560$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB975561$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB975713$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB976098-v2$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB977165$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB977816$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB977914$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB978037$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB978251$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB978262$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB978338$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB978542$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB978601$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB978706$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB979306$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB979309$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB979683$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB979687$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB980195$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB980218$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB980232$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB980436$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB981322$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB981793$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB981852$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB981957$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB981997$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB982132$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB982214$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB982665$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB982802$
!-->[Hidden] C:\WINDOWS\$NtUninstallQ329048$
!-->[Hidden] C:\WINDOWS\$NtUninstallQ329115$
!-->[Hidden] C:\WINDOWS\$NtUninstallQ329170$
!-->[Hidden] C:\WINDOWS\$NtUninstallQ329390$
!-->[Hidden] C:\WINDOWS\$NtUninstallQ329441$
!-->[Hidden] C:\WINDOWS\$NtUninstallQ329834$
!-->[Hidden] C:\WINDOWS\$NtUninstallQ810565$
!-->[Hidden] C:\WINDOWS\$NtUninstallQ810577$
!-->[Hidden] C:\WINDOWS\$NtUninstallQ810833$
!-->[Hidden] C:\WINDOWS\$NtUninstallQ811493$
!-->[Hidden] C:\WINDOWS\$NtUninstallQ814033$
!-->[Hidden] C:\WINDOWS\$NtUninstallQ815021$
!-->[Hidden] C:\WINDOWS\$NtUninstallQ817606$
!-->[Hidden] C:\WINDOWS\assembly\GAC\AxInterop.LTRASTERVIEWLib
!-->[Hidden] C:\WINDOWS\assembly\GAC\AxInterop.MediaPlayer
!-->[Hidden] C:\WINDOWS\assembly\GAC\AxInterop.SHDocVw
!-->[Hidden] C:\WINDOWS\assembly\GAC\hplMosaicNet
!-->[Hidden] C:\WINDOWS\assembly\GAC\HPODMmcLib
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqactiv
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqactiv.resources
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqalb
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqasset
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqcalp
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqcalp.resources
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqcalrsc
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqcalrsc.resources

!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqccrsc
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqccrsc.resources
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqcmctl
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqcmctl.resources
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqcpint
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqcprsc
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqcprsc.resources
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqdcprf
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqdcprf.resources
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqdcrsc
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqdcrsc.resources
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqdocpt
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqdocpt.resources
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqdocvw
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqdocvw.resources
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqeal
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqedppi
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqfmrsc
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqfmrsc.resources
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqgldlg
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqgldlg.resources
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqglutl
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqgprsc
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqgprsc.resources
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqgskin
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqgtpin
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqgtpin.resources
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqietpz
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqiface
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqimgrc
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqimlib
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqisrtb
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqistab
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqmdmr
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqmpvad
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqmydoc
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqmydoc.resources
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqmyint
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqntrop
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqpaac
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqpanop
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqpanop.resources
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqpdmdl
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqpel10
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqpel10.resources
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqprif
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqprjfx
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqprjfx.resources
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqprrsc
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqprrsc.resources
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqprt
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqprt.resources
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqprutl
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqprutl.resources
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqptfnd
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqptfx
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqptfx.resources
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqptint
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqptint.resources
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqshfop
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqshfop.resources
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqthrsc
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqthrsc.resources
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqthumb
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqtray
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqtray.resources
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqutils
!-->[Hidden] C:\WINDOWS\assembly\GAC\hpqvec
!-->[Hidden] C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\Interop.HPDarc
!-->[Hidden] C:\WINDOWS\assembly\GAC\Interop.hpocxi08
!-->[Hidden] C:\WINDOWS\assembly\GAC\interop.hpodae
!-->[Hidden] C:\WINDOWS\assembly\GAC\interop.hpodai
!-->[Hidden] C:\WINDOWS\assembly\GAC\interop.hpodaud
!-->[Hidden] C:\WINDOWS\assembly\GAC\Interop.hpodeb08
!-->[Hidden] C:\WINDOWS\assembly\GAC\Interop.hpodev08
!-->[Hidden] C:\WINDOWS\assembly\GAC\Interop.hpodio08
!-->[Hidden] C:\WINDOWS\assembly\GAC\interop.hpodmmc
!-->[Hidden] C:\WINDOWS\assembly\GAC\interop.hpodmp
!-->[Hidden] C:\WINDOWS\assembly\GAC\interop.hpodmpv
!-->[Hidden] C:\WINDOWS\assembly\GAC\interop.hpodmpv_md
!-->[Hidden] C:\WINDOWS\assembly\GAC\interop.hpodprint2
!-->[Hidden] C:\WINDOWS\assembly\GAC\interop.hpodtrk
!-->[Hidden] C:\WINDOWS\assembly\GAC\interop.hpodvid
!-->[Hidden] C:\WINDOWS\assembly\GAC\interop.hpodxmlutil
!-->[Hidden] C:\WINDOWS\assembly\GAC\interop.hpqcldat
!-->[Hidden] C:\WINDOWS\assembly\GAC\Interop.hpqcxm08
!-->[Hidden] C:\WINDOWS\assembly\GAC\Interop.hpqdstcp
!-->[Hidden] C:\WINDOWS\assembly\GAC\interop.hpqimgr
!-->[Hidden] C:\WINDOWS\assembly\GAC\Interop.hprblog
!-->[Hidden] C:\WINDOWS\assembly\GAC\Interop.LTANNLib
!-->[Hidden] C:\WINDOWS\assembly\GAC\Interop.MediaPlayer
!-->[Hidden] C:\WINDOWS\assembly\GAC\Interop.MsHtmHst
!-->[Hidden] C:\WINDOWS\assembly\GAC\Interop.SHDocVw
!-->[Hidden] C:\WINDOWS\assembly\GAC\LEAD
!-->[Hidden] C:\WINDOWS\assembly\GAC\LEAD.Drawing
!-->[Hidden] C:\WINDOWS\assembly\GAC\LEAD.Drawing.Imaging.Codecs
!-->[Hidden] C:\WINDOWS\assembly\GAC\LEAD.Drawing.Imaging.ImageProcessing
!-->[Hidden] C:\WINDOWS\assembly\GAC\LEAD.Drawing.Imaging.Ocr
!-->[Hidden] C:\WINDOWS\assembly\GAC\LEAD.Drawing.Imaging.Twain
!-->[Hidden] C:\WINDOWS\assembly\GAC\LEAD.Windows.Forms
!-->[Hidden] C:\WINDOWS\assembly\GAC\LEAD.Windows.Forms.CommonDialogs
!-->[Hidden] C:\WINDOWS\assembly\GAC\LEAD.Windows.Forms.DrawingContainer
!-->[Hidden] C:\WINDOWS\assembly\GAC\LEAD.Windows.Forms.hp
!-->[Hidden] C:\WINDOWS\assembly\GAC\LEAD.Wrapper
!-->[Hidden] C:\WINDOWS\assembly\GAC\LTRASTERIOLib
!-->[Hidden] C:\WINDOWS\assembly\GAC\LTRASTERLib
!-->[Hidden] C:\WINDOWS\assembly\GAC\LTRASTERVIEWLib
!-->[Hidden] C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\Microsoft.mshtml
!-->[Hidden] C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089
!-->[Hidden] C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089
!-->[Hidden] C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089
!-->[Hidden] C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc
!-->[Hidden] C:\WINDOWS\assembly\GAC_32\PresentationCore
!-->[Hidden] C:\WINDOWS\assembly\GAC_32\System.Printing
!-->[Hidden] C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Transactions.Bridge
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\PresentationBuildTasks
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\PresentationCFFRasterizer
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\PresentationFontCache
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Aero
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Classic
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Luna
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Royale
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\PresentationUI
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\ReachFramework
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\Sentinel.v3.5Client
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\System.AddIn
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\System.AddIn.Contract
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\System.Core
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\System.Data.DataSetExtensions
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\System.Data.Entity
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\System.Data.Entity.Design
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\System.Data.Linq
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\System.Data.Services
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\System.Data.Services.Client
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\System.Data.Services.Design
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel.Selectors
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\System.IO.Log
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\System.Management.Instrumentation
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\System.Net
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Install
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Web
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\System.Speech
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\System.Web.Abstractions
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\System.Web.DynamicData
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\System.Web.DynamicData.Design
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\System.Web.Entity
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\System.Web.Entity.Design
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\System.Web.Extensions
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\System.Web.Extensions.Design
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\System.Web.Routing

!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Presentation
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Activities
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.ComponentModel
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Runtime
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\System.WorkflowServices
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\System.Xml.Linq
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClient
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClientsideProviders
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\UIAutomationProvider
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\UIAutomationTypes
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35
!-->[Hidden] C:\WINDOWS\assembly\GAC_MSIL\WindowsFormsIntegration
!-->[Hidden] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_74c68084
!-->[Hidden] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_7bf9142d
!-->[Hidden] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_14677707
!-->[Hidden] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_1b9a5f4d
!-->[Hidden] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_4d98f055
!-->[Hidden] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_fb280e14
!-->[Hidden] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_b03bcc04
!-->[Hidden] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_e4fb287c
!-->[Hidden] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_6f58764e
!-->[Hidden] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_d7078a6e
!-->[Hidden] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_045c9557
!-->[Hidden] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_112292c9
!-->[Hidden] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_58a5ecf3
!-->[Hidden] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_7952d5c4
!-->[Hidden] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_2e76303c
!-->[Hidden] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_fcfc5ab8
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ComSvcConfig
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MSBuild
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationUI
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ReachFramework
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ServiceModelReg
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMSvcHost
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.AddIn
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Entity
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Linq
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Service#
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Services
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IO.Log
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management.I#
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Net
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Printing
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Speech
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Entity
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Routing
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP180.tmp
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD12.tmp
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD32.tmp
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClient
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#
!-->[Hidden] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WsatConfig
!-->[Hidden] C:\WINDOWS\assembly\temp
!-->[Hidden] C:\WINDOWS\Corel\setup
!-->[Hidden] C:\WINDOWS\Corel\WordPerfect Office 2000
!-->[Hidden] C:\WINDOWS\Debug\Setup
!-->[Hidden] C:\WINDOWS\Debug\WPD
!-->[Hidden] C:\WINDOWS\Downloaded Installations\{1E8CF57A-24E8-4A97-9564-A8F1956C447B}
!-->[Hidden] C:\WINDOWS\Downloaded Installations\{501BADCD-F8F7-44CB-AC3F-6ED25C1A28B5}
!-->[Hidden] C:\WINDOWS\Downloaded Installations\{BF9A5F93-0556-477E-951D-21856805F9EB}
!-->[Hidden] C:\WINDOWS\EHome
!-->[Hidden] C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005
!-->[Hidden] C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006
!-->[Hidden] C:\WINDOWS\Help\starter
!-->[Hidden] C:\WINDOWS\Hewlett-Packard
!-->[Hidden] C:\WINDOWS\ie7
!-->[Hidden] C:\WINDOWS\ie7updates
!-->[Hidden] C:\WINDOWS\ie8
!-->[Hidden] C:\WINDOWS\ie8updates\KB961813-IE8
!-->[Hidden] C:\WINDOWS\inf\IEM
!-->[Hidden] C:\WINDOWS\Installer\$PatchCache$
!-->[Hidden] C:\WINDOWS\Installer\tsclientmsitrans
!-->[Hidden] C:\WINDOWS\Installer\{08C0729E-3E50-11DF-9D81-005056806466}
!-->[Hidden] C:\WINDOWS\Installer\{0CB9668D-F979-4F31-B8B8-67FE90F929F8}
!-->[Hidden] C:\WINDOWS\Installer\{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
!-->[Hidden] C:\WINDOWS\Installer\{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}
!-->[Hidden] C:\WINDOWS\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}
!-->[Hidden] C:\WINDOWS\Installer\{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
!-->[Hidden] C:\WINDOWS\Installer\{205A5182-EFC8-4C25-B61D-C164F8FF4048}
!-->[Hidden] C:\WINDOWS\Installer\{205C6BDD-7B73-42DE-8505-9A093F35A238}
!-->[Hidden] C:\WINDOWS\Installer\{26BDE7D8-93F0-4A07-AD47-1707DB417941}
!-->[Hidden] C:\WINDOWS\Installer\{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
!-->[Hidden] C:\WINDOWS\Installer\{2EAF7E61-068E-11DF-953C-005056806466}
!-->[Hidden] C:\WINDOWS\Installer\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
!-->[Hidden] C:\WINDOWS\Installer\{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}
!-->[Hidden] C:\WINDOWS\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}
!-->[Hidden] C:\WINDOWS\Installer\{45338B07-A236-4270-9A77-EBB4115517B5}
!-->[Hidden] C:\WINDOWS\Installer\{50D8FFDD-90CD-4859-841F-AA1961C7767A}
!-->[Hidden] C:\WINDOWS\Installer\{6412CECE-8172-4BE5-935B-6CECACD2CA87}
!-->[Hidden] C:\WINDOWS\Installer\{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}
!-->[Hidden] C:\WINDOWS\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
!-->[Hidden] C:\WINDOWS\Installer\{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
!-->[Hidden] C:\WINDOWS\Installer\{7AB3A249-FB81-416B-917A-A2A10E74C503}
!-->[Hidden] C:\WINDOWS\Installer\{85991ED2-010C-4930-96FA-52F43C2CE98A}
!-->[Hidden] C:\WINDOWS\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
!-->[Hidden] C:\WINDOWS\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
!-->[Hidden] C:\WINDOWS\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}
!-->[Hidden] C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0050048383C9}
!-->[Hidden] C:\WINDOWS\Installer\{98DC111A-7C22-4C26-B2A1-E654264DAC1E}
!-->[Hidden] C:\WINDOWS\Installer\{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}
!-->[Hidden] C:\WINDOWS\Installer\{A3365448-B694-468D-BBF0-D7A4CCDF955F}
!-->[Hidden] C:\WINDOWS\Installer\{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
!-->[Hidden] C:\WINDOWS\Installer\{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
!-->[Hidden] C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A93000000001}
!-->[Hidden] C:\WINDOWS\Installer\{AC76BA86-7AD7-5464-3428-900000000004}
!-->[Hidden] C:\WINDOWS\Installer\{B2D328BE-45AD-4D92-96F9-2151490A203E}
!-->[Hidden] C:\WINDOWS\Installer\{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}
!-->[Hidden] C:\WINDOWS\Installer\{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}
!-->[Hidden] C:\WINDOWS\Installer\{BCC992E5-5C81-4066-9B55-03DC10B24D21}
!-->[Hidden] C:\WINDOWS\Installer\{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}
!-->[Hidden] C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}
!-->[Hidden] C:\WINDOWS\Installer\{C084BC61-E537-11DE-8616-005056806466}
!-->[Hidden] C:\WINDOWS\Installer\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
!-->[Hidden] C:\WINDOWS\Installer\{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
!-->[Hidden] C:\WINDOWS\Installer\{CEF7211D-CE3A-44C4-B321-D84A2099AE94}
!-->[Hidden] C:\WINDOWS\Installer\{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}
!-->[Hidden] C:\WINDOWS\Installer\{D64DCF1C-7A95-49A4-BAFA-C42B5CF6B8B6}
!-->[Hidden] C:\WINDOWS\Installer\{D87149B3-7A1D-4548-9CBF-032B791E5908}
!-->[Hidden] C:\WINDOWS\Installer\{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}
!-->[Hidden] C:\WINDOWS\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
!-->[Hidden] C:\WINDOWS\Installer\{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
!-->[Hidden] C:\WINDOWS\Installer\{F7B0939E-58DF-11DF-B3A6-005056806466}
!-->[Hidden] C:\WINDOWS\l2schemas
!-->[Hidden] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447
!-->[Hidden] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906
!-->[Hidden] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SubsetList
!-->[Hidden] C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\MUI
!-->[Hidden] C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation
!-->[Hidden] C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF
!-->[Hidden] C:\WINDOWS\Microsoft.NET\Framework\v3.5
!-->[Hidden] C:\WINDOWS\network diagnostic
!-->[Hidden] C:\WINDOWS\PCHealth\UploadLB\Queue
!-->[Hidden] C:\WINDOWS\PIF
!-->[Hidden] C:\WINDOWS\provisioning
!-->[Hidden] C:\WINDOWS\pss
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}$BACKUP$
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}$BACKUP$
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}$BACKUP$
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}$BACKUP$
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}$BACKUP$
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$
!-->[Hidden] C:\WINDOWS\ServicePackFiles
!-->[Hidden] C:\WINDOWS\setup.pss
!-->[Hidden] C:\WINDOWS\ShellNew
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\DataStore
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\3a9f21d0e9f2239bce78827bf925e5c0
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\4cb1f3622011cde1617e739fac446a33
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\b16804c2291f72bc007085f603b202e1
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\def3901fa1924edf3db7e5f6ed9f67c3
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\WebSetup
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\WuRedir
!-->[Hidden] C:\WINDOWS\srchasst\mui\041e
!-->[Hidden] C:\WINDOWS\Sun
!-->[Hidden] C:\WINDOWS\system32\bits
!-->[Hidden] C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}
!-->[Hidden] C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\AIR
!-->[Hidden] C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Address Book
!-->[Hidden] C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content
!-->[Hidden] C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google
!-->[Hidden] C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft
!-->[Hidden] C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C
!-->[Hidden] C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_F475AF659D36685632E9BD97B57E9D9661FF3FFD
!-->[Hidden] C:\WINDOWS\system32\DRVSTORE\netaapl_3A00C5601D92D37DDCB0AE45518D6B42BE1588E6
!-->[Hidden] C:\WINDOWS\system32\DRVSTORE\usbaapl_3822718F9E2E86C3752D30561ECA5A855A4A3F7D
!-->[Hidden] C:\WINDOWS\system32\en
!-->[Hidden] C:\WINDOWS\system32\en-US
!-->[Hidden] C:\WINDOWS\system32\mui\041b
!-->[Hidden] C:\WINDOWS\system32\mui\041e
!-->[Hidden] C:\WINDOWS\system32\mui\0424
!-->[Hidden] C:\WINDOWS\system32\oobe\mui
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0004
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0005
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0006
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0007
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0008
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0011
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0012
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0013
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0014
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0015
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0016
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0017
!-->[Hidden] C:\WINDOWS\system32\scripting
!-->[Hidden] C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.374
!-->[Hidden] C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381
!-->[Hidden] C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788
!-->[Hidden] C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226
!-->[Hidden] C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll
!-->[Hidden] C:\WINDOWS\system32\spool\drivers\w32x86\3\temp
!-->[Hidden] C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_2600_see39c
!-->[Hidden] C:\WINDOWS\system32\spool\prtprocs\x64
!-->[Hidden] C:\WINDOWS\system32\spool\XPSEP
!-->[Hidden] C:\WINDOWS\system32\wbem\AutoRecover
!-->[Hidden] C:\WINDOWS\system32\wbem\Repository
!-->[Hidden] C:\WINDOWS\system32\XPSViewer
!-->[Hidden] C:\WINDOWS\Temp\Owner
!-->[Hidden] C:\WINDOWS\twain_32\hpsj_0001
!-->[Hidden] C:\WINDOWS\WBEM
!-->[Hidden] C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.4.1.Microsoft.MSXML2R_6bd6b9abf345378f_x-ww_679a1c95
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_x-ww_88e8eab8
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_x-ww_527a1c68
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_x-ww_5f0bbcff
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_x-ww_caeee150
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_x-ww_0f75c32e
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_x-ww_7d81c9f9
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1515_x-ww_7bb98b8a
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_en_16a24bc0
!-->[Hidden] C:\Work (WSS)\2004\backup
!-->[Hidden] C:\Work (WSS)\2005
!-->[Hidden] C:\Work (WSS)\2006
!-->[Hidden] C:\Work (WSS)\2007
!-->[Hidden] C:\Work (WSS)\2008
!-->[Hidden] C:\Work (WSS)\2009
!-->[Hidden] C:\Work (WSS)\2010
!-->[Hidden] C:\Work (WSS)\Downloaded Stuff\spiteset
!-->[Hidden] C:\Work (WSS)\WSS (aka forms)\Walla Walla
!-->[Hidden] C:\Work (WSS)\WSS Download\Current
!-->[Hidden] C:\Work (WSS)\WSS Download\Status
!-->[Hidden] C:\_OTL
==============================================
>Hooks
==============================================
fastfat.sys-->ntoskrnl.exe-->CcCanIWrite, Type: IAT modification 0xA9E98944-->804F836E [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->CcCopyRead, Type: IAT modification 0xA9E9896C-->8057B042 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->CcCopyWrite, Type: IAT modification 0xA9E988A4-->804F8648 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->CcDeferWrite, Type: IAT modification 0xA9E989F0-->8052F7C5 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->CcFlushCache, Type: IAT modification 0xA9E98750-->804ECEE7 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->CcGetFileObjectFromBcb, Type: IAT modification 0xA9E9872C-->8052FDB7 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->CcInitializeCacheMap, Type: IAT modification 0xA9E986E4-->804F5140 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->CcIsThereDirtyData, Type: IAT modification 0xA9E987C8-->8052FB57 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->CcMapData, Type: IAT modification 0xA9E98714-->8057BE0A [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->CcMdlRead, Type: IAT modification 0xA9E98968-->8061BE7D [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->CcMdlReadComplete, Type: IAT modification 0xA9E98734-->8061C130 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->CcMdlWriteComplete, Type: IAT modification 0xA9E98738-->8061C175 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->CcPinMappedData, Type: IAT modification 0xA9E98748-->8057BFF4 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->CcPinRead, Type: IAT modification 0xA9E9874C-->8058ACDD [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->CcPrepareMdlWrite, Type: IAT modification 0xA9E989E4-->8052FFE3 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->CcPurgeCacheSection, Type: IAT modification 0xA9E98728-->804F7D86 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->CcRepinBcb, Type: IAT modification 0xA9E986B8-->8052F8C5 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->CcSetAdditionalCacheAttributes, Type: IAT modification 0xA9E9871C-->8050244A [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->CcSetDirtyPinnedData, Type: IAT modification 0xA9E98764-->804EF448 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->CcSetFileSizes, Type: IAT modification 0xA9E986E0-->804F7592 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->CcSetReadAheadGranularity, Type: IAT modification 0xA9E98970-->804F549C [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->CcUninitializeCacheMap, Type: IAT modification 0xA9E98740-->804F5570 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->CcUnpinData, Type: IAT modification 0xA9E986AC-->8057BDBC [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->CcUnpinRepinnedBcb, Type: IAT modification 0xA9E986B4-->8052FA64 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->CcWaitForCurrentLazyWriterActivity, Type: IAT modification 0xA9E98924-->80530311 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->CcZeroData, Type: IAT modification 0xA9E98730-->805E656C [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->ExAcquireFastMutexUnsafe, Type: IAT modification 0xA9E986C0-->804DBE15 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->ExAcquireResourceExclusiveLite, Type: IAT modification 0xA9E9870C-->804DA3A4 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->ExAcquireResourceSharedLite, Type: IAT modification 0xA9E986F4-->804E1980 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->ExAcquireSharedStarveExclusive, Type: IAT modification 0xA9E989EC-->804EF378 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->ExAcquireSharedWaitForExclusive, Type: IAT modification 0xA9E98980-->804F2B23 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->ExAllocatePoolWithQuotaTag, Type: IAT modification 0xA9E98834-->804E8782 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->ExAllocatePoolWithTag, Type: IAT modification 0xA9E986D8-->80551005 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->ExConvertExclusiveToSharedLite, Type: IAT modification 0xA9E98868-->804F9ACA [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->ExDeleteNPagedLookasideList, Type: IAT modification 0xA9E988D0-->8054AA43 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->ExDeleteResourceLite, Type: IAT modification 0xA9E988CC-->804E9E92 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->ExfInterlockedAddUlong, Type: IAT modification 0xA9E9881C-->804E55BC [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->ExFreePoolWithTag, Type: IAT modification 0xA9E986A8-->805511E6 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->ExGetExclusiveWaiterCount, Type: IAT modification 0xA9E987AC-->80549D3A [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->ExGetSharedWaiterCount, Type: IAT modification 0xA9E987A8-->80549D55 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->ExInitializeNPagedLookasideList, Type: IAT modification 0xA9E988EC-->80508A20 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->ExInitializeResourceLite, Type: IAT modification 0xA9E988F0-->804E9EEF [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->ExIsResourceAcquiredExclusiveLite, Type: IAT modification 0xA9E98940-->804F28C9 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->ExIsResourceAcquiredSharedLite, Type: IAT modification 0xA9E98984-->804EB012 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->ExLocalTimeToSystemTime, Type: IAT modification 0xA9E98850-->804F9AA0 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->ExQueueWorkItem, Type: IAT modification 0xA9E98820-->804DA3FC [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->ExRaiseStatus, Type: IAT modification 0xA9E986B0-->804E31CC [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->ExReleaseFastMutexUnsafe, Type: IAT modification 0xA9E986BC-->804DBE35 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->ExReleaseResourceForThreadLite, Type: IAT modification 0xA9E98818-->804EFF24 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->ExReleaseResourceLite, Type: IAT modification 0xA9E986F0-->804DC599 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->ExSystemTimeToLocalTime, Type: IAT modification 0xA9E98878-->805150FE [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlAddLargeMcbEntry, Type: IAT modification 0xA9E98890-->804F7EB3 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlAddToTunnelCache, Type: IAT modification 0xA9E9886C-->80589455 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlAreNamesEqual, Type: IAT modification 0xA9E98884-->805796A1 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlBalanceReads, Type: IAT modification 0xA9E989D0-->805BBFE2 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlCheckLockForReadAccess, Type: IAT modification 0xA9E98974-->804F45B3 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlCheckLockForWriteAccess, Type: IAT modification 0xA9E989E8-->804F7E6A [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlCheckOplock, Type: IAT modification 0xA9E98778-->804E942F [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlCopyRead, Type: IAT modification 0xA9E98904-->8061CC31 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlCopyWrite, Type: IAT modification 0xA9E98900-->8061CF37 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlCurrentBatchOplock, Type: IAT modification 0xA9E987DC-->80579721 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlDeleteKeyFromTunnelCache, Type: IAT modification 0xA9E98874-->805E5B4A [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlDeleteTunnelCache, Type: IAT modification 0xA9E989B8-->805D2CC5 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlDissectName, Type: IAT modification 0xA9E987FC-->8057B388 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlDoesNameContainWildCards, Type: IAT modification 0xA9E98864-->8057B89A [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlFastCheckLockForRead, Type: IAT modification 0xA9E988B0-->804F7292 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlFastCheckLockForWrite, Type: IAT modification 0xA9E988AC-->8051657A [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlFastUnlockAll, Type: IAT modification 0xA9E98780-->804F56F1 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlFastUnlockAllByKey, Type: IAT modification 0xA9E98950-->80530F4F [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlFastUnlockSingle, Type: IAT modification 0xA9E9894C-->805161EE [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlFindInTunnelCache, Type: IAT modification 0xA9E987E0-->80583E5B [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlGetNextLargeMcbEntry, Type: IAT modification 0xA9E9888C-->804EC915 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlInitializeFileLock, Type: IAT modification 0xA9E989B4-->804F7E8F [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlInitializeLargeMcb, Type: IAT modification 0xA9E98700-->804FBC9A [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlInitializeOplock, Type: IAT modification 0xA9E989B0-->80573E48 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlInitializeTunnelCache, Type: IAT modification 0xA9E989A4-->805D2C50 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlIsDbcsInExpression, Type: IAT modification 0xA9E98958-->8061DB53 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlIsFatDbcsLegal, Type: IAT modification 0xA9E987EC-->805898AF [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlIsNameInExpression, Type: IAT modification 0xA9E98888-->8057B8D3 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlIsNtstatusExpected, Type: IAT modification 0xA9E9878C-->8050A3A2 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlIsTotalDeviceFailure, Type: IAT modification 0xA9E98824-->80503910 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlLegalAnsiCharacterArray, Type: IAT modification 0xA9E987BC-->804D8168 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlLookupLargeMcbEntry, Type: IAT modification 0xA9E98914-->804ECD15 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlLookupLastLargeMcbEntryAndIndex, Type: IAT modification 0xA9E98918-->8053069F [ntoskrnl.exe]

fastfat.sys-->ntoskrnl.exe-->FsRtlNormalizeNtstatus, Type: IAT modification 0xA9E98720-->8050A3D5 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlNotifyCleanup, Type: IAT modification 0xA9E98790-->805E2B73 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlNotifyFullChangeDirectory, Type: IAT modification 0xA9E98794-->8061E173 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlNotifyFullReportChange, Type: IAT modification 0xA9E98788-->8061E1EB [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlNotifyInitializeSync, Type: IAT modification 0xA9E989A0-->8059E2D8 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlNotifyUninitializeSync, Type: IAT modification 0xA9E989BC-->80583A91 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlNotifyVolumeEvent, Type: IAT modification 0xA9E98770-->805AB55A [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlNumberOfRunsInLargeMcb, Type: IAT modification 0xA9E986F8-->804F91C1 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlOplockFsctrl, Type: IAT modification 0xA9E98920-->805DCF14 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlOplockIsFastIoPossible, Type: IAT modification 0xA9E98774-->8056FE85 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlPostPagingFileStackOverflow, Type: IAT modification 0xA9E9897C-->80531DEB [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlPostStackOverflow, Type: IAT modification 0xA9E98978-->80531DC8 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlPrivateLock, Type: IAT modification 0xA9E98948-->80515DBA [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlProcessFileLock, Type: IAT modification 0xA9E98954-->80500AC5 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlRemoveLargeMcbEntry, Type: IAT modification 0xA9E9891C-->804FD588 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlTeardownPerStreamContexts, Type: IAT modification 0xA9E9898C-->8057C788 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlTruncateLargeMcb, Type: IAT modification 0xA9E98710-->804F8FCB [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlUninitializeFileLock, Type: IAT modification 0xA9E989A8-->804F99DB [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlUninitializeLargeMcb, Type: IAT modification 0xA9E986FC-->804FC309 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->FsRtlUninitializeOplock, Type: IAT modification 0xA9E989AC-->804FC261 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->InterlockedPopEntrySList, Type: IAT modification 0xA9E987B4-->804E131F [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->InterlockedPushEntrySList, Type: IAT modification 0xA9E98990-->804E1343 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->IoAcquireVpbSpinLock, Type: IAT modification 0xA9E9876C-->805058D0 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->IoAllocateMdl, Type: IAT modification 0xA9E987E8-->804EDDB1 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->IoAllocateWorkItem, Type: IAT modification 0xA9E988FC-->804FEBBD [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->IoBuildAsynchronousFsdRequest, Type: IAT modification 0xA9E989DC-->804FC59C [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->IoBuildDeviceIoControlRequest, Type: IAT modification 0xA9E98838-->80518674 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->IoBuildPartialMdl, Type: IAT modification 0xA9E98A00-->804EE132 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->IoBuildSynchronousFsdRequest, Type: IAT modification 0xA9E98930-->80518DB9 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->IoCheckEaBufferValidity, Type: IAT modification 0xA9E98894-->8059E280 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->IoCheckShareAccess, Type: IAT modification 0xA9E987C4-->8057B23E [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->IoCreateDevice, Type: IAT modification 0xA9E9890C-->805A170C [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->IoCreateStreamFileObject, Type: IAT modification 0xA9E98718-->805D2CFC [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->IoDeleteDevice, Type: IAT modification 0xA9E98908-->80505760 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->IofCallDriver, Type: IAT modification 0xA9E98808-->804E13B9 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->IofCompleteRequest, Type: IAT modification 0xA9E98798-->804E17CF [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->IoFileObjectType, Type: IAT modification 0xA9E9892C-->80560D58 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->IoFreeIrp, Type: IAT modification 0xA9E98814-->804EAF62 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->IoFreeMdl, Type: IAT modification 0xA9E987E4-->804EDE66 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->IoFreeWorkItem, Type: IAT modification 0xA9E988C8-->804FEBA5 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->IoGetCurrentProcess, Type: IAT modification 0xA9E987B8-->804E5E36 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->IoGetDeviceToVerify, Type: IAT modification 0xA9E988C4-->8050A371 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->IoGetFileObjectGenericMapping, Type: IAT modification 0xA9E98698-->80579683 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->IoGetRequestorProcess, Type: IAT modification 0xA9E98784-->804F4331 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->IoGetStackLimits, Type: IAT modification 0xA9E98964-->804DC214 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->IoGetTopLevelIrp, Type: IAT modification 0xA9E988A8-->804E84B2 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->IoIsOperationSynchronous, Type: IAT modification 0xA9E9880C-->804EAFCE [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->IoIsSystemThread, Type: IAT modification 0xA9E988B8-->80514E6B [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->IoMakeAssociatedIrp, Type: IAT modification 0xA9E98840-->80513B48 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->IoQueueWorkItem, Type: IAT modification 0xA9E987B0-->804E627F [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->IoRaiseHardError, Type: IAT modification 0xA9E988BC-->8050A461 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->IoRaiseInformationalHardError, Type: IAT modification 0xA9E988B4-->805324C7 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->IoRegisterFileSystem, Type: IAT modification 0xA9E988E8-->805AF1B5 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->IoReleaseVpbSpinLock, Type: IAT modification 0xA9E98768-->805058EC [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->IoRemoveShareAccess, Type: IAT modification 0xA9E9877C-->80579BF4 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->IoSetDeviceToVerify, Type: IAT modification 0xA9E988C0-->8050A388 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->IoSetHardErrorOrVerifyDevice, Type: IAT modification 0xA9E98724-->80508949 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->IoSetShareAccess, Type: IAT modification 0xA9E987C0-->80579C54 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->IoSetTopLevelIrp, Type: IAT modification 0xA9E987A0-->804E8495 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->IoUnregisterFileSystem, Type: IAT modification 0xA9E98988-->805B05C9 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->IoUpdateShareAccess, Type: IAT modification 0xA9E987D4-->8057BB20 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->IoVerifyVolume, Type: IAT modification 0xA9E989D8-->80620CB4 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->KeBugCheckEx, Type: IAT modification 0xA9E986C8-->8053769F [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->KeCancelTimer, Type: IAT modification 0xA9E9875C-->804E61C5 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->KeClearEvent, Type: IAT modification 0xA9E98810-->804E5AA4 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->KeDelayExecutionThread, Type: IAT modification 0xA9E9883C-->804E14F6 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->KeEnterCriticalRegion, Type: IAT modification 0xA9E987A4-->804D95F2 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->KeGetCurrentThread, Type: IAT modification 0xA9E98848-->804DB622 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->KeInitializeDpc, Type: IAT modification 0xA9E98998-->804E7DB8 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->KeInitializeEvent, Type: IAT modification 0xA9E98744-->804E7DE6 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->KeInitializeSpinLock, Type: IAT modification 0xA9E988F8-->804E2417 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->KeInitializeTimer, Type: IAT modification 0xA9E9899C-->804EC4FB [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->KeLeaveCriticalRegion, Type: IAT modification 0xA9E9879C-->804D9604 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->KeNumberProcessors, Type: IAT modification 0xA9E98934-->8055BA60 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->KeQuerySystemTime, Type: IAT modification 0xA9E98760-->804D95AF [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->KeRemoveQueueDpc, Type: IAT modification 0xA9E98758-->80514F93 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->KeSetEvent, Type: IAT modification 0xA9E98804-->804E20A9 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->KeSetTimer, Type: IAT modification 0xA9E98754-->804E216F [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->KeTickCount, Type: IAT modification 0xA9E989F4-->8055A000 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->KeWaitForSingleObject, Type: IAT modification 0xA9E9873C-->804DC400 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->memmove, Type: IAT modification 0xA9E98800-->804DADC5 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->MmCanFileBeTruncated, Type: IAT modification 0xA9E987CC-->804F719D [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->MmFlushImageSection, Type: IAT modification 0xA9E987D8-->804F710E [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->MmMapLockedPagesSpecifyCache, Type: IAT modification 0xA9E98830-->804EDF4C [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->MmProbeAndLockPages, Type: IAT modification 0xA9E9882C-->804F6BFF [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->MmQuerySystemSize, Type: IAT modification 0xA9E988F4-->8050896A [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->MmUnlockPages, Type: IAT modification 0xA9E9884C-->804F6EB5 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->MmUnmapLockedPages, Type: IAT modification 0xA9E98828-->804EE0B8 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->NlsMbOemCodePageTag, Type: IAT modification 0xA9E9885C-->8069A720 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->NlsOemLeadByteInfo, Type: IAT modification 0xA9E988A0-->8056C4C0 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->ObfDereferenceObject, Type: IAT modification 0xA9E98844-->804E1930 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->ObfReferenceObject, Type: IAT modification 0xA9E988E4-->804DA06B [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->ObReferenceObjectByHandle, Type: IAT modification 0xA9E98928-->8056C559 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->ProbeForRead, Type: IAT modification 0xA9E9893C-->805838BB [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->ProbeForWrite, Type: IAT modification 0xA9E98938-->8056E89F [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->RtlAreBitsClear, Type: IAT modification 0xA9E98708-->804F8F41 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->RtlClearBits, Type: IAT modification 0xA9E986D0-->804EA9A5 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->RtlCompareMemory, Type: IAT modification 0xA9E988E0-->804E5080 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->RtlCompareString, Type: IAT modification 0xA9E9889C-->8063BFEB [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->RtlDelete, Type: IAT modification 0xA9E989C0-->804F2FC1 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->RtlDowncaseUnicodeString, Type: IAT modification 0xA9E987F4-->8063B7C7 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->RtlEqualString, Type: IAT modification 0xA9E989D4-->8050372A [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->RtlFindClearBits, Type: IAT modification 0xA9E986DC-->804F044D [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->RtlFindLongestRunClear, Type: IAT modification 0xA9E98704-->80543329 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->RtlFreeOemString, Type: IAT modification 0xA9E98860-->805E5654 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->RtlFreeUnicodeString, Type: IAT modification 0xA9E98994-->80582BB6 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->RtlGenerate8dot3Name, Type: IAT modification 0xA9E98960-->80588A90 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->RtlInitializeBitMap, Type: IAT modification 0xA9E986D4-->8057BF4E [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->RtlInitUnicodeString, Type: IAT modification 0xA9E98910-->804DA2A5 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->RtlOemStringToCountedUnicodeString, Type: IAT modification 0xA9E98870-->8063BD83 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->RtlOemToUnicodeN, Type: IAT modification 0xA9E98854-->805E36C0 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->RtlSetBits, Type: IAT modification 0xA9E986CC-->804F03FD [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->RtlSplay, Type: IAT modification 0xA9E989C4-->804F345D [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->RtlTimeFieldsToTime, Type: IAT modification 0xA9E989C8-->80506F79 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->RtlTimeToTimeFields, Type: IAT modification 0xA9E989CC-->8050A933 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->RtlUnicodeStringToCountedOemString, Type: IAT modification 0xA9E9895C-->805899A0 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->RtlUpcaseUnicodeString, Type: IAT modification 0xA9E987F0-->80570494 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->RtlUpcaseUnicodeStringToCountedOemString, Type: IAT modification 0xA9E987F8-->8063BE4C [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->RtlUpperString, Type: IAT modification 0xA9E98898-->805C80F6 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->RtlxOemStringToUnicodeSize, Type: IAT modification 0xA9E98858-->8063B947 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->SeAccessCheck, Type: IAT modification 0xA9E98694-->8056C2C7 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->SeExports, Type: IAT modification 0xA9E989F8-->8069AD50 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->SeFilterToken, Type: IAT modification 0xA9E989FC-->8063FBBC [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->SeLockSubjectContext, Type: IAT modification 0xA9E986A0-->8056C39C [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->SePrivilegeCheck, Type: IAT modification 0xA9E986A4-->805738F5 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->SeReleaseSubjectContext, Type: IAT modification 0xA9E9869C-->8056CA9C [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->SeSinglePrivilegeCheck, Type: IAT modification 0xA9E987D0-->8057898F [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->SeUnlockSubjectContext, Type: IAT modification 0xA9E98690-->8056C3D1 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->ZwClose, Type: IAT modification 0xA9E988D4-->804E3496 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->ZwOpenKey, Type: IAT modification 0xA9E988DC-->804E3BEE [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->ZwQueryValueKey, Type: IAT modification 0xA9E988D8-->804E4076 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->_abnormal_termination, Type: IAT modification 0xA9E986C4-->804E30C4 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->_alldiv, Type: IAT modification 0xA9E98880-->804DA42D [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->_allmul, Type: IAT modification 0xA9E9887C-->804DA5B6 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->_allshl, Type: IAT modification 0xA9E986EC-->804DA6DB [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->_allshr, Type: IAT modification 0xA9E986E8-->804DA6FA [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->_except_handler3, Type: IAT modification 0xA9E98A04-->804E2EF8 [ntoskrnl.exe]
fastfat.sys-->ntoskrnl.exe-->_local_unwind2, Type: IAT modification 0xA9E989E0-->804E3054 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->DbgPrint, Type: IAT modification 0xF74D9ACC-->80501F09 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->ExAllocatePoolWithTag, Type: IAT modification 0xF74D9A98-->80551005 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->ExFreePoolWithTag, Type: IAT modification 0xF74D9C60-->805511E6 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->ExInitializeNPagedLookasideList, Type: IAT modification 0xF74D9BE0-->80508A20 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->ExQueueWorkItem, Type: IAT modification 0xF74D9B40-->804DA3FC [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->ExUuidCreate, Type: IAT modification 0xF74D9AB0-->805E9C7C [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->FsRtlIsTotalDeviceFailure, Type: IAT modification 0xF74D9BF4-->80503910 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->HalExamineMBR, Type: IAT modification 0xF74D9A9C-->8050D44B [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->InterlockedPopEntrySList, Type: IAT modification 0xF74D9BD8-->804E131F [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->InterlockedPushEntrySList, Type: IAT modification 0xF74D9BDC-->804E1343 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->IoAcquireCancelSpinLock, Type: IAT modification 0xF74D9B68-->804E81D7 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->IoAllocateErrorLogEntry, Type: IAT modification 0xF74D9BA0-->8050BB6D [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->IoAllocateIrp, Type: IAT modification 0xF74D9BF0-->804EAFBD [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->IoAllocateMdl, Type: IAT modification 0xF74D9BE8-->804EDDB1 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->IoAllocateWorkItem, Type: IAT modification 0xF74D9B24-->804FEBBD [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->IoAttachDeviceToDeviceStack, Type: IAT modification 0xF74D9B54-->80506BF6 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->IoBuildDeviceIoControlRequest, Type: IAT modification 0xF74D9AA0-->80518674 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->IoBuildPartialMdl, Type: IAT modification 0xF74D9C00-->804EE132 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->IoBuildSynchronousFsdRequest, Type: IAT modification 0xF74D9C4C-->80518DB9 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->IoCreateDevice, Type: IAT modification 0xF74D9B5C-->805A170C [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->IoCreateSymbolicLink, Type: IAT modification 0xF74D9AE8-->805D2EFF [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->IoDeleteDevice, Type: IAT modification 0xF74D9B4C-->80505760 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->IoDeleteSymbolicLink, Type: IAT modification 0xF74D9AEC-->805D7E64 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->IoDetachDevice, Type: IAT modification 0xF74D9B50-->80507FC4 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->IofCallDriver, Type: IAT modification 0xF74D9C50-->804E13B9 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->IofCompleteRequest, Type: IAT modification 0xF74D9AF8-->804E17CF [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->IoFreeIrp, Type: IAT modification 0xF74D9BF8-->804EAF62 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->IoFreeMdl, Type: IAT modification 0xF74D9BE4-->804EDE66 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->IoFreeWorkItem, Type: IAT modification 0xF74D9B1C-->804FEBA5 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->IoGetAttachedDeviceReference, Type: IAT modification 0xF74D9AA4-->8051527F [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->IoGetBootDiskInformation, Type: IAT modification 0xF74D9BAC-->805CC72D [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->IoGetDeviceObjectPointer, Type: IAT modification 0xF74D9ADC-->805E3B29 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->IoGetDeviceProperty, Type: IAT modification 0xF74D9BBC-->8059BFB5 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->IoGetFileObjectGenericMapping, Type: IAT modification 0xF74D9B08-->80579683 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->IoInvalidateDeviceRelations, Type: IAT modification 0xF74D9B8C-->80505DDD [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->IoInvalidateDeviceState, Type: IAT modification 0xF74D9BB4-->8050BADF [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->IoQueueWorkItem, Type: IAT modification 0xF74D9B20-->804E627F [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->IoRaiseInformationalHardError, Type: IAT modification 0xF74D9C18-->805324C7 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->IoReadPartitionTableEx, Type: IAT modification 0xF74D9C5C-->805CC6CD [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->IoRegisterBootDriverReinitialization, Type: IAT modification 0xF74D9BCC-->805C6911 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->IoRegisterDeviceInterface, Type: IAT modification 0xF74D9AF0-->805DCC64 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->IoRegisterDriverReinitialization, Type: IAT modification 0xF74D9BC8-->805C5D02 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->IoRegisterShutdownNotification, Type: IAT modification 0xF74D9B44-->805BB902 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->IoReleaseCancelSpinLock, Type: IAT modification 0xF74D9B2C-->804E81BD [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->IoReportDetectedDevice, Type: IAT modification 0xF74D9BD4-->805CDE34 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->IoReportTargetDeviceChangeAsynchronous, Type: IAT modification 0xF74D9B6C-->805054D9 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->IoReuseIrp, Type: IAT modification 0xF74D9BFC-->804ECE58 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->IoSetDeviceInterfaceState, Type: IAT modification 0xF74D9BB8-->805D7867 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->IoSetSystemPartition, Type: IAT modification 0xF74D9B7C-->8053294B [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->IoUnregisterShutdownNotification, Type: IAT modification 0xF74D9BC0-->80665347 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->IoWMIRegistrationControl, Type: IAT modification 0xF74D9AF4-->805A218B [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->IoWriteErrorLogEntry, Type: IAT modification 0xF74D9B9C-->8050BDCD [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->KeBugCheckEx, Type: IAT modification 0xF74D9BA8-->8053769F [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->KeClearEvent, Type: IAT modification 0xF74D9B74-->804E5AA4 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->KeGetCurrentThread, Type: IAT modification 0xF74D9C1C-->804DB622 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->KeInitializeEvent, Type: IAT modification 0xF74D9B70-->804E7DE6 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->KeInitializeSemaphore, Type: IAT modification 0xF74D9B48-->804E88F1 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->KeInitializeSpinLock, Type: IAT modification 0xF74D9B58-->804E2417 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->KeQuerySystemTime, Type: IAT modification 0xF74D9AAC-->804D95AF [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->KeReleaseSemaphore, Type: IAT modification 0xF74D9B28-->804E90CE [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->KeSetEvent, Type: IAT modification 0xF74D9B30-->804E20A9 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->KeWaitForSingleObject, Type: IAT modification 0xF74D9C54-->804DC400 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->memmove, Type: IAT modification 0xF74D9ABC-->804DADC5 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->MmBuildMdlForNonPagedPool, Type: IAT modification 0xF74D9BEC-->804EDEBC [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->MmLockPagableDataSection, Type: IAT modification 0xF74D9BB0-->805E7DA9 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->MmMapLockedPages, Type: IAT modification 0xF74D9C14-->804F97B4 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->MmUnmapLockedPages, Type: IAT modification 0xF74D9C04-->804EE0B8 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->ObfDereferenceObject, Type: IAT modification 0xF74D9AA8-->804E1930 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->ObfReferenceObject, Type: IAT modification 0xF74D9B98-->804DA06B [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->ObReferenceObjectByHandle, Type: IAT modification 0xF74D9AD0-->8056C559 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->PoCallDriver, Type: IAT modification 0xF74D9B34-->805072A3 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->PoRequestPowerIrp, Type: IAT modification 0xF74D9B60-->80507355 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->PoSetPowerState, Type: IAT modification 0xF74D9B64-->80507E25 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->PoStartNextPowerIrp, Type: IAT modification 0xF74D9B38-->80507169 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->PsCreateSystemThread, Type: IAT modification 0xF74D9B90-->805762A6 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->PsTerminateSystemThread, Type: IAT modification 0xF74D9B3C-->80583248 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->RtlAddAccessAllowedAce, Type: IAT modification 0xF74D9C38-->805852BE [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->RtlCompareMemory, Type: IAT modification 0xF74D9AC8-->804E5080 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->RtlCompareUnicodeString, Type: IAT modification 0xF74D9AD8-->80574887 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->RtlCopyUnicodeString, Type: IAT modification 0xF74D9BD0-->804F2DB1 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->RtlCreateAcl, Type: IAT modification 0xF74D9C3C-->8057545D [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->RtlCreateRegistryKey, Type: IAT modification 0xF74D9B18-->805B66DD [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->RtlCreateSecurityDescriptor, Type: IAT modification 0xF74D9C34-->8056FC49 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->RtlDeleteRegistryValue, Type: IAT modification 0xF74D9B14-->805C2D41 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->RtlEqualUnicodeString, Type: IAT modification 0xF74D9B94-->8056C684 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->RtlInitUnicodeString, Type: IAT modification 0xF74D9AE0-->804DA2A5 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->RtlLengthSid, Type: IAT modification 0xF74D9C40-->805DF5CA [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->RtlQueryRegistryValues, Type: IAT modification 0xF74D9AC4-->8059B907 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->RtlSetDaclSecurityDescriptor, Type: IAT modification 0xF74D9C30-->80585052 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->RtlStringFromGUID, Type: IAT modification 0xF74D9B78-->8059CA05 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->RtlVolumeDeviceToDosName, Type: IAT modification 0xF74D9BA4-->80534DE2 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->RtlWriteRegistryValue, Type: IAT modification 0xF74D9AC0-->805B61D7 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->SeAccessCheck, Type: IAT modification 0xF74D9B04-->8056C2C7 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->SeCaptureSubjectContext, Type: IAT modification 0xF74D9B10-->80573991 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->SeExports, Type: IAT modification 0xF74D9C44-->8069AD50 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->SeLockSubjectContext, Type: IAT modification 0xF74D9B0C-->8056C39C [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->SeReleaseSubjectContext, Type: IAT modification 0xF74D9AFC-->8056CA9C [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->SeUnlockSubjectContext, Type: IAT modification 0xF74D9B00-->8056C3D1 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->strncmp, Type: IAT modification 0xF74D9C58-->804DB478 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->swprintf, Type: IAT modification 0xF74D9AE4-->804FCA51 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->wcslen, Type: IAT modification 0xF74D9C20-->804EA4A9 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->ZwClose, Type: IAT modification 0xF74D9B80-->804E3496 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->ZwFsControlFile, Type: IAT modification 0xF74D9B84-->804E3932 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->ZwOpenFile, Type: IAT modification 0xF74D9B88-->804E3BB2 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->ZwOpenKey, Type: IAT modification 0xF74D9C28-->804E3BEE [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->ZwQueryValueKey, Type: IAT modification 0xF74D9C24-->804E4076 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->ZwSetSecurityObject, Type: IAT modification 0xF74D9C2C-->804E4526 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->_alldiv, Type: IAT modification 0xF74D9BC4-->804DA42D [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->_alldvrm, Type: IAT modification 0xF74D9C0C-->804DA4D7 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->_allmul, Type: IAT modification 0xF74D9AB8-->804DA5B6 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->_allrem, Type: IAT modification 0xF74D9C08-->804DA627 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->_allshl, Type: IAT modification 0xF74D9C10-->804DA6DB [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->_allshr, Type: IAT modification 0xF74D9AB4-->804DA6FA [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->_except_handler3, Type: IAT modification 0xF74D9C48-->804E2EF8 [ntoskrnl.exe]
ftdisk.sys-->ntoskrnl.exe-->_purecall, Type: IAT modification 0xF74D9AD4-->8054AF1F [ntoskrnl.exe]

IDT-->Int 06h-->Invalid Opcode, Type: Inline - RelativeJump 0x804DEF1A-->804DF39A [ntoskrnl.exe]
IDT-->Int 30h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DCE90-->804DD677 [ntoskrnl.exe]
IDT-->Int 32h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DCEA4-->804DD677 [ntoskrnl.exe]
IDT-->Int 34h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DCEB8-->804DD677 [ntoskrnl.exe]
IDT-->Int 36h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DCECC-->804DD677 [ntoskrnl.exe]
IDT-->Int 38h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DCEE0-->804DD677 [ntoskrnl.exe]
IDT-->Int 3Ah-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DCEF4-->804DD677 [ntoskrnl.exe]
IDT-->Int 3Ch-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DCF08-->804DD677 [ntoskrnl.exe]
IDT-->Int 3Eh-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DCF1C-->804DD677 [ntoskrnl.exe]
IDT-->Int 40h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DCF30-->804DD677 [ntoskrnl.exe]
IDT-->Int 42h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DCF44-->804DD677 [ntoskrnl.exe]
IDT-->Int 44h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DCF58-->804DD677 [ntoskrnl.exe]
IDT-->Int 46h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DCF6C-->804DD677 [ntoskrnl.exe]
IDT-->Int 48h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DCF80-->804DD677 [ntoskrnl.exe]
IDT-->Int 4Ah-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DCF94-->804DD677 [ntoskrnl.exe]
IDT-->Int 4Ch-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DCFA8-->804DD677 [ntoskrnl.exe]
IDT-->Int 4Eh-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DCFBC-->804DD677 [ntoskrnl.exe]
IDT-->Int 52h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DCFE4-->804DD677 [ntoskrnl.exe]
IDT-->Int 54h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DCFF8-->804DD677 [ntoskrnl.exe]
IDT-->Int 56h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD00C-->804DD677 [ntoskrnl.exe]
IDT-->Int 58h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD020-->804DD677 [ntoskrnl.exe]
IDT-->Int 5Ah-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD034-->804DD677 [ntoskrnl.exe]
IDT-->Int 5Ch-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD048-->804DD677 [ntoskrnl.exe]
IDT-->Int 5Eh-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD05C-->804DD677 [ntoskrnl.exe]
IDT-->Int 60h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD070-->804DD677 [ntoskrnl.exe]
IDT-->Int 64h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD098-->804DD677 [ntoskrnl.exe]
IDT-->Int 66h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD0AC-->804DD677 [ntoskrnl.exe]
IDT-->Int 68h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD0C0-->804DD677 [ntoskrnl.exe]
IDT-->Int 6Ah-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD0D4-->804DD677 [ntoskrnl.exe]
IDT-->Int 6Ch-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD0E8-->804DD677 [ntoskrnl.exe]
IDT-->Int 6Eh-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD0FC-->804DD677 [ntoskrnl.exe]
IDT-->Int 70h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD110-->804DD677 [ntoskrnl.exe]
IDT-->Int 72h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD124-->804DD677 [ntoskrnl.exe]
IDT-->Int 74h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD138-->804DD677 [ntoskrnl.exe]
IDT-->Int 76h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD14C-->804DD677 [ntoskrnl.exe]
IDT-->Int 78h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD160-->804DD677 [ntoskrnl.exe]
IDT-->Int 7Ah-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD174-->804DD677 [ntoskrnl.exe]
IDT-->Int 7Ch-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD188-->804DD677 [ntoskrnl.exe]
IDT-->Int 7Eh-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD19C-->804DD677 [ntoskrnl.exe]
IDT-->Int 80h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD1B0-->804DD677 [ntoskrnl.exe]
IDT-->Int 84h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD1D8-->804DD677 [ntoskrnl.exe]
IDT-->Int 86h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD1EC-->804DD677 [ntoskrnl.exe]
IDT-->Int 88h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD200-->804DD677 [ntoskrnl.exe]
IDT-->Int 8Ah-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD214-->804DD677 [ntoskrnl.exe]
IDT-->Int 8Ch-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD228-->804DD677 [ntoskrnl.exe]
IDT-->Int 8Eh-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD23C-->804DD677 [ntoskrnl.exe]
IDT-->Int 90h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD250-->804DD677 [ntoskrnl.exe]
IDT-->Int 96h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD28C-->804DD677 [ntoskrnl.exe]
IDT-->Int 98h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD2A0-->804DD677 [ntoskrnl.exe]
IDT-->Int 9Ah-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD2B4-->804DD677 [ntoskrnl.exe]
IDT-->Int 9Ch-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD2C8-->804DD677 [ntoskrnl.exe]
IDT-->Int 9Eh-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD2DC-->804DD677 [ntoskrnl.exe]
IDT-->Int A0h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD2F0-->804DD677 [ntoskrnl.exe]
IDT-->Int A2h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD304-->804DD677 [ntoskrnl.exe]
IDT-->Int A4h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD318-->804DD677 [ntoskrnl.exe]
IDT-->Int A6h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD32C-->804DD677 [ntoskrnl.exe]
IDT-->Int A8h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD340-->804DD677 [ntoskrnl.exe]
IDT-->Int AAh-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD354-->804DD677 [ntoskrnl.exe]
IDT-->Int ACh-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD368-->804DD677 [ntoskrnl.exe]
IDT-->Int AEh-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD37C-->804DD677 [ntoskrnl.exe]
IDT-->Int B0h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD390-->804DD677 [ntoskrnl.exe]
IDT-->Int B2h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD3A4-->804DD677 [ntoskrnl.exe]
IDT-->Int B6h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD3CC-->804DD677 [ntoskrnl.exe]
IDT-->Int B8h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD3E0-->804DD677 [ntoskrnl.exe]
IDT-->Int BAh-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD3F4-->804DD677 [ntoskrnl.exe]
IDT-->Int BCh-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD408-->804DD677 [ntoskrnl.exe]
IDT-->Int BEh-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD41C-->804DD677 [ntoskrnl.exe]
IDT-->Int C0h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD430-->804DD677 [ntoskrnl.exe]
IDT-->Int C2h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD444-->804DD677 [ntoskrnl.exe]
IDT-->Int C4h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD458-->804DD677 [ntoskrnl.exe]
IDT-->Int C6h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD46C-->804DD677 [ntoskrnl.exe]
IDT-->Int C8h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD480-->804DD677 [ntoskrnl.exe]
IDT-->Int CAh-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD494-->804DD677 [ntoskrnl.exe]
IDT-->Int CCh-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD4A8-->804DD677 [ntoskrnl.exe]
IDT-->Int CEh-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD4BC-->804DD677 [ntoskrnl.exe]
IDT-->Int D0h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD4D0-->804DD677 [ntoskrnl.exe]
IDT-->Int D2h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD4E4-->804DD677 [ntoskrnl.exe]
IDT-->Int D4h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD4F8-->804DD677 [ntoskrnl.exe]
IDT-->Int D6h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD50C-->804DD677 [ntoskrnl.exe]
IDT-->Int D8h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD520-->804DD677 [ntoskrnl.exe]
IDT-->Int DAh-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD534-->804DD677 [ntoskrnl.exe]
IDT-->Int DCh-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD548-->804DD677 [ntoskrnl.exe]
IDT-->Int DEh-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD55C-->804DD677 [ntoskrnl.exe]
IDT-->Int E0h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD570-->804DD677 [ntoskrnl.exe]
IDT-->Int E2h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD584-->804DD677 [ntoskrnl.exe]
IDT-->Int E4h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD598-->804DD677 [ntoskrnl.exe]
IDT-->Int E6h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD5AC-->804DD677 [ntoskrnl.exe]
IDT-->Int E8h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD5C0-->804DD677 [ntoskrnl.exe]
IDT-->Int EAh-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD5D4-->804DD677 [ntoskrnl.exe]
IDT-->Int ECh-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD5E8-->804DD677 [ntoskrnl.exe]
IDT-->Int EFh-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD600-->804DD67B [ntoskrnl.exe]
IDT-->Int F2h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD615-->804DD67B [ntoskrnl.exe]
IDT-->Int F4h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD623-->804DD67B [ntoskrnl.exe]
IDT-->Int F7h-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD638-->804DD67B [ntoskrnl.exe]
IDT-->Int FAh-->Unexpected Interrupt, Type: Inline - RelativeJump 0x804DD64D-->804DD67B [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->DbgPrint, Type: IAT modification 0xF7838BF0-->80501F09 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->ExAcquireResourceExclusiveLite, Type: IAT modification 0xF7838D3C-->804DA3A4 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->ExAllocatePoolWithTag, Type: IAT modification 0xF7838E50-->80551005 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->ExAllocatePoolWithTagPriority, Type: IAT modification 0xF7838DAC-->804F3C7E [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->ExCreateCallback, Type: IAT modification 0xF7838BF4-->805BBD83 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->ExDeleteNPagedLookasideList, Type: IAT modification 0xF7838D5C-->8054AA43 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->ExfInterlockedAddUlong, Type: IAT modification 0xF7838CF4-->804E55BC [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->ExfInterlockedInsertHeadList, Type: IAT modification 0xF7838CE0-->804E55E8 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->ExfInterlockedInsertTailList, Type: IAT modification 0xF7838CF8-->804E5620 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->ExfInterlockedPopEntryList, Type: IAT modification 0xF7838D04-->804E568C [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->ExfInterlockedPushEntryList, Type: IAT modification 0xF7838D00-->804E56BC [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->ExfInterlockedRemoveHeadList, Type: IAT modification 0xF7838CFC-->804E5658 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->ExFreePoolWithTag, Type: IAT modification 0xF7838E58-->805511E6 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->ExGetCurrentProcessorCounts, Type: IAT modification 0xF7838C9C-->8054ADE9 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->ExGetCurrentProcessorCpuUsage, Type: IAT modification 0xF7838C98-->8054ADA2 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->ExInitializeNPagedLookasideList, Type: IAT modification 0xF7838DB0-->80508A20 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->ExInitializeResourceLite, Type: IAT modification 0xF7838C00-->804E9EEF [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->ExInterlockedAddLargeInteger, Type: IAT modification 0xF7838CDC-->804DBE49 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->ExNotifyCallback, Type: IAT modification 0xF7838BBC-->80519120 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->ExQueueWorkItem, Type: IAT modification 0xF7838E4C-->804DA3FC [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->ExRegisterCallback, Type: IAT modification 0xF7838BEC-->8050D0B4 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->ExReleaseResourceLite, Type: IAT modification 0xF7838D38-->804DC599 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->InterlockedPopEntrySList, Type: IAT modification 0xF7838CAC-->804E131F [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->InterlockedPushEntrySList, Type: IAT modification 0xF7838C6C-->804E1343 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->IoAcquireCancelSpinLock, Type: IAT modification 0xF7838D0C-->804E81D7 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->IoAllocateDriverObjectExtension, Type: IAT modification 0xF7838D6C-->8050999B [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->IoAllocateErrorLogEntry, Type: IAT modification 0xF7838D14-->8050BB6D [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->IoAllocateIrp, Type: IAT modification 0xF7838D74-->804EAFBD [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->IoAllocateMdl, Type: IAT modification 0xF7838C74-->804EDDB1 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->IoAttachDeviceToDeviceStack, Type: IAT modification 0xF7838D64-->80506BF6 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->IoBuildPartialMdl, Type: IAT modification 0xF7838C78-->804EE132 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->IoBuildSynchronousFsdRequest, Type: IAT modification 0xF7838D50-->80518DB9 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->IoCancelIrp, Type: IAT modification 0xF7838D54-->805184C1 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->IoConnectInterrupt, Type: IAT modification 0xF7838D7C-->805B07B1 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->IoCreateDevice, Type: IAT modification 0xF7838C10-->805A170C [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->IoCreateSymbolicLink, Type: IAT modification 0xF7838C0C-->805D2EFF [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->IoDeleteDevice, Type: IAT modification 0xF7838D34-->80505760 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->IoDeleteSymbolicLink, Type: IAT modification 0xF7838D1C-->805D7E64 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->IoDetachDevice, Type: IAT modification 0xF7838D60-->80507FC4 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->IoDisconnectInterrupt, Type: IAT modification 0xF7838D84-->805AF3E9 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->IofCallDriver, Type: IAT modification 0xF7838D4C-->804E13B9 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->IofCompleteRequest, Type: IAT modification 0xF7838BE0-->804E17CF [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->IoFreeIrp, Type: IAT modification 0xF7838D70-->804EAF62 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->IoFreeMdl, Type: IAT modification 0xF7838E54-->804EDE66 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->IoGetDeviceProperty, Type: IAT modification 0xF7838C3C-->8059BFB5 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->IoGetDmaAdapter, Type: IAT modification 0xF7838D40-->805C3C25 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->IoGetDriverObjectExtension, Type: IAT modification 0xF7838CC0-->8050582A [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->IoGetFileObjectGenericMapping, Type: IAT modification 0xF7838DD0-->80579683 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->IoInvalidateDeviceState, Type: IAT modification 0xF7838C48-->8050BADF [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->IoOpenDeviceRegistryKey, Type: IAT modification 0xF7838C24-->8059D062 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->IoRegisterDeviceInterface, Type: IAT modification 0xF7838D20-->805DCC64 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->IoReleaseCancelSpinLock, Type: IAT modification 0xF7838D08-->804E81BD [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->IoSetDeviceInterfaceState, Type: IAT modification 0xF7838C40-->805D7867 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->IoUnregisterShutdownNotification, Type: IAT modification 0xF7838CBC-->80665347 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->IoWMIRegistrationControl, Type: IAT modification 0xF7838CD4-->805A218B [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->IoWMIWriteEvent, Type: IAT modification 0xF7838BB8-->805094CA [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->IoWriteErrorLogEntry, Type: IAT modification 0xF7838D10-->8050BDCD [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->KeBugCheckEx, Type: IAT modification 0xF7838CD0-->8053769F [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->KeCancelTimer, Type: IAT modification 0xF7838D30-->804E61C5 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->KeDeregisterBugCheckCallback, Type: IAT modification 0xF7838D48-->805368B7 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->KefAcquireSpinLockAtDpcLevel, Type: IAT modification 0xF7838E30-->804E2427 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->KefReleaseSpinLockFromDpcLevel, Type: IAT modification 0xF7838E34-->804E2468 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->KeGetRecommendedSharedDataAlignment, Type: IAT modification 0xF7838D58-->80508931 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->KeInitializeDpc, Type: IAT modification 0xF7838D24-->804E7DB8 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->KeInitializeEvent, Type: IAT modification 0xF7838BC8-->804E7DE6 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->KeInitializeMutex, Type: IAT modification 0xF7838BE4-->80518BE3 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->KeInitializeQueue, Type: IAT modification 0xF7838BFC-->804FE890 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->KeInitializeSpinLock, Type: IAT modification 0xF7838C08-->804E2417 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->KeInitializeTimer, Type: IAT modification 0xF7838D2C-->804EC4FB [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->KeInitializeTimerEx, Type: IAT modification 0xF7838CCC-->804EC513 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->KeInsertQueue, Type: IAT modification 0xF7838CD8-->804E5AB9 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->KeInsertQueueDpc, Type: IAT modification 0xF7838D18-->804D968D [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->KeNumberProcessors, Type: IAT modification 0xF7838C14-->8055BA60 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->KeQuerySystemTime, Type: IAT modification 0xF7838BF8-->804D95AF [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->KeQueryTimeIncrement, Type: IAT modification 0xF7838C04-->804E5A3E [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->KeRegisterBugCheckCallback, Type: IAT modification 0xF7838D44-->8050DB2A [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->KeReleaseMutex, Type: IAT modification 0xF7838BC4-->804E8508 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->KeRemoveQueue, Type: IAT modification 0xF7838E40-->804E21B4 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->KeResetEvent, Type: IAT modification 0xF7838CA0-->804E8525 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->KeSetEvent, Type: IAT modification 0xF7838CEC-->804E20A9 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->KeSetImportanceDpc, Type: IAT modification 0xF7838D28-->804EC82B [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->KeSetTargetProcessorDpc, Type: IAT modification 0xF7838D80-->80509693 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->KeSetTimer, Type: IAT modification 0xF7838CC8-->804E216F [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->KeSetTimerEx, Type: IAT modification 0xF7838CC4-->804E210E [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->KeSynchronizeExecution, Type: IAT modification 0xF7838D78-->804DB68A [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->KeTickCount, Type: IAT modification 0xF7838C68-->8055A000 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->KeWaitForSingleObject, Type: IAT modification 0xF7838BCC-->804DC400 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->memmove, Type: IAT modification 0xF7838CE8-->804DADC5 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->MmAddVerifierThunks, Type: IAT modification 0xF7838DA4-->8062BAF4 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->MmAllocateContiguousMemory, Type: IAT modification 0xF7838C58-->8050C3E2 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->MmAllocateNonCachedMemory, Type: IAT modification 0xF7838C5C-->8062CC8A [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->MmBuildMdlForNonPagedPool, Type: IAT modification 0xF7838C70-->804EDEBC [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->MmFreeContiguousMemory, Type: IAT modification 0xF7838C60-->80504F19 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->MmFreeNonCachedMemory, Type: IAT modification 0xF7838C64-->8062CDBB [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->MmIsDriverVerifying, Type: IAT modification 0xF7838D68-->8050E225 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->MmIsVerifierEnabled, Type: IAT modification 0xF7838DA8-->805B84D1 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->MmLockPagableDataSection, Type: IAT modification 0xF7838C50-->805E7DA9 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->MmLockPagableSectionByHandle, Type: IAT modification 0xF7838C54-->805E09D2 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->MmMapIoSpace, Type: IAT modification 0xF7838C80-->8050B5CA [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->MmMapLockedPages, Type: IAT modification 0xF7838C7C-->804F97B4 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->MmMapLockedPagesSpecifyCache, Type: IAT modification 0xF7838CA8-->804EDF4C [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->MmUnlockPagableImageSection, Type: IAT modification 0xF7838C4C-->8051A1AB [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->MmUnmapIoSpace, Type: IAT modification 0xF7838C84-->8050B721 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->NtClose, Type: IAT modification 0xF7838E48-->8056F8D7 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->ObfDereferenceObject, Type: IAT modification 0xF7838CB4-->804E1930 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->ObfReferenceObject, Type: IAT modification 0xF7838E3C-->804DA06B [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->ObGetObjectSecurity, Type: IAT modification 0xF7838DF4-->8056C287 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->ObReleaseObjectSecurity, Type: IAT modification 0xF7838DD4-->8056C241 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->ObSetSecurityObjectByPointer, Type: IAT modification 0xF7838DD8-->805DFBEF [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->PoCallDriver, Type: IAT modification 0xF7838D94-->805072A3 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->PoRequestPowerIrp, Type: IAT modification 0xF7838D8C-->80507355 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->PoSetPowerState, Type: IAT modification 0xF7838D98-->80507E25 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->PoStartNextPowerIrp, Type: IAT modification 0xF7838D90-->80507169 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->PsCreateSystemThread, Type: IAT modification 0xF7838E44-->805762A6 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->PsGetCurrentThread, Type: IAT modification 0xF7838E38-->804E5DA7 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->RtlAddAccessAllowedAce, Type: IAT modification 0xF7838DB8-->805852BE [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->RtlAnsiStringToUnicodeString, Type: IAT modification 0xF7838CF0-->8058DB92 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->RtlAppendUnicodeStringToString, Type: IAT modification 0xF7838BD0-->804F7BCC [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->RtlAppendUnicodeToString, Type: IAT modification 0xF7838C38-->804F5F19 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->RtlCharToInteger, Type: IAT modification 0xF7838C28-->8063C903 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->RtlCopyUnicodeString, Type: IAT modification 0xF7838BD4-->804F2DB1 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->RtlCreateAcl, Type: IAT modification 0xF7838DBC-->8057545D [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->RtlCreateSecurityDescriptor, Type: IAT modification 0xF7838E04-->8056FC49 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->RtlEqualUnicodeString, Type: IAT modification 0xF7838C34-->8056C684 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->RtlExtendedIntegerMultiply, Type: IAT modification 0xF7838C94-->804DBD08 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->RtlFreeAnsiString, Type: IAT modification 0xF7838BD8-->80582BB6 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->RtlFreeUnicodeString, Type: IAT modification 0xF7838CB8-->80582BB6 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->RtlGetAce, Type: IAT modification 0xF7838DB4-->805AEF9A [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->RtlGetCallersAddress, Type: IAT modification 0xF7838CB0-->804DA198 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->RtlGetDaclSecurityDescriptor, Type: IAT modification 0xF7838DF0-->805B1763 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->RtlGetGroupSecurityDescriptor, Type: IAT modification 0xF7838DE8-->805BBF77 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->RtlGetOwnerSecurityDescriptor, Type: IAT modification 0xF7838DEC-->805BBF35 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->RtlGetSaclSecurityDescriptor, Type: IAT modification 0xF7838DE4-->805BBF00 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->RtlImageDirectoryEntryToData, Type: IAT modification 0xF7838BC0-->804FE293 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->RtlInitAnsiString, Type: IAT modification 0xF7838DA0-->804DA26D [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->RtlInitializeSid, Type: IAT modification 0xF7838DC4-->80588972 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->RtlInitUnicodeString, Type: IAT modification 0xF7838E28-->804DA2A5 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->RtlLengthRequiredSid, Type: IAT modification 0xF7838DC8-->80581CA2 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->RtlLengthSecurityDescriptor, Type: IAT modification 0xF7838E00-->805753C9 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->RtlLengthSid, Type: IAT modification 0xF7838DC0-->805DF5CA [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->RtlMapGenericMask, Type: IAT modification 0xF7838DCC-->8056FDCA [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->RtlQueryRegistryValues, Type: IAT modification 0xF7838E24-->8059B907 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->abso&amp;#406;ute, Type: IAT modification 0xF7838DE0-->805BEC83 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->RtlSetDaclSecurityDescriptor, Type: IAT modification 0xF7838DDC-->80585052 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->RtlSetGroupSecurityDescriptor, Type: IAT modification 0xF7838E1C-->805D347C [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->RtlSetOwnerSecurityDescriptor, Type: IAT modification 0xF7838E20-->805DFC36 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->RtlUnicodeStringToAnsiString, Type: IAT modification 0xF7838BDC-->8058C6CD [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->RtlUnicodeStringToInteger, Type: IAT modification 0xF7838C30-->805E4C39 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->RtlUpcaseUnicodeString, Type: IAT modification 0xF7838E2C-->80570494 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->RtlWriteRegistryValue, Type: IAT modification 0xF7838C18-->805B61D7 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->SeAccessCheck, Type: IAT modification 0xF7838E14-->8056C2C7 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->SeAppendPrivileges, Type: IAT modification 0xF7838E10-->8058AF21 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->SeExports, Type: IAT modification 0xF7838DF8-->8069AD50 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->SeFreePrivileges, Type: IAT modification 0xF7838E0C-->80581CCE [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->SeLockSubjectContext, Type: IAT modification 0xF7838E18-->8056C39C [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->SeSetSecurityDescriptorInfo, Type: IAT modification 0xF7838DFC-->805DFAD7 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->SeSinglePrivilegeCheck, Type: IAT modification 0xF7838D9C-->8057898F [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->SeUnlockSubjectContext, Type: IAT modification 0xF7838E08-->8056C3D1 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->ZwClose, Type: IAT modification 0xF7838C1C-->804E3496 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->ZwCreateFile, Type: IAT modification 0xF7838C90-->804E3586 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->ZwEnumerateKey, Type: IAT modification 0xF7838C2C-->804E382E [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->ZwLoadDriver, Type: IAT modification 0xF7838D88-->804E3A36 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->ZwOpenKey, Type: IAT modification 0xF7838C20-->804E3BEE [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->ZwPowerInformation, Type: IAT modification 0xF7838BE8-->804E3D06 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->ZwQueryInformationFile, Type: IAT modification 0xF7838C8C-->804E3E6E [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->ZwReadFile, Type: IAT modification 0xF7838C88-->804E40EE [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->_alldiv, Type: IAT modification 0xF7838C44-->804DA42D [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->_allmul, Type: IAT modification 0xF7838CA4-->804DA5B6 [ntoskrnl.exe]
ndis.sys-->ntoskrnl.exe-->_except_handler3, Type: IAT modification 0xF7838CE4-->804E2EF8 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->CcCanIWrite, Type: IAT modification 0xF7B69C0C-->804F836E [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->CcCopyRead, Type: IAT modification 0xF7B6A03C-->8057B042 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->CcCopyWrite, Type: IAT modification 0xF7B69C08-->804F8648 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->CcDeferWrite, Type: IAT modification 0xF7B69DFC-->8052F7C5 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->CcFastCopyRead, Type: IAT modification 0xF7B69E58-->8058B0E9 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->CcFastCopyWrite, Type: IAT modification 0xF7B69E64-->80514419 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->CcFastMdlReadWait, Type: IAT modification 0xF7B69E68-->8055F5C4 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->CcFlushCache, Type: IAT modification 0xF7B69BC8-->804ECEE7 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->CcGetDirtyPages, Type: IAT modification 0xF7B69E9C-->804F0014 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->CcInitializeCacheMap, Type: IAT modification 0xF7B69C70-->804F5140 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->CcMapData, Type: IAT modification 0xF7B69C7C-->8057BE0A [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->CcMdlRead, Type: IAT modification 0xF7B69DF4-->8061BE7D [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->CcMdlReadComplete, Type: IAT modification 0xF7B69C8C-->8061C130 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->CcMdlWriteAbort, Type: IAT modification 0xF7B69EE4-->8052FF2F [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->CcMdlWriteComplete, Type: IAT modification 0xF7B69C10-->8061C175 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->CcPinMappedData, Type: IAT modification 0xF7B69C80-->8057BFF4 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->CcPinRead, Type: IAT modification 0xF7B69C84-->8058ACDD [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->CcPrepareMdlWrite, Type: IAT modification 0xF7B69C18-->8052FFE3 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->CcPreparePinWrite, Type: IAT modification 0xF7B69C88-->80572491 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->CcPurgeCacheSection, Type: IAT modification 0xF7B69DE0-->804F7D86 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->CcRemapBcb, Type: IAT modification 0xF7B69EB4-->804F2AD9 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->CcSetAdditionalCacheAttributes, Type: IAT modification 0xF7B69E3C-->8050244A [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->CcSetBcbOwnerPointer, Type: IAT modification 0xF7B69D88-->80572572 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->CcSetDirtyPinnedData, Type: IAT modification 0xF7B69BF4-->804EF448 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->CcSetFileSizes, Type: IAT modification 0xF7B6A040-->804F7592 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->CcSetLogHandleForFile, Type: IAT modification 0xF7B69C6C-->80582D00 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->CcSetReadAheadGranularity, Type: IAT modification 0xF7B69F7C-->804F549C [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->CcUninitializeCacheMap, Type: IAT modification 0xF7B69C68-->804F5570 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->CcUnpinData, Type: IAT modification 0xF7B6A038-->8057BDBC [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->CcUnpinDataForThread, Type: IAT modification 0xF7B69D84-->8057259C [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->CcWaitForCurrentLazyWriterActivity, Type: IAT modification 0xF7B69D24-->80530311 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->CcZeroData, Type: IAT modification 0xF7B69C94-->805E656C [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->DbgBreakPoint, Type: IAT modification 0xF7B69C9C-->804E2A66 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->DbgPrint, Type: IAT modification 0xF7B69CA0-->80501F09 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->ExAcquireFastMutexUnsafe, Type: IAT modification 0xF7B6A010-->804DBE15 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->ExAcquireResourceExclusiveLite, Type: IAT modification 0xF7B6A034-->804DA3A4 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->ExAcquireResourceSharedLite, Type: IAT modification 0xF7B6A030-->804E1980 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->ExAcquireSharedStarveExclusive, Type: IAT modification 0xF7B69E98-->804EF378 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->ExAcquireSharedWaitForExclusive, Type: IAT modification 0xF7B69F84-->804F2B23 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->ExAllocatePoolWithTag, Type: IAT modification 0xF7B6A014-->80551005 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->ExDeleteNPagedLookasideList, Type: IAT modification 0xF7B6A058-->8054AA43 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->ExDeletePagedLookasideList, Type: IAT modification 0xF7B6A054-->8054AA98 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->ExDeleteResourceLite, Type: IAT modification 0xF7B69E84-->804E9E92 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->ExFreePoolWithTag, Type: IAT modification 0xF7B6A01C-->805511E6 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->ExGetExclusiveWaiterCount, Type: IAT modification 0xF7B69D98-->80549D3A [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->ExInitializeNPagedLookasideList, Type: IAT modification 0xF7B69F14-->80508A20 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->ExInitializePagedLookasideList, Type: IAT modification 0xF7B69F10-->805B6911 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->ExInitializeResourceLite, Type: IAT modification 0xF7B69E88-->804E9EEF [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->ExIsResourceAcquiredExclusiveLite, Type: IAT modification 0xF7B69BCC-->804F28C9 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->ExIsResourceAcquiredSharedLite, Type: IAT modification 0xF7B69CF8-->804EB012 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->ExQueueWorkItem, Type: IAT modification 0xF7B69CE4-->804DA3FC [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->ExRaiseStatus, Type: IAT modification 0xF7B69BC0-->804E31CC [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->ExReinitializeResourceLite, Type: IAT modification 0xF7B69FC8-->804FC2A7 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->ExReleaseFastMutexUnsafe, Type: IAT modification 0xF7B6A024-->804DBE35 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->ExReleaseResourceForThreadLite, Type: IAT modification 0xF7B69D80-->804EFF24 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->ExReleaseResourceLite, Type: IAT modification 0xF7B6A028-->804DC599 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->ExUuidCreate, Type: IAT modification 0xF7B69F50-->805E9C7C [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlAddLargeMcbEntry, Type: IAT modification 0xF7B69C5C-->804F7EB3 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlAddToTunnelCache, Type: IAT modification 0xF7B69CB4-->80589455 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlAllocateFileLock, Type: IAT modification 0xF7B69FC4-->805167C9 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlAreNamesEqual, Type: IAT modification 0xF7B69BE4-->805796A1 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlBalanceReads, Type: IAT modification 0xF7B69E40-->805BBFE2 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlCheckLockForReadAccess, Type: IAT modification 0xF7B69F80-->804F45B3 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlCheckLockForWriteAccess, Type: IAT modification 0xF7B69BE8-->804F7E6A [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlCheckOplock, Type: IAT modification 0xF7B69BF0-->804E942F [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlCurrentBatchOplock, Type: IAT modification 0xF7B69D14-->80579721 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlDeleteKeyFromTunnelCache, Type: IAT modification 0xF7B69CC4-->805E5B4A [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlDeleteTunnelCache, Type: IAT modification 0xF7B69FE8-->805D2CC5 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlDissectName, Type: IAT modification 0xF7B69D38-->8057B388 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlDoesNameContainWildCards, Type: IAT modification 0xF7B69CF0-->8057B89A [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlFastCheckLockForRead, Type: IAT modification 0xF7B69EC8-->804F7292 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlFastCheckLockForWrite, Type: IAT modification 0xF7B69EC4-->8051657A [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlFastUnlockAll, Type: IAT modification 0xF7B69CB8-->804F56F1 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlFastUnlockAllByKey, Type: IAT modification 0xF7B69E7C-->80530F4F [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlFastUnlockSingle, Type: IAT modification 0xF7B69E78-->805161EE [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlFindInTunnelCache, Type: IAT modification 0xF7B69D2C-->80583E5B [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlFreeFileLock, Type: IAT modification 0xF7B69FC0-->804FE989 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlGetNextLargeMcbEntry, Type: IAT modification 0xF7B69C34-->804EC915 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlIncrementCcFastReadNotPossible, Type: IAT modification 0xF7B69E54-->8061CC15 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlIncrementCcFastReadNoWait, Type: IAT modification 0xF7B69E5C-->805305EE [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlIncrementCcFastReadResourceMiss, Type: IAT modification 0xF7B69E50-->80530605 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlIncrementCcFastReadWait, Type: IAT modification 0xF7B69E60-->80574B0D [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlInitializeLargeMcb, Type: IAT modification 0xF7B69E70-->804FBC9A [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlInitializeOplock, Type: IAT modification 0xF7B69FDC-->80573E48 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlInitializeTunnelCache, Type: IAT modification 0xF7B69FD0-->805D2C50 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlIsFatDbcsLegal, Type: IAT modification 0xF7B69EC0-->805898AF [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlIsNameInExpression, Type: IAT modification 0xF7B69CEC-->8057B8D3 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlIsNtstatusExpected, Type: IAT modification 0xF7B69C98-->8050A3A2 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlIsTotalDeviceFailure, Type: IAT modification 0xF7B69D8C-->80503910 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlLegalAnsiCharacterArray, Type: IAT modification 0xF7B69DCC-->804D8168 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlLookupLargeMcbEntry, Type: IAT modification 0xF7B69C58-->804ECD15 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlLookupLastLargeMcbEntry, Type: IAT modification 0xF7B69EA4-->804F910E [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlMdlReadCompleteDev, Type: IAT modification 0xF7B69F4C-->805305BD [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlMdlWriteCompleteDev, Type: IAT modification 0xF7B69F48-->8061CBC3 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlNormalizeNtstatus, Type: IAT modification 0xF7B69BC4-->8050A3D5 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlNotifyCleanup, Type: IAT modification 0xF7B69CC8-->805E2B73 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlNotifyFilterChangeDirectory, Type: IAT modification 0xF7B69CCC-->80587F0F [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlNotifyFilterReportChange, Type: IAT modification 0xF7B69CC0-->8057C0FA [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlNotifyInitializeSync, Type: IAT modification 0xF7B69FCC-->8059E2D8 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlNotifyUninitializeSync, Type: IAT modification 0xF7B69FEC-->80583A91 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlNotifyVolumeEvent, Type: IAT modification 0xF7B69CA8-->805AB55A [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlNumberOfRunsInLargeMcb, Type: IAT modification 0xF7B69EA8-->804F91C1 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlOplockFsctrl, Type: IAT modification 0xF7B69D04-->805DCF14 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlOplockIsFastIoPossible, Type: IAT modification 0xF7B69BEC-->8056FE85 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlPostPagingFileStackOverflow, Type: IAT modification 0xF7B69F8C-->80531DEB [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlPostStackOverflow, Type: IAT modification 0xF7B69F88-->80531DC8 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlPrivateLock, Type: IAT modification 0xF7B69E74-->80515DBA [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlProcessFileLock, Type: IAT modification 0xF7B69E80-->80500AC5 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlRemoveLargeMcbEntry, Type: IAT modification 0xF7B69C54-->804FD588 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlResetLargeMcb, Type: IAT modification 0xF7B69E90-->804ECA20 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlSplitLargeMcb, Type: IAT modification 0xF7B69EAC-->8053085B [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlTeardownPerStreamContexts, Type: IAT modification 0xF7B69FE0-->8057C788 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlTruncateLargeMcb, Type: IAT modification 0xF7B69EB0-->804F8FCB [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlUninitializeLargeMcb, Type: IAT modification 0xF7B69E6C-->804FC309 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->FsRtlUninitializeOplock, Type: IAT modification 0xF7B69FD8-->804FC261 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->InterlockedPopEntrySList, Type: IAT modification 0xF7B69BD4-->804E131F [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->InterlockedPushEntrySList, Type: IAT modification 0xF7B69BD8-->804E1343 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->IoAcquireCancelSpinLock, Type: IAT modification 0xF7B69EE0-->804E81D7 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->IoAcquireVpbSpinLock, Type: IAT modification 0xF7B69F94-->805058D0 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->IoAllocateErrorLogEntry, Type: IAT modification 0xF7B69FF8-->8050BB6D [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->IoAllocateMdl, Type: IAT modification 0xF7B69D64-->804EDDB1 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->IoBuildAsynchronousFsdRequest, Type: IAT modification 0xF7B69DB4-->804FC59C [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->IoBuildDeviceIoControlRequest, Type: IAT modification 0xF7B69DF0-->80518674 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->IoBuildPartialMdl, Type: IAT modification 0xF7B69D58-->804EE132 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->IoBuildSynchronousFsdRequest, Type: IAT modification 0xF7B69E0C-->80518DB9 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->IoCancelIrp, Type: IAT modification 0xF7B69D40-->805184C1 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->IoCheckEaBufferValidity, Type: IAT modification 0xF7B69CF4-->8059E280 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->IoCheckQuotaBufferValidity, Type: IAT modification 0xF7B69F74-->8061FFC4 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->IoCheckShareAccess, Type: IAT modification 0xF7B69D10-->8057B23E [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->IoCreateDevice, Type: IAT modification 0xF7B69E4C-->805A170C [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->IoCreateStreamFileObjectLite, Type: IAT modification 0xF7B69C74-->8057BB83 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->IoDeleteDevice, Type: IAT modification 0xF7B69FE4-->80505760 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->IofCallDriver, Type: IAT modification 0xF7B69D50-->804E13B9 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->IofCompleteRequest, Type: IAT modification 0xF7B69CE0-->804E17CF [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->IoFileObjectType, Type: IAT modification 0xF7B69DA4-->80560D58 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->IoFreeErrorLogEntry, Type: IAT modification 0xF7B6A04C-->80532315 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->IoFreeIrp, Type: IAT modification 0xF7B69D7C-->804EAF62 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->IoFreeMdl, Type: IAT modification 0xF7B69D5C-->804EDE66 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->IoGetCurrentProcess, Type: IAT modification 0xF7B69CE8-->804E5E36 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->IoGetDeviceObjectPointer, Type: IAT modification 0xF7B6A05C-->805E3B29 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->IoGetFileObjectGenericMapping, Type: IAT modification 0xF7B69E38-->80579683 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->IoGetRelatedDeviceObject, Type: IAT modification 0xF7B69E10-->804E8430 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->IoGetRequestorProcess, Type: IAT modification 0xF7B69CBC-->804F4331 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->IoGetStackLimits, Type: IAT modification 0xF7B69C28-->804DC214 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->IoGetTopLevelIrp, Type: IAT modification 0xF7B69C1C-->804E84B2 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->IoIsOperationSynchronous, Type: IAT modification 0xF7B69D4C-->804EAFCE [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->IoIsSystemThread, Type: IAT modification 0xF7B69EE8-->80514E6B [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->IoMakeAssociatedIrp, Type: IAT modification 0xF7B69D90-->80513B48 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->IoPageRead, Type: IAT modification 0xF7B6A048-->804FB224 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->IoRaiseInformationalHardError, Type: IAT modification 0xF7B69ECC-->805324C7 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->IoRegisterDriverReinitialization, Type: IAT modification 0xF7B69F30-->805C5D02 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->IoRegisterFileSystem, Type: IAT modification 0xF7B69F3C-->805AF1B5 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->IoReleaseCancelSpinLock, Type: IAT modification 0xF7B69EDC-->804E81BD [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->IoReleaseVpbSpinLock, Type: IAT modification 0xF7B69F90-->805058EC [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->IoRemoveShareAccess, Type: IAT modification 0xF7B69CB0-->80579BF4 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->IoSetDeviceToVerify, Type: IAT modification 0xF7B69FFC-->8050A388 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->IoSetInformation, Type: IAT modification 0xF7B69D00-->8062098F [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->IoSetShareAccess, Type: IAT modification 0xF7B69D0C-->80579C54 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->IoSetTopLevelIrp, Type: IAT modification 0xF7B69CD8-->804E8495 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->IoSynchronousPageWrite, Type: IAT modification 0xF7B6A050-->804EEC16 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->IoUpdateShareAccess, Type: IAT modification 0xF7B69D08-->8057BB20 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->IoVolumeDeviceToDosName, Type: IAT modification 0xF7B69ED8-->80534DE2 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->IoWriteErrorLogEntry, Type: IAT modification 0xF7B69FF4-->8050BDCD [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->KdDebuggerEnabled, Type: IAT modification 0xF7B69CA4-->8055BA41 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->KeBugCheck, Type: IAT modification 0xF7B69F40-->80537679 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->KeBugCheckEx, Type: IAT modification 0xF7B69C90-->8053769F [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->KeClearEvent, Type: IAT modification 0xF7B69D34-->804E5AA4 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->KeDelayExecutionThread, Type: IAT modification 0xF7B69D9C-->804E14F6 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->KeEnterCriticalRegion, Type: IAT modification 0xF7B69CDC-->804D95F2 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->KeGetCurrentThread, Type: IAT modification 0xF7B69D68-->804DB622 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->KeInitializeDpc, Type: IAT modification 0xF7B69F34-->804E7DB8 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->KeInitializeEvent, Type: IAT modification 0xF7B69D48-->804E7DE6 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->KeInitializeMutant, Type: IAT modification 0xF7B69F44-->804FA804 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->KeInitializeSpinLock, Type: IAT modification 0xF7B69E8C-->804E2417 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->KeInitializeTimer, Type: IAT modification 0xF7B69F38-->804EC4FB [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->KeLeaveCriticalRegion, Type: IAT modification 0xF7B69CD4-->804D9604 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->KeNumberProcessors, Type: IAT modification 0xF7B69DF8-->8055BA60 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->KeQuerySystemTime, Type: IAT modification 0xF7B69BDC-->804D95AF [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->KeReleaseMutant, Type: IAT modification 0xF7B69C60-->804D9B4C [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->KeSetEvent, Type: IAT modification 0xF7B69CFC-->804E20A9 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->KeSetKernelStackSwapEnable, Type: IAT modification 0xF7B69D44-->804F45DC [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->KeSetPriorityThread, Type: IAT modification 0xF7B69EA0-->804EC21C [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->KeSetTimer, Type: IAT modification 0xF7B69E94-->804E216F [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->KeStackAttachProcess, Type: IAT modification 0xF7B6A064-->804F3FC5 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->KeTickCount, Type: IAT modification 0xF7B6A000-->8055A000 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->KeUnstackDetachProcess, Type: IAT modification 0xF7B6A060-->804F4029 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->KeWaitForSingleObject, Type: IAT modification 0xF7B69C78-->804DC400 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->memmove, Type: IAT modification 0xF7B6A020-->804DADC5 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->MmBuildMdlForNonPagedPool, Type: IAT modification 0xF7B69D78-->804EDEBC [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->MmCanFileBeTruncated, Type: IAT modification 0xF7B69BFC-->804F719D [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->MmFlushImageSection, Type: IAT modification 0xF7B69CD0-->804F710E [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->MmIsThisAnNtAsSystem, Type: IAT modification 0xF7B69F18-->80509675 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->MmMapLockedPagesSpecifyCache, Type: IAT modification 0xF7B69C14-->804EDF4C [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->MmPrefetchPages, Type: IAT modification 0xF7B69E14-->8059AB16 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->MmProbeAndLockPages, Type: IAT modification 0xF7B69D60-->804F6BFF [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->MmQuerySystemSize, Type: IAT modification 0xF7B69F1C-->8050896A [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->MmSetAddressRangeModified, Type: IAT modification 0xF7B69BF8-->804EF03B [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->MmUnlockPages, Type: IAT modification 0xF7B69DB0-->804F6EB5 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->MmUnmapLockedPages, Type: IAT modification 0xF7B69D54-->804EE0B8 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->NlsMbOemCodePageTag, Type: IAT modification 0xF7B69DD4-->8069A720 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->NlsOemLeadByteInfo, Type: IAT modification 0xF7B69DD0-->8056C4C0 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->ObfDereferenceObject, Type: IAT modification 0xF7B69C64-->804E1930 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->ObfReferenceObject, Type: IAT modification 0xF7B69D94-->804DA06B [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->ObGetObjectSecurity, Type: IAT modification 0xF7B69D1C-->8056C287 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->ObQueryNameString, Type: IAT modification 0xF7B69E44-->8058F2D9 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->ObQueryObjectAuditingByHandle, Type: IAT modification 0xF7B69DDC-->80589506 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->ObReferenceObjectByHandle, Type: IAT modification 0xF7B69DA0-->8056C559 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->ObReferenceObjectByPointer, Type: IAT modification 0xF7B6A094-->804EA5A1 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->ObReleaseObjectSecurity, Type: IAT modification 0xF7B69D18-->8056C241 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->PoQueueShutdownWorkItem, Type: IAT modification 0xF7B6A078-->805C5BB2 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->ProbeForRead, Type: IAT modification 0xF7B69E08-->805838BB [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->ProbeForWrite, Type: IAT modification 0xF7B69E18-->8056E89F [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->PsCreateSystemThread, Type: IAT modification 0xF7B6A070-->805762A6 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->PsDereferenceImpersonationToken, Type: IAT modification 0xF7B6A084-->80635413 [ntoskrnl.exe]

ntfs.sys-->ntoskrnl.exe-->PsImpersonateClient, Type: IAT modification 0xF7B6A088-->80580C82 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->PsLookupProcessByProcessId, Type: IAT modification 0xF7B6A068-->8057F50F [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->PsReferenceImpersonationToken, Type: IAT modification 0xF7B6A08C-->8056C2A5 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->PsRevertToSelf, Type: IAT modification 0xF7B6A080-->805B1467 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlAddAccessAllowedAce, Type: IAT modification 0xF7B69EFC-->805852BE [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlAppendUnicodeStringToString, Type: IAT modification 0xF7B69ED0-->804F7BCC [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlAreBitsClear, Type: IAT modification 0xF7B69C48-->804F8F41 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlAreBitsSet, Type: IAT modification 0xF7B69C38-->804F9056 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlClearBits, Type: IAT modification 0xF7B69C30-->804EA9A5 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlCompareMemory, Type: IAT modification 0xF7B69BE0-->804E5080 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlCompareString, Type: IAT modification 0xF7B69DC4-->8063BFEB [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlCompressBuffer, Type: IAT modification 0xF7B69DAC-->80671217 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlCopyUnicodeString, Type: IAT modification 0xF7B69ED4-->804F2DB1 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlCreateAcl, Type: IAT modification 0xF7B69F00-->8057545D [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlCreateSecurityDescriptor, Type: IAT modification 0xF7B69EF8-->8056FC49 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlDecompressBuffer, Type: IAT modification 0xF7B69D6C-->8063D129 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlDecompressFragment, Type: IAT modification 0xF7B69D70-->805DD2DD [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlDelete, Type: IAT modification 0xF7B69F54-->804F2FC1 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlDeleteElementGenericTableAvl, Type: IAT modification 0xF7B69CAC-->804FC1E2 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlEnumerateGenericTableAvl, Type: IAT modification 0xF7B69FF0-->80500A83 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlEnumerateGenericTableWithoutSplayingAvl, Type: IAT modification 0xF7B69FBC-->80500AA8 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlEqualSid, Type: IAT modification 0xF7B69F6C-->80573938 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlFillMemoryUlong, Type: IAT modification 0xF7B6A044-->804E5170 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlFindClearBits, Type: IAT modification 0xF7B69C4C-->804F044D [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlFindClearRuns, Type: IAT modification 0xF7B69C50-->80503A42 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlFindLastBackwardRunClear, Type: IAT modification 0xF7B69C3C-->805035B1 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlFindNextForwardRunClear, Type: IAT modification 0xF7B6A00C-->80513474 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlFreeOemString, Type: IAT modification 0xF7B69EB8-->805E5654 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlGenerate8dot3Name, Type: IAT modification 0xF7B69C00-->80588A90 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlGetCompressionWorkSpaceSize, Type: IAT modification 0xF7B69D74-->80665146 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlGetOwnerSecurityDescriptor, Type: IAT modification 0xF7B69D28-->805BBF35 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlInitializeBitMap, Type: IAT modification 0xF7B6A018-->8057BF4E [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlInitializeGenericTableAvl, Type: IAT modification 0xF7B69F78-->804FF7A5 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlInitializeSid, Type: IAT modification 0xF7B69F08-->80588972 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlInitString, Type: IAT modification 0xF7B69DC8-->804DA235 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlInitUnicodeString, Type: IAT modification 0xF7B69BD0-->804DA2A5 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlInsertElementGenericTableAvl, Type: IAT modification 0xF7B69FD4-->80519427 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlInsertElementGenericTableFullAvl, Type: IAT modification 0xF7B69F60-->804FBC0B [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlLengthRequiredSid, Type: IAT modification 0xF7B69F0C-->80581CA2 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlLengthSecurityDescriptor, Type: IAT modification 0xF7B69EEC-->805753C9 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlLengthSid, Type: IAT modification 0xF7B69E20-->805DF5CA [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlLookupElementGenericTableAvl, Type: IAT modification 0xF7B69DB8-->805152BA [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlLookupElementGenericTableFullAvl, Type: IAT modification 0xF7B69F64-->804F5BDE [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlMapGenericMask, Type: IAT modification 0xF7B69E34-->8056FDCA [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlNumberOfClearBits, Type: IAT modification 0xF7B69C40-->80503664 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlSetBits, Type: IAT modification 0xF7B69C2C-->804F03FD [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlSetDaclSecurityDescriptor, Type: IAT modification 0xF7B69EF4-->80585052 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlSplay, Type: IAT modification 0xF7B69F58-->804F345D [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlSubAuthoritySid, Type: IAT modification 0xF7B69F04-->805DC816 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlUnicodeStringToCountedOemString, Type: IAT modification 0xF7B69EBC-->805899A0 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlUpcaseUnicodeString, Type: IAT modification 0xF7B69C04-->80570494 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlUpperString, Type: IAT modification 0xF7B69DC0-->805C80F6 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlValidSid, Type: IAT modification 0xF7B69F5C-->8057537B [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->RtlVerifyVersionInfo, Type: IAT modification 0xF7B69F28-->80509AEC [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->SeAccessCheck, Type: IAT modification 0xF7B69E2C-->8056C2C7 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->SeAppendPrivileges, Type: IAT modification 0xF7B69FB4-->8058AF21 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->SeAssignSecurity, Type: IAT modification 0xF7B69EF0-->805751E4 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->SeAuditHardLinkCreation, Type: IAT modification 0xF7B69DE8-->806409AB [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->SeAuditingFileEventsWithContext, Type: IAT modification 0xF7B69FB8-->80579876 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->SeAuditingHardLinkEventsWithContext, Type: IAT modification 0xF7B69DEC-->80642112 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->SeCaptureSubjectContext, Type: IAT modification 0xF7B69DBC-->80573991 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->SeDeassignSecurity, Type: IAT modification 0xF7B69FA0-->805884D4 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->SeDeleteObjectAuditAlarm, Type: IAT modification 0xF7B69DD8-->80641AB3 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->SeExports, Type: IAT modification 0xF7B69F70-->8069AD50 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->SeFreePrivileges, Type: IAT modification 0xF7B69F9C-->80581CCE [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->SeLockSubjectContext, Type: IAT modification 0xF7B69E30-->8056C39C [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->SeOpenObjectAuditAlarm, Type: IAT modification 0xF7B69FAC-->8056DCB2 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->SeOpenObjectForDeleteAuditAlarm, Type: IAT modification 0xF7B69FB0-->8064236F [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->SePrivilegeCheck, Type: IAT modification 0xF7B69D20-->805738F5 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->SeQueryInformationToken, Type: IAT modification 0xF7B69F68-->8058FB61 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->SeQuerySecurityDescriptorInfo, Type: IAT modification 0xF7B69FA8-->805734CB [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->SeReleaseSubjectContext, Type: IAT modification 0xF7B69E24-->8056CA9C [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->SeSetSecurityDescriptorInfo, Type: IAT modification 0xF7B69FA4-->805DFAD7 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->SeSinglePrivilegeCheck, Type: IAT modification 0xF7B69D30-->8057898F [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->SeUnlockSubjectContext, Type: IAT modification 0xF7B69E28-->8056C3D1 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->SeValidSecurityDescriptor, Type: IAT modification 0xF7B69F98-->80583CA1 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->VerSetConditionMask, Type: IAT modification 0xF7B69F2C-->80509A7D [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->wcslen, Type: IAT modification 0xF7B69E48-->804EA4A9 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->ZwAllocateVirtualMemory, Type: IAT modification 0xF7B6A090-->804E33F6 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->ZwClose, Type: IAT modification 0xF7B69E00-->804E3496 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->ZwCreateEvent, Type: IAT modification 0xF7B6A074-->804E355E [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->ZwCreateFile, Type: IAT modification 0xF7B69E04-->804E3586 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->ZwFreeVirtualMemory, Type: IAT modification 0xF7B6A07C-->804E391E [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->ZwOpenKey, Type: IAT modification 0xF7B69F24-->804E3BEE [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->ZwQueryValueKey, Type: IAT modification 0xF7B69F20-->804E4076 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->ZwWaitForSingleObject, Type: IAT modification 0xF7B6A06C-->804E47CE [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->_abnormal_termination, Type: IAT modification 0xF7B6A004-->804E30C4 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->_alldiv, Type: IAT modification 0xF7B69E1C-->804DA42D [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->_allmul, Type: IAT modification 0xF7B69C44-->804DA5B6 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->_alloca_probe, Type: IAT modification 0xF7B69D3C-->804DA5EA [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->_allrem, Type: IAT modification 0xF7B69DE4-->804DA627 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->_allshl, Type: IAT modification 0xF7B69C24-->804DA6DB [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->_allshr, Type: IAT modification 0xF7B6A02C-->804DA6FA [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->_aullshr, Type: IAT modification 0xF7B69C20-->804DA88D [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->_except_handler3, Type: IAT modification 0xF7B6A008-->804E2EF8 [ntoskrnl.exe]
ntfs.sys-->ntoskrnl.exe-->_local_unwind2, Type: IAT modification 0xF7B69DA8-->804E3054 [ntoskrnl.exe]
ntoskrnl.exe+0x00000A95, Type: Inline - RelativeJump 0x804D7A95-->804D7ABD [ntoskrnl.exe]
ntoskrnl.exe+0x00001398, Type: Inline - RelativeJump 0x804D8398-->804D839E [ntoskrnl.exe]
ntoskrnl.exe+0x000017BD, Type: Inline - RelativeJump 0x804D87BD-->804D8838 [ntoskrnl.exe]
ntoskrnl.exe+0x000017CE, Type: Inline - RelativeJump 0x804D87CE-->804D8845 [ntoskrnl.exe]
ntoskrnl.exe+0x000017D4, Type: Inline - RelativeJump 0x804D87D4-->804D880C [ntoskrnl.exe]
ntoskrnl.exe+0x000017DC, Type: Inline - RelativeJump 0x804D87DC-->804D8847 [ntoskrnl.exe]
ntoskrnl.exe+0x000017E2, Type: Inline - RelativeJump 0x804D87E2-->804D8864 [ntoskrnl.exe]
ntoskrnl.exe+0x000017FA, Type: Inline - RelativeJump 0x804D87FA-->804D8873 [ntoskrnl.exe]
ntoskrnl.exe+0x00001814, Type: Inline - RelativeJump 0x804D8814-->804D881E [ntoskrnl.exe]
ntoskrnl.exe+0x0000182C, Type: Inline - RelativeJump 0x804D882C-->804D889B [ntoskrnl.exe]
ntoskrnl.exe+0x00001830, Type: Inline - RelativeJump 0x804D8830-->804D88A7 [ntoskrnl.exe]
ntoskrnl.exe+0x0000187C, Type: Inline - RelativeJump 0x804D887C-->804D88F1 [ntoskrnl.exe]
ntoskrnl.exe+0x00001892, Type: Inline - RelativeJump 0x804D8892-->804D8898 [ntoskrnl.exe]
ntoskrnl.exe+0x00001894, Type: Inline - RelativeJump 0x804D8894-->804D889A [ntoskrnl.exe]
ntoskrnl.exe+0x00001896, Type: Inline - RelativeJump 0x804D8896-->804D889C [ntoskrnl.exe]
ntoskrnl.exe+0x0000189E, Type: Inline - RelativeJump 0x804D889E-->804D88A4 [ntoskrnl.exe]
ntoskrnl.exe+0x000018A8, Type: Inline - RelativeJump 0x804D88A8-->804D88AE [ntoskrnl.exe]
ntoskrnl.exe+0x000018AC, Type: Inline - RelativeJump 0x804D88AC-->804D88B2 [ntoskrnl.exe]
ntoskrnl.exe+0x000018C2, Type: Inline - RelativeJump 0x804D88C2-->804D88C8 [ntoskrnl.exe]
ntoskrnl.exe+0x000018F2, Type: Inline - RelativeJump 0x804D88F2-->804D88F8 [ntoskrnl.exe]
ntoskrnl.exe+0x000018FE, Type: Inline - RelativeJump 0x804D88FE-->804D8904 [ntoskrnl.exe]
ntoskrnl.exe+0x00001904, Type: Inline - RelativeJump 0x804D8904-->804D890A [ntoskrnl.exe]
ntoskrnl.exe+0x00001908, Type: Inline - RelativeJump 0x804D8908-->804D890E [ntoskrnl.exe]
ntoskrnl.exe+0x0000191A, Type: Inline - RelativeJump 0x804D891A-->804D8920 [ntoskrnl.exe]
ntoskrnl.exe+0x00001920, Type: Inline - RelativeJump 0x804D8920-->804D8926 [ntoskrnl.exe]
ntoskrnl.exe+0x00001938, Type: Inline - RelativeJump 0x804D8938-->804D893E [ntoskrnl.exe]
ntoskrnl.exe+0x0000193C, Type: Inline - RelativeJump 0x804D893C-->804D8942 [ntoskrnl.exe]
ntoskrnl.exe+0x00001940, Type: Inline - RelativeJump 0x804D8940-->804D8946 [ntoskrnl.exe]
ntoskrnl.exe+0x00001942, Type: Inline - RelativeJump 0x804D8942-->804D8948 [ntoskrnl.exe]
ntoskrnl.exe+0x0000194E, Type: Inline - RelativeJump 0x804D894E-->804D8954 [ntoskrnl.exe]
ntoskrnl.exe+0x00001954, Type: Inline - RelativeJump 0x804D8954-->804D895A [ntoskrnl.exe]
ntoskrnl.exe+0x00001958, Type: Inline - RelativeJump 0x804D8958-->804D895E [ntoskrnl.exe]
ntoskrnl.exe+0x0000195E, Type: Inline - RelativeJump 0x804D895E-->804D8964 [ntoskrnl.exe]
ntoskrnl.exe+0x00001960, Type: Inline - RelativeJump 0x804D8960-->804D8966 [ntoskrnl.exe]
ntoskrnl.exe+0x0000254E, Type: Inline - RelativeJump 0x804D954E-->804D9554 [ntoskrnl.exe]
ntoskrnl.exe+0x00002B4D, Type: Inline - DirectCall 0x804D9B4D-->804D8088 [ntoskrnl.exe]
ntoskrnl.exe+0x00002B5D, Type: Inline - RelativeJump 0x804D9B5D-->804D9B6B [ntoskrnl.exe]
ntoskrnl.exe+0x000031FA, Type: Inline - PushRet 0x804DA1FA-->83640008 [unknown_code_page]
ntoskrnl.exe+0x000032A7, Type: Inline - RelativeJump 0x804DA2A7-->804DA2D1 [ntoskrnl.exe]
ntoskrnl.exe+0x000032B7, Type: Inline - RelativeJump 0x804DA2B7-->804DA2E1 [ntoskrnl.exe]
ntoskrnl.exe+0x00003882, Type: Inline - PushRet 0x804DA882-->F9800010 [unknown_code_page]
ntoskrnl.exe+0x00003D93, Type: Inline - PushRet 0x804DAD93-->8A00498D [unknown_code_page]
ntoskrnl.exe+0x00003DD4, Type: Inline - RelativeJump 0x804DADD4-->804DADE9 [ntoskrnl.exe]
ntoskrnl.exe+0x00004199, Type: Inline - RelativeJump 0x804DB199-->804DB1D1 [ntoskrnl.exe]
ntoskrnl.exe+0x00004569, Type: Inline - RelativeJump 0x804DB569-->804DB57D [ntoskrnl.exe]
ntoskrnl.exe+0x00004572, Type: Inline - RelativeJump 0x804DB572-->804DB595 [ntoskrnl.exe]
ntoskrnl.exe+0x000046AE, Type: Inline - DirectCall 0x804DB6AE-->804D8030 [ntoskrnl.exe]
ntoskrnl.exe+0x000046E0, Type: Inline - DirectCall 0x804DB6E0-->804D8090 [ntoskrnl.exe]
ntoskrnl.exe+0x000046E6, Type: Inline - RelativeJump 0x804DB6E6-->804DB92A [ntoskrnl.exe]
ntoskrnl.exe+0x000046EE, Type: Inline - RelativeCall 0x804DB6EE-->804DB702 [ntoskrnl.exe]
ntoskrnl.exe+0x00004718, Type: Inline - RelativeJump 0x804DB718-->804DB7BA [ntoskrnl.exe]
ntoskrnl.exe+0x000047CD, Type: Inline - RelativeJump 0x804DB7CD-->804DB720 [ntoskrnl.exe]
ntoskrnl.exe+0x00004963, Type: Inline - RelativeJump 0x804DB963-->804DB901 [ntoskrnl.exe]
ntoskrnl.exe+0x00004C5E, Type: Inline - PushRet 0x804DBC5E-->94680010 [unknown_code_page]
ntoskrnl.exe+0x00004D61, Type: Inline - RelativeJump 0x804DBD61-->804DBD80 [ntoskrnl.exe]
ntoskrnl.exe+0x00004E35, Type: Inline - RelativeJump 0x804DBE35-->804DBE40 [ntoskrnl.exe]
ntoskrnl.exe+0x00004E47, Type: Inline - PushRet 0x804DBE47-->EC8B55CC [unknown_code_page]
ntoskrnl.exe+0x00005126, Type: Inline - RelativeJump 0x804DC126-->804DC143 [ntoskrnl.exe]
ntoskrnl.exe+0x000052BB, Type: Inline - RelativeJump 0x804DC2BB-->805188F9 [ntoskrnl.exe]
ntoskrnl.exe+0x000052D5, Type: Inline - RelativeJump 0x804DC2D5-->804DC340 [ntoskrnl.exe]
ntoskrnl.exe+0x00005429, Type: Inline - RelativeJump 0x804DC429-->80515C35 [ntoskrnl.exe]
ntoskrnl.exe+0x00005447, Type: Inline - RelativeJump 0x804DC447-->804E5B2F [ntoskrnl.exe]
ntoskrnl.exe+0x00005486, Type: Inline - RelativeJump 0x804DC486-->804DC538 [ntoskrnl.exe]
ntoskrnl.exe+0x0000548E, Type: Inline - RelativeJump 0x804DC48E-->804DC538 [ntoskrnl.exe]
ntoskrnl.exe+0x00005581, Type: Inline - RelativeCall 0x804DC581-->804E68BC [ntoskrnl.exe]
ntoskrnl.exe+0x000055E4, Type: Inline - RelativeJump 0x804DC5E4-->804DC56F [ntoskrnl.exe]
ntoskrnl.exe+0x000055FD, Type: Inline - DirectCall 0x804DC5FD-->804D8114 [ntoskrnl.exe]
ntoskrnl.exe+0x0000562A, Type: Inline - RelativeJump 0x804DC62A-->8052C6F6 [ntoskrnl.exe]
ntoskrnl.exe+0x00005634, Type: Inline - RelativeJump 0x804DC634-->804F9524 [ntoskrnl.exe]
ntoskrnl.exe+0x0000563F, Type: Inline - RelativeJump 0x804DC63F-->804F9524 [ntoskrnl.exe]
ntoskrnl.exe+0x0000564A, Type: Inline - RelativeJump 0x804DC64A-->804DC540 [ntoskrnl.exe]
ntoskrnl.exe+0x00005651, Type: Inline - RelativeJump 0x804DC651-->804DC73B [ntoskrnl.exe]
ntoskrnl.exe+0x000056CC, Type: Inline - RelativeJump 0x804DC6CC-->804DC6D6 [ntoskrnl.exe]
ntoskrnl.exe+0x000056E0, Type: Inline - RelativeJump 0x804DC6E0-->80518983 [ntoskrnl.exe]
ntoskrnl.exe+0x00005761, Type: Inline - RelativeCall 0x804DC761-->804E2554 [ntoskrnl.exe]
ntoskrnl.exe+0x00005766, Type: Inline - DirectJump 0x804DC766-->804D8030 [ntoskrnl.exe]
ntoskrnl.exe+0x00005784, Type: Inline - RelativeCall 0x804DC784-->804E2554 [ntoskrnl.exe]
ntoskrnl.exe+0x000057D1, Type: Inline - RelativeCall 0x804DC7D1-->804DC667 [ntoskrnl.exe]
ntoskrnl.exe+0x000057E0, Type: Inline - RelativeCall 0x804DC7E0-->804DC942 [ntoskrnl.exe]
ntoskrnl.exe+0x00005835, Type: Inline - RelativeCall 0x804DC835-->804DC942 [ntoskrnl.exe]
ntoskrnl.exe+0x00005885, Type: Inline - RelativeCall 0x804DC885-->804DCCC1 [ntoskrnl.exe]
ntoskrnl.exe+0x00005899, Type: Inline - RelativeJump 0x804DC899-->804DC920 [ntoskrnl.exe]
ntoskrnl.exe+0x00005950, Type: Inline - RelativeCall 0x804DC950-->804E2528 [ntoskrnl.exe]
ntoskrnl.exe+0x000059B7, Type: Inline - RelativeJump 0x804DC9B7-->804DCA9C [ntoskrnl.exe]
ntoskrnl.exe+0x00005A08, Type: Inline - RelativeCall 0x804DCA08-->804E2554 [ntoskrnl.exe]
ntoskrnl.exe+0x00005A11, Type: Inline - RelativeJump 0x804DCA11-->804DCA38 [ntoskrnl.exe]
ntoskrnl.exe+0x00005AE0, Type: Inline - RelativeJump 0x804DCAE0-->804DC97D [ntoskrnl.exe]
ntoskrnl.exe+0x00005AE8, Type: Inline - RelativeCall 0x804DCAE8-->806842FF [ntoskrnl.exe]
ntoskrnl.exe+0x00005AED, Type: Inline - RelativeJump 0x804DCAED-->804DC97D [ntoskrnl.exe]
ntoskrnl.exe+0x00005B49, Type: Inline - RelativeCall 0x804DCB49-->804E2528 [ntoskrnl.exe]
ntoskrnl.exe+0x00005C84, Type: Inline - DirectCall 0x804DCC84-->804D8030 [ntoskrnl.exe]
ntoskrnl.exe+0x00005C8C, Type: Inline - RelativeJump 0x804DCC8C-->804DCBEF [ntoskrnl.exe]
ntoskrnl.exe+0x00005C9D, Type: Inline - RelativeCall 0x804DCC9D-->804E2554 [ntoskrnl.exe]
ntoskrnl.exe+0x00005CA8, Type: Inline - RelativeCall 0x804DCCA8-->804E2528 [ntoskrnl.exe]
ntoskrnl.exe+0x00005CAD, Type: Inline - RelativeJump 0x804DCCAD-->804DCC80 [ntoskrnl.exe]
ntoskrnl.exe+0x00005CBD, Type: Inline - RelativeJump 0x804DCCBD-->804DCC80 [ntoskrnl.exe]
ntoskrnl.exe+0x00005D15, Type: Inline - RelativeJump 0x804DCD15-->804DCD8B [ntoskrnl.exe]
ntoskrnl.exe+0x00005D27, Type: Inline - RelativeJump 0x804DCD27-->804DCDA4 [ntoskrnl.exe]
ntoskrnl.exe+0x00005D4B, Type: Inline - PushRet 0x804DCD4B-->EB0006C6 [unknown_code_page]
ntoskrnl.exe+0x00005DC9, Type: Inline - RelativeJump 0x804DCDC9-->804DCDD4 [ntoskrnl.exe]
ntoskrnl.exe+0x00005E49, Type: Inline - DirectCall 0x804DCE49-->804D8110 [ntoskrnl.exe]
ntoskrnl.exe+0x00005E90, Type: Inline - RelativeJump 0x804DCE90-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00005E9D, Type: Inline - RelativeJump 0x804DCE9D-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00005EA4, Type: Inline - RelativeJump 0x804DCEA4-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00005EB1, Type: Inline - RelativeJump 0x804DCEB1-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00005EB8, Type: Inline - RelativeJump 0x804DCEB8-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00005EC5, Type: Inline - RelativeJump 0x804DCEC5-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00005ECC, Type: Inline - RelativeJump 0x804DCECC-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00005ED9, Type: Inline - RelativeJump 0x804DCED9-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00005EE0, Type: Inline - RelativeJump 0x804DCEE0-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00005EED, Type: Inline - RelativeJump 0x804DCEED-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00005F01, Type: Inline - RelativeJump 0x804DCF01-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00005F08, Type: Inline - RelativeJump 0x804DCF08-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00005F15, Type: Inline - RelativeJump 0x804DCF15-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00005F1C, Type: Inline - RelativeJump 0x804DCF1C-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00005F29, Type: Inline - RelativeJump 0x804DCF29-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00005F3D, Type: Inline - RelativeJump 0x804DCF3D-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00005F44, Type: Inline - RelativeJump 0x804DCF44-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00005F51, Type: Inline - RelativeJump 0x804DCF51-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00005F58, Type: Inline - RelativeJump 0x804DCF58-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00005F65, Type: Inline - RelativeJump 0x804DCF65-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00005F79, Type: Inline - RelativeJump 0x804DCF79-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00005F80, Type: Inline - RelativeJump 0x804DCF80-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00005F8D, Type: Inline - RelativeJump 0x804DCF8D-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00005FA1, Type: Inline - RelativeJump 0x804DCFA1-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00005FB5, Type: Inline - RelativeJump 0x804DCFB5-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00005FBC, Type: Inline - RelativeJump 0x804DCFBC-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00005FC9, Type: Inline - RelativeJump 0x804DCFC9-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00005FDD, Type: Inline - RelativeJump 0x804DCFDD-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00005FE4, Type: Inline - RelativeJump 0x804DCFE4-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00005FF1, Type: Inline - RelativeJump 0x804DCFF1-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006005, Type: Inline - RelativeJump 0x804DD005-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006019, Type: Inline - RelativeJump 0x804DD019-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006020, Type: Inline - RelativeJump 0x804DD020-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x0000602D, Type: Inline - RelativeJump 0x804DD02D-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006034, Type: Inline - RelativeJump 0x804DD034-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006041, Type: Inline - RelativeJump 0x804DD041-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006055, Type: Inline - RelativeJump 0x804DD055-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006069, Type: Inline - RelativeJump 0x804DD069-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x0000607D, Type: Inline - RelativeJump 0x804DD07D-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006091, Type: Inline - RelativeJump 0x804DD091-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006098, Type: Inline - RelativeJump 0x804DD098-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x000060A5, Type: Inline - RelativeJump 0x804DD0A5-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x000060B9, Type: Inline - RelativeJump 0x804DD0B9-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x000060CD, Type: Inline - RelativeJump 0x804DD0CD-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x000060E1, Type: Inline - RelativeJump 0x804DD0E1-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x000060F5, Type: Inline - RelativeJump 0x804DD0F5-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006109, Type: Inline - RelativeJump 0x804DD109-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006110, Type: Inline - RelativeJump 0x804DD110-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x0000611D, Type: Inline - RelativeJump 0x804DD11D-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006131, Type: Inline - RelativeJump 0x804DD131-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006138, Type: Inline - RelativeJump 0x804DD138-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006145, Type: Inline - RelativeJump 0x804DD145-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x0000614C, Type: Inline - RelativeJump 0x804DD14C-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006159, Type: Inline - RelativeJump 0x804DD159-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006160, Type: Inline - RelativeJump 0x804DD160-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x0000616D, Type: Inline - RelativeJump 0x804DD16D-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006174, Type: Inline - RelativeJump 0x804DD174-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006181, Type: Inline - RelativeJump 0x804DD181-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006195, Type: Inline - RelativeJump 0x804DD195-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x0000619C, Type: Inline - RelativeJump 0x804DD19C-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x000061A9, Type: Inline - RelativeJump 0x804DD1A9-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x000061BD, Type: Inline - RelativeJump 0x804DD1BD-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x000061D1, Type: Inline - RelativeJump 0x804DD1D1-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x000061D8, Type: Inline - RelativeJump 0x804DD1D8-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x000061E5, Type: Inline - RelativeJump 0x804DD1E5-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x000061F9, Type: Inline - RelativeJump 0x804DD1F9-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x0000620D, Type: Inline - RelativeJump 0x804DD20D-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006221, Type: Inline - RelativeJump 0x804DD221-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006235, Type: Inline - RelativeJump 0x804DD235-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006249, Type: Inline - RelativeJump 0x804DD249-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006250, Type: Inline - RelativeJump 0x804DD250-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x0000625D, Type: Inline - RelativeJump 0x804DD25D-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006271, Type: Inline - RelativeJump 0x804DD271-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006278, Type: Inline - RelativeJump 0x804DD278-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006285, Type: Inline - RelativeJump 0x804DD285-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006299, Type: Inline - RelativeJump 0x804DD299-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x000062AD, Type: Inline - RelativeJump 0x804DD2AD-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x000062B4, Type: Inline - RelativeJump 0x804DD2B4-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x000062C1, Type: Inline - RelativeJump 0x804DD2C1-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x000062D5, Type: Inline - RelativeJump 0x804DD2D5-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x000062E9, Type: Inline - RelativeJump 0x804DD2E9-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x000062FD, Type: Inline - RelativeJump 0x804DD2FD-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006311, Type: Inline - RelativeJump 0x804DD311-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006318, Type: Inline - RelativeJump 0x804DD318-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006325, Type: Inline - RelativeJump 0x804DD325-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x0000632C, Type: Inline - RelativeJump 0x804DD32C-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006339, Type: Inline - RelativeJump 0x804DD339-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x0000634D, Type: Inline - RelativeJump 0x804DD34D-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006354, Type: Inline - RelativeJump 0x804DD354-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006361, Type: Inline - RelativeJump 0x804DD361-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006368, Type: Inline - RelativeJump 0x804DD368-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006375, Type: Inline - RelativeJump 0x804DD375-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006389, Type: Inline - RelativeJump 0x804DD389-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006390, Type: Inline - RelativeJump 0x804DD390-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x0000639D, Type: Inline - RelativeJump 0x804DD39D-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x000063A4, Type: Inline - RelativeJump 0x804DD3A4-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x000063B1, Type: Inline - RelativeJump 0x804DD3B1-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x000063B8, Type: Inline - RelativeJump 0x804DD3B8-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x000063C5, Type: Inline - RelativeJump 0x804DD3C5-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x000063D9, Type: Inline - RelativeJump 0x804DD3D9-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x000063ED, Type: Inline - RelativeJump 0x804DD3ED-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x000063F4, Type: Inline - RelativeJump 0x804DD3F4-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006401, Type: Inline - RelativeJump 0x804DD401-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006415, Type: Inline - RelativeJump 0x804DD415-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x0000641C, Type: Inline - RelativeJump 0x804DD41C-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006429, Type: Inline - RelativeJump 0x804DD429-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006430, Type: Inline - RelativeJump 0x804DD430-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x0000643D, Type: Inline - RelativeJump 0x804DD43D-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006451, Type: Inline - RelativeJump 0x804DD451-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006458, Type: Inline - RelativeJump 0x804DD458-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006465, Type: Inline - RelativeJump 0x804DD465-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x0000646C, Type: Inline - RelativeJump 0x804DD46C-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006479, Type: Inline - RelativeJump 0x804DD479-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006480, Type: Inline - RelativeJump 0x804DD480-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x0000648D, Type: Inline - RelativeJump 0x804DD48D-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x000064A1, Type: Inline - RelativeJump 0x804DD4A1-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x000064A8, Type: Inline - RelativeJump 0x804DD4A8-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x000064B5, Type: Inline - RelativeJump 0x804DD4B5-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x000064C9, Type: Inline - RelativeJump 0x804DD4C9-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x000064D0, Type: Inline - RelativeJump 0x804DD4D0-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x000064DD, Type: Inline - RelativeJump 0x804DD4DD-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x000064E4, Type: Inline - RelativeJump 0x804DD4E4-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x000064F1, Type: Inline - RelativeJump 0x804DD4F1-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x000064F8, Type: Inline - RelativeJump 0x804DD4F8-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006505, Type: Inline - RelativeJump 0x804DD505-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006519, Type: Inline - RelativeJump 0x804DD519-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006520, Type: Inline - RelativeJump 0x804DD520-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x0000652D, Type: Inline - RelativeJump 0x804DD52D-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006534, Type: Inline - RelativeJump 0x804DD534-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006541, Type: Inline - RelativeJump 0x804DD541-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006548, Type: Inline - RelativeJump 0x804DD548-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006555, Type: Inline - RelativeJump 0x804DD555-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x0000655C, Type: Inline - RelativeJump 0x804DD55C-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006569, Type: Inline - RelativeJump 0x804DD569-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006570, Type: Inline - RelativeJump 0x804DD570-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x0000657D, Type: Inline - RelativeJump 0x804DD57D-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006584, Type: Inline - RelativeJump 0x804DD584-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006591, Type: Inline - RelativeJump 0x804DD591-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x00006598, Type: Inline - RelativeJump 0x804DD598-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x000065A5, Type: Inline - RelativeJump 0x804DD5A5-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x000065AC, Type: Inline - RelativeJump 0x804DD5AC-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x000065B9, Type: Inline - RelativeJump 0x804DD5B9-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x000065C0, Type: Inline - RelativeJump 0x804DD5C0-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x000065CD, Type: Inline - RelativeJump 0x804DD5CD-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x000065E1, Type: Inline - RelativeJump 0x804DD5E1-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x000065E8, Type: Inline - RelativeJump 0x804DD5E8-->804DD677 [ntoskrnl.exe]
ntoskrnl.exe+0x000065F5, Type: Inline - RelativeJump 0x804DD5F5-->804DD67B [ntoskrnl.exe]
ntoskrnl.exe+0x000065FD, Type: Inline - RelativeJump 0x804DD5FD-->804DD66D [ntoskrnl.exe]
ntoskrnl.exe+0x0000660C, Type: Inline - RelativeJump 0x804DD60C-->804DD67B [ntoskrnl.exe]
ntoskrnl.exe+0x00006611, Type: Inline - RelativeJump 0x804DD611-->804DD67B [ntoskrnl.exe]
ntoskrnl.exe+0x00006620, Type: Inline - RelativeJump 0x804DD620-->804DD67B [ntoskrnl.exe]
ntoskrnl.exe+0x00006634, Type: Inline - RelativeJump 0x804DD634-->804DD67B [ntoskrnl.exe]
ntoskrnl.exe+0x00006644, Type: Inline - RelativeJump 0x804DD644-->804DD67B [ntoskrnl.exe]
ntoskrnl.exe+0x0000664B, Type: Inline - RelativeJump 0x804DD64B-->804DD67B [ntoskrnl.exe]
ntoskrnl.exe+0x00006659, Type: Inline - RelativeJump 0x804DD659-->804DD67B [ntoskrnl.exe]
ntoskrnl.exe+0x000066D1, Type: Inline - RelativeJump 0x804DD6D1-->804DD6E6 [ntoskrnl.exe]
ntoskrnl.exe+0x00006760, Type: Inline - RelativeJump 0x804DD760-->804DD91B [ntoskrnl.exe]
ntoskrnl.exe+0x00006915, Type: Inline - RelativeJump 0x804DD915-->804DD750 [ntoskrnl.exe]
ntoskrnl.exe+0x00006952, Type: Inline - RelativeJump 0x804DD952-->804DD976 [ntoskrnl.exe]
ntoskrnl.exe+0x00006965, Type: Inline - DirectCall 0x804DD965-->80562568 [ntoskrnl.exe]
ntoskrnl.exe+0x00006A40, Type: Inline - RelativeJump 0x804DDA40-->804DDABF [ntoskrnl.exe]
ntoskrnl.exe+0x00006A48, Type: Inline - RelativeJump 0x804DDA48-->804DE356 [ntoskrnl.exe]
ntoskrnl.exe+0x00006A50, Type: Inline - RelativeJump 0x804DDA50-->804DDB11 [ntoskrnl.exe]
ntoskrnl.exe+0x00006A5D, Type: Inline - RelativeJump 0x804DDA5D-->804DDAFF [ntoskrnl.exe]
ntoskrnl.exe+0x00006A71, Type: Inline - RelativeJump 0x804DDA71-->804DDA81 [ntoskrnl.exe]
ntoskrnl.exe+0x00006B5C, Type: Inline - RelativeJump 0x804DDB5C-->804DDB9F [ntoskrnl.exe]
ntoskrnl.exe+0x00006BC4, Type: Inline - RelativeJump 0x804DDBC4-->804DDC1B [ntoskrnl.exe]
ntoskrnl.exe+0x00006C87, Type: Inline - PushRet 0x804DDC87-->A48DCCC3 [unknown_code_page]
ntoskrnl.exe+0x00006D18, Type: Inline - RelativeJump 0x804DDD18-->804DDE14 [ntoskrnl.exe]
ntoskrnl.exe+0x00006D3B, Type: Inline - RelativeJump 0x804DDD3B-->804DDDEF [ntoskrnl.exe]
ntoskrnl.exe+0x00006D72, Type: Inline - RelativeJump 0x804DDD72-->804DDE44 [ntoskrnl.exe]
ntoskrnl.exe+0x00006D80, Type: Inline - RelativeJump 0x804DDD80-->804DDD5C [ntoskrnl.exe]
ntoskrnl.exe+0x00006DE9, Type: Inline - RelativeJump 0x804DDDE9-->804DDD27 [ntoskrnl.exe]
ntoskrnl.exe+0x00006E35, Type: Inline - RelativeJump 0x804DDE35-->804DE229 [ntoskrnl.exe]
ntoskrnl.exe+0x00006E44, Type: Inline - RelativeJump 0x804DDE44-->804E014C [ntoskrnl.exe]
ntoskrnl.exe+0x00006E6B, Type: Inline - RelativeJump 0x804DDE6B-->804DDF6C [ntoskrnl.exe]
ntoskrnl.exe+0x00006EC1, Type: Inline - RelativeJump 0x804DDEC1-->804DDECE [ntoskrnl.exe]
ntoskrnl.exe+0x00006EDA, Type: Inline - RelativeJump 0x804DDEDA-->804DDEE3 [ntoskrnl.exe]
ntoskrnl.exe+0x00006EEE, Type: Inline - DirectJump 0x804DDEEE-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x00006F61, Type: Inline - RelativeJump 0x804DDF61-->804DDEE8 [ntoskrnl.exe]
ntoskrnl.exe+0x00006F75, Type: Inline - RelativeJump 0x804DDF75-->804DDF7F [ntoskrnl.exe]
ntoskrnl.exe+0x00006F7E, Type: Inline - RelativeJump 0x804DDF7E-->804DDF91 [ntoskrnl.exe]
ntoskrnl.exe+0x00006F87, Type: Inline - RelativeJump 0x804DDF87-->804DE070 [ntoskrnl.exe]
ntoskrnl.exe+0x00006FED, Type: Inline - RelativeJump 0x804DDFED-->804DE074 [ntoskrnl.exe]
ntoskrnl.exe+0x0000708C, Type: Inline - RelativeJump 0x804DE08C-->804DE0A1 [ntoskrnl.exe]
ntoskrnl.exe+0x00007097, Type: Inline - RelativeJump 0x804DE097-->804DE202 [ntoskrnl.exe]
ntoskrnl.exe+0x0000711E, Type: Inline - RelativeJump 0x804DE11E-->804DE1DC [ntoskrnl.exe]
ntoskrnl.exe+0x000071CC, Type: Inline - RelativeJump 0x804DE1CC-->804DE10B [ntoskrnl.exe]
ntoskrnl.exe+0x000071FA, Type: Inline - RelativeJump 0x804DE1FA-->804DE087 [ntoskrnl.exe]
ntoskrnl.exe+0x00007231, Type: Inline - RelativeJump 0x804DE231-->804DE23D [ntoskrnl.exe]
ntoskrnl.exe+0x00007244, Type: Inline - RelativeJump 0x804DE244-->804DE271 [ntoskrnl.exe]
ntoskrnl.exe+0x00007285, Type: Inline - RelativeJump 0x804DE285-->804DE2D9 [ntoskrnl.exe]
ntoskrnl.exe+0x0000728F, Type: Inline - RelativeJump 0x804DE28F-->804DE356 [ntoskrnl.exe]
ntoskrnl.exe+0x000072CB, Type: Inline - RelativeJump 0x804DE2CB-->804DE372 [ntoskrnl.exe]
ntoskrnl.exe+0x000072DA, Type: Inline - RelativeJump 0x804DE2DA-->804DE2EB [ntoskrnl.exe]
ntoskrnl.exe+0x000073A3, Type: Inline - RelativeCall 0x804DE3A3-->804DE3B6 [ntoskrnl.exe]
ntoskrnl.exe+0x000073AD, Type: Inline - RelativeCall 0x804DE3AD-->804DE3B6 [ntoskrnl.exe]
ntoskrnl.exe+0x000073E8, Type: Inline - RelativeJump 0x804DE3E8-->804DE3F5 [ntoskrnl.exe]
ntoskrnl.exe+0x000073FD, Type: Inline - RelativeCall 0x804DE3FD-->804F9C8D [ntoskrnl.exe]
ntoskrnl.exe+0x00007403, Type: Inline - RelativeJump 0x804DE403-->804DE229 [ntoskrnl.exe]
ntoskrnl.exe+0x00007479, Type: Inline - RelativeJump 0x804DE479-->804DE48C [ntoskrnl.exe]
ntoskrnl.exe+0x00007571, Type: Inline - RelativeJump 0x804DE571-->804DE472 [ntoskrnl.exe]
ntoskrnl.exe+0x000075F6, Type: Inline - RelativeJump 0x804DE5F6-->804DE60B [ntoskrnl.exe]
ntoskrnl.exe+0x0000771F, Type: Inline - RelativeJump 0x804DE71F-->804DE74B [ntoskrnl.exe]
ntoskrnl.exe+0x0000777D, Type: Inline - RelativeJump 0x804DE77D-->804DE229 [ntoskrnl.exe]
ntoskrnl.exe+0x0000784E, Type: Inline - RelativeJump 0x804DE84E-->804DE878 [ntoskrnl.exe]
ntoskrnl.exe+0x000078DE, Type: Inline - RelativeJump 0x804DE8DE-->804DE8EC [ntoskrnl.exe]

ntoskrnl.exe+0x000079CB, Type: Inline - RelativeJump 0x804DE9CB-->804DE96C [ntoskrnl.exe]
ntoskrnl.exe+0x000079FB, Type: Inline - RelativeJump 0x804DE9FB-->804DEB2A [ntoskrnl.exe]
ntoskrnl.exe+0x00007A0A, Type: Inline - RelativeJump 0x804DEA0A-->804DEA1F [ntoskrnl.exe]
ntoskrnl.exe+0x00007B15, Type: Inline - RelativeJump 0x804DEB15-->804DEB29 [ntoskrnl.exe]
ntoskrnl.exe+0x00007C90, Type: Inline - RelativeJump 0x804DEC90-->804DEB88 [ntoskrnl.exe]
ntoskrnl.exe+0x00007DF6, Type: Inline - RelativeJump 0x804DEDF6-->804DEE05 [ntoskrnl.exe]
ntoskrnl.exe+0x00007F16, Type: Inline - RelativeJump 0x804DEF16-->804DF39A [ntoskrnl.exe]
ntoskrnl.exe+0x000082AB, Type: Inline - RelativeJump 0x804DF2AB-->804DEE54 [ntoskrnl.exe]
ntoskrnl.exe+0x00008307, Type: Inline - RelativeJump 0x804DF307-->804DE229 [ntoskrnl.exe]
ntoskrnl.exe+0x0000838A, Type: Inline - RelativeJump 0x804DF38A-->804DE229 [ntoskrnl.exe]
ntoskrnl.exe+0x00008390, Type: Inline - RelativeJump 0x804DF390-->804DF30D [ntoskrnl.exe]
ntoskrnl.exe+0x00008395, Type: Inline - RelativeJump 0x804DF395-->804DE229 [ntoskrnl.exe]
ntoskrnl.exe+0x000084D4, Type: Inline - RelativeJump 0x804DF4D4-->804DF466 [ntoskrnl.exe]
ntoskrnl.exe+0x000084DF, Type: Inline - RelativeCall 0x804DF4DF-->80536B32 [ntoskrnl.exe]
ntoskrnl.exe+0x000084E6, Type: Inline - RelativeJump 0x804DF4E6-->804DF501 [ntoskrnl.exe]
ntoskrnl.exe+0x00008740, Type: Inline - RelativeJump 0x804DF740-->804DF763 [ntoskrnl.exe]
ntoskrnl.exe+0x00008759, Type: Inline - RelativeJump 0x804DF759-->804DF774 [ntoskrnl.exe]
ntoskrnl.exe+0x00008797, Type: Inline - RelativeJump 0x804DF797-->804DF7A7 [ntoskrnl.exe]
ntoskrnl.exe+0x000087A8, Type: Inline - RelativeJump 0x804DF7A8-->804DF7B8 [ntoskrnl.exe]
ntoskrnl.exe+0x0000884F, Type: Inline - RelativeJump 0x804DF84F-->804DF7B4 [ntoskrnl.exe]
ntoskrnl.exe+0x00008860, Type: Inline - RelativeCall 0x804DF860-->804E12D0 [ntoskrnl.exe]
ntoskrnl.exe+0x00008867, Type: Inline - RelativeJump 0x804DF867-->804DE229 [ntoskrnl.exe]
ntoskrnl.exe+0x000088D8, Type: Inline - RelativeCall 0x804DF8D8-->80536B32 [ntoskrnl.exe]
ntoskrnl.exe+0x000088E9, Type: Inline - RelativeJump 0x804DF8E9-->804DF8DD [ntoskrnl.exe]
ntoskrnl.exe+0x00008A9B, Type: Inline - RelativeJump 0x804DFA9B-->804DFA2D [ntoskrnl.exe]
ntoskrnl.exe+0x00008B7C, Type: Inline - RelativeJump 0x804DFB7C-->804DFBB3 [ntoskrnl.exe]
ntoskrnl.exe+0x00008C29, Type: Inline - RelativeJump 0x804DFC29-->804DFC2F [ntoskrnl.exe]
ntoskrnl.exe+0x00008DB4, Type: Inline - RelativeJump 0x804DFDB4-->804DFEB2 [ntoskrnl.exe]
ntoskrnl.exe+0x00008E14, Type: Inline - RelativeJump 0x804DFE14-->804DFEB2 [ntoskrnl.exe]
ntoskrnl.exe+0x00008EAB, Type: Inline - RelativeJump 0x804DFEAB-->804DFEBA [ntoskrnl.exe]
ntoskrnl.exe+0x00008EB9, Type: Inline - RelativeJump 0x804DFEB9-->804DFF6A [ntoskrnl.exe]
ntoskrnl.exe+0x00008EBF, Type: Inline - RelativeJump 0x804DFEBF-->804DFF02 [ntoskrnl.exe]
ntoskrnl.exe+0x00008ED8, Type: Inline - RelativeJump 0x804DFED8-->804DFF48 [ntoskrnl.exe]
ntoskrnl.exe+0x000091A3, Type: Inline - RelativeJump 0x804E01A3-->804E0087 [ntoskrnl.exe]
ntoskrnl.exe+0x000091B2, Type: Inline - RelativeJump 0x804E01B2-->804E01C8 [ntoskrnl.exe]
ntoskrnl.exe+0x00009212, Type: Inline - RelativeJump 0x804E0212-->804E0262 [ntoskrnl.exe]
ntoskrnl.exe+0x0000934E, Type: Inline - RelativeJump 0x804E034E-->804E0451 [ntoskrnl.exe]
ntoskrnl.exe+0x000093DD, Type: Inline - RelativeCall 0x804E03DD-->804DFD2C [ntoskrnl.exe]
ntoskrnl.exe+0x00009484, Type: Inline - RelativeJump 0x804E0484-->804E051A [ntoskrnl.exe]
ntoskrnl.exe+0x0000958B, Type: Inline - RelativeJump 0x804E058B-->804E05DD [ntoskrnl.exe]
ntoskrnl.exe+0x00009642, Type: Inline - RelativeJump 0x804E0642-->804E0739 [ntoskrnl.exe]
ntoskrnl.exe+0x0000964E, Type: Inline - RelativeJump 0x804E064E-->804E0722 [ntoskrnl.exe]
ntoskrnl.exe+0x00009653, Type: Inline - RelativeJump 0x804E0653-->804E0739 [ntoskrnl.exe]
ntoskrnl.exe+0x00009681, Type: Inline - RelativeJump 0x804E0681-->804E0722 [ntoskrnl.exe]
ntoskrnl.exe+0x00009689, Type: Inline - RelativeJump 0x804E0689-->804E0722 [ntoskrnl.exe]
ntoskrnl.exe+0x0000970C, Type: Inline - RelativeJump 0x804E070C-->804E0726 [ntoskrnl.exe]
ntoskrnl.exe+0x00009729, Type: Inline - RelativeJump 0x804E0729-->804DE395 [ntoskrnl.exe]
ntoskrnl.exe+0x00009740, Type: Inline - RelativeJump 0x804E0740-->804DE3A8 [ntoskrnl.exe]
ntoskrnl.exe+0x00009773, Type: Inline - RelativeJump 0x804E0773-->804E0784 [ntoskrnl.exe]
ntoskrnl.exe+0x000097CA, Type: Inline - RelativeJump 0x804E07CA-->804DF2B3 [ntoskrnl.exe]
ntoskrnl.exe+0x000097D8, Type: Inline - RelativeJump 0x804E07D8-->804DF402 [ntoskrnl.exe]
ntoskrnl.exe+0x00009852, Type: Inline - RelativeJump 0x804E0852-->804E08EB [ntoskrnl.exe]
ntoskrnl.exe+0x00009876, Type: Inline - RelativeJump 0x804E0876-->804E08CA [ntoskrnl.exe]
ntoskrnl.exe+0x00009914, Type: Inline - RelativeJump 0x804E0914-->804E0922 [ntoskrnl.exe]
ntoskrnl.exe+0x00009936, Type: Inline - RelativeJump 0x804E0936-->804E0ABE [ntoskrnl.exe]
ntoskrnl.exe+0x000099A8, Type: Inline - RelativeJump 0x804E09A8-->804E09EB [ntoskrnl.exe]
ntoskrnl.exe+0x000099C8, Type: Inline - RelativeJump 0x804E09C8-->804E09EB [ntoskrnl.exe]
ntoskrnl.exe+0x000099E0, Type: Inline - RelativeJump 0x804E09E0-->804DE229 [ntoskrnl.exe]
ntoskrnl.exe+0x000099F1, Type: Inline - RelativeJump 0x804E09F1-->804E09FA [ntoskrnl.exe]
ntoskrnl.exe+0x000099F9, Type: Inline - RelativeJump 0x804E09F9-->804E0A22 [ntoskrnl.exe]
ntoskrnl.exe+0x00009AB0, Type: Inline - RelativeJump 0x804E0AB0-->804E0B1E [ntoskrnl.exe]
ntoskrnl.exe+0x00009B19, Type: Inline - RelativeJump 0x804E0B19-->804E0B2C [ntoskrnl.exe]
ntoskrnl.exe+0x00009B8D, Type: Inline - RelativeJump 0x804E0B8D-->804E0C22 [ntoskrnl.exe]
ntoskrnl.exe+0x00009BF9, Type: Inline - RelativeJump 0x804E0BF9-->804E0B9A [ntoskrnl.exe]
ntoskrnl.exe+0x00009C1A, Type: Inline - RelativeJump 0x804E0C1A-->804E0B12 [ntoskrnl.exe]
ntoskrnl.exe+0x00009C26, Type: Inline - RelativeJump 0x804E0C26-->804E122F [ntoskrnl.exe]
ntoskrnl.exe+0x00009CCE, Type: Inline - RelativeJump 0x804E0CCE-->804E0D1F [ntoskrnl.exe]
ntoskrnl.exe+0x00009D78, Type: Inline - RelativeJump 0x804E0D78-->804E0E78 [ntoskrnl.exe]
ntoskrnl.exe+0x00009DDF, Type: Inline - RelativeJump 0x804E0DDF-->804E0E78 [ntoskrnl.exe]
ntoskrnl.exe+0x00009E67, Type: Inline - RelativeJump 0x804E0E67-->804E0D6A [ntoskrnl.exe]
ntoskrnl.exe+0x00009EA3, Type: Inline - RelativeJump 0x804E0EA3-->804E0F1B [ntoskrnl.exe]
ntoskrnl.exe+0x00009EBE, Type: Inline - RelativeJump 0x804E0EBE-->804E122F [ntoskrnl.exe]
ntoskrnl.exe+0x00009ED6, Type: Inline - RelativeJump 0x804E0ED6-->804E0EE9 [ntoskrnl.exe]
ntoskrnl.exe+0x00009F45, Type: Inline - RelativeJump 0x804E0F45-->804E0FDF [ntoskrnl.exe]
ntoskrnl.exe+0x0000A068, Type: Inline - RelativeJump 0x804E1068-->804E1082 [ntoskrnl.exe]
ntoskrnl.exe+0x0000A082, Type: Inline - RelativeJump 0x804E1082-->804DE39C [ntoskrnl.exe]
ntoskrnl.exe+0x0000A094, Type: Inline - RelativeJump 0x804E1094-->804E10A4 [ntoskrnl.exe]
ntoskrnl.exe+0x0000A0A5, Type: Inline - RelativeJump 0x804E10A5-->804E10B5 [ntoskrnl.exe]
ntoskrnl.exe+0x0000A0AC, Type: Inline - RelativeJump 0x804E10AC-->804DE39C [ntoskrnl.exe]
ntoskrnl.exe+0x0000A178, Type: Inline - RelativeJump 0x804E1178-->804E1220 [ntoskrnl.exe]
ntoskrnl.exe+0x0000A196, Type: Inline - RelativeJump 0x804E1196-->804E11C3 [ntoskrnl.exe]
ntoskrnl.exe+0x0000A1AD, Type: Inline - RelativeJump 0x804E11AD-->804E11C3 [ntoskrnl.exe]
ntoskrnl.exe+0x0000A232, Type: Inline - RelativeCall 0x804E1232-->80536B32 [ntoskrnl.exe]
ntoskrnl.exe+0x0000A313, Type: Inline - PushRet 0x804E1313-->8B66CA8B [unknown_code_page]
ntoskrnl.exe+0x0000A314, Type: Inline - RelativeJump 0x804E1314-->804E130F [ntoskrnl.exe]
ntoskrnl.exe+0x0000A3FF, Type: Inline - RelativeJump 0x804E13FF-->804E5A54 [ntoskrnl.exe]
ntoskrnl.exe+0x0000A405, Type: Inline - RelativeJump 0x804E1405-->804E1493 [ntoskrnl.exe]
ntoskrnl.exe+0x0000A46D, Type: Inline - RelativeJump 0x804E146D-->804E5A44 [ntoskrnl.exe]
ntoskrnl.exe+0x0000A4AA, Type: Inline - RelativeJump 0x804E14AA-->804E14D4 [ntoskrnl.exe]
ntoskrnl.exe+0x0000A565, Type: Inline - RelativeJump 0x804E1565-->804E1635 [ntoskrnl.exe]
ntoskrnl.exe+0x0000A5A5, Type: Inline - RelativeJump 0x804E15A5-->804E8698 [ntoskrnl.exe]
ntoskrnl.exe+0x0000A5AF, Type: Inline - RelativeJump 0x804E15AF-->804E15C1 [ntoskrnl.exe]
ntoskrnl.exe+0x0000A5C6, Type: Inline - RelativeCall 0x804E15C6-->804E14A2 [ntoskrnl.exe]
ntoskrnl.exe+0x0000A61A, Type: Inline - RelativeJump 0x804E161A-->804FA965 [ntoskrnl.exe]
ntoskrnl.exe+0x0000A625, Type: Inline - RelativeJump 0x804E1625-->804E1632 [ntoskrnl.exe]
ntoskrnl.exe+0x0000A635, Type: Inline - RelativeJump 0x804E1635-->804E157C [ntoskrnl.exe]
ntoskrnl.exe+0x0000A673, Type: Inline - RelativeJump 0x804E1673-->804E5DF9 [ntoskrnl.exe]
ntoskrnl.exe+0x0000A67C, Type: Inline - RelativeJump 0x804E167C-->804E62AA [ntoskrnl.exe]
ntoskrnl.exe+0x0000A68A, Type: Inline - PushRet 0x804E168A-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0000A6DB, Type: Inline - RelativeJump 0x804E16DB-->804E5F33 [ntoskrnl.exe]
ntoskrnl.exe+0x0000A6E6, Type: Inline - RelativeJump 0x804E16E6-->804D9F72 [ntoskrnl.exe]
ntoskrnl.exe+0x0000A766, Type: Inline - RelativeJump 0x804E1766-->804E1793 [ntoskrnl.exe]
ntoskrnl.exe+0x0000A777, Type: Inline - RelativeJump 0x804E1777-->804E9135 [ntoskrnl.exe]
ntoskrnl.exe+0x0000A963, Type: Inline - RelativeJump 0x804E1963-->8052A42B [ntoskrnl.exe]
ntoskrnl.exe+0x0000AA44, Type: Inline - RelativeJump 0x804E1A44-->804E1A27 [ntoskrnl.exe]
ntoskrnl.exe+0x0000AA5D, Type: Inline - RelativeJump 0x804E1A5D-->804EB912 [ntoskrnl.exe]
ntoskrnl.exe+0x0000AA71, Type: Inline - DirectCall 0x804E1A71-->804D80A8 [ntoskrnl.exe]
ntoskrnl.exe+0x0000AB3D, Type: Inline - RelativeJump 0x804E1B3D-->804E6C33 [ntoskrnl.exe]
ntoskrnl.exe+0x0000AB79, Type: Inline - RelativeJump 0x804E1B79-->804E1B87 [ntoskrnl.exe]
ntoskrnl.exe+0x0000AB91, Type: Inline - RelativeJump 0x804E1B91-->804E736C [ntoskrnl.exe]
ntoskrnl.exe+0x0000AB9E, Type: Inline - RelativeCall 0x804E1B9E-->804E1BBA [ntoskrnl.exe]
ntoskrnl.exe+0x0000ABA5, Type: Inline - PushRet 0x804E1BA5-->90900020 [unknown_code_page]
ntoskrnl.exe+0x0000AC3D, Type: Inline - RelativeJump 0x804E1C3D-->804DC531 [ntoskrnl.exe]
ntoskrnl.exe+0x0000AC49, Type: Inline - RelativeJump 0x804E1C49-->804DC42F [ntoskrnl.exe]
ntoskrnl.exe+0x0000AC54, Type: Inline - RelativeCall 0x804E1C54-->804F3B31 [ntoskrnl.exe]
ntoskrnl.exe+0x0000AC62, Type: Inline - RelativeJump 0x804E1C62-->804DC42F [ntoskrnl.exe]
ntoskrnl.exe+0x0000AC98, Type: Inline - RelativeJump 0x804E1C98-->804E1CBE [ntoskrnl.exe]
ntoskrnl.exe+0x0000ACA9, Type: Inline - RelativeJump 0x804E1CA9-->804F17FC [ntoskrnl.exe]
ntoskrnl.exe+0x0000AD85, Type: Inline - RelativeJump 0x804E1D85-->804F7AF5 [ntoskrnl.exe]
ntoskrnl.exe+0x0000AE1C, Type: Inline - RelativeJump 0x804E1E1C-->804E1E47 [ntoskrnl.exe]
ntoskrnl.exe+0x0000AE2F, Type: Inline - RelativeJump 0x804E1E2F-->804F6780 [ntoskrnl.exe]
ntoskrnl.exe+0x0000AF8D, Type: Inline - RelativeJump 0x804E1F8D-->804F5DE7 [ntoskrnl.exe]
ntoskrnl.exe+0x0000AF99, Type: Inline - RelativeJump 0x804E1F99-->804E1FC5 [ntoskrnl.exe]
ntoskrnl.exe+0x0000AFB8, Type: Inline - PushRet 0x804E1FB8-->90900004 [unknown_code_page]
ntoskrnl.exe+0x0000B267, Type: Inline - RelativeJump 0x804E2267-->804E9598 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B2B2, Type: Inline - RelativeCall 0x804E22B2-->804E14A2 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B2B9, Type: Inline - RelativeJump 0x804E22B9-->804E92D0 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B3DE, Type: Inline - RelativeJump 0x804E23DE-->8052CC22 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B3E4, Type: Inline - DirectCall 0x804E23E4-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x0000B3EC, Type: Inline - RelativeJump 0x804E23EC-->8052CC3E [ntoskrnl.exe]
ntoskrnl.exe+0x0000B478, Type: Inline - RelativeJump 0x804E2478-->804E2484 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B485, Type: Inline - RelativeJump 0x804E2485-->804E2484 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B500, Type: Inline - RelativeJump 0x804E2500-->804E2512 [ntoskrnl.exe]
ntoskrnl.exe+0x0000BC70, Type: Inline - RelativeJump 0x804E2C70-->804E2D26 [ntoskrnl.exe]
ntoskrnl.exe+0x0000BCB4, Type: Inline - RelativeJump 0x804E2CB4-->804E2CC5 [ntoskrnl.exe]
ntoskrnl.exe+0x0000C333, Type: Inline - RelativeCall 0x804E3333-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe+0x0000C384, Type: Inline - RelativeCall 0x804E3384-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe+0x0000C3AB, Type: Inline - RelativeCall 0x804E33AB-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe+0x0000C40D, Type: Inline - RelativeCall 0x804E340D-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe+0x0000C446, Type: Inline - RelativeCall 0x804E3446-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe+0x0000C45A, Type: Inline - RelativeCall 0x804E345A-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe+0x0000C471, Type: Inline - RelativeCall 0x804E3471-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe+0x0000C66B, Type: Inline - RelativeCall 0x804E366B-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe+0x0000C742, Type: Inline - RelativeCall 0x804E3742-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe+0x0000C8E5, Type: Inline - RelativeCall 0x804E38E5-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe+0x0000C916, Type: Inline - RelativeCall 0x804E3916-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe+0x0000C921, Type: Inline - RelativeCall 0x804E3921-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe+0x0000C935, Type: Inline - RelativeCall 0x804E3935-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe+0x0000C94B, Type: Inline - RelativeCall 0x804E394B-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe+0x0000CA0E, Type: Inline - RelativeCall 0x804E3A0E-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe+0x0000CA42, Type: Inline - RelativeCall 0x804E3A42-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe+0x0000CA4D, Type: Inline - RelativeCall 0x804E3A4D-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe+0x0000CAC7, Type: Inline - RelativeCall 0x804E3AC7-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe+0x0000CB12, Type: Inline - RelativeCall 0x804E3B12-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe+0x0000CB7B, Type: Inline - RelativeCall 0x804E3B7B-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe+0x0000CBC9, Type: Inline - RelativeCall 0x804E3BC9-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe+0x0000CBDA, Type: Inline - RelativeCall 0x804E3BDA-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe+0x0000CBEE, Type: Inline - RelativeCall 0x804E3BEE-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe+0x0000CC02, Type: Inline - RelativeCall 0x804E3C02-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe+0x0000CC6B, Type: Inline - RelativeCall 0x804E3C6B-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe+0x0000CD76, Type: Inline - RelativeCall 0x804E3D76-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe+0x0000CD7B, Type: Inline - PushRet 0x804E3D7B-->8BB80008 [unknown_code_page]
ntoskrnl.exe+0x0000CDA8, Type: Inline - RelativeCall 0x804E3DA8-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe+0x0000CDB7, Type: Inline - PushRet 0x804E3DB7-->8EB80008 [unknown_code_page]
ntoskrnl.exe+0x0000CE85, Type: Inline - RelativeCall 0x804E3E85-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe+0x0000CE93, Type: Inline - PushRet 0x804E3E93-->99B80014 [unknown_code_page]
ntoskrnl.exe+0x0000CF75, Type: Inline - RelativeCall 0x804E3F75-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe+0x0000CF83, Type: Inline - PushRet 0x804E3F83-->A5B80008 [unknown_code_page]
ntoskrnl.exe+0x0000D03F, Type: Inline - RelativeCall 0x804E403F-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe+0x0000D04B, Type: Inline - PushRet 0x804E404B-->AFB80004 [unknown_code_page]
ntoskrnl.exe+0x0000D06E, Type: Inline - RelativeCall 0x804E406E-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe+0x0000D073, Type: Inline - PushRet 0x804E4073-->B1B8000C [unknown_code_page]
ntoskrnl.exe+0x0000D0DF, Type: Inline - RelativeCall 0x804E40DF-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe+0x0000D0EB, Type: Inline - PushRet 0x804E40EB-->B7B80018 [unknown_code_page]
ntoskrnl.exe+0x0000D113, Type: Inline - PushRet 0x804E4113-->B9B80024 [unknown_code_page]
ntoskrnl.exe+0x0000D152, Type: Inline - RelativeCall 0x804E4152-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe+0x0000D163, Type: Inline - PushRet 0x804E4163-->BDB80008 [unknown_code_page]
ntoskrnl.exe+0x0000D2AA, Type: Inline - RelativeCall 0x804E42AA-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe+0x0000D2B7, Type: Inline - PushRet 0x804E42B7-->CEB80004 [unknown_code_page]
ntoskrnl.exe+0x0000D2BA, Type: Inline - RelativeCall 0x804E42BA-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe+0x0000D2F3, Type: Inline - PushRet 0x804E42F3-->D1B8000C [unknown_code_page]
ntoskrnl.exe+0x0000D2F6, Type: Inline - RelativeCall 0x804E42F6-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe+0x0000D307, Type: Inline - PushRet 0x804E4307-->D2B8000C [unknown_code_page]
ntoskrnl.exe+0x0000D30A, Type: Inline - RelativeCall 0x804E430A-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe+0x0000D3FF, Type: Inline - RelativeCall 0x804E43FF-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe+0x0000D40B, Type: Inline - PushRet 0x804E440B-->DFB80004 [unknown_code_page]
ntoskrnl.exe+0x0000D44A, Type: Inline - RelativeCall 0x804E444A-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe+0x0000D45B, Type: Inline - PushRet 0x804E445B-->E3B80010 [unknown_code_page]
ntoskrnl.exe+0x0000D6A5, Type: Inline - RelativeCall 0x804E46A5-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe+0x0000D7FA, Type: Inline - RelativeCall 0x804E47FA-->804DD7D1 [ntoskrnl.exe]
ntoskrnl.exe+0x0000DFA5, Type: Inline - RelativeJump 0x804E4FA5-->804E4FAE [ntoskrnl.exe]
ntoskrnl.exe+0x0000E4FF, Type: Inline - RelativeJump 0x804E54FF-->804E54F0 [ntoskrnl.exe]
ntoskrnl.exe+0x0000E5FA, Type: Inline - RelativeJump 0x804E55FA-->804E5611 [ntoskrnl.exe]
ntoskrnl.exe+0x0000E610, Type: Inline - RelativeJump 0x804E5610-->804E55F2 [ntoskrnl.exe]
ntoskrnl.exe+0x0000E737, Type: Inline - RelativeJump 0x804E5737-->CAD971C7 [unknown_code_page]
ntoskrnl.exe+0x0000E77E, Type: Inline - RelativeCall 0x804E577E-->804E5790 [ntoskrnl.exe]
ntoskrnl.exe+0x0000E78B, Type: Inline - RelativeCall 0x804E578B-->804E2CCD [ntoskrnl.exe]
ntoskrnl.exe+0x0000EAD6, Type: Inline - PushRet 0x804E5AD6-->90900008 [unknown_code_page]
ntoskrnl.exe+0x0000EC49, Type: Inline - RelativeJump 0x804E5C49-->805188A0 [ntoskrnl.exe]
ntoskrnl.exe+0x0000ECAD, Type: Inline - RelativeJump 0x804E5CAD-->804E6C28 [ntoskrnl.exe]
ntoskrnl.exe+0x0000ED06, Type: Inline - DirectCall 0x804E5D06-->804D812C [ntoskrnl.exe]
ntoskrnl.exe+0x0000EDCA, Type: Inline - RelativeCall 0x804E5DCA-->804E14A2 [ntoskrnl.exe]
ntoskrnl.exe+0x0000EDDA, Type: Inline - RelativeJump 0x804E5DDA-->804DC51C [ntoskrnl.exe]
ntoskrnl.exe+0x0000EF5D, Type: Inline - RelativeJump 0x804E5F5D-->804D9D1A [ntoskrnl.exe]
ntoskrnl.exe+0x0000EF70, Type: Inline - RelativeJump 0x804E5F70-->804D9D1A [ntoskrnl.exe]
ntoskrnl.exe+0x0000EF76, Type: Inline - RelativeJump 0x804E5F76-->804F374F [ntoskrnl.exe]
ntoskrnl.exe+0x0000F00A, Type: Inline - RelativeCall 0x804E600A-->804E2550 [ntoskrnl.exe]
ntoskrnl.exe+0x0000F014, Type: Inline - PushRet 0x804E6014-->90900004 [unknown_code_page]
ntoskrnl.exe+0x0000F112, Type: Inline - RelativeCall 0x804E6112-->804DC74A [ntoskrnl.exe]
ntoskrnl.exe+0x0000F14F, Type: Inline - RelativeJump 0x804E614F-->8050D680 [ntoskrnl.exe]
ntoskrnl.exe+0x0000F165, Type: Inline - RelativeJump 0x804E6165-->804E616E [ntoskrnl.exe]
ntoskrnl.exe+0x0000F17C, Type: Inline - RelativeCall 0x804E617C-->804D9DFE [ntoskrnl.exe]
ntoskrnl.exe+0x0000F193, Type: Inline - RelativeJump 0x804E6193-->804D9763 [ntoskrnl.exe]
ntoskrnl.exe+0x0000F266, Type: Inline - RelativeCall 0x804E6266-->804DC400 [ntoskrnl.exe]
ntoskrnl.exe+0x0000F509, Type: Inline - DirectCall 0x804E6509-->804D8124 [ntoskrnl.exe]
ntoskrnl.exe+0x0000F511, Type: Inline - PushRet 0x804E6511-->90900010 [unknown_code_page]
ntoskrnl.exe+0x0000F58B, Type: Inline - RelativeJump 0x804E658B-->804E6597 [ntoskrnl.exe]
ntoskrnl.exe+0x0000F70B, Type: Inline - RelativeJump 0x804E670B-->8050E2E8 [ntoskrnl.exe]
ntoskrnl.exe+0x0000F71E, Type: Inline - RelativeCall 0x804E671E-->804E216F [ntoskrnl.exe]
ntoskrnl.exe+0x0000F72E, Type: Inline - PushRet 0x804E672E-->90900004 [unknown_code_page]
ntoskrnl.exe+0x0000F75B, Type: Inline - RelativeJump 0x804E675B-->8051E131 [ntoskrnl.exe]
ntoskrnl.exe+0x0000F7A8, Type: Inline - DirectCall 0x804E67A8-->804D8130 [ntoskrnl.exe]
ntoskrnl.exe+0x0000FAB6, Type: Inline - RelativeJump 0x804E6AB6-->804EDBB1 [ntoskrnl.exe]
ntoskrnl.exe+0x0000FAC2, Type: Inline - RelativeJump 0x804E6AC2-->804EDBB1 [ntoskrnl.exe]
ntoskrnl.exe+0x0000FBA3, Type: Inline - RelativeCall 0x804E6BA3-->804E131F [ntoskrnl.exe]
ntoskrnl.exe+0x0000FBA8, Type: Inline - RelativeJump 0x804E6BA8-->804EA144 [ntoskrnl.exe]
ntoskrnl.exe+0x0000FC4C, Type: Inline - RelativeJump 0x804E6C4C-->804E1B51 [ntoskrnl.exe]
ntoskrnl.exe+0x0000FC52, Type: Inline - RelativeJump 0x804E6C52-->80521B7D [ntoskrnl.exe]
ntoskrnl.exe+0x0000FDB8, Type: Inline - RelativeCall 0x804E6DB8-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0000FDC4, Type: Inline - RelativeCall 0x804E6DC4-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0001012E, Type: Inline - RelativeJump 0x804E712E-->804E717C [ntoskrnl.exe]
ntoskrnl.exe+0x000101C8, Type: Inline - RelativeJump 0x804E71C8-->804E720C [ntoskrnl.exe]
ntoskrnl.exe+0x0001021E, Type: Inline - RelativeJump 0x804E721E-->804F9BF8 [ntoskrnl.exe]
ntoskrnl.exe+0x00010274, Type: Inline - RelativeJump 0x804E7274-->804F9C7D [ntoskrnl.exe]
ntoskrnl.exe+0x000103BD, Type: Inline - RelativeJump 0x804E73BD-->804E73D8 [ntoskrnl.exe]
ntoskrnl.exe+0x000103DA, Type: Inline - RelativeJump 0x804E73DA-->804E5E9A [ntoskrnl.exe]
ntoskrnl.exe+0x00010828, Type: Inline - RelativeJump 0x804E7828-->804E1BEA [ntoskrnl.exe]
ntoskrnl.exe+0x00010838, Type: Inline - RelativeJump 0x804E7838-->80522926 [ntoskrnl.exe]
ntoskrnl.exe+0x000108D4, Type: Inline - RelativeJump 0x804E78D4-->804E78E1 [ntoskrnl.exe]
ntoskrnl.exe+0x000108E9, Type: Inline - RelativeJump 0x804E78E9-->804E779B [ntoskrnl.exe]
ntoskrnl.exe+0x000109B6, Type: Inline - RelativeJump 0x804E79B6-->804FB7BB [ntoskrnl.exe]
ntoskrnl.exe+0x000109C7, Type: Inline - RelativeJump 0x804E79C7-->804E793E [ntoskrnl.exe]
ntoskrnl.exe+0x00010B17, Type: Inline - RelativeCall 0x804E7B17-->804E6C19 [ntoskrnl.exe]
ntoskrnl.exe+0x00010D16, Type: Inline - RelativeCall 0x804E7D16-->804E2468 [ntoskrnl.exe]
ntoskrnl.exe+0x00010E23, Type: Inline - RelativeJump 0x804E7E23-->804E7E35 [ntoskrnl.exe]
ntoskrnl.exe+0x00010F3C, Type: Inline - RelativeJump 0x804E7F3C-->804E7FF7 [ntoskrnl.exe]
ntoskrnl.exe+0x00010FB7, Type: Inline - PushRet 0x804E7FB7-->90909090 [unknown_code_page]
ntoskrnl.exe+0x000111E0, Type: Inline - PushRet 0x804E81E0-->90900004 [unknown_code_page]
ntoskrnl.exe+0x000114D9, Type: Inline - RelativeJump 0x804E84D9-->804D9C5C [ntoskrnl.exe]
ntoskrnl.exe+0x000114EC, Type: Inline - RelativeJump 0x804E84EC-->804E65B5 [ntoskrnl.exe]
ntoskrnl.exe+0x000114F8, Type: Inline - RelativeJump 0x804E84F8-->804E6576 [ntoskrnl.exe]
ntoskrnl.exe+0x0001174E, Type: Inline - RelativeJump 0x804E874E-->804F9BB5 [ntoskrnl.exe]
ntoskrnl.exe+0x00011A35, Type: Inline - RelativeJump 0x804E8A35-->804E8C29 [ntoskrnl.exe]
ntoskrnl.exe+0x00011A40, Type: Inline - RelativeJump 0x804E8A40-->804EAB6D [ntoskrnl.exe]
ntoskrnl.exe+0x00011B39, Type: Inline - DirectCall 0x804E8B39-->804D8130 [ntoskrnl.exe]
ntoskrnl.exe+0x00011B62, Type: Inline - RelativeJump 0x804E8B62-->804F9B80 [ntoskrnl.exe]
ntoskrnl.exe+0x00011BF7, Type: Inline - RelativeJump 0x804E8BF7-->804E8C13 [ntoskrnl.exe]
ntoskrnl.exe+0x00011C7B, Type: Inline - RelativeJump 0x804E8C7B-->804E8C1E [ntoskrnl.exe]
ntoskrnl.exe+0x00011F1D, Type: Inline - PushRet 0x804E8F1D-->9090000C [unknown_code_page]
ntoskrnl.exe+0x00012154, Type: Inline - RelativeCall 0x804E9154-->804E90CE [ntoskrnl.exe]
ntoskrnl.exe+0x00012164, Type: Inline - RelativeJump 0x804E9164-->804DC605 [ntoskrnl.exe]
ntoskrnl.exe+0x00012169, Type: Inline - RelativeJump 0x804E9169-->804E19B7 [ntoskrnl.exe]
ntoskrnl.exe+0x000121F6, Type: Inline - RelativeJump 0x804E91F6-->804E2276 [ntoskrnl.exe]
ntoskrnl.exe+0x000121FE, Type: Inline - RelativeCall 0x804E91FE-->804E7E0F [ntoskrnl.exe]
ntoskrnl.exe+0x00012203, Type: Inline - RelativeJump 0x804E9203-->804E15F5 [ntoskrnl.exe]
ntoskrnl.exe+0x00012318, Type: Inline - RelativeJump 0x804E9318-->805153AD [ntoskrnl.exe]
ntoskrnl.exe+0x00012323, Type: Inline - RelativeJump 0x804E9323-->805153BB [ntoskrnl.exe]
ntoskrnl.exe+0x0001244A, Type: Inline - PushRet 0x804E944A-->E8560014 [unknown_code_page]
ntoskrnl.exe+0x0001244F, Type: Inline - RelativeCall 0x804E944F-->804DC3C0 [ntoskrnl.exe]
ntoskrnl.exe+0x00012455, Type: Inline - RelativeJump 0x804E9455-->804E6118 [ntoskrnl.exe]
ntoskrnl.exe+0x0001245A, Type: Inline - RelativeJump 0x804E945A-->80504F5C [ntoskrnl.exe]
ntoskrnl.exe+0x000125CB, Type: Inline - RelativeCall 0x804E95CB-->804E1930 [ntoskrnl.exe]
ntoskrnl.exe+0x000125DD, Type: Inline - RelativeJump 0x804E95DD-->80514DCA [ntoskrnl.exe]
ntoskrnl.exe+0x0001268A, Type: Inline - RelativeJump 0x804E968A-->804E9699 [ntoskrnl.exe]
ntoskrnl.exe+0x00012727, Type: Inline - RelativeJump 0x804E9727-->80529BDE [ntoskrnl.exe]
ntoskrnl.exe+0x0001272D, Type: Inline - RelativeJump 0x804E972D-->804E97E6 [ntoskrnl.exe]
ntoskrnl.exe+0x000127B1, Type: Inline - RelativeJump 0x804E97B1-->804E97E6 [ntoskrnl.exe]
ntoskrnl.exe+0x000128CE, Type: Inline - RelativeJump 0x804E98CE-->805299CD [ntoskrnl.exe]
ntoskrnl.exe+0x000128E5, Type: Inline - RelativeJump 0x804E98E5-->804E98F0 [ntoskrnl.exe]
ntoskrnl.exe+0x000129AB, Type: Inline - RelativeJump 0x804E99AB-->80529C75 [ntoskrnl.exe]
ntoskrnl.exe+0x00012B23, Type: Inline - RelativeJump 0x804E9B23-->8052858A [ntoskrnl.exe]
ntoskrnl.exe+0x00012FB0, Type: Inline - RelativeJump 0x804E9FB0-->804E8735 [ntoskrnl.exe]
ntoskrnl.exe+0x00013013, Type: Inline - RelativeCall 0x804EA013-->804FE7CD [ntoskrnl.exe]
ntoskrnl.exe+0x0001301C, Type: Inline - RelativeJump 0x804EA01C-->804E8735 [ntoskrnl.exe]
ntoskrnl.exe+0x00013225, Type: Inline - RelativeCall 0x804EA225-->804EA23B [ntoskrnl.exe]
ntoskrnl.exe+0x000132CA, Type: Inline - PushRet 0x804EA2CA-->DA805FAE [unknown_code_page]
ntoskrnl.exe+0x0001330C, Type: Inline - RelativeJump 0x804EA30C-->804F5DEE [ntoskrnl.exe]
ntoskrnl.exe+0x00013453, Type: Inline - RelativeJump 0x804EA453-->804EA438 [ntoskrnl.exe]
ntoskrnl.exe+0x000134CA, Type: Inline - PushRet 0x804EA4CA-->9E880004 [unknown_code_page]
ntoskrnl.exe+0x000134DA, Type: Inline - RelativeJump 0x804EA4DA-->804EA434 [ntoskrnl.exe]
ntoskrnl.exe+0x000134E5, Type: Inline - RelativeJump 0x804EA4E5-->804EA434 [ntoskrnl.exe]
ntoskrnl.exe+0x000134FC, Type: Inline - RelativeJump 0x804EA4FC-->804EA537 [ntoskrnl.exe]
ntoskrnl.exe+0x00013504, Type: Inline - RelativeJump 0x804EA504-->804E6957 [ntoskrnl.exe]
ntoskrnl.exe+0x000135C0, Type: Inline - RelativeJump 0x804EA5C0-->8052A3DB [ntoskrnl.exe]
ntoskrnl.exe+0x000135C6, Type: Inline - PushRet 0x804EA5C6-->90900010 [unknown_code_page]
ntoskrnl.exe+0x000138C2, Type: Inline - RelativeJump 0x804EA8C2-->804F5D95 [ntoskrnl.exe]
ntoskrnl.exe+0x00013974, Type: Inline - RelativeJump 0x804EA974-->804F0DE5 [ntoskrnl.exe]
ntoskrnl.exe+0x00013980, Type: Inline - RelativeJump 0x804EA980-->804EA952 [ntoskrnl.exe]
ntoskrnl.exe+0x00013988, Type: Inline - RelativeJump 0x804EA988-->804EA994 [ntoskrnl.exe]
ntoskrnl.exe+0x00013C0F, Type: Inline - RelativeJump 0x804EAC0F-->804F1289 [ntoskrnl.exe]
ntoskrnl.exe+0x00013D08, Type: Inline - RelativeJump 0x804EAD08-->80520FFC [ntoskrnl.exe]
ntoskrnl.exe+0x00013D3C, Type: Inline - RelativeJump 0x804EAD3C-->80520F48 [ntoskrnl.exe]
ntoskrnl.exe+0x00013D42, Type: Inline - RelativeJump 0x804EAD42-->80520EE2 [ntoskrnl.exe]
ntoskrnl.exe+0x00013EE0, Type: Inline - RelativeJump 0x804EAEE0-->804F950A [ntoskrnl.exe]
ntoskrnl.exe+0x00013EEC, Type: Inline - RelativeJump 0x804EAEEC-->804F950A [ntoskrnl.exe]
ntoskrnl.exe+0x00013F11, Type: Inline - RelativeJump 0x804EAF11-->804F3ADA [ntoskrnl.exe]
ntoskrnl.exe+0x00013F1A, Type: Inline - RelativeJump 0x804EAF1A-->804EAF2E [ntoskrnl.exe]
ntoskrnl.exe+0x00013F31, Type: Inline - RelativeJump 0x804EAF31-->804EB064 [ntoskrnl.exe]
ntoskrnl.exe+0x00013F42, Type: Inline - RelativeJump 0x804EAF42-->804F964B [ntoskrnl.exe]
ntoskrnl.exe+0x0001407E, Type: Inline - RelativeCall 0x804EB07E-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0001408A, Type: Inline - RelativeJump 0x804EB08A-->804EAF56 [ntoskrnl.exe]
ntoskrnl.exe+0x00014373, Type: Inline - RelativeJump 0x804EB373-->804EB2EC [ntoskrnl.exe]
ntoskrnl.exe+0x000145FA, Type: Inline - RelativeJump 0x804EB5FA-->804EB62C [ntoskrnl.exe]
ntoskrnl.exe+0x0001482B, Type: Inline - RelativeJump 0x804EB82B-->804EB8E3 [ntoskrnl.exe]
ntoskrnl.exe+0x00014845, Type: Inline - RelativeCall 0x804EB845-->8B37795B [unknown_code_page]
ntoskrnl.exe+0x00014C84, Type: Inline - RelativeJump 0x804EBC84-->80501598 [ntoskrnl.exe]
ntoskrnl.exe+0x00014E85, Type: Inline - RelativeJump 0x804EBE85-->80504740 [ntoskrnl.exe]
ntoskrnl.exe+0x00014E8E, Type: Inline - RelativeJump 0x804EBE8E-->80526BF0 [ntoskrnl.exe]
ntoskrnl.exe+0x00014EBC, Type: Inline - RelativeJump 0x804EBEBC-->804E8AD1 [ntoskrnl.exe]
ntoskrnl.exe+0x00015069, Type: Inline - RelativeJump 0x804EC069-->804EC077 [ntoskrnl.exe]
ntoskrnl.exe+0x000150C5, Type: Inline - RelativeJump 0x804EC0C5-->804F24EA [ntoskrnl.exe]
ntoskrnl.exe+0x000150DB, Type: Inline - RelativeJump 0x804EC0DB-->80517EE3 [ntoskrnl.exe]
ntoskrnl.exe+0x000150E4, Type: Inline - RelativeJump 0x804EC0E4-->80517EE3 [ntoskrnl.exe]
ntoskrnl.exe+0x00015374, Type: Inline - RelativeJump 0x804EC374-->804EC392 [ntoskrnl.exe]
ntoskrnl.exe+0x000153D7, Type: Inline - RelativeJump 0x804EC3D7-->80500504 [ntoskrnl.exe]
ntoskrnl.exe+0x000153EA, Type: Inline - RelativeCall 0x804EC3EA-->804E1BBA [ntoskrnl.exe]
ntoskrnl.exe+0x000153EF, Type: Inline - PushRet 0x804EC3EF-->90900004 [unknown_code_page]
ntoskrnl.exe+0x00015407, Type: Inline - RelativeJump 0x804EC407-->804EC475 [ntoskrnl.exe]
ntoskrnl.exe+0x00015420, Type: Inline - DirectCall 0x804EC420-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x0001543E, Type: Inline - RelativeCall 0x804EC43E-->804E891D [ntoskrnl.exe]
ntoskrnl.exe+0x00015552, Type: Inline - RelativeCall 0x804EC552-->804DC667 [ntoskrnl.exe]
ntoskrnl.exe+0x00015590, Type: Inline - RelativeJump 0x804EC590-->804EC5E3 [ntoskrnl.exe]
ntoskrnl.exe+0x00015594, Type: Inline - RelativeJump 0x804EC594-->804EC5E7 [ntoskrnl.exe]
ntoskrnl.exe+0x000155E4, Type: Inline - RelativeJump 0x804EC5E4-->804F3714 [ntoskrnl.exe]
ntoskrnl.exe+0x000155EC, Type: Inline - PushRet 0x804EC5EC-->90900008 [unknown_code_page]
ntoskrnl.exe+0x000156DF, Type: Inline - PushRet 0x804EC6DF-->DB330014 [unknown_code_page]
ntoskrnl.exe+0x000156E9, Type: Inline - DirectCall 0x804EC6E9-->804D8030 [ntoskrnl.exe]
ntoskrnl.exe+0x000156F8, Type: Inline - RelativeJump 0x804EC6F8-->804EC709 [ntoskrnl.exe]
ntoskrnl.exe+0x00015780, Type: Inline - RelativeCall 0x804EC780-->804E2528 [ntoskrnl.exe]
ntoskrnl.exe+0x00015812, Type: Inline - RelativeJump 0x804EC812-->8052276A [ntoskrnl.exe]
ntoskrnl.exe+0x0001587B, Type: Inline - RelativeJump 0x804EC87B-->804EC889 [ntoskrnl.exe]
ntoskrnl.exe+0x00015892, Type: Inline - DirectCall 0x804EC892-->804D8120 [ntoskrnl.exe]
ntoskrnl.exe+0x0001594B, Type: Inline - RelativeJump 0x804EC94B-->804EC921 [ntoskrnl.exe]
ntoskrnl.exe+0x00015B36, Type: Inline - PushRet 0x804ECB36-->90900004 [unknown_code_page]
ntoskrnl.exe+0x00015B88, Type: Inline - RelativeJump 0x804ECB88-->804ED68B [ntoskrnl.exe]
ntoskrnl.exe+0x00015DA1, Type: Inline - PushRet 0x804ECDA1-->E25B850F [unknown_code_page]
ntoskrnl.exe+0x00015DA5, Type: Inline - RelativeJump 0x804ECDA5-->804EB006 [ntoskrnl.exe]
ntoskrnl.exe+0x00015DAB, Type: Inline - RelativeCall 0x804ECDAB-->804ECDD9 [ntoskrnl.exe]
ntoskrnl.exe+0x00015DE6, Type: Inline - RelativeJump 0x804ECDE6-->804ECCF8 [ntoskrnl.exe]
ntoskrnl.exe+0x00015F27, Type: Inline - DirectCall 0x804ECF27-->804D8128 [ntoskrnl.exe]
ntoskrnl.exe+0x00016375, Type: Inline - RelativeJump 0x804ED375-->805045F8 [ntoskrnl.exe]
ntoskrnl.exe+0x00016507, Type: Inline - RelativeCall 0x804ED507-->804ED5CD [ntoskrnl.exe]
ntoskrnl.exe+0x00016510, Type: Inline - RelativeJump 0x804ED510-->804ECCA3 [ntoskrnl.exe]
ntoskrnl.exe+0x000167D1, Type: Inline - RelativeCall 0x804ED7D1-->804E2554 [ntoskrnl.exe]
ntoskrnl.exe+0x000168A2, Type: Inline - RelativeJump 0x804ED8A2-->804ED8AB [ntoskrnl.exe]
ntoskrnl.exe+0x0001691F, Type: Inline - DirectCall 0x804ED91F-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x00016A92, Type: Inline - RelativeJump 0x804EDA92-->804EDAAC [ntoskrnl.exe]
ntoskrnl.exe+0x00016C11, Type: Inline - RelativeJump 0x804EDC11-->804EDC07 [ntoskrnl.exe]
ntoskrnl.exe+0x00016C14, Type: Inline - RelativeJump 0x804EDC14-->804EDC12 [ntoskrnl.exe]
ntoskrnl.exe+0x00016F0B, Type: Inline - RelativeJump 0x804EDF0B-->804F35F8 [ntoskrnl.exe]
ntoskrnl.exe+0x00016F43, Type: Inline - PushRet 0x804EDF43-->90900004 [unknown_code_page]
ntoskrnl.exe+0x000170D4, Type: Inline - RelativeJump 0x804EE0D4-->804EE0E7 [ntoskrnl.exe]
ntoskrnl.exe+0x000172C9, Type: Inline - RelativeJump 0x804EE2C9-->804EDE1B [ntoskrnl.exe]
ntoskrnl.exe+0x00017504, Type: Inline - PushRet 0x804EE504-->90900014 [unknown_code_page]
ntoskrnl.exe+0x00017651, Type: Inline - RelativeJump 0x804EE651-->8051AC70 [ntoskrnl.exe]
ntoskrnl.exe+0x0001765C, Type: Inline - RelativeJump 0x804EE65C-->804EE652 [ntoskrnl.exe]
ntoskrnl.exe+0x00017835, Type: Inline - RelativeJump 0x804EE835-->804EE7D0 [ntoskrnl.exe]
ntoskrnl.exe+0x00017914, Type: Inline - RelativeJump 0x804EE914-->804EE94F [ntoskrnl.exe]
ntoskrnl.exe+0x00017AEC, Type: Inline - RelativeCall 0x804EEAEC-->804EECCE [ntoskrnl.exe]
ntoskrnl.exe+0x00017B02, Type: Inline - RelativeJump 0x804EEB02-->804F757C [ntoskrnl.exe]
ntoskrnl.exe+0x00017B5D, Type: Inline - RelativeJump 0x804EEB5D-->80514177 [ntoskrnl.exe]
ntoskrnl.exe+0x00017C95, Type: Inline - RelativeJump 0x804EEC95-->804EECFF [ntoskrnl.exe]
ntoskrnl.exe+0x00017EA2, Type: Inline - RelativeJump 0x804EEEA2-->804EE669 [ntoskrnl.exe]
ntoskrnl.exe+0x00017EAC, Type: Inline - RelativeJump 0x804EEEAC-->804EE424 [ntoskrnl.exe]
ntoskrnl.exe+0x0001826D, Type: Inline - RelativeJump 0x804EF26D-->804EF27B [ntoskrnl.exe]
ntoskrnl.exe+0x0001857D, Type: Inline - RelativeJump 0x804EF57D-->804EF55B [ntoskrnl.exe]
ntoskrnl.exe+0x00018713, Type: Inline - RelativeJump 0x804EF713-->80513E66 [ntoskrnl.exe]
ntoskrnl.exe+0x00018755, Type: Inline - DirectCall 0x804EF755-->804D8114 [ntoskrnl.exe]
ntoskrnl.exe+0x000187E8, Type: Inline - RelativeCall 0x804EF7E8-->804EF336 [ntoskrnl.exe]
ntoskrnl.exe+0x000187F1, Type: Inline - RelativeCall 0x804EF7F1-->804E2EDE [ntoskrnl.exe]
ntoskrnl.exe+0x000187F9, Type: Inline - PushRet 0x804EF7F9-->90900024 [unknown_code_page]
ntoskrnl.exe+0x00018853, Type: Inline - RelativeJump 0x804EF853-->804EFBE3 [ntoskrnl.exe]
ntoskrnl.exe+0x00018902, Type: Inline - DirectCall 0x804EF902-->804D8110 [ntoskrnl.exe]
ntoskrnl.exe+0x0001890D, Type: Inline - RelativeJump 0x804EF90D-->804EF926 [ntoskrnl.exe]
ntoskrnl.exe+0x00018916, Type: Inline - RelativeJump 0x804EF916-->804EF8A8 [ntoskrnl.exe]
ntoskrnl.exe+0x0001896E, Type: Inline - RelativeCall 0x804EF96E-->804DA6DB [ntoskrnl.exe]
ntoskrnl.exe+0x0001897A, Type: Inline - RelativeJump 0x804EF97A-->804EF96A [ntoskrnl.exe]
ntoskrnl.exe+0x00018A10, Type: Inline - RelativeJump 0x804EFA10-->804EFA30 [ntoskrnl.exe]
ntoskrnl.exe+0x00018A50, Type: Inline - PushRet 0x804EFA50-->9090000C [unknown_code_page]
ntoskrnl.exe+0x00018AFE, Type: Inline - RelativeJump 0x804EFAFE-->804EFAA3 [ntoskrnl.exe]
ntoskrnl.exe+0x00018B0F, Type: Inline - RelativeJump 0x804EFB0F-->804FBF90 [ntoskrnl.exe]
ntoskrnl.exe+0x00018B8A, Type: Inline - RelativeJump 0x804EFB8A-->804EFB88 [ntoskrnl.exe]
ntoskrnl.exe+0x00018BF5, Type: Inline - RelativeJump 0x804EFBF5-->804EFC02 [ntoskrnl.exe]
ntoskrnl.exe+0x00018D0D, Type: Inline - DirectCall 0x804EFD0D-->804D8110 [ntoskrnl.exe]
ntoskrnl.exe+0x00018E37, Type: Inline - RelativeJump 0x804EFE37-->804EFFE9 [ntoskrnl.exe]
ntoskrnl.exe+0x00018EB3, Type: Inline - RelativeCall 0x804EFEB3-->804E2554 [ntoskrnl.exe]
ntoskrnl.exe+0x00019496, Type: Inline - RelativeJump 0x804F0496-->805038E0 [ntoskrnl.exe]
ntoskrnl.exe+0x0001976A, Type: Inline - RelativeJump 0x804F076A-->804F68A9 [ntoskrnl.exe]
ntoskrnl.exe+0x0001992A, Type: Inline - DirectCall 0x804F092A-->804D8128 [ntoskrnl.exe]
ntoskrnl.exe+0x00019933, Type: Inline - RelativeCall 0x804F0933-->804E803A [ntoskrnl.exe]
ntoskrnl.exe+0x00019940, Type: Inline - RelativeJump 0x804F0940-->805292F8 [ntoskrnl.exe]
ntoskrnl.exe+0x0001996F, Type: Inline - RelativeJump 0x804F096F-->805179F2 [ntoskrnl.exe]
ntoskrnl.exe+0x00019975, Type: Inline - RelativeCall 0x804F0975-->804E8F37 [ntoskrnl.exe]
ntoskrnl.exe+0x000199B4, Type: Inline - RelativeCall 0x804F09B4-->804E7FE8 [ntoskrnl.exe]
ntoskrnl.exe+0x00019A4F, Type: Inline - RelativeJump 0x804F0A4F-->804EA638 [ntoskrnl.exe]
ntoskrnl.exe+0x00019AF0, Type: Inline - RelativeJump 0x804F0AF0-->804F0B56 [ntoskrnl.exe]
ntoskrnl.exe+0x00019B0C, Type: Inline - RelativeJump 0x804F0B0C-->804F0B2D [ntoskrnl.exe]
ntoskrnl.exe+0x00019CB4, Type: Inline - DirectCall 0x804F0CB4-->804D8128 [ntoskrnl.exe]
ntoskrnl.exe+0x00019CF0, Type: Inline - PushRet 0x804F0CF0-->8B000346 [unknown_code_page]
ntoskrnl.exe+0x00019DB0, Type: Inline - PushRet 0x804F0DB0-->CB8A0014 [unknown_code_page]
ntoskrnl.exe+0x00019DB6, Type: Inline - DirectCall 0x804F0DB6-->804D802C [ntoskrnl.exe]
ntoskrnl.exe+0x00019E58, Type: Inline - RelativeCall 0x804F0E58-->804E2468 [ntoskrnl.exe]
ntoskrnl.exe+0x00019E60, Type: Inline - RelativeJump 0x804F0E60-->804F67F7 [ntoskrnl.exe]
ntoskrnl.exe+0x00019E65, Type: Inline - RelativeJump 0x804F0E65-->804F67F4 [ntoskrnl.exe]
ntoskrnl.exe+0x0001A0DF, Type: Inline - RelativeJump 0x804F10DF-->804F61E8 [ntoskrnl.exe]
ntoskrnl.exe+0x0001A150, Type: Inline - RelativeCall 0x804F1150-->804EA92B [ntoskrnl.exe]
ntoskrnl.exe+0x0001A229, Type: Inline - RelativeJump 0x804F1229-->804F121B [ntoskrnl.exe]
ntoskrnl.exe+0x0001A29A, Type: Inline - RelativeJump 0x804F129A-->804F1284 [ntoskrnl.exe]
ntoskrnl.exe+0x0001A3FF, Type: Inline - RelativeJump 0x804F13FF-->804EAC5E [ntoskrnl.exe]
ntoskrnl.exe+0x0001A40F, Type: Inline - RelativeJump 0x804F140F-->804F1421 [ntoskrnl.exe]
ntoskrnl.exe+0x0001A41F, Type: Inline - PushRet 0x804F141F-->90900004 [unknown_code_page]
ntoskrnl.exe+0x0001A453, Type: Inline - RelativeJump 0x804F1453-->804EA02F [ntoskrnl.exe]
ntoskrnl.exe+0x0001A54D, Type: Inline - RelativeJump 0x804F154D-->805218FA [ntoskrnl.exe]
ntoskrnl.exe+0x0001A553, Type: Inline - RelativeJump 0x804F1553-->805218D7 [ntoskrnl.exe]
ntoskrnl.exe+0x0001A5E3, Type: Inline - RelativeJump 0x804F15E3-->80521981 [ntoskrnl.exe]
ntoskrnl.exe+0x0001A5EE, Type: Inline - DirectCall 0x804F15EE-->804D8088 [ntoskrnl.exe]
ntoskrnl.exe+0x0001A699, Type: Inline - RelativeJump 0x804F1699-->804F16E3 [ntoskrnl.exe]
ntoskrnl.exe+0x0001A6A9, Type: Inline - PushRet 0x804F16A9-->80FF4D8A [unknown_code_page]
ntoskrnl.exe+0x0001A6B0, Type: Inline - RelativeJump 0x804F16B0-->80521793 [ntoskrnl.exe]
ntoskrnl.exe+0x0001A6DB, Type: Inline - RelativeJump 0x804F16DB-->804F16E1 [ntoskrnl.exe]
ntoskrnl.exe+0x0001A6EA, Type: Inline - PushRet 0x804F16EA-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x0001A7E4, Type: Inline - RelativeJump 0x804F17E4-->804F17D2 [ntoskrnl.exe]
ntoskrnl.exe+0x0001A7FC, Type: Inline - RelativeJump 0x804F17FC-->804E1CBA [ntoskrnl.exe]
ntoskrnl.exe+0x0001A805, Type: Inline - RelativeJump 0x804F1805-->804E1CAF [ntoskrnl.exe]
ntoskrnl.exe+0x0001A810, Type: Inline - RelativeJump 0x804F1810-->804E6DED [ntoskrnl.exe]
ntoskrnl.exe+0x0001A81D, Type: Inline - DirectCall 0x804F181D-->804D8030 [ntoskrnl.exe]
ntoskrnl.exe+0x0001A823, Type: Inline - RelativeJump 0x804F1823-->804E6FFE [ntoskrnl.exe]
ntoskrnl.exe+0x0001A830, Type: Inline - RelativeJump 0x804F1830-->804F18A6 [ntoskrnl.exe]
ntoskrnl.exe+0x0001A8A0, Type: Inline - RelativeJump 0x804F18A0-->804F1902 [ntoskrnl.exe]
ntoskrnl.exe+0x0001A8B8, Type: Inline - RelativeJump 0x804F18B8-->804F191A [ntoskrnl.exe]
ntoskrnl.exe+0x0001A8CC, Type: Inline - RelativeJump 0x804F18CC-->804F192A [ntoskrnl.exe]
ntoskrnl.exe+0x0001A8D8, Type: Inline - RelativeJump 0x804F18D8-->804F193E [ntoskrnl.exe]
ntoskrnl.exe+0x0001A8E4, Type: Inline - RelativeJump 0x804F18E4-->804F1960 [ntoskrnl.exe]
ntoskrnl.exe+0x0001A8F0, Type: Inline - RelativeJump 0x804F18F0-->804F194E [ntoskrnl.exe]
ntoskrnl.exe+0x0001A8FC, Type: Inline - RelativeJump 0x804F18FC-->804F1962 [ntoskrnl.exe]
ntoskrnl.exe+0x0001A908, Type: Inline - RelativeJump 0x804F1908-->804F196E [ntoskrnl.exe]
ntoskrnl.exe+0x0001A91C, Type: Inline - PushRet 0x804F191C-->E5805777 [unknown_code_page]
ntoskrnl.exe+0x0001A929, Type: Inline - RelativeJump 0x804F1929-->804F1986 [ntoskrnl.exe]
ntoskrnl.exe+0x0001A930, Type: Inline - RelativeJump 0x804F1930-->804F19B1 [ntoskrnl.exe]
ntoskrnl.exe+0x0001AD6E, Type: Inline - RelativeJump 0x804F1D6E-->8051437C [ntoskrnl.exe]
ntoskrnl.exe+0x0001AD86, Type: Inline - DirectCall 0x804F1D86-->804D8124 [ntoskrnl.exe]
ntoskrnl.exe+0x0001ADC0, Type: Inline - RelativeJump 0x804F1DC0-->804F1DD8 [ntoskrnl.exe]
ntoskrnl.exe+0x0001ADC6, Type: Inline - RelativeJump 0x804F1DC6-->805143DF [ntoskrnl.exe]
ntoskrnl.exe+0x0001ADCC, Type: Inline - RelativeCall 0x804F1DCC-->804ECAAA [ntoskrnl.exe]
ntoskrnl.exe+0x0001ADD4, Type: Inline - PushRet 0x804F1DD4-->90900010 [unknown_code_page]
ntoskrnl.exe+0x0001AFAE, Type: Inline - RelativeCall 0x804F1FAE-->804EA895 [ntoskrnl.exe]
ntoskrnl.exe+0x0001AFB6, Type: Inline - RelativeJump 0x804F1FB6-->804F2087 [ntoskrnl.exe]
ntoskrnl.exe+0x0001AFBF, Type: Inline - RelativeJump 0x804F1FBF-->8051509E [ntoskrnl.exe]
ntoskrnl.exe+0x0001AFDA, Type: Inline - RelativeJump 0x804F1FDA-->8051BAF3 [ntoskrnl.exe]
ntoskrnl.exe+0x0001B088, Type: Inline - PushRet 0x804F2088-->90900010 [unknown_code_page]
ntoskrnl.exe+0x0001B212, Type: Inline - RelativeJump 0x804F2212-->8051521B [ntoskrnl.exe]
ntoskrnl.exe+0x0001B29E, Type: Inline - RelativeJump 0x804F229E-->804F22EE [ntoskrnl.exe]
ntoskrnl.exe+0x0001B4C1, Type: Inline - RelativeJump 0x804F24C1-->80529213 [ntoskrnl.exe]
ntoskrnl.exe+0x0001B4C6, Type: Inline - DirectCall 0x804F24C6-->804D8130 [ntoskrnl.exe]
ntoskrnl.exe+0x0001B51D, Type: Inline - RelativeJump 0x804F251D-->80526C84 [ntoskrnl.exe]
ntoskrnl.exe+0x0001B522, Type: Inline - RelativeJump 0x804F2522-->804F2560 [ntoskrnl.exe]
ntoskrnl.exe+0x0001B575, Type: Inline - RelativeJump 0x804F2575-->804EAC55 [ntoskrnl.exe]
ntoskrnl.exe+0x0001B57D, Type: Inline - RelativeJump 0x804F257D-->804F25C7 [ntoskrnl.exe]
ntoskrnl.exe+0x0001B802, Type: Inline - RelativeJump 0x804F2802-->804EAE27 [ntoskrnl.exe]
ntoskrnl.exe+0x0001B8DB, Type: Inline - RelativeJump 0x804F28DB-->804F28E9 [ntoskrnl.exe]
ntoskrnl.exe+0x0001BED7, Type: Inline - DirectCall 0x804F2ED7-->804D8130 [ntoskrnl.exe]
ntoskrnl.exe+0x0001BEE9, Type: Inline - RelativeJump 0x804F2EE9-->804F2F03 [ntoskrnl.exe]
ntoskrnl.exe+0x0001C0D8, Type: Inline - RelativeJump 0x804F30D8-->804F30E9 [ntoskrnl.exe]
ntoskrnl.exe+0x0001C28C, Type: Inline - RelativeJump 0x804F328C-->804F3050 [ntoskrnl.exe]
ntoskrnl.exe+0x0001C29D, Type: Inline - RelativeJump 0x804F329D-->804ED15D [ntoskrnl.exe]
ntoskrnl.exe+0x0001C5A1, Type: Inline - RelativeJump 0x804F35A1-->804F35C7 [ntoskrnl.exe]
ntoskrnl.exe+0x0001C5BF, Type: Inline - RelativeJump 0x804F35BF-->804FB0BF [ntoskrnl.exe]
ntoskrnl.exe+0x0001C5CA, Type: Inline - RelativeJump 0x804F35CA-->804EB5A8 [ntoskrnl.exe]
ntoskrnl.exe+0x0001C5D6, Type: Inline - RelativeJump 0x804F35D6-->804F5C03 [ntoskrnl.exe]
ntoskrnl.exe+0x0001C5E0, Type: Inline - RelativeJump 0x804F35E0-->804E5F3C [ntoskrnl.exe]
ntoskrnl.exe+0x0001C676, Type: Inline - RelativeJump 0x804F3676-->804F368E [ntoskrnl.exe]
ntoskrnl.exe+0x0001C6A8, Type: Inline - RelativeJump 0x804F36A8-->804E8BA0 [ntoskrnl.exe]
ntoskrnl.exe+0x0001CB77, Type: Inline - RelativeJump 0x804F3B77-->80503934 [ntoskrnl.exe]
ntoskrnl.exe+0x0001CB80, Type: Inline - RelativeJump 0x804F3B80-->804F298D [ntoskrnl.exe]
ntoskrnl.exe+0x0001CC0F, Type: Inline - RelativeJump 0x804F3C0F-->804F3C21 [ntoskrnl.exe]
ntoskrnl.exe+0x0001CC68, Type: Inline - RelativeJump 0x804F3C68-->805288D9 [ntoskrnl.exe]
ntoskrnl.exe+0x0001CC70, Type: Inline - PushRet 0x804F3C70-->9090000C [unknown_code_page]
ntoskrnl.exe+0x0001CDA5, Type: Inline - RelativeJump 0x804F3DA5-->80502667 [ntoskrnl.exe]
ntoskrnl.exe+0x0001CE02, Type: Inline - PushRet 0x804F3E02-->9090000C [unknown_code_page]
ntoskrnl.exe+0x0001D0A6, Type: Inline - RelativeJump 0x804F40A6-->80508CD5 [ntoskrnl.exe]
ntoskrnl.exe+0x0001D0AC, Type: Inline - RelativeCall 0x804F40AC-->804F1580 [ntoskrnl.exe]
ntoskrnl.exe+0x0001D15E, Type: Inline - RelativeJump 0x804F415E-->804DCE6B [ntoskrnl.exe]
ntoskrnl.exe+0x0001D1E4, Type: Inline - PushRet 0x804F41E4-->90900004 [unknown_code_page]
ntoskrnl.exe+0x0001D1F4, Type: Inline - PushRet 0x804F41F4-->90900004 [unknown_code_page]
ntoskrnl.exe+0x0001D335, Type: Inline - RelativeJump 0x804F4335-->804F434B [ntoskrnl.exe]
ntoskrnl.exe+0x0001D3CD, Type: Inline - RelativeJump 0x804F43CD-->8052225E [ntoskrnl.exe]
ntoskrnl.exe+0x0001D3DC, Type: Inline - RelativeJump 0x804F43DC-->804F4587 [ntoskrnl.exe]
ntoskrnl.exe+0x0001D412, Type: Inline - RelativeJump 0x804F4412-->804F4449 [ntoskrnl.exe]
ntoskrnl.exe+0x0001D5EF, Type: Inline - PushRet 0x804F45EF-->FFFF0004 [unknown_code_page]
ntoskrnl.exe+0x0001D6FD, Type: Inline - RelativeCall 0x804F46FD-->804E81BD [ntoskrnl.exe]
ntoskrnl.exe+0x0001D705, Type: Inline - PushRet 0x804F4705-->90900008 [unknown_code_page]
ntoskrnl.exe+0x0001D819, Type: Inline - RelativeJump 0x804F4819-->8051E454 [ntoskrnl.exe]
ntoskrnl.exe+0x0001D828, Type: Inline - RelativeJump 0x804F4828-->804F4837 [ntoskrnl.exe]
ntoskrnl.exe+0x0001D976, Type: Inline - RelativeJump 0x804F4976-->804F74B6 [ntoskrnl.exe]
ntoskrnl.exe+0x0001DA9E, Type: Inline - RelativeJump 0x804F4A9E-->8051AE38 [ntoskrnl.exe]
ntoskrnl.exe+0x0001DAAA, Type: Inline - RelativeCall 0x804F4AAA-->804E9865 [ntoskrnl.exe]
ntoskrnl.exe+0x0001DC2C, Type: Inline - RelativeJump 0x804F4C2C-->804F4A3F [ntoskrnl.exe]
ntoskrnl.exe+0x0001DC3F, Type: Inline - RelativeCall 0x804F4C3F-->804DC599 [ntoskrnl.exe]
ntoskrnl.exe+0x0001DC50, Type: Inline - DirectCall 0x804F4C50-->804D8030 [ntoskrnl.exe]
ntoskrnl.exe+0x0001DC59, Type: Inline - RelativeJump 0x804F4C59-->804F4B9E [ntoskrnl.exe]
ntoskrnl.exe+0x0001DC62, Type: Inline - RelativeJump 0x804F4C62-->804F5AC3 [ntoskrnl.exe]
ntoskrnl.exe+0x0001DC6C, Type: Inline - RelativeCall 0x804F4C6C-->804E7E4C [ntoskrnl.exe]
ntoskrnl.exe+0x0001E02A, Type: Inline - RelativeJump 0x804F502A-->805284DC [ntoskrnl.exe]
ntoskrnl.exe+0x0001E1EC, Type: Inline - RelativeCall 0x804F51EC-->804E2417 [ntoskrnl.exe]
ntoskrnl.exe+0x0001E205, Type: Inline - RelativeCall 0x804F5205-->804E2417 [ntoskrnl.exe]
ntoskrnl.exe+0x0001E216, Type: Inline - RelativeJump 0x804F5216-->804F5220 [ntoskrnl.exe]
ntoskrnl.exe+0x0001E3CF, Type: Inline - DirectCall 0x804F53CF-->804D8128 [ntoskrnl.exe]
ntoskrnl.exe+0x0001E3D9, Type: Inline - RelativeJump 0x804F53D9-->804F53F9 [ntoskrnl.exe]
ntoskrnl.exe+0x0001E570, Type: Inline - DirectCall 0x804F5570-->804D8128 [ntoskrnl.exe]
ntoskrnl.exe+0x0001E596, Type: Inline - RelativeJump 0x804F5596-->804F55A0 [ntoskrnl.exe]
ntoskrnl.exe+0x0001E5B1, Type: Inline - RelativeJump 0x804F55B1-->804F55BF [ntoskrnl.exe]
ntoskrnl.exe+0x0001E5C8, Type: Inline - RelativeJump 0x804F55C8-->804F9245 [ntoskrnl.exe]
ntoskrnl.exe+0x0001E5D2, Type: Inline - RelativeJump 0x804F55D2-->804F91E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0001E68B, Type: Inline - RelativeJump 0x804F568B-->804F56FD [ntoskrnl.exe]
ntoskrnl.exe+0x0001E695, Type: Inline - DirectCall 0x804F5695-->804D8130 [ntoskrnl.exe]
ntoskrnl.exe+0x0001E6E3, Type: Inline - RelativeJump 0x804F56E3-->804F56E9 [ntoskrnl.exe]
ntoskrnl.exe+0x0001E7FA, Type: Inline - RelativeJump 0x804F57FA-->8051F0E4 [ntoskrnl.exe]
ntoskrnl.exe+0x0001E809, Type: Inline - RelativeJump 0x804F5809-->80515F3C [ntoskrnl.exe]
ntoskrnl.exe+0x0001E911, Type: Inline - RelativeJump 0x804F5911-->805240D4 [ntoskrnl.exe]
ntoskrnl.exe+0x0001E93E, Type: Inline - RelativeJump 0x804F593E-->8051C85E [ntoskrnl.exe]
ntoskrnl.exe+0x0001EA9C, Type: Inline - RelativeJump 0x804F5A9C-->804F4B8E [ntoskrnl.exe]
ntoskrnl.exe+0x0001EB26, Type: Inline - RelativeJump 0x804F5B26-->8051E524 [ntoskrnl.exe]
ntoskrnl.exe+0x0001EB80, Type: Inline - RelativeJump 0x804F5B80-->804F5BD4 [ntoskrnl.exe]
ntoskrnl.exe+0x0001EC35, Type: Inline - RelativeJump 0x804F5C35-->804F2FD4 [ntoskrnl.exe]
ntoskrnl.exe+0x0001ECF0, Type: Inline - RelativeJump 0x804F5CF0-->804F5D26 [ntoskrnl.exe]
ntoskrnl.exe+0x0001ECF3, Type: Inline - RelativeJump 0x804F5CF3-->804F5D01 [ntoskrnl.exe]
ntoskrnl.exe+0x0001ED9A, Type: Inline - RelativeJump 0x804F5D9A-->80526FF6 [ntoskrnl.exe]
ntoskrnl.exe+0x0001EE16, Type: Inline - RelativeJump 0x804F5E16-->8052632D [ntoskrnl.exe]
ntoskrnl.exe+0x0001EFA8, Type: Inline - RelativeCall 0x804F5FA8-->804E9BF5 [ntoskrnl.exe]
ntoskrnl.exe+0x0001EFAD, Type: Inline - RelativeJump 0x804F5FAD-->804FA9BD [ntoskrnl.exe]
ntoskrnl.exe+0x0001EFB7, Type: Inline - RelativeCall 0x804F5FB7-->804E172F [ntoskrnl.exe]
ntoskrnl.exe+0x0001EFBC, Type: Inline - RelativeJump 0x804F5FBC-->804EC3BF [ntoskrnl.exe]
ntoskrnl.exe+0x0001F2FC, Type: Inline - PushRet 0x804F62FC-->FF85FFFF [unknown_code_page]
ntoskrnl.exe+0x0001F301, Type: Inline - RelativeJump 0x804F6301-->80527D28 [ntoskrnl.exe]
ntoskrnl.exe+0x0001F40A, Type: Inline - PushRet 0x804F640A-->FF909090 [unknown_code_page]
ntoskrnl.exe+0x0001F6A0, Type: Inline - RelativeCall 0x804F66A0-->804E1930 [ntoskrnl.exe]
ntoskrnl.exe+0x0001F6CB, Type: Inline - RelativeJump 0x804F66CB-->804E1D8C [ntoskrnl.exe]
ntoskrnl.exe+0x0001F6D8, Type: Inline - RelativeJump 0x804F66D8-->804FA703 [ntoskrnl.exe]
ntoskrnl.exe+0x0001F932, Type: Inline - RelativeJump 0x804F6932-->804F6940 [ntoskrnl.exe]
ntoskrnl.exe+0x0001FA54, Type: Inline - RelativeJump 0x804F6A54-->804F6A62 [ntoskrnl.exe]
ntoskrnl.exe+0x0001FA9B, Type: Inline - RelativeJump 0x804F6A9B-->804F6B6C [ntoskrnl.exe]
ntoskrnl.exe+0x0001FCAB, Type: Inline - RelativeJump 0x804F6CAB-->804F9A22 [ntoskrnl.exe]
ntoskrnl.exe+0x0001FEF6, Type: Inline - RelativeJump 0x804F6EF6-->8052379D [ntoskrnl.exe]
ntoskrnl.exe+0x0001FF09, Type: Inline - RelativeJump 0x804F6F09-->804F33A2 [ntoskrnl.exe]
ntoskrnl.exe+0x0001FF11, Type: Inline - RelativeJump 0x804F6F11-->8052380A [ntoskrnl.exe]
ntoskrnl.exe+0x0001FF1B, Type: Inline - RelativeJump 0x804F6F1B-->8050A21B [ntoskrnl.exe]
ntoskrnl.exe+0x000201BE, Type: Inline - RelativeJump 0x804F71BE-->8050116C [ntoskrnl.exe]
ntoskrnl.exe+0x00020204, Type: Inline - RelativeCall 0x804F7204-->828FFB94 [unknown_code_page]

ntoskrnl.exe+0x00020209, Type: Inline - RelativeJump 0x804F7209-->804FB572 [ntoskrnl.exe]
ntoskrnl.exe+0x000202C9, Type: Inline - RelativeJump 0x804F72C9-->804F72E9 [ntoskrnl.exe]
ntoskrnl.exe+0x000202EA, Type: Inline - RelativeJump 0x804F72EA-->804F11B8 [ntoskrnl.exe]
ntoskrnl.exe+0x000202F2, Type: Inline - RelativeJump 0x804F72F2-->804F11B8 [ntoskrnl.exe]
ntoskrnl.exe+0x00020547, Type: Inline - RelativeJump 0x804F7547-->804F755E [ntoskrnl.exe]
ntoskrnl.exe+0x000208CD, Type: Inline - RelativeJump 0x804F78CD-->8051D34B [ntoskrnl.exe]
ntoskrnl.exe+0x000209A9, Type: Inline - RelativeCall 0x804F79A9-->804E13B9 [ntoskrnl.exe]
ntoskrnl.exe+0x000209AE, Type: Inline - RelativeJump 0x804F79AE-->8051D2A5 [ntoskrnl.exe]
ntoskrnl.exe+0x00020A82, Type: Inline - RelativeJump 0x804F7A82-->804E846C [ntoskrnl.exe]
ntoskrnl.exe+0x00020CA3, Type: Inline - RelativeJump 0x804F7CA3-->80521FCA [ntoskrnl.exe]
ntoskrnl.exe+0x00020D14, Type: Inline - DirectCall 0x804F7D14-->804D8128 [ntoskrnl.exe]
ntoskrnl.exe+0x00020D1D, Type: Inline - RelativeJump 0x804F7D1D-->804F8CCF [ntoskrnl.exe]
ntoskrnl.exe+0x00020E35, Type: Inline - RelativeCall 0x804F7E35-->804E20A9 [ntoskrnl.exe]
ntoskrnl.exe+0x00020E42, Type: Inline - RelativeJump 0x804F7E42-->804F56A9 [ntoskrnl.exe]
ntoskrnl.exe+0x00020F55, Type: Inline - PushRet 0x804F7F55-->FFFF001C [unknown_code_page]
ntoskrnl.exe+0x000210E6, Type: Inline - RelativeJump 0x804F80E6-->804F80E0 [ntoskrnl.exe]
ntoskrnl.exe+0x00021194, Type: Inline - RelativeJump 0x804F8194-->804F73F6 [ntoskrnl.exe]
ntoskrnl.exe+0x000212D0, Type: Inline - RelativeCall 0x804F82D0-->804F8050 [ntoskrnl.exe]
ntoskrnl.exe+0x000212D5, Type: Inline - RelativeCall 0x804F82D5-->804ECAAA [ntoskrnl.exe]
ntoskrnl.exe+0x000212DD, Type: Inline - RelativeJump 0x804F82DD-->804F7408 [ntoskrnl.exe]
ntoskrnl.exe+0x000212E9, Type: Inline - RelativeJump 0x804F82E9-->8051AAFD [ntoskrnl.exe]
ntoskrnl.exe+0x000213C5, Type: Inline - RelativeJump 0x804F83C5-->8051B276 [ntoskrnl.exe]
ntoskrnl.exe+0x00021582, Type: Inline - RelativeJump 0x804F8582-->8051D6EA [ntoskrnl.exe]
ntoskrnl.exe+0x0002158D, Type: Inline - RelativeJump 0x804F858D-->804F8302 [ntoskrnl.exe]
ntoskrnl.exe+0x00021746, Type: Inline - RelativeCall 0x804F8746-->804E2EDE [ntoskrnl.exe]
ntoskrnl.exe+0x0002180D, Type: Inline - RelativeJump 0x804F880D-->80528149 [ntoskrnl.exe]
ntoskrnl.exe+0x00021952, Type: Inline - RelativeJump 0x804F8952-->8051BAEB [ntoskrnl.exe]
ntoskrnl.exe+0x00021AF9, Type: Inline - RelativeJump 0x804F8AF9-->804F8B5B [ntoskrnl.exe]
ntoskrnl.exe+0x00021BEA, Type: Inline - RelativeJump 0x804F8BEA-->804F8C08 [ntoskrnl.exe]
ntoskrnl.exe+0x00021DEA, Type: Inline - RelativeJump 0x804F8DEA-->804F8CAD [ntoskrnl.exe]
ntoskrnl.exe+0x00021DF3, Type: Inline - RelativeJump 0x804F8DF3-->804F7684 [ntoskrnl.exe]
ntoskrnl.exe+0x00021E1B, Type: Inline - RelativeJump 0x804F8E1B-->804F8E27 [ntoskrnl.exe]
ntoskrnl.exe+0x00021EB7, Type: Inline - RelativeCall 0x804F8EB7-->804E2427 [ntoskrnl.exe]
ntoskrnl.exe+0x00021FC1, Type: Inline - RelativeCall 0x804F8FC1-->804E2EA3 [ntoskrnl.exe]
ntoskrnl.exe+0x000220BB, Type: Inline - RelativeJump 0x804F90BB-->804F8BBF [ntoskrnl.exe]
ntoskrnl.exe+0x0002218D, Type: Inline - PushRet 0x804F918D-->9090000C [unknown_code_page]
ntoskrnl.exe+0x000221D6, Type: Inline - RelativeJump 0x804F91D6-->804F91E4 [ntoskrnl.exe]
ntoskrnl.exe+0x000221E6, Type: Inline - RelativeJump 0x804F91E6-->8051AC89 [ntoskrnl.exe]
ntoskrnl.exe+0x000221F4, Type: Inline - DirectCall 0x804F91F4-->804D8130 [ntoskrnl.exe]
ntoskrnl.exe+0x0002226C, Type: Inline - RelativeCall 0x804F926C-->804F8016 [ntoskrnl.exe]
ntoskrnl.exe+0x0002237A, Type: Inline - DirectCall 0x804F937A-->804D8130 [ntoskrnl.exe]
ntoskrnl.exe+0x00022380, Type: Inline - RelativeCall 0x804F9380-->804E7FE8 [ntoskrnl.exe]
ntoskrnl.exe+0x000223DD, Type: Inline - PushRet 0x804F93DD-->F84DFF04 [unknown_code_page]
ntoskrnl.exe+0x0002247E, Type: Inline - RelativeJump 0x804F947E-->804F9494 [ntoskrnl.exe]
ntoskrnl.exe+0x00022553, Type: Inline - RelativeJump 0x804F9553-->804F9B94 [ntoskrnl.exe]
ntoskrnl.exe+0x000226AD, Type: Inline - DirectCall 0x804F96AD-->804D8110 [ntoskrnl.exe]
ntoskrnl.exe+0x000227D3, Type: Inline - RelativeJump 0x804F97D3-->80520838 [ntoskrnl.exe]
ntoskrnl.exe+0x000227E2, Type: Inline - RelativeJump 0x804F97E2-->804E1896 [ntoskrnl.exe]
ntoskrnl.exe+0x0002280B, Type: Inline - RelativeJump 0x804F980B-->804F9804 [ntoskrnl.exe]
ntoskrnl.exe+0x00022814, Type: Inline - RelativeJump 0x804F9814-->804EA297 [ntoskrnl.exe]
ntoskrnl.exe+0x0002281F, Type: Inline - RelativeJump 0x804F981F-->805009B1 [ntoskrnl.exe]
ntoskrnl.exe+0x00022849, Type: Inline - RelativeJump 0x804F9849-->804F986A [ntoskrnl.exe]
ntoskrnl.exe+0x0002294E, Type: Inline - RelativeJump 0x804F994E-->804F995A [ntoskrnl.exe]
ntoskrnl.exe+0x00022990, Type: Inline - RelativeJump 0x804F9990-->804E178F [ntoskrnl.exe]
ntoskrnl.exe+0x00022AF6, Type: Inline - DirectCall 0x804F9AF6-->804D8114 [ntoskrnl.exe]
ntoskrnl.exe+0x00022AFC, Type: Inline - PushRet 0x804F9AFC-->90900004 [unknown_code_page]
ntoskrnl.exe+0x00022B0B, Type: Inline - DirectJump 0x804F9B0B-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x00022BDD, Type: Inline - RelativeJump 0x804F9BDD-->804F9BE1 [ntoskrnl.exe]
ntoskrnl.exe+0x00022C88, Type: Inline - RelativeCall 0x804F9C88-->804E2EA3 [ntoskrnl.exe]
ntoskrnl.exe+0x00022CD5, Type: Inline - RelativeJump 0x804F9CD5-->804F9CE8 [ntoskrnl.exe]
ntoskrnl.exe+0x00022CEE, Type: Inline - RelativeJump 0x804F9CEE-->804F9D05 [ntoskrnl.exe]
ntoskrnl.exe+0x00022D50, Type: Inline - DirectCall 0x804F9D50-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x00022D58, Type: Inline - RelativeJump 0x804F9D58-->8050A606 [ntoskrnl.exe]
ntoskrnl.exe+0x00022E80, Type: Inline - RelativeJump 0x804F9E80-->80521FE0 [ntoskrnl.exe]
ntoskrnl.exe+0x00022ECE, Type: Inline - RelativeJump 0x804F9ECE-->804F9ED6 [ntoskrnl.exe]
ntoskrnl.exe+0x0002300F, Type: Inline - RelativeCall 0x804FA00F-->804E2528 [ntoskrnl.exe]
ntoskrnl.exe+0x0002321C, Type: Inline - RelativeJump 0x804FA21C-->804FA1D6 [ntoskrnl.exe]
ntoskrnl.exe+0x00023272, Type: Inline - RelativeJump 0x804FA272-->804FA2CD [ntoskrnl.exe]
ntoskrnl.exe+0x000233E8, Type: Inline - PushRet 0x804FA3E8-->90900004 [unknown_code_page]
ntoskrnl.exe+0x00023587, Type: Inline - RelativeCall 0x804FA587-->804FA3FD [ntoskrnl.exe]
ntoskrnl.exe+0x000235B2, Type: Inline - RelativeJump 0x804FA5B2-->804FA598 [ntoskrnl.exe]
ntoskrnl.exe+0x0002365E, Type: Inline - DirectCall 0x804FA65E-->804D8128 [ntoskrnl.exe]
ntoskrnl.exe+0x000237E6, Type: Inline - RelativeCall 0x804FA7E6-->804E1E90 [ntoskrnl.exe]
ntoskrnl.exe+0x000237FB, Type: Inline - PushRet 0x804FA7FB-->90900004 [unknown_code_page]
ntoskrnl.exe+0x000238BB, Type: Inline - RelativeCall 0x804FA8BB-->804EA45A [ntoskrnl.exe]
ntoskrnl.exe+0x000238C3, Type: Inline - RelativeJump 0x804FA8C3-->804FA6F0 [ntoskrnl.exe]
ntoskrnl.exe+0x000238CC, Type: Inline - RelativeJump 0x804FA8CC-->8052481D [ntoskrnl.exe]
ntoskrnl.exe+0x00023965, Type: Inline - RelativeCall 0x804FA965-->804F3B31 [ntoskrnl.exe]
ntoskrnl.exe+0x00023974, Type: Inline - RelativeJump 0x804FA974-->804E151F [ntoskrnl.exe]
ntoskrnl.exe+0x00023A8A, Type: Inline - RelativeCall 0x804FAA8A-->804E2EA3 [ntoskrnl.exe]
ntoskrnl.exe+0x00023AA1, Type: Inline - RelativeJump 0x804FAAA1-->804FAB57 [ntoskrnl.exe]
ntoskrnl.exe+0x00023B54, Type: Inline - RelativeJump 0x804FAB54-->804FAB47 [ntoskrnl.exe]
ntoskrnl.exe+0x00023C5F, Type: Inline - PushRet 0x804FAC5F-->DB320004 [unknown_code_page]
ntoskrnl.exe+0x00023C6B, Type: Inline - RelativeJump 0x804FAC6B-->804FAC5D [ntoskrnl.exe]
ntoskrnl.exe+0x00023E29, Type: Inline - RelativeJump 0x804FAE29-->805045EE [ntoskrnl.exe]
ntoskrnl.exe+0x00023E71, Type: Inline - RelativeJump 0x804FAE71-->804FAECD [ntoskrnl.exe]
ntoskrnl.exe+0x0002404C, Type: Inline - RelativeJump 0x804FB04C-->804FAFED [ntoskrnl.exe]
ntoskrnl.exe+0x000240CF, Type: Inline - RelativeJump 0x804FB0CF-->804FB0E9 [ntoskrnl.exe]
ntoskrnl.exe+0x00024189, Type: Inline - RelativeCall 0x804FB189-->804E8430 [ntoskrnl.exe]
ntoskrnl.exe+0x000241BD, Type: Inline - RelativeJump 0x804FB1BD-->804FB1CB [ntoskrnl.exe]
ntoskrnl.exe+0x000242CD, Type: Inline - RelativeJump 0x804FB2CD-->805132D7 [ntoskrnl.exe]
ntoskrnl.exe+0x0002451E, Type: Inline - RelativeJump 0x804FB51E-->805268DB [ntoskrnl.exe]
ntoskrnl.exe+0x00024528, Type: Inline - RelativeCall 0x804FB528-->82A56EAE [unknown_code_page]
ntoskrnl.exe+0x00024531, Type: Inline - RelativeJump 0x804FB531-->804FB2F3 [ntoskrnl.exe]
ntoskrnl.exe+0x0002456A, Type: Inline - RelativeJump 0x804FB56A-->804FB576 [ntoskrnl.exe]
ntoskrnl.exe+0x0002467A, Type: Inline - RelativeJump 0x804FB67A-->804FB68A [ntoskrnl.exe]
ntoskrnl.exe+0x000249C7, Type: Inline - RelativeCall 0x804FB9C7-->804E2554 [ntoskrnl.exe]
ntoskrnl.exe+0x000249CC, Type: Inline - RelativeJump 0x804FB9CC-->804F820A [ntoskrnl.exe]
ntoskrnl.exe+0x00024B67, Type: Inline - PushRet 0x804FBB67-->90900018 [unknown_code_page]
ntoskrnl.exe+0x00024B91, Type: Inline - RelativeJump 0x804FBB91-->804FBBA7 [ntoskrnl.exe]
ntoskrnl.exe+0x00024BA2, Type: Inline - RelativeJump 0x804FBBA2-->804FBBB8 [ntoskrnl.exe]
ntoskrnl.exe+0x00024C78, Type: Inline - RelativeJump 0x804FBC78-->804FBC62 [ntoskrnl.exe]
ntoskrnl.exe+0x00024D13, Type: Inline - RelativeCall 0x804FBD13-->804FBD39 [ntoskrnl.exe]
ntoskrnl.exe+0x00025045, Type: Inline - RelativeJump 0x804FC045-->804FBFC1 [ntoskrnl.exe]
ntoskrnl.exe+0x000250AF, Type: Inline - DirectCall 0x804FC0AF-->804D8130 [ntoskrnl.exe]
ntoskrnl.exe+0x0002513E, Type: Inline - RelativeJump 0x804FC13E-->804FC14A [ntoskrnl.exe]
ntoskrnl.exe+0x00025150, Type: Inline - RelativeJump 0x804FC150-->804EB48C [ntoskrnl.exe]
ntoskrnl.exe+0x0002515E, Type: Inline - RelativeJump 0x804FC15E-->804FC3A2 [ntoskrnl.exe]
ntoskrnl.exe+0x000251D2, Type: Inline - PushRet 0x804FC1D2-->90900008 [unknown_code_page]
ntoskrnl.exe+0x000253DF, Type: Inline - RelativeJump 0x804FC3DF-->804FC3DC [ntoskrnl.exe]
ntoskrnl.exe+0x000253F5, Type: Inline - RelativeJump 0x804FC3F5-->804FC230 [ntoskrnl.exe]
ntoskrnl.exe+0x000257E1, Type: Inline - RelativeJump 0x804FC7E1-->804FC857 [ntoskrnl.exe]
ntoskrnl.exe+0x0002588F, Type: Inline - RelativeJump 0x804FC88F-->804FC8B9 [ntoskrnl.exe]
ntoskrnl.exe+0x000258B4, Type: Inline - RelativeJump 0x804FC8B4-->804FC957 [ntoskrnl.exe]
ntoskrnl.exe+0x000259F4, Type: Inline - RelativeJump 0x804FC9F4-->804FC9E2 [ntoskrnl.exe]
ntoskrnl.exe+0x00025A0A, Type: Inline - RelativeJump 0x804FCA0A-->804FD0FE [ntoskrnl.exe]
ntoskrnl.exe+0x00025A17, Type: Inline - PushRet 0x804FCA17-->8D83C033 [unknown_code_page]
ntoskrnl.exe+0x00025ABF, Type: Inline - RelativeJump 0x804FCABF-->805151D7 [ntoskrnl.exe]
ntoskrnl.exe+0x00025ACA, Type: Inline - RelativeJump 0x804FCACA-->804FC8B5 [ntoskrnl.exe]
ntoskrnl.exe+0x00025B0E, Type: Inline - RelativeJump 0x804FCB0E-->804FC8B5 [ntoskrnl.exe]
ntoskrnl.exe+0x00025B1A, Type: Inline - RelativeJump 0x804FCB1A-->804FC8B5 [ntoskrnl.exe]
ntoskrnl.exe+0x00025CA8, Type: Inline - RelativeJump 0x804FCCA8-->804FCDA1 [ntoskrnl.exe]
ntoskrnl.exe+0x00025CB1, Type: Inline - RelativeJump 0x804FCCB1-->804FCCAA [ntoskrnl.exe]
ntoskrnl.exe+0x00025D44, Type: Inline - RelativeJump 0x804FCD44-->804FCD61 [ntoskrnl.exe]
ntoskrnl.exe+0x00025E01, Type: Inline - RelativeJump 0x804FCE01-->804FCF33 [ntoskrnl.exe]
ntoskrnl.exe+0x00026218, Type: Inline - RelativeJump 0x804FD218-->804E7342 [ntoskrnl.exe]
ntoskrnl.exe+0x0002632E, Type: Inline - RelativeJump 0x804FD32E-->8052C0B5 [ntoskrnl.exe]
ntoskrnl.exe+0x00026334, Type: Inline - RelativeJump 0x804FD334-->804FD399 [ntoskrnl.exe]
ntoskrnl.exe+0x000263F0, Type: Inline - RelativeCall 0x804FD3F0-->804FD222 [ntoskrnl.exe]
ntoskrnl.exe+0x000263F5, Type: Inline - RelativeJump 0x804FD3F5-->804FD465 [ntoskrnl.exe]
ntoskrnl.exe+0x00026400, Type: Inline - RelativeJump 0x804FD400-->8052BFC2 [ntoskrnl.exe]
ntoskrnl.exe+0x00026499, Type: Inline - RelativeCall 0x804FD499-->804ECCAE [ntoskrnl.exe]
ntoskrnl.exe+0x0002649E, Type: Inline - RelativeJump 0x804FD49E-->804FD55C [ntoskrnl.exe]
ntoskrnl.exe+0x0002653C, Type: Inline - RelativeJump 0x804FD53C-->8051494B [ntoskrnl.exe]
ntoskrnl.exe+0x00026545, Type: Inline - RelativeCall 0x804FD545-->8051497F [ntoskrnl.exe]
ntoskrnl.exe+0x00026734, Type: Inline - RelativeJump 0x804FD734-->8051EB79 [ntoskrnl.exe]
ntoskrnl.exe+0x00026741, Type: Inline - RelativeJump 0x804FD741-->804F7F75 [ntoskrnl.exe]
ntoskrnl.exe+0x0002679E, Type: Inline - RelativeJump 0x804FD79E-->804F5B46 [ntoskrnl.exe]
ntoskrnl.exe+0x00026AB9, Type: Inline - RelativeCall 0x804FDAB9-->804E8E10 [ntoskrnl.exe]
ntoskrnl.exe+0x00026ACC, Type: Inline - RelativeJump 0x804FDACC-->804F94AD [ntoskrnl.exe]
ntoskrnl.exe+0x00026AD1, Type: Inline - RelativeJump 0x804FDAD1-->804E8D88 [ntoskrnl.exe]
ntoskrnl.exe+0x00026AEA, Type: Inline - RelativeJump 0x804FDAEA-->80522E79 [ntoskrnl.exe]
ntoskrnl.exe+0x00026E3C, Type: Inline - RelativeJump 0x804FDE3C-->804FDE48 [ntoskrnl.exe]
ntoskrnl.exe+0x00026E6D, Type: Inline - RelativeCall 0x804FDE6D-->C0546B80 [unknown_code_page]
ntoskrnl.exe+0x00026E74, Type: Inline - RelativeJump 0x804FDE74-->805255CF [ntoskrnl.exe]
ntoskrnl.exe+0x00026EFB, Type: Inline - RelativeJump 0x804FDEFB-->804FDF0D [ntoskrnl.exe]
ntoskrnl.exe+0x00027441, Type: Inline - RelativeJump 0x804FE441-->804ED69E [ntoskrnl.exe]
ntoskrnl.exe+0x00027449, Type: Inline - RelativeJump 0x804FE449-->804ED69E [ntoskrnl.exe]
ntoskrnl.exe+0x000277BE, Type: Inline - PushRet 0x804FE7BE-->90900008 [unknown_code_page]
ntoskrnl.exe+0x000278C2, Type: Inline - RelativeJump 0x804FE8C2-->804FE8D1 [ntoskrnl.exe]
ntoskrnl.exe+0x00027A3D, Type: Inline - RelativeJump 0x804FEA3D-->80500097 [ntoskrnl.exe]
ntoskrnl.exe+0x00027A68, Type: Inline - RelativeJump 0x804FEA68-->804FEA59 [ntoskrnl.exe]
ntoskrnl.exe+0x00027C88, Type: Inline - RelativeJump 0x804FEC88-->8051AAB8 [ntoskrnl.exe]
ntoskrnl.exe+0x00027CC0, Type: Inline - RelativeJump 0x804FECC0-->804FF59B [ntoskrnl.exe]
ntoskrnl.exe+0x00027D40, Type: Inline - RelativeJump 0x804FED40-->80524EAD [ntoskrnl.exe]
ntoskrnl.exe+0x00027D8D, Type: Inline - RelativeCall 0x804FED8D-->804E5C99 [ntoskrnl.exe]
ntoskrnl.exe+0x00027DA5, Type: Inline - RelativeJump 0x804FEDA5-->804F2C69 [ntoskrnl.exe]
ntoskrnl.exe+0x00028294, Type: Inline - RelativeJump 0x804FF294-->80502FA0 [ntoskrnl.exe]
ntoskrnl.exe+0x00028334, Type: Inline - RelativeJump 0x804FF334-->804FF0FC [ntoskrnl.exe]
ntoskrnl.exe+0x0002837C, Type: Inline - RelativeJump 0x804FF37C-->80524D47 [ntoskrnl.exe]
ntoskrnl.exe+0x000283B5, Type: Inline - RelativeJump 0x804FF3B5-->80524D6D [ntoskrnl.exe]
ntoskrnl.exe+0x000283C8, Type: Inline - RelativeJump 0x804FF3C8-->80524DC4 [ntoskrnl.exe]
ntoskrnl.exe+0x0002847E, Type: Inline - RelativeJump 0x804FF47E-->804FF4A3 [ntoskrnl.exe]
ntoskrnl.exe+0x0002864C, Type: Inline - RelativeJump 0x804FF64C-->804FF688 [ntoskrnl.exe]
ntoskrnl.exe+0x00028658, Type: Inline - RelativeJump 0x804FF658-->804FF684 [ntoskrnl.exe]
ntoskrnl.exe+0x00028776, Type: Inline - RelativeJump 0x804FF776-->804E8ECB [ntoskrnl.exe]
ntoskrnl.exe+0x00028784, Type: Inline - RelativeJump 0x804FF784-->80526349 [ntoskrnl.exe]
ntoskrnl.exe+0x000288AF, Type: Inline - DirectCall 0x804FF8AF-->804D8118 [ntoskrnl.exe]
ntoskrnl.exe+0x0002895B, Type: Inline - RelativeCall 0x804FF95B-->804E803A [ntoskrnl.exe]
ntoskrnl.exe+0x00028E1E, Type: Inline - RelativeJump 0x804FFE1E-->804FFE3E [ntoskrnl.exe]
ntoskrnl.exe+0x00028F3F, Type: Inline - RelativeJump 0x804FFF3F-->8052CA5C [ntoskrnl.exe]
ntoskrnl.exe+0x00028F50, Type: Inline - RelativeCall 0x804FFF50-->804EA45A [ntoskrnl.exe]
ntoskrnl.exe+0x000290D1, Type: Inline - RelativeJump 0x805000D1-->804FFF31 [ntoskrnl.exe]
ntoskrnl.exe+0x0002916E, Type: Inline - RelativeJump 0x8050016E-->8050017C [ntoskrnl.exe]
ntoskrnl.exe+0x00029178, Type: Inline - RelativeJump 0x80500178-->80500186 [ntoskrnl.exe]
ntoskrnl.exe+0x0002927B, Type: Inline - PushRet 0x8050027B-->90900014 [unknown_code_page]
ntoskrnl.exe+0x0002927E, Type: Inline - RelativeJump 0x8050027E-->80500294 [ntoskrnl.exe]
ntoskrnl.exe+0x00029290, Type: Inline - PushRet 0x80500290-->90909090 [unknown_code_page]
ntoskrnl.exe+0x000292CB, Type: Inline - RelativeCall 0x805002CB-->80591177 [ntoskrnl.exe]
ntoskrnl.exe+0x00029420, Type: Inline - RelativeJump 0x80500420-->8050042D [ntoskrnl.exe]
ntoskrnl.exe+0x0002943B, Type: Inline - RelativeJump 0x8050043B-->80525976 [ntoskrnl.exe]
ntoskrnl.exe+0x00029441, Type: Inline - DirectCall 0x80500441-->804D8130 [ntoskrnl.exe]
ntoskrnl.exe+0x0002945E, Type: Inline - RelativeJump 0x8050045E-->8052595D [ntoskrnl.exe]
ntoskrnl.exe+0x00029730, Type: Inline - RelativeJump 0x80500730-->8050075E [ntoskrnl.exe]
ntoskrnl.exe+0x000297B9, Type: Inline - RelativeJump 0x805007B9-->805007BB [ntoskrnl.exe]
ntoskrnl.exe+0x00029A7E, Type: Inline - RelativeJump 0x80500A7E-->80500A99 [ntoskrnl.exe]
ntoskrnl.exe+0x00029A95, Type: Inline - RelativeCall 0x80500A95-->80500AA8 [ntoskrnl.exe]
ntoskrnl.exe+0x00029A9F, Type: Inline - PushRet 0x80500A9F-->90900008 [unknown_code_page]
ntoskrnl.exe+0x00029AAB, Type: Inline - RelativeJump 0x80500AAB-->80512D51 [ntoskrnl.exe]
ntoskrnl.exe+0x00029ABA, Type: Inline - PushRet 0x80500ABA-->90900008 [unknown_code_page]
ntoskrnl.exe+0x00029CAA, Type: Inline - RelativeJump 0x80500CAA-->80500DB0 [ntoskrnl.exe]
ntoskrnl.exe+0x00029D45, Type: Inline - RelativeJump 0x80500D45-->80500D79 [ntoskrnl.exe]
ntoskrnl.exe+0x00029D57, Type: Inline - RelativeJump 0x80500D57-->80500D79 [ntoskrnl.exe]
ntoskrnl.exe+0x00029DD7, Type: Inline - RelativeJump 0x80500DD7-->80500DFD [ntoskrnl.exe]
ntoskrnl.exe+0x00029F60, Type: Inline - RelativeJump 0x80500F60-->80500F6E [ntoskrnl.exe]
ntoskrnl.exe+0x0002A014, Type: Inline - RelativeJump 0x80501014-->805236D9 [ntoskrnl.exe]
ntoskrnl.exe+0x0002A173, Type: Inline - RelativeJump 0x80501173-->804F7DEE [ntoskrnl.exe]
ntoskrnl.exe+0x0002A331, Type: Inline - RelativeJump 0x80501331-->8051C6FD [ntoskrnl.exe]
ntoskrnl.exe+0x0002A623, Type: Inline - RelativeJump 0x80501623-->804ED5B5 [ntoskrnl.exe]
ntoskrnl.exe+0x0002A62D, Type: Inline - RelativeJump 0x8050162D-->804ED5AA [ntoskrnl.exe]
ntoskrnl.exe+0x0002A645, Type: Inline - RelativeJump 0x80501645-->80501652 [ntoskrnl.exe]
ntoskrnl.exe+0x0002A7CF, Type: Inline - PushRet 0x805017CF-->D08AD3FF [unknown_code_page]
ntoskrnl.exe+0x0002A7D0, Type: Inline - DirectCall 0x805017D0-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x0002A860, Type: Inline - RelativeJump 0x80501860-->80512D1C [ntoskrnl.exe]
ntoskrnl.exe+0x0002AA5D, Type: Inline - PushRet 0x80501A5D-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0002AB5F, Type: Inline - RelativeJump 0x80501B5F-->80501B56 [ntoskrnl.exe]
ntoskrnl.exe+0x0002ACA9, Type: Inline - RelativeJump 0x80501CA9-->80501D5C [ntoskrnl.exe]
ntoskrnl.exe+0x0002AEC7, Type: Inline - RelativeJump 0x80501EC7-->80501EDB [ntoskrnl.exe]
ntoskrnl.exe+0x0002AECE, Type: Inline - RelativeCall 0x80501ECE-->80501A93 [ntoskrnl.exe]
ntoskrnl.exe+0x0002AEDC, Type: Inline - RelativeJump 0x80501EDC-->8052B7BA [ntoskrnl.exe]
ntoskrnl.exe+0x0002AEE2, Type: Inline - RelativeCall 0x80501EE2-->804D9C6A [ntoskrnl.exe]
ntoskrnl.exe+0x0002AEEA, Type: Inline - RelativeCall 0x80501EEA-->804E2EDE [ntoskrnl.exe]
ntoskrnl.exe+0x0002AEEF, Type: Inline - PushRet 0x80501EEF-->90900014 [unknown_code_page]
ntoskrnl.exe+0x0002AEFC, Type: Inline - RelativeJump 0x80501EFC-->80501EB9 [ntoskrnl.exe]
ntoskrnl.exe+0x0002AF13, Type: Inline - RelativeJump 0x80501F13-->80501F21 [ntoskrnl.exe]
ntoskrnl.exe+0x0002AF23, Type: Inline - PushRet 0x80501F23-->CCCC0090 [unknown_code_page]
ntoskrnl.exe+0x0002AF5C, Type: Inline - RelativeJump 0x80501F5C-->80501A06 [ntoskrnl.exe]
ntoskrnl.exe+0x0002AF6E, Type: Inline - RelativeJump 0x80501F6E-->80501A06 [ntoskrnl.exe]
ntoskrnl.exe+0x0002AF99, Type: Inline - RelativeJump 0x80501F99-->80501A06 [ntoskrnl.exe]
ntoskrnl.exe+0x0002AFD4, Type: Inline - RelativeJump 0x80501FD4-->80501A06 [ntoskrnl.exe]
ntoskrnl.exe+0x0002AFDC, Type: Inline - RelativeJump 0x80501FDC-->80501A06 [ntoskrnl.exe]
ntoskrnl.exe+0x0002AFE4, Type: Inline - RelativeJump 0x80501FE4-->80501A06 [ntoskrnl.exe]
ntoskrnl.exe+0x0002AFEC, Type: Inline - RelativeJump 0x80501FEC-->80501A06 [ntoskrnl.exe]
ntoskrnl.exe+0x0002AFFA, Type: Inline - RelativeCall 0x80501FFA-->80501A35 [ntoskrnl.exe]
ntoskrnl.exe+0x0002B243, Type: Inline - RelativeJump 0x80502243-->8050225A [ntoskrnl.exe]
ntoskrnl.exe+0x0002B262, Type: Inline - RelativeJump 0x80502262-->80518F2B [ntoskrnl.exe]
ntoskrnl.exe+0x0002B283, Type: Inline - RelativeJump 0x80502283-->80518FC7 [ntoskrnl.exe]
ntoskrnl.exe+0x0002B2FB, Type: Inline - RelativeJump 0x805022FB-->805023D6 [ntoskrnl.exe]
ntoskrnl.exe+0x0002B364, Type: Inline - RelativeJump 0x80502364-->8050248B [ntoskrnl.exe]
ntoskrnl.exe+0x0002B370, Type: Inline - RelativeJump 0x80502370-->8050248B [ntoskrnl.exe]
ntoskrnl.exe+0x0002B381, Type: Inline - RelativeJump 0x80502381-->8050248B [ntoskrnl.exe]
ntoskrnl.exe+0x0002B38D, Type: Inline - RelativeJump 0x8050238D-->8050248B [ntoskrnl.exe]
ntoskrnl.exe+0x0002B39E, Type: Inline - RelativeJump 0x8050239E-->805027A4 [ntoskrnl.exe]
ntoskrnl.exe+0x0002B3A9, Type: Inline - RelativeJump 0x805023A9-->8050279F [ntoskrnl.exe]
ntoskrnl.exe+0x0002B3BF, Type: Inline - RelativeJump 0x805023BF-->8050279F [ntoskrnl.exe]
ntoskrnl.exe+0x0002B3C8, Type: Inline - DirectCall 0x805023C8-->804D8124 [ntoskrnl.exe]
ntoskrnl.exe+0x0002B42E, Type: Inline - RelativeJump 0x8050242E-->80502472 [ntoskrnl.exe]
ntoskrnl.exe+0x0002B503, Type: Inline - RelativeJump 0x80502503-->80501241 [ntoskrnl.exe]
ntoskrnl.exe+0x0002B58E, Type: Inline - RelativeJump 0x8050258E-->8052D2AB [ntoskrnl.exe]
ntoskrnl.exe+0x0002B6EC, Type: Inline - RelativeJump 0x805026EC-->8051D275 [ntoskrnl.exe]
ntoskrnl.exe+0x0002B7AB, Type: Inline - RelativeJump 0x805027AB-->805023A9 [ntoskrnl.exe]
ntoskrnl.exe+0x0002B7B3, Type: Inline - RelativeJump 0x805027B3-->805023A9 [ntoskrnl.exe]
ntoskrnl.exe+0x0002B7C3, Type: Inline - RelativeJump 0x805027C3-->805023B6 [ntoskrnl.exe]
ntoskrnl.exe+0x0002B7CF, Type: Inline - RelativeJump 0x805027CF-->805023C8 [ntoskrnl.exe]
ntoskrnl.exe+0x0002B7DC, Type: Inline - DirectCall 0x805027DC-->804D8124 [ntoskrnl.exe]
ntoskrnl.exe+0x0002BA0C, Type: Inline - RelativeJump 0x80502A0C-->80502A55 [ntoskrnl.exe]
ntoskrnl.exe+0x0002BAD3, Type: Inline - RelativeJump 0x80502AD3-->8050273A [ntoskrnl.exe]
ntoskrnl.exe+0x0002BBED, Type: Inline - RelativeJump 0x80502BED-->80502BE3 [ntoskrnl.exe]
ntoskrnl.exe+0x0002BD71, Type: Inline - RelativeCall 0x80502D71-->804E8430 [ntoskrnl.exe]
ntoskrnl.exe+0x0002BD7A, Type: Inline - RelativeCall 0x80502D7A-->804ED31D [ntoskrnl.exe]
ntoskrnl.exe+0x0002BD93, Type: Inline - RelativeJump 0x80502D93-->8051E868 [ntoskrnl.exe]
ntoskrnl.exe+0x0002BD9D, Type: Inline - RelativeJump 0x80502D9D-->8050CFCD [ntoskrnl.exe]
ntoskrnl.exe+0x0002BDA9, Type: Inline - RelativeJump 0x80502DA9-->80502DB7 [ntoskrnl.exe]
ntoskrnl.exe+0x0002BE87, Type: Inline - PushRet 0x80502E87-->9090000C [unknown_code_page]
ntoskrnl.exe+0x0002C046, Type: Inline - RelativeCall 0x80503046-->804F173E [ntoskrnl.exe]
ntoskrnl.exe+0x0002C053, Type: Inline - RelativeJump 0x80503053-->80503084 [ntoskrnl.exe]
ntoskrnl.exe+0x0002C06A, Type: Inline - RelativeJump 0x8050306A-->8050307C [ntoskrnl.exe]
ntoskrnl.exe+0x0002C0F2, Type: Inline - RelativeJump 0x805030F2-->80503106 [ntoskrnl.exe]
ntoskrnl.exe+0x0002C112, Type: Inline - RelativeJump 0x80503112-->80515F3B [ntoskrnl.exe]
ntoskrnl.exe+0x0002C118, Type: Inline - RelativeCall 0x80503118-->804DA06B [ntoskrnl.exe]
ntoskrnl.exe+0x0002C12A, Type: Inline - RelativeJump 0x8050312A-->8050315C [ntoskrnl.exe]
ntoskrnl.exe+0x0002C270, Type: Inline - RelativeJump 0x80503270-->80503272 [ntoskrnl.exe]
ntoskrnl.exe+0x0002C273, Type: Inline - RelativeJump 0x80503273-->805032F0 [ntoskrnl.exe]
ntoskrnl.exe+0x0002C2AA, Type: Inline - RelativeJump 0x805032AA-->804E1E81 [ntoskrnl.exe]
ntoskrnl.exe+0x0002C2B5, Type: Inline - RelativeJump 0x805032B5-->805249F9 [ntoskrnl.exe]
ntoskrnl.exe+0x0002C2C9, Type: Inline - RelativeCall 0x805032C9-->804E9997 [ntoskrnl.exe]
ntoskrnl.exe+0x0002C389, Type: Inline - RelativeJump 0x80503389-->80519464 [ntoskrnl.exe]
ntoskrnl.exe+0x0002C3EE, Type: Inline - RelativeJump 0x805033EE-->8050333C [ntoskrnl.exe]
ntoskrnl.exe+0x0002C5B9, Type: Inline - RelativeJump 0x805035B9-->8052B96C [ntoskrnl.exe]
ntoskrnl.exe+0x0002C799, Type: Inline - RelativeJump 0x80503799-->805037AE [ntoskrnl.exe]
ntoskrnl.exe+0x0002C81E, Type: Inline - RelativeJump 0x8050381E-->8051EBB5 [ntoskrnl.exe]
ntoskrnl.exe+0x0002C861, Type: Inline - RelativeJump 0x80503861-->8051EBC4 [ntoskrnl.exe]
ntoskrnl.exe+0x0002C8B4, Type: Inline - RelativeJump 0x805038B4-->80503F15 [ntoskrnl.exe]
ntoskrnl.exe+0x0002C912, Type: Inline - RelativeJump 0x80503912-->80508B1C [ntoskrnl.exe]
ntoskrnl.exe+0x0002C925, Type: Inline - RelativeJump 0x80503925-->804F7A61 [ntoskrnl.exe]
ntoskrnl.exe+0x0002CB69, Type: Inline - RelativeJump 0x80503B69-->80503C08 [ntoskrnl.exe]
ntoskrnl.exe+0x0002CF9D, Type: Inline - RelativeJump 0x80503F9D-->80503FBC [ntoskrnl.exe]
ntoskrnl.exe+0x0002D411, Type: Inline - RelativeCall 0x80504411-->804E7FC0 [ntoskrnl.exe]
ntoskrnl.exe+0x0002D483, Type: Inline - RelativeJump 0x80504483-->80504491 [ntoskrnl.exe]
ntoskrnl.exe+0x0002D485, Type: Inline - RelativeJump 0x80504485-->805042A1 [ntoskrnl.exe]
ntoskrnl.exe+0x0002D553, Type: Inline - RelativeJump 0x80504553-->80504576 [ntoskrnl.exe]
ntoskrnl.exe+0x0002D569, Type: Inline - RelativeCall 0x80504569-->804DC599 [ntoskrnl.exe]
ntoskrnl.exe+0x0002D72D, Type: Inline - RelativeJump 0x8050472D-->8050470A [ntoskrnl.exe]
ntoskrnl.exe+0x0002D893, Type: Inline - RelativeJump 0x80504893-->805048AD [ntoskrnl.exe]
ntoskrnl.exe+0x0002D8CD, Type: Inline - RelativeCall 0x805048CD-->804F087E [ntoskrnl.exe]
ntoskrnl.exe+0x0002D8D5, Type: Inline - RelativeJump 0x805048D5-->80504DAD [ntoskrnl.exe]
ntoskrnl.exe+0x0002DA3F, Type: Inline - RelativeCall 0x80504A3F-->804E7FE8 [ntoskrnl.exe]
ntoskrnl.exe+0x0002E2F8, Type: Inline - RelativeJump 0x805052F8-->805051C0 [ntoskrnl.exe]
ntoskrnl.exe+0x0002E300, Type: Inline - RelativeJump 0x80505300-->80527CBA [ntoskrnl.exe]
ntoskrnl.exe+0x0002E577, Type: Inline - RelativeJump 0x80505577-->805055FC [ntoskrnl.exe]
ntoskrnl.exe+0x0002E693, Type: Inline - RelativeJump 0x80505693-->8052AA21 [ntoskrnl.exe]
ntoskrnl.exe+0x0002E968, Type: Inline - RelativeCall 0x80505968-->805058EC [ntoskrnl.exe]
ntoskrnl.exe+0x0002E976, Type: Inline - PushRet 0x80505976-->9090000C [unknown_code_page]
ntoskrnl.exe+0x0002E983, Type: Inline - DirectCall 0x80505983-->804D8130 [ntoskrnl.exe]
ntoskrnl.exe+0x0002E995, Type: Inline - RelativeJump 0x80505995-->805057CC [ntoskrnl.exe]
ntoskrnl.exe+0x0002E99A, Type: Inline - RelativeJump 0x8050599A-->80505887 [ntoskrnl.exe]
ntoskrnl.exe+0x0002E9A6, Type: Inline - RelativeJump 0x805059A6-->80505889 [ntoskrnl.exe]
ntoskrnl.exe+0x0002E9C8, Type: Inline - RelativeJump 0x805059C8-->8052B6B7 [ntoskrnl.exe]
ntoskrnl.exe+0x0002EA65, Type: Inline - RelativeJump 0x80505A65-->80505A47 [ntoskrnl.exe]
ntoskrnl.exe+0x0002EBD4, Type: Inline - RelativeJump 0x80505BD4-->80510C88 [ntoskrnl.exe]
ntoskrnl.exe+0x0002EBE2, Type: Inline - RelativeJump 0x80505BE2-->80510C88 [ntoskrnl.exe]
ntoskrnl.exe+0x0002EF98, Type: Inline - RelativeCall 0x80505F98-->805A21F1 [ntoskrnl.exe]
ntoskrnl.exe+0x0002EFA8, Type: Inline - RelativeJump 0x80505FA8-->805060E5 [ntoskrnl.exe]
ntoskrnl.exe+0x0002F092, Type: Inline - RelativeJump 0x80506092-->8050609B [ntoskrnl.exe]
ntoskrnl.exe+0x0002F099, Type: Inline - RelativeJump 0x80506099-->80505FA2 [ntoskrnl.exe]
ntoskrnl.exe+0x0002F09E, Type: Inline - RelativeCall 0x8050609E-->806260F5 [ntoskrnl.exe]
ntoskrnl.exe+0x0002F0A4, Type: Inline - RelativeJump 0x805060A4-->80505FA2 [ntoskrnl.exe]
ntoskrnl.exe+0x0002F0A9, Type: Inline - RelativeJump 0x805060A9-->80505FA2 [ntoskrnl.exe]
ntoskrnl.exe+0x0002F497, Type: Inline - RelativeJump 0x80506497-->805064B6 [ntoskrnl.exe]
ntoskrnl.exe+0x0002F6D5, Type: Inline - RelativeJump 0x805066D5-->805066A3 [ntoskrnl.exe]
ntoskrnl.exe+0x0002F6E4, Type: Inline - RelativeJump 0x805066E4-->80518FAF [ntoskrnl.exe]
ntoskrnl.exe+0x0002F777, Type: Inline - RelativeJump 0x80506777-->80518F2B [ntoskrnl.exe]
ntoskrnl.exe+0x0002F8A8, Type: Inline - RelativeJump 0x805068A8-->805068C0 [ntoskrnl.exe]
ntoskrnl.exe+0x0002F95C, Type: Inline - RelativeJump 0x8050695C-->80506722 [ntoskrnl.exe]
ntoskrnl.exe+0x0002FADA, Type: Inline - RelativeCall 0x80506ADA-->805A6293 [ntoskrnl.exe]
ntoskrnl.exe+0x0002FAEE, Type: Inline - RelativeJump 0x80506AEE-->8050D79D [ntoskrnl.exe]
ntoskrnl.exe+0x0002FBFE, Type: Inline - RelativeJump 0x80506BFE-->80506C10 [ntoskrnl.exe]
ntoskrnl.exe+0x0002FC34, Type: Inline - RelativeJump 0x80506C34-->805211CC [ntoskrnl.exe]
ntoskrnl.exe+0x0002FC8D, Type: Inline - RelativeJump 0x80506C8D-->8052D33E [ntoskrnl.exe]
ntoskrnl.exe+0x0002FC9D, Type: Inline - RelativeCall 0x80506C9D-->80506579 [ntoskrnl.exe]
ntoskrnl.exe+0x0002FCA8, Type: Inline - PushRet 0x80506CA8-->90900008 [unknown_code_page]
ntoskrnl.exe+0x0002FDFF, Type: Inline - RelativeJump 0x80506DFF-->804DC74A [ntoskrnl.exe]
ntoskrnl.exe+0x00030138, Type: Inline - RelativeCall 0x80507138-->804DA5B6 [ntoskrnl.exe]
ntoskrnl.exe+0x000303EF, Type: Inline - RelativeJump 0x805073EF-->8050D6B0 [ntoskrnl.exe]
ntoskrnl.exe+0x000306BB, Type: Inline - RelativeJump 0x805076BB-->80519245 [ntoskrnl.exe]
ntoskrnl.exe+0x000306C7, Type: Inline - RelativeJump 0x805076C7-->80507312 [ntoskrnl.exe]
ntoskrnl.exe+0x000306D0, Type: Inline - RelativeJump 0x805076D0-->805072EC [ntoskrnl.exe]
ntoskrnl.exe+0x00030750, Type: Inline - RelativeJump 0x80507750-->805076D5 [ntoskrnl.exe]
ntoskrnl.exe+0x00030762, Type: Inline - PushRet 0x80507762-->812415FF [unknown_code_page]
ntoskrnl.exe+0x00030763, Type: Inline - DirectCall 0x80507763-->804D8124 [ntoskrnl.exe]
ntoskrnl.exe+0x00030965, Type: Inline - RelativeJump 0x80507965-->805079CD [ntoskrnl.exe]
ntoskrnl.exe+0x00030A57, Type: Inline - RelativeJump 0x80507A57-->8051D6D0 [ntoskrnl.exe]
ntoskrnl.exe+0x00030B0A, Type: Inline - RelativeJump 0x80507B0A-->80507B14 [ntoskrnl.exe]
ntoskrnl.exe+0x00030B9F, Type: Inline - RelativeJump 0x80507B9F-->80507BD4 [ntoskrnl.exe]
ntoskrnl.exe+0x00030CCB, Type: Inline - PushRet 0x80507CCB-->90909090 [unknown_code_page]
ntoskrnl.exe+0x00030E67, Type: Inline - RelativeJump 0x80507E67-->8050BA9F [ntoskrnl.exe]
ntoskrnl.exe+0x00030F5E, Type: Inline - DirectCall 0x80507F5E-->804D8124 [ntoskrnl.exe]
ntoskrnl.exe+0x00030F68, Type: Inline - PushRet 0x80507F68-->E8570004 [unknown_code_page]
ntoskrnl.exe+0x00030F6F, Type: Inline - RelativeCall 0x80507F6F-->80507F30 [ntoskrnl.exe]
ntoskrnl.exe+0x00030FB1, Type: Inline - RelativeJump 0x80507FB1-->805141B0 [ntoskrnl.exe]
ntoskrnl.exe+0x0003110E, Type: Inline - RelativeJump 0x8050810E-->80508124 [ntoskrnl.exe]
ntoskrnl.exe+0x0003115F, Type: Inline - RelativeJump 0x8050815F-->805081D0 [ntoskrnl.exe]
ntoskrnl.exe+0x00031251, Type: Inline - RelativeJump 0x80508251-->8050824F [ntoskrnl.exe]
ntoskrnl.exe+0x00031265, Type: Inline - RelativeCall 0x80508265-->805AE857 [ntoskrnl.exe]
ntoskrnl.exe+0x000312BB, Type: Inline - RelativeCall 0x805082BB-->805A2904 [ntoskrnl.exe]
ntoskrnl.exe+0x000312DF, Type: Inline - RelativeCall 0x805082DF-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0003132E, Type: Inline - PushRet 0x8050832E-->CE8B000C [unknown_code_page]
ntoskrnl.exe+0x00031335, Type: Inline - RelativeCall 0x80508335-->804DA06B [ntoskrnl.exe]
ntoskrnl.exe+0x000313D5, Type: Inline - RelativeJump 0x805083D5-->80508399 [ntoskrnl.exe]
ntoskrnl.exe+0x0003149B, Type: Inline - RelativeJump 0x8050849B-->80508584 [ntoskrnl.exe]
ntoskrnl.exe+0x000314A1, Type: Inline - RelativeCall 0x805084A1-->805A1AC8 [ntoskrnl.exe]
ntoskrnl.exe+0x00031611, Type: Inline - DirectCall 0x80508611-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x00031A04, Type: Inline - RelativeCall 0x80508A04-->804E2554 [ntoskrnl.exe]
ntoskrnl.exe+0x00031EA9, Type: Inline - RelativeJump 0x80508EA9-->80508EBF [ntoskrnl.exe]
ntoskrnl.exe+0x00031FE9, Type: Inline - RelativeJump 0x80508FE9-->80508FFB [ntoskrnl.exe]
ntoskrnl.exe+0x00032082, Type: Inline - RelativeCall 0x80509082-->81183970 [unknown_code_page]
ntoskrnl.exe+0x000321FF, Type: Inline - RelativeJump 0x805091FF-->80509215 [ntoskrnl.exe]
ntoskrnl.exe+0x000322B0, Type: Inline - RelativeJump 0x805092B0-->8050927F [ntoskrnl.exe]
ntoskrnl.exe+0x000322EF, Type: Inline - RelativeJump 0x805092EF-->805093E9 [ntoskrnl.exe]
ntoskrnl.exe+0x00032361, Type: Inline - RelativeJump 0x80509361-->80509376 [ntoskrnl.exe]
ntoskrnl.exe+0x00032376, Type: Inline - RelativeJump 0x80509376-->80509391 [ntoskrnl.exe]
ntoskrnl.exe+0x000323B1, Type: Inline - DirectCall 0x805093B1-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x000323B3, Type: Inline - RelativeCall 0x805093B3-->804FAC31 [ntoskrnl.exe]
ntoskrnl.exe+0x000323BE, Type: Inline - RelativeJump 0x805093BE-->805093DB [ntoskrnl.exe]
ntoskrnl.exe+0x000324AB, Type: Inline - RelativeJump 0x805094AB-->805159E5 [ntoskrnl.exe]
ntoskrnl.exe+0x000324B0, Type: Inline - RelativeCall 0x805094B0-->804F4939 [ntoskrnl.exe]
ntoskrnl.exe+0x000324B9, Type: Inline - RelativeJump 0x805094B9-->80509490 [ntoskrnl.exe]
ntoskrnl.exe+0x000324CC, Type: Inline - RelativeJump 0x805094CC-->8052C654 [ntoskrnl.exe]
ntoskrnl.exe+0x00032687, Type: Inline - RelativeJump 0x80509687-->805096C9 [ntoskrnl.exe]
ntoskrnl.exe+0x000327BC, Type: Inline - RelativeJump 0x805097BC-->80509794 [ntoskrnl.exe]
ntoskrnl.exe+0x00032815, Type: Inline - RelativeJump 0x80509815-->8052AD6F [ntoskrnl.exe]
ntoskrnl.exe+0x00032831, Type: Inline - RelativeCall 0x80509831-->80509754 [ntoskrnl.exe]
ntoskrnl.exe+0x000328DA, Type: Inline - RelativeJump 0x805098DA-->804E8350 [ntoskrnl.exe]
ntoskrnl.exe+0x000328FC, Type: Inline - RelativeJump 0x805098FC-->80525C98 [ntoskrnl.exe]
ntoskrnl.exe+0x00032B86, Type: Inline - DirectCall 0x80509B86-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x00032B88, Type: Inline - RelativeJump 0x80509B88-->80509B70 [ntoskrnl.exe]
ntoskrnl.exe+0x00032B8D, Type: Inline - RelativeJump 0x80509B8D-->80509BA7 [ntoskrnl.exe]
ntoskrnl.exe+0x00032C00, Type: Inline - RelativeJump 0x80509C00-->80509BB1 [ntoskrnl.exe]
ntoskrnl.exe+0x00032CBA, Type: Inline - RelativeJump 0x80509CBA-->80509CB9 [ntoskrnl.exe]
ntoskrnl.exe+0x00032EAA, Type: Inline - RelativeJump 0x80509EAA-->8050A076 [ntoskrnl.exe]
ntoskrnl.exe+0x0003310C, Type: Inline - PushRet 0x8050A10C-->9090002C [unknown_code_page]
ntoskrnl.exe+0x00033178, Type: Inline - RelativeJump 0x8050A178-->8050DBC3 [ntoskrnl.exe]
ntoskrnl.exe+0x000331F8, Type: Inline - RelativeJump 0x8050A1F8-->804FA6B1 [ntoskrnl.exe]
ntoskrnl.exe+0x0003323B, Type: Inline - RelativeJump 0x8050A23B-->8050A1D7 [ntoskrnl.exe]
ntoskrnl.exe+0x00033278, Type: Inline - RelativeJump 0x8050A278-->804E7B17 [ntoskrnl.exe]
ntoskrnl.exe+0x0003327D, Type: Inline - RelativeCall 0x8050A27D-->804E1930 [ntoskrnl.exe]
ntoskrnl.exe+0x00033284, Type: Inline - RelativeJump 0x8050A284-->804E7BE8 [ntoskrnl.exe]
ntoskrnl.exe+0x00033421, Type: Inline - RelativeJump 0x8050A421-->80520463 [ntoskrnl.exe]
ntoskrnl.exe+0x000334F2, Type: Inline - PushRet 0x8050A4F2-->9090000C [unknown_code_page]
ntoskrnl.exe+0x000335BC, Type: Inline - RelativeCall 0x8050A5BC-->8056DA64 [ntoskrnl.exe]
ntoskrnl.exe+0x00033782, Type: Inline - DirectCall 0x8050A782-->804D8128 [ntoskrnl.exe]
ntoskrnl.exe+0x0003378F, Type: Inline - RelativeCall 0x8050A78F-->80508AEE [ntoskrnl.exe]
ntoskrnl.exe+0x00033D72, Type: Inline - RelativeCall 0x8050AD72-->804F23E1 [ntoskrnl.exe]
ntoskrnl.exe+0x00033DDB, Type: Inline - RelativeCall 0x8050ADDB-->804E81F3 [ntoskrnl.exe]
ntoskrnl.exe+0x000340B7, Type: Inline - PushRet 0x8050B0B7-->FFFF0004 [unknown_code_page]
ntoskrnl.exe+0x00034126, Type: Inline - RelativeJump 0x8050B126-->8050B13A [ntoskrnl.exe]
ntoskrnl.exe+0x00034135, Type: Inline - RelativeJump 0x8050B135-->8050B12C [ntoskrnl.exe]
ntoskrnl.exe+0x000341CC, Type: Inline - RelativeJump 0x8050B1CC-->8050B29F [ntoskrnl.exe]
ntoskrnl.exe+0x0003440C, Type: Inline - RelativeJump 0x8050B40C-->8050B3F2 [ntoskrnl.exe]
ntoskrnl.exe+0x0003441A, Type: Inline - RelativeJump 0x8050B41A-->804FA3B1 [ntoskrnl.exe]
ntoskrnl.exe+0x00034421, Type: Inline - RelativeJump 0x8050B421-->804FE2D2 [ntoskrnl.exe]
ntoskrnl.exe+0x00034552, Type: Inline - RelativeCall 0x8050B552-->8050B572 [ntoskrnl.exe]
ntoskrnl.exe+0x000345FF, Type: Inline - RelativeCall 0x8050B5FF-->80504D1A [ntoskrnl.exe]
ntoskrnl.exe+0x0003460C, Type: Inline - RelativeJump 0x8050B60C-->8050B831 [ntoskrnl.exe]
ntoskrnl.exe+0x00034716, Type: Inline - DirectJump 0x8050B716-->804D8020 [ntoskrnl.exe]
ntoskrnl.exe+0x0003486A, Type: Inline - RelativeJump 0x8050B86A-->80523039 [ntoskrnl.exe]
ntoskrnl.exe+0x00034870, Type: Inline - RelativeJump 0x8050B870-->8050B6B8 [ntoskrnl.exe]
ntoskrnl.exe+0x000348BC, Type: Inline - RelativeJump 0x8050B8BC-->80504EC2 [ntoskrnl.exe]
ntoskrnl.exe+0x00034A14, Type: Inline - RelativeCall 0x8050BA14-->8050D065 [ntoskrnl.exe]
ntoskrnl.exe+0x00034A57, Type: Inline - RelativeJump 0x8050BA57-->8050BA3D [ntoskrnl.exe]
ntoskrnl.exe+0x00034AE4, Type: Inline - RelativeJump 0x8050BAE4-->80521036 [ntoskrnl.exe]
ntoskrnl.exe+0x00034CD3, Type: Inline - RelativeCall 0x8050BCD3-->80507814 [ntoskrnl.exe]
ntoskrnl.exe+0x00034CD9, Type: Inline - RelativeJump 0x8050BCD9-->8052BD0B [ntoskrnl.exe]
ntoskrnl.exe+0x00034FEA, Type: Inline - RelativeCall 0x8050BFEA-->805157B5 [ntoskrnl.exe]
ntoskrnl.exe+0x0003519E, Type: Inline - RelativeCall 0x8050C19E-->804DA06B [ntoskrnl.exe]
ntoskrnl.exe+0x0003538B, Type: Inline - RelativeJump 0x8050C38B-->8050C380 [ntoskrnl.exe]
ntoskrnl.exe+0x00035443, Type: Inline - PushRet 0x8050C443-->C25D0001 [unknown_code_page]
ntoskrnl.exe+0x0003544E, Type: Inline - RelativeJump 0x8050C44E-->8050C4D1 [ntoskrnl.exe]
ntoskrnl.exe+0x0003545B, Type: Inline - RelativeCall 0x8050C45B-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x00035688, Type: Inline - RelativeCall 0x8050C688-->8214BD9D [unknown_code_page]
ntoskrnl.exe+0x000357A8, Type: Inline - RelativeJump 0x8050C7A8-->8051900B [ntoskrnl.exe]
ntoskrnl.exe+0x000357B0, Type: Inline - RelativeJump 0x8050C7B0-->80518F31 [ntoskrnl.exe]
ntoskrnl.exe+0x000359C4, Type: Inline - RelativeCall 0x8050C9C4-->8050C97B [ntoskrnl.exe]
ntoskrnl.exe+0x000359D5, Type: Inline - RelativeJump 0x8050C9D5-->8050C9EF [ntoskrnl.exe]
ntoskrnl.exe+0x00035B7D, Type: Inline - RelativeJump 0x8050CB7D-->8050CBA8 [ntoskrnl.exe]
ntoskrnl.exe+0x00035FD7, Type: Inline - RelativeJump 0x8050CFD7-->80502E16 [ntoskrnl.exe]
ntoskrnl.exe+0x00036121, Type: Inline - PushRet 0x8050D121-->8BD08A04 [unknown_code_page]
ntoskrnl.exe+0x00036122, Type: Inline - DirectCall 0x8050D122-->804D8124 [ntoskrnl.exe]
ntoskrnl.exe+0x000362D3, Type: Inline - DirectCall 0x8050D2D3-->804D8128 [ntoskrnl.exe]
ntoskrnl.exe+0x0003666A, Type: Inline - RelativeCall 0x8050D66A-->8050D065 [ntoskrnl.exe]
ntoskrnl.exe+0x000367A6, Type: Inline - RelativeJump 0x8050D7A6-->8050D7B0 [ntoskrnl.exe]
ntoskrnl.exe+0x000367B3, Type: Inline - RelativeCall 0x8050D7B3-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x00036956, Type: Inline - RelativeJump 0x8050D956-->80505F1B [ntoskrnl.exe]
ntoskrnl.exe+0x0003695B, Type: Inline - RelativeJump 0x8050D95B-->80505FA5 [ntoskrnl.exe]
ntoskrnl.exe+0x00036964, Type: Inline - RelativeJump 0x8050D964-->80505F7C [ntoskrnl.exe]
ntoskrnl.exe+0x00036976, Type: Inline - RelativeJump 0x8050D976-->80505B85 [ntoskrnl.exe]
ntoskrnl.exe+0x0003697B, Type: Inline - RelativeJump 0x8050D97B-->80505C16 [ntoskrnl.exe]
ntoskrnl.exe+0x00036A7A, Type: Inline - RelativeCall 0x8050DA7A-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x00036CC2, Type: Inline - RelativeJump 0x8050DCC2-->8050DCDB [ntoskrnl.exe]
ntoskrnl.exe+0x00036CD0, Type: Inline - RelativeJump 0x8050DCD0-->80521778 [ntoskrnl.exe]
ntoskrnl.exe+0x00036CE4, Type: Inline - DirectCall 0x8050DCE4-->804D8130 [ntoskrnl.exe]
ntoskrnl.exe+0x00036CEF, Type: Inline - PushRet 0x8050DCEF-->FA800008 [unknown_code_page]
ntoskrnl.exe+0x00036D34, Type: Inline - RelativeJump 0x8050DD34-->8050DDC5 [ntoskrnl.exe]
ntoskrnl.exe+0x00036D3C, Type: Inline - DirectCall 0x8050DD3C-->804D8088 [ntoskrnl.exe]
ntoskrnl.exe+0x00036D4C, Type: Inline - RelativeJump 0x8050DD4C-->8050DD73 [ntoskrnl.exe]
ntoskrnl.exe+0x00036D62, Type: Inline - RelativeCall 0x8050DD62-->804D9E2A [ntoskrnl.exe]
ntoskrnl.exe+0x00036E2B, Type: Inline - RelativeJump 0x8050DE2B-->804F4D5A [ntoskrnl.exe]
ntoskrnl.exe+0x00036E30, Type: Inline - RelativeCall 0x8050DE30-->80530405 [ntoskrnl.exe]
ntoskrnl.exe+0x00036E36, Type: Inline - RelativeJump 0x8050DE36-->8050D2CF [ntoskrnl.exe]
ntoskrnl.exe+0x00036E3B, Type: Inline - DirectCall 0x8050DE3B-->804D8110 [ntoskrnl.exe]
ntoskrnl.exe+0x00036E56, Type: Inline - RelativeCall 0x8050DE56-->804E2528 [ntoskrnl.exe]
ntoskrnl.exe+0x00036E5B, Type: Inline - RelativeJump 0x8050DE5B-->80503D9A [ntoskrnl.exe]
ntoskrnl.exe+0x00036EA8, Type: Inline - RelativeJump 0x8050DEA8-->8050DEDB [ntoskrnl.exe]
ntoskrnl.exe+0x00036EB3, Type: Inline - RelativeJump 0x8050DEB3-->8051BD4C [ntoskrnl.exe]
ntoskrnl.exe+0x00036ECA, Type: Inline - RelativeJump 0x8050DECA-->8050DEDB [ntoskrnl.exe]
ntoskrnl.exe+0x00036FB9, Type: Inline - RelativeJump 0x8050DFB9-->804F7F44 [ntoskrnl.exe]
ntoskrnl.exe+0x00036FBE, Type: Inline - RelativeJump 0x8050DFBE-->804F7F8E [ntoskrnl.exe]
ntoskrnl.exe+0x00036FC6, Type: Inline - RelativeJump 0x8050DFC6-->8051EBCD [ntoskrnl.exe]
ntoskrnl.exe+0x00036FD2, Type: Inline - RelativeJump 0x8050DFD2-->8051EBD6 [ntoskrnl.exe]
ntoskrnl.exe+0x0003701E, Type: Inline - RelativeJump 0x8050E01E-->804F7F40 [ntoskrnl.exe]
ntoskrnl.exe+0x0003702A, Type: Inline - RelativeJump 0x8050E02A-->80523044 [ntoskrnl.exe]
ntoskrnl.exe+0x0003707A, Type: Inline - RelativeCall 0x8050E07A-->80550010 [ntoskrnl.exe]
ntoskrnl.exe+0x00037082, Type: Inline - PushRet 0x8050E082-->9090000C [unknown_code_page]
ntoskrnl.exe+0x000370E0, Type: Inline - PushRet 0x8050E0E0-->90909090 [unknown_code_page]
ntoskrnl.exe+0x000370EB, Type: Inline - RelativeJump 0x8050E0EB-->8050E20A [ntoskrnl.exe]
ntoskrnl.exe+0x000370F9, Type: Inline - RelativeJump 0x8050E0F9-->8050E1FD [ntoskrnl.exe]
ntoskrnl.exe+0x00037102, Type: Inline - PushRet 0x8050E102-->90900004 [unknown_code_page]
ntoskrnl.exe+0x000371D2, Type: Inline - RelativeJump 0x8050E1D2-->80510ACA [ntoskrnl.exe]
ntoskrnl.exe+0x00037357, Type: Inline - RelativeJump 0x8050E357-->8050E344 [ntoskrnl.exe]
ntoskrnl.exe+0x0003737A, Type: Inline - RelativeJump 0x8050E37A-->8050E38A [ntoskrnl.exe]
ntoskrnl.exe+0x00037382, Type: Inline - PushRet 0x8050E382-->9090000C [unknown_code_page]
ntoskrnl.exe+0x00037398, Type: Inline - RelativeCall 0x8050E398-->804E20A9 [ntoskrnl.exe]
ntoskrnl.exe+0x00037419, Type: Inline - DirectCall 0x8050E419-->804D802C [ntoskrnl.exe]
ntoskrnl.exe+0x00037438, Type: Inline - RelativeJump 0x8050E438-->8050E44F [ntoskrnl.exe]
ntoskrnl.exe+0x00037464, Type: Inline - PushRet 0x8050E464-->FF850F00 [unknown_code_page]
ntoskrnl.exe+0x00037470, Type: Inline - RelativeJump 0x8050E470-->8050E485 [ntoskrnl.exe]
ntoskrnl.exe+0x000374A2, Type: Inline - PushRet 0x8050E4A2-->E4850F00 [unknown_code_page]
ntoskrnl.exe+0x000374A7, Type: Inline - RelativeJump 0x8050E4A7-->8052B0A6 [ntoskrnl.exe]
ntoskrnl.exe+0x0003750E, Type: Inline - RelativeJump 0x8050E50E-->8052B223 [ntoskrnl.exe]
ntoskrnl.exe+0x00037517, Type: Inline - PushRet 0x8050E517-->90900004 [unknown_code_page]
ntoskrnl.exe+0x00037523, Type: Inline - RelativeJump 0x8050E523-->8050E57B [ntoskrnl.exe]
ntoskrnl.exe+0x00037538, Type: Inline - RelativeJump 0x8050E538-->8052ABA3 [ntoskrnl.exe]
ntoskrnl.exe+0x0003754B, Type: Inline - DirectCall 0x8050E54B-->804D8054 [ntoskrnl.exe]
ntoskrnl.exe+0x000375AE, Type: Inline - RelativeJump 0x8050E5AE-->8050E678 [ntoskrnl.exe]
ntoskrnl.exe+0x00037690, Type: Inline - RelativeJump 0x8050E690-->8052ABCA [ntoskrnl.exe]
ntoskrnl.exe+0x000376A1, Type: Inline - RelativeCall 0x8050E6A1-->8050E6BB [ntoskrnl.exe]
ntoskrnl.exe+0x000376F0, Type: Inline - RelativeJump 0x8050E6F0-->8052AB69 [ntoskrnl.exe]
ntoskrnl.exe+0x000376FB, Type: Inline - RelativeJump 0x8050E6FB-->8052AB7B [ntoskrnl.exe]
ntoskrnl.exe+0x00037704, Type: Inline - RelativeJump 0x8050E704-->8052AB84 [ntoskrnl.exe]
ntoskrnl.exe+0x0003776C, Type: Inline - RelativeJump 0x8050E76C-->8050E735 [ntoskrnl.exe]
ntoskrnl.exe+0x000377A0, Type: Inline - RelativeJump 0x8050E7A0-->8052AC22 [ntoskrnl.exe]
ntoskrnl.exe+0x000377CE, Type: Inline - RelativeJump 0x8050E7CE-->8050E7E5 [ntoskrnl.exe]
ntoskrnl.exe+0x000377D8, Type: Inline - RelativeJump 0x8050E7D8-->8052AC42 [ntoskrnl.exe]
ntoskrnl.exe+0x00037816, Type: Inline - RelativeJump 0x8050E816-->8050E8BB [ntoskrnl.exe]
ntoskrnl.exe+0x00037821, Type: Inline - RelativeCall 0x8050E821-->804E9237 [ntoskrnl.exe]
ntoskrnl.exe+0x0003782B, Type: Inline - RelativeJump 0x8050E82B-->8052AC62 [ntoskrnl.exe]
ntoskrnl.exe+0x00037932, Type: Inline - RelativeJump 0x8050E932-->8050E938 [ntoskrnl.exe]
ntoskrnl.exe+0x00037934, Type: Inline - RelativeJump 0x8050E934-->8050E93A [ntoskrnl.exe]
ntoskrnl.exe+0x00037942, Type: Inline - RelativeJump 0x8050E942-->8050E948 [ntoskrnl.exe]
ntoskrnl.exe+0x0003794E, Type: Inline - RelativeJump 0x8050E94E-->8050E954 [ntoskrnl.exe]
ntoskrnl.exe+0x00037958, Type: Inline - RelativeJump 0x8050E958-->8050E95E [ntoskrnl.exe]
ntoskrnl.exe+0x0003795A, Type: Inline - RelativeJump 0x8050E95A-->8050E960 [ntoskrnl.exe]
ntoskrnl.exe+0x00037968, Type: Inline - RelativeJump 0x8050E968-->8050E96E [ntoskrnl.exe]
ntoskrnl.exe+0x00037976, Type: Inline - RelativeJump 0x8050E976-->8050E97C [ntoskrnl.exe]
ntoskrnl.exe+0x00037984, Type: Inline - RelativeJump 0x8050E984-->8050E98A [ntoskrnl.exe]
ntoskrnl.exe+0x00037986, Type: Inline - RelativeJump 0x8050E986-->8050E98C [ntoskrnl.exe]
ntoskrnl.exe+0x0003798A, Type: Inline - RelativeJump 0x8050E98A-->8050E990 [ntoskrnl.exe]
ntoskrnl.exe+0x000379AC, Type: Inline - RelativeJump 0x8050E9AC-->8050E9B2 [ntoskrnl.exe]
ntoskrnl.exe+0x000379B2, Type: Inline - RelativeJump 0x8050E9B2-->8050E9B8 [ntoskrnl.exe]
ntoskrnl.exe+0x000379B4, Type: Inline - RelativeJump 0x8050E9B4-->8050E9BA [ntoskrnl.exe]
ntoskrnl.exe+0x000379B8, Type: Inline - RelativeJump 0x8050E9B8-->8050E9BE [ntoskrnl.exe]
ntoskrnl.exe+0x000379C6, Type: Inline - RelativeJump 0x8050E9C6-->8050E9CC [ntoskrnl.exe]
ntoskrnl.exe+0x000379D2, Type: Inline - RelativeJump 0x8050E9D2-->8050E9D8 [ntoskrnl.exe]
ntoskrnl.exe+0x000379DA, Type: Inline - RelativeJump 0x8050E9DA-->8050E9E0 [ntoskrnl.exe]
ntoskrnl.exe+0x000379DC, Type: Inline - RelativeJump 0x8050E9DC-->8050E9E2 [ntoskrnl.exe]
ntoskrnl.exe+0x000379E2, Type: Inline - RelativeJump 0x8050E9E2-->8050E9E8 [ntoskrnl.exe]
ntoskrnl.exe+0x000379FA, Type: Inline - RelativeJump 0x8050E9FA-->8050EA00 [ntoskrnl.exe]
ntoskrnl.exe+0x00037A02, Type: Inline - RelativeJump 0x8050EA02-->8050EA08 [ntoskrnl.exe]
ntoskrnl.exe+0x00037A0A, Type: Inline - RelativeJump 0x8050EA0A-->8050EA10 [ntoskrnl.exe]
ntoskrnl.exe+0x00037A10, Type: Inline - RelativeJump 0x8050EA10-->8050EA16 [ntoskrnl.exe]
ntoskrnl.exe+0x00037A32, Type: Inline - RelativeJump 0x8050EA32-->8050EA38 [ntoskrnl.exe]
ntoskrnl.exe+0x00037A40, Type: Inline - RelativeJump 0x8050EA40-->8050EA46 [ntoskrnl.exe]
ntoskrnl.exe+0x00037A44, Type: Inline - RelativeJump 0x8050EA44-->8050EA4A [ntoskrnl.exe]
ntoskrnl.exe+0x00037A4A, Type: Inline - RelativeJump 0x8050EA4A-->8050EA50 [ntoskrnl.exe]
ntoskrnl.exe+0x00037A50, Type: Inline - RelativeJump 0x8050EA50-->8050EA56 [ntoskrnl.exe]
ntoskrnl.exe+0x00038084, Type: Inline - RelativeJump 0x8050F084-->8050F08A [ntoskrnl.exe]
ntoskrnl.exe+0x00038086, Type: Inline - RelativeJump 0x8050F086-->8050F08C [ntoskrnl.exe]
ntoskrnl.exe+0x000380A6, Type: Inline - RelativeJump 0x8050F0A6-->8050F0AC [ntoskrnl.exe]
ntoskrnl.exe+0x000380AE, Type: Inline - RelativeJump 0x8050F0AE-->8050F0B4 [ntoskrnl.exe]
ntoskrnl.exe+0x000380BE, Type: Inline - RelativeJump 0x8050F0BE-->8050F0C4 [ntoskrnl.exe]
ntoskrnl.exe+0x000380CE, Type: Inline - RelativeJump 0x8050F0CE-->8050F0D4 [ntoskrnl.exe]
ntoskrnl.exe+0x000380D6, Type: Inline - RelativeJump 0x8050F0D6-->8050F0DC [ntoskrnl.exe]
ntoskrnl.exe+0x000380DC, Type: Inline - RelativeJump 0x8050F0DC-->8050F0E2 [ntoskrnl.exe]
ntoskrnl.exe+0x000380E4, Type: Inline - RelativeJump 0x8050F0E4-->8050F0EA [ntoskrnl.exe]
ntoskrnl.exe+0x000380EC, Type: Inline - RelativeJump 0x8050F0EC-->8050F0F2 [ntoskrnl.exe]
ntoskrnl.exe+0x000380FA, Type: Inline - RelativeJump 0x8050F0FA-->8050F100 [ntoskrnl.exe]
ntoskrnl.exe+0x00038102, Type: Inline - RelativeJump 0x8050F102-->8050F108 [ntoskrnl.exe]
ntoskrnl.exe+0x0003810A, Type: Inline - RelativeJump 0x8050F10A-->8050F110 [ntoskrnl.exe]
ntoskrnl.exe+0x0003810C, Type: Inline - RelativeJump 0x8050F10C-->8050F112 [ntoskrnl.exe]
ntoskrnl.exe+0x00038112, Type: Inline - RelativeJump 0x8050F112-->8050F118 [ntoskrnl.exe]
ntoskrnl.exe+0x0003814C, Type: Inline - RelativeJump 0x8050F14C-->8050F152 [ntoskrnl.exe]
ntoskrnl.exe+0x00038152, Type: Inline - RelativeJump 0x8050F152-->8050F158 [ntoskrnl.exe]
ntoskrnl.exe+0x00038156, Type: Inline - RelativeJump 0x8050F156-->8050F15C [ntoskrnl.exe]
ntoskrnl.exe+0x00038158, Type: Inline - RelativeJump 0x8050F158-->8050F15E [ntoskrnl.exe]
ntoskrnl.exe+0x0003815E, Type: Inline - RelativeJump 0x8050F15E-->8050F164 [ntoskrnl.exe]
ntoskrnl.exe+0x00038162, Type: Inline - RelativeJump 0x8050F162-->8050F168 [ntoskrnl.exe]

ntoskrnl.exe+0x00038166, Type: Inline - RelativeJump 0x8050F166-->8050F16C [ntoskrnl.exe]
ntoskrnl.exe+0x00038172, Type: Inline - RelativeJump 0x8050F172-->8050F178 [ntoskrnl.exe]
ntoskrnl.exe+0x00038178, Type: Inline - RelativeJump 0x8050F178-->8050F17E [ntoskrnl.exe]
ntoskrnl.exe+0x0003817C, Type: Inline - RelativeJump 0x8050F17C-->8050F182 [ntoskrnl.exe]
ntoskrnl.exe+0x0003817E, Type: Inline - RelativeJump 0x8050F17E-->8050F184 [ntoskrnl.exe]
ntoskrnl.exe+0x00038186, Type: Inline - RelativeJump 0x8050F186-->8050F18C [ntoskrnl.exe]
ntoskrnl.exe+0x00038188, Type: Inline - RelativeJump 0x8050F188-->8050F18E [ntoskrnl.exe]
ntoskrnl.exe+0x00038194, Type: Inline - RelativeJump 0x8050F194-->8050F19A [ntoskrnl.exe]
ntoskrnl.exe+0x00038196, Type: Inline - RelativeJump 0x8050F196-->8050F19C [ntoskrnl.exe]
ntoskrnl.exe+0x0003819C, Type: Inline - RelativeJump 0x8050F19C-->8050F1A2 [ntoskrnl.exe]
ntoskrnl.exe+0x000381B0, Type: Inline - RelativeJump 0x8050F1B0-->8050F1B6 [ntoskrnl.exe]
ntoskrnl.exe+0x000381BE, Type: Inline - RelativeJump 0x8050F1BE-->8050F1C4 [ntoskrnl.exe]
ntoskrnl.exe+0x000381C2, Type: Inline - RelativeJump 0x8050F1C2-->8050F1C8 [ntoskrnl.exe]
ntoskrnl.exe+0x000381C6, Type: Inline - RelativeJump 0x8050F1C6-->8050F1CC [ntoskrnl.exe]
ntoskrnl.exe+0x000381D6, Type: Inline - RelativeJump 0x8050F1D6-->8050F1DC [ntoskrnl.exe]
ntoskrnl.exe+0x000381DE, Type: Inline - RelativeJump 0x8050F1DE-->8050F1E4 [ntoskrnl.exe]
ntoskrnl.exe+0x000381E0, Type: Inline - RelativeJump 0x8050F1E0-->8050F1E6 [ntoskrnl.exe]
ntoskrnl.exe+0x000381F0, Type: Inline - RelativeJump 0x8050F1F0-->8050F1F6 [ntoskrnl.exe]
ntoskrnl.exe+0x000381F4, Type: Inline - RelativeJump 0x8050F1F4-->8050F1FA [ntoskrnl.exe]
ntoskrnl.exe+0x00038200, Type: Inline - RelativeJump 0x8050F200-->8050F206 [ntoskrnl.exe]
ntoskrnl.exe+0x00038208, Type: Inline - RelativeJump 0x8050F208-->8050F20E [ntoskrnl.exe]
ntoskrnl.exe+0x0003820E, Type: Inline - RelativeJump 0x8050F20E-->8050F214 [ntoskrnl.exe]
ntoskrnl.exe+0x0003821E, Type: Inline - RelativeJump 0x8050F21E-->8050F224 [ntoskrnl.exe]
ntoskrnl.exe+0x00038226, Type: Inline - RelativeJump 0x8050F226-->8050F22C [ntoskrnl.exe]
ntoskrnl.exe+0x0003822E, Type: Inline - RelativeJump 0x8050F22E-->8050F234 [ntoskrnl.exe]
ntoskrnl.exe+0x00038230, Type: Inline - RelativeJump 0x8050F230-->8050F236 [ntoskrnl.exe]
ntoskrnl.exe+0x00038234, Type: Inline - RelativeJump 0x8050F234-->8050F23A [ntoskrnl.exe]
ntoskrnl.exe+0x00038236, Type: Inline - RelativeJump 0x8050F236-->8050F23C [ntoskrnl.exe]
ntoskrnl.exe+0x00038244, Type: Inline - RelativeJump 0x8050F244-->8050F24A [ntoskrnl.exe]
ntoskrnl.exe+0x00038246, Type: Inline - RelativeJump 0x8050F246-->8050F24C [ntoskrnl.exe]
ntoskrnl.exe+0x0003824A, Type: Inline - RelativeJump 0x8050F24A-->8050F250 [ntoskrnl.exe]
ntoskrnl.exe+0x00038252, Type: Inline - RelativeJump 0x8050F252-->8050F258 [ntoskrnl.exe]
ntoskrnl.exe+0x0003825A, Type: Inline - RelativeJump 0x8050F25A-->8050F260 [ntoskrnl.exe]
ntoskrnl.exe+0x0003825C, Type: Inline - RelativeJump 0x8050F25C-->8050F262 [ntoskrnl.exe]
ntoskrnl.exe+0x00038260, Type: Inline - RelativeJump 0x8050F260-->8050F266 [ntoskrnl.exe]
ntoskrnl.exe+0x00038262, Type: Inline - RelativeJump 0x8050F262-->8050F268 [ntoskrnl.exe]
ntoskrnl.exe+0x00038278, Type: Inline - RelativeJump 0x8050F278-->8050F27E [ntoskrnl.exe]
ntoskrnl.exe+0x00038288, Type: Inline - RelativeJump 0x8050F288-->8050F28E [ntoskrnl.exe]
ntoskrnl.exe+0x000382A8, Type: Inline - RelativeJump 0x8050F2A8-->8050F2AE [ntoskrnl.exe]
ntoskrnl.exe+0x000382B8, Type: Inline - RelativeJump 0x8050F2B8-->8050F2BE [ntoskrnl.exe]
ntoskrnl.exe+0x000382BA, Type: Inline - RelativeJump 0x8050F2BA-->8050F2C0 [ntoskrnl.exe]
ntoskrnl.exe+0x000382CC, Type: Inline - RelativeJump 0x8050F2CC-->8050F2D2 [ntoskrnl.exe]
ntoskrnl.exe+0x000382D0, Type: Inline - RelativeJump 0x8050F2D0-->8050F2D6 [ntoskrnl.exe]
ntoskrnl.exe+0x000382DC, Type: Inline - RelativeJump 0x8050F2DC-->8050F2E2 [ntoskrnl.exe]
ntoskrnl.exe+0x000382DE, Type: Inline - RelativeJump 0x8050F2DE-->8050F2E4 [ntoskrnl.exe]
ntoskrnl.exe+0x000382F4, Type: Inline - RelativeJump 0x8050F2F4-->8050F2FA [ntoskrnl.exe]
ntoskrnl.exe+0x00038300, Type: Inline - RelativeJump 0x8050F300-->8050F306 [ntoskrnl.exe]
ntoskrnl.exe+0x00038302, Type: Inline - RelativeJump 0x8050F302-->8050F308 [ntoskrnl.exe]
ntoskrnl.exe+0x00038318, Type: Inline - RelativeJump 0x8050F318-->8050F31E [ntoskrnl.exe]
ntoskrnl.exe+0x00038326, Type: Inline - RelativeJump 0x8050F326-->8050F32C [ntoskrnl.exe]
ntoskrnl.exe+0x00038338, Type: Inline - RelativeJump 0x8050F338-->8050F33E [ntoskrnl.exe]
ntoskrnl.exe+0x0003833A, Type: Inline - RelativeJump 0x8050F33A-->8050F340 [ntoskrnl.exe]
ntoskrnl.exe+0x0003833C, Type: Inline - RelativeJump 0x8050F33C-->8050F342 [ntoskrnl.exe]
ntoskrnl.exe+0x0003833E, Type: Inline - RelativeJump 0x8050F33E-->8050F344 [ntoskrnl.exe]
ntoskrnl.exe+0x00038344, Type: Inline - RelativeJump 0x8050F344-->8050F34A [ntoskrnl.exe]
ntoskrnl.exe+0x00038346, Type: Inline - RelativeJump 0x8050F346-->8050F34C [ntoskrnl.exe]
ntoskrnl.exe+0x0003834C, Type: Inline - RelativeJump 0x8050F34C-->8050F352 [ntoskrnl.exe]
ntoskrnl.exe+0x0003834E, Type: Inline - RelativeJump 0x8050F34E-->8050F354 [ntoskrnl.exe]
ntoskrnl.exe+0x00038356, Type: Inline - RelativeJump 0x8050F356-->8050F35C [ntoskrnl.exe]
ntoskrnl.exe+0x0003835A, Type: Inline - RelativeJump 0x8050F35A-->8050F360 [ntoskrnl.exe]
ntoskrnl.exe+0x0003835C, Type: Inline - RelativeJump 0x8050F35C-->8050F362 [ntoskrnl.exe]
ntoskrnl.exe+0x00038394, Type: Inline - RelativeJump 0x8050F394-->8050F39A [ntoskrnl.exe]
ntoskrnl.exe+0x00038396, Type: Inline - RelativeJump 0x8050F396-->8050F39C [ntoskrnl.exe]
ntoskrnl.exe+0x00038398, Type: Inline - RelativeJump 0x8050F398-->8050F39E [ntoskrnl.exe]
ntoskrnl.exe+0x0003839A, Type: Inline - RelativeJump 0x8050F39A-->8050F3A0 [ntoskrnl.exe]
ntoskrnl.exe+0x000383A6, Type: Inline - RelativeJump 0x8050F3A6-->8050F3AC [ntoskrnl.exe]
ntoskrnl.exe+0x000383B2, Type: Inline - RelativeJump 0x8050F3B2-->8050F3B8 [ntoskrnl.exe]
ntoskrnl.exe+0x000383BC, Type: Inline - RelativeJump 0x8050F3BC-->8050F3C2 [ntoskrnl.exe]
ntoskrnl.exe+0x000383BE, Type: Inline - RelativeJump 0x8050F3BE-->8050F3C4 [ntoskrnl.exe]
ntoskrnl.exe+0x000383D4, Type: Inline - RelativeJump 0x8050F3D4-->8050F3DA [ntoskrnl.exe]
ntoskrnl.exe+0x000383E4, Type: Inline - RelativeJump 0x8050F3E4-->8050F3EA [ntoskrnl.exe]
ntoskrnl.exe+0x000383E6, Type: Inline - RelativeJump 0x8050F3E6-->8050F3EC [ntoskrnl.exe]
ntoskrnl.exe+0x000383EA, Type: Inline - RelativeJump 0x8050F3EA-->8050F3F0 [ntoskrnl.exe]
ntoskrnl.exe+0x00038400, Type: Inline - RelativeJump 0x8050F400-->8050F406 [ntoskrnl.exe]
ntoskrnl.exe+0x0003840C, Type: Inline - RelativeJump 0x8050F40C-->8050F412 [ntoskrnl.exe]
ntoskrnl.exe+0x0003840E, Type: Inline - RelativeJump 0x8050F40E-->8050F414 [ntoskrnl.exe]
ntoskrnl.exe+0x00038410, Type: Inline - RelativeJump 0x8050F410-->8050F416 [ntoskrnl.exe]
ntoskrnl.exe+0x00038412, Type: Inline - RelativeJump 0x8050F412-->8050F418 [ntoskrnl.exe]
ntoskrnl.exe+0x00038418, Type: Inline - RelativeJump 0x8050F418-->8050F41E [ntoskrnl.exe]
ntoskrnl.exe+0x00038424, Type: Inline - RelativeJump 0x8050F424-->8050F42A [ntoskrnl.exe]
ntoskrnl.exe+0x00038434, Type: Inline - RelativeJump 0x8050F434-->8050F43A [ntoskrnl.exe]
ntoskrnl.exe+0x00038436, Type: Inline - RelativeJump 0x8050F436-->8050F43C [ntoskrnl.exe]
ntoskrnl.exe+0x00038446, Type: Inline - RelativeJump 0x8050F446-->8050F44C [ntoskrnl.exe]
ntoskrnl.exe+0x00038458, Type: Inline - RelativeJump 0x8050F458-->8050F45E [ntoskrnl.exe]
ntoskrnl.exe+0x0003845C, Type: Inline - RelativeJump 0x8050F45C-->8050F462 [ntoskrnl.exe]
ntoskrnl.exe+0x00038464, Type: Inline - RelativeJump 0x8050F464-->8050F46A [ntoskrnl.exe]
ntoskrnl.exe+0x00038470, Type: Inline - RelativeJump 0x8050F470-->8050F476 [ntoskrnl.exe]
ntoskrnl.exe+0x0003848C, Type: Inline - RelativeJump 0x8050F48C-->8050F492 [ntoskrnl.exe]
ntoskrnl.exe+0x00038492, Type: Inline - RelativeJump 0x8050F492-->8050F498 [ntoskrnl.exe]
ntoskrnl.exe+0x00038494, Type: Inline - RelativeJump 0x8050F494-->8050F49A [ntoskrnl.exe]
ntoskrnl.exe+0x000384A6, Type: Inline - RelativeJump 0x8050F4A6-->8050F4AC [ntoskrnl.exe]
ntoskrnl.exe+0x000384A8, Type: Inline - RelativeJump 0x8050F4A8-->8050F4AE [ntoskrnl.exe]
ntoskrnl.exe+0x000384BE, Type: Inline - RelativeJump 0x8050F4BE-->8050F4C4 [ntoskrnl.exe]
ntoskrnl.exe+0x000384C0, Type: Inline - RelativeJump 0x8050F4C0-->8050F4C6 [ntoskrnl.exe]
ntoskrnl.exe+0x000384CA, Type: Inline - RelativeJump 0x8050F4CA-->8050F4D0 [ntoskrnl.exe]
ntoskrnl.exe+0x000384CC, Type: Inline - RelativeJump 0x8050F4CC-->8050F4D2 [ntoskrnl.exe]
ntoskrnl.exe+0x000384D4, Type: Inline - RelativeJump 0x8050F4D4-->8050F4DA [ntoskrnl.exe]
ntoskrnl.exe+0x000384D8, Type: Inline - RelativeJump 0x8050F4D8-->8050F4DE [ntoskrnl.exe]
ntoskrnl.exe+0x000384F2, Type: Inline - RelativeJump 0x8050F4F2-->8050F4F8 [ntoskrnl.exe]
ntoskrnl.exe+0x000384FE, Type: Inline - RelativeJump 0x8050F4FE-->8050F504 [ntoskrnl.exe]
ntoskrnl.exe+0x00038508, Type: Inline - RelativeJump 0x8050F508-->8050F50E [ntoskrnl.exe]
ntoskrnl.exe+0x0003850C, Type: Inline - RelativeJump 0x8050F50C-->8050F512 [ntoskrnl.exe]
ntoskrnl.exe+0x0003850E, Type: Inline - RelativeJump 0x8050F50E-->8050F514 [ntoskrnl.exe]
ntoskrnl.exe+0x00038516, Type: Inline - RelativeJump 0x8050F516-->8050F51C [ntoskrnl.exe]
ntoskrnl.exe+0x00038522, Type: Inline - RelativeJump 0x8050F522-->8050F528 [ntoskrnl.exe]
ntoskrnl.exe+0x00038532, Type: Inline - RelativeJump 0x8050F532-->8050F538 [ntoskrnl.exe]
ntoskrnl.exe+0x0003854A, Type: Inline - RelativeJump 0x8050F54A-->8050F550 [ntoskrnl.exe]
ntoskrnl.exe+0x0003854E, Type: Inline - RelativeJump 0x8050F54E-->8050F554 [ntoskrnl.exe]
ntoskrnl.exe+0x00038562, Type: Inline - RelativeJump 0x8050F562-->8050F568 [ntoskrnl.exe]
ntoskrnl.exe+0x00038572, Type: Inline - RelativeJump 0x8050F572-->8050F578 [ntoskrnl.exe]
ntoskrnl.exe+0x00038580, Type: Inline - RelativeJump 0x8050F580-->8050F586 [ntoskrnl.exe]
ntoskrnl.exe+0x0003858A, Type: Inline - RelativeJump 0x8050F58A-->8050F590 [ntoskrnl.exe]
ntoskrnl.exe+0x0003858E, Type: Inline - RelativeJump 0x8050F58E-->8050F594 [ntoskrnl.exe]
ntoskrnl.exe+0x000385A2, Type: Inline - RelativeJump 0x8050F5A2-->8050F5A8 [ntoskrnl.exe]
ntoskrnl.exe+0x000385B0, Type: Inline - RelativeJump 0x8050F5B0-->8050F5B6 [ntoskrnl.exe]
ntoskrnl.exe+0x000385BC, Type: Inline - RelativeJump 0x8050F5BC-->8050F5C2 [ntoskrnl.exe]
ntoskrnl.exe+0x000385C6, Type: Inline - RelativeJump 0x8050F5C6-->8050F5CC [ntoskrnl.exe]
ntoskrnl.exe+0x000385D4, Type: Inline - RelativeJump 0x8050F5D4-->8050F5DA [ntoskrnl.exe]
ntoskrnl.exe+0x000385DA, Type: Inline - RelativeJump 0x8050F5DA-->8050F5E0 [ntoskrnl.exe]
ntoskrnl.exe+0x000385DE, Type: Inline - RelativeJump 0x8050F5DE-->8050F5E4 [ntoskrnl.exe]
ntoskrnl.exe+0x000385E0, Type: Inline - RelativeJump 0x8050F5E0-->8050F5E6 [ntoskrnl.exe]
ntoskrnl.exe+0x000385EA, Type: Inline - RelativeJump 0x8050F5EA-->8050F5F0 [ntoskrnl.exe]
ntoskrnl.exe+0x000385EE, Type: Inline - RelativeJump 0x8050F5EE-->8050F5F4 [ntoskrnl.exe]
ntoskrnl.exe+0x000385FE, Type: Inline - RelativeJump 0x8050F5FE-->8050F604 [ntoskrnl.exe]
ntoskrnl.exe+0x00038610, Type: Inline - RelativeJump 0x8050F610-->8050F616 [ntoskrnl.exe]
ntoskrnl.exe+0x00038612, Type: Inline - RelativeJump 0x8050F612-->8050F618 [ntoskrnl.exe]
ntoskrnl.exe+0x00038620, Type: Inline - RelativeJump 0x8050F620-->8050F626 [ntoskrnl.exe]
ntoskrnl.exe+0x00038622, Type: Inline - RelativeJump 0x8050F622-->8050F628 [ntoskrnl.exe]
ntoskrnl.exe+0x0003863A, Type: Inline - RelativeJump 0x8050F63A-->8050F640 [ntoskrnl.exe]
ntoskrnl.exe+0x00038644, Type: Inline - RelativeJump 0x8050F644-->8050F64A [ntoskrnl.exe]
ntoskrnl.exe+0x00038648, Type: Inline - RelativeJump 0x8050F648-->8050F64E [ntoskrnl.exe]
ntoskrnl.exe+0x0003864A, Type: Inline - RelativeJump 0x8050F64A-->8050F650 [ntoskrnl.exe]
ntoskrnl.exe+0x0003865A, Type: Inline - RelativeJump 0x8050F65A-->8050F660 [ntoskrnl.exe]
ntoskrnl.exe+0x00038662, Type: Inline - RelativeJump 0x8050F662-->8050F668 [ntoskrnl.exe]
ntoskrnl.exe+0x00038666, Type: Inline - RelativeJump 0x8050F666-->8050F66C [ntoskrnl.exe]
ntoskrnl.exe+0x00038674, Type: Inline - RelativeJump 0x8050F674-->8050F67A [ntoskrnl.exe]
ntoskrnl.exe+0x0003867E, Type: Inline - RelativeJump 0x8050F67E-->8050F684 [ntoskrnl.exe]
ntoskrnl.exe+0x00038684, Type: Inline - RelativeJump 0x8050F684-->8050F68A [ntoskrnl.exe]
ntoskrnl.exe+0x00038690, Type: Inline - RelativeJump 0x8050F690-->8050F696 [ntoskrnl.exe]
ntoskrnl.exe+0x0003869A, Type: Inline - RelativeJump 0x8050F69A-->8050F6A0 [ntoskrnl.exe]
ntoskrnl.exe+0x0003869E, Type: Inline - RelativeJump 0x8050F69E-->8050F6A4 [ntoskrnl.exe]
ntoskrnl.exe+0x000386AE, Type: Inline - RelativeJump 0x8050F6AE-->8050F6B4 [ntoskrnl.exe]
ntoskrnl.exe+0x000386B6, Type: Inline - RelativeJump 0x8050F6B6-->8050F6BC [ntoskrnl.exe]
ntoskrnl.exe+0x000386C0, Type: Inline - RelativeJump 0x8050F6C0-->8050F6C6 [ntoskrnl.exe]
ntoskrnl.exe+0x000386C4, Type: Inline - RelativeJump 0x8050F6C4-->8050F6CA [ntoskrnl.exe]
ntoskrnl.exe+0x000386C8, Type: Inline - RelativeJump 0x8050F6C8-->8050F6CE [ntoskrnl.exe]
ntoskrnl.exe+0x000386CC, Type: Inline - RelativeJump 0x8050F6CC-->8050F6D2 [ntoskrnl.exe]
ntoskrnl.exe+0x000386D0, Type: Inline - RelativeJump 0x8050F6D0-->8050F6D6 [ntoskrnl.exe]
ntoskrnl.exe+0x000386D8, Type: Inline - RelativeJump 0x8050F6D8-->8050F6DE [ntoskrnl.exe]
ntoskrnl.exe+0x000386E0, Type: Inline - RelativeJump 0x8050F6E0-->8050F6E6 [ntoskrnl.exe]
ntoskrnl.exe+0x000386E2, Type: Inline - RelativeJump 0x8050F6E2-->8050F6E8 [ntoskrnl.exe]
ntoskrnl.exe+0x000386F8, Type: Inline - RelativeJump 0x8050F6F8-->8050F6FE [ntoskrnl.exe]
ntoskrnl.exe+0x00038706, Type: Inline - RelativeJump 0x8050F706-->8050F70C [ntoskrnl.exe]
ntoskrnl.exe+0x00038708, Type: Inline - RelativeJump 0x8050F708-->8050F70E [ntoskrnl.exe]
ntoskrnl.exe+0x0003871C, Type: Inline - RelativeJump 0x8050F71C-->8050F722 [ntoskrnl.exe]
ntoskrnl.exe+0x0003872E, Type: Inline - RelativeJump 0x8050F72E-->8050F734 [ntoskrnl.exe]
ntoskrnl.exe+0x00038732, Type: Inline - RelativeJump 0x8050F732-->8050F738 [ntoskrnl.exe]
ntoskrnl.exe+0x0003873C, Type: Inline - RelativeJump 0x8050F73C-->8050F742 [ntoskrnl.exe]
ntoskrnl.exe+0x00038783, Type: Inline - RelativeJump 0x8050F783-->8050F78C [ntoskrnl.exe]
ntoskrnl.exe+0x00038804, Type: Inline - RelativeJump 0x8050F804-->8050F80A [ntoskrnl.exe]
ntoskrnl.exe+0x00038836, Type: Inline - RelativeJump 0x8050F836-->8050F84A [ntoskrnl.exe]
ntoskrnl.exe+0x000388FA, Type: Inline - RelativeJump 0x8050F8FA-->8050F90C [ntoskrnl.exe]
ntoskrnl.exe+0x00038908, Type: Inline - RelativeJump 0x8050F908-->8050F912 [ntoskrnl.exe]
ntoskrnl.exe+0x00038914, Type: Inline - RelativeJump 0x8050F914-->8050F91A [ntoskrnl.exe]
ntoskrnl.exe+0x0003893E, Type: Inline - RelativeJump 0x8050F93E-->8050F948 [ntoskrnl.exe]
ntoskrnl.exe+0x00038951, Type: Inline - RelativeJump 0x8050F951-->8050F95E [ntoskrnl.exe]
ntoskrnl.exe+0x00038A88, Type: Inline - RelativeJump 0x8050FA88-->8050FA8E [ntoskrnl.exe]
ntoskrnl.exe+0x00038A9C, Type: Inline - RelativeJump 0x8050FA9C-->8050FAAA [ntoskrnl.exe]
ntoskrnl.exe+0x00038AC2, Type: Inline - RelativeJump 0x8050FAC2-->8050FADA [ntoskrnl.exe]
ntoskrnl.exe+0x00038AD8, Type: Inline - RelativeJump 0x8050FAD8-->8050FADE [ntoskrnl.exe]
ntoskrnl.exe+0x00038AE4, Type: Inline - RelativeJump 0x8050FAE4-->8050FAEA [ntoskrnl.exe]
ntoskrnl.exe+0x00038B6E, Type: Inline - RelativeJump 0x8050FB6E-->8050FB78 [ntoskrnl.exe]
ntoskrnl.exe+0x00038C2C, Type: Inline - RelativeJump 0x8050FC2C-->8050FC32 [ntoskrnl.exe]
ntoskrnl.exe+0x00038C54, Type: Inline - RelativeJump 0x8050FC54-->8050FC60 [ntoskrnl.exe]
ntoskrnl.exe+0x00038C70, Type: Inline - RelativeJump 0x8050FC70-->8050FC76 [ntoskrnl.exe]
ntoskrnl.exe+0x00038C74, Type: Inline - RelativeJump 0x8050FC74-->8050FC7A [ntoskrnl.exe]
ntoskrnl.exe+0x00038C80, Type: Inline - RelativeJump 0x8050FC80-->8050FC86 [ntoskrnl.exe]
ntoskrnl.exe+0x00038C84, Type: Inline - RelativeJump 0x8050FC84-->8050FC8A [ntoskrnl.exe]
ntoskrnl.exe+0x00038C86, Type: Inline - RelativeJump 0x8050FC86-->8050FC8C [ntoskrnl.exe]
ntoskrnl.exe+0x00038C94, Type: Inline - RelativeJump 0x8050FC94-->8050FC9A [ntoskrnl.exe]
ntoskrnl.exe+0x00038C96, Type: Inline - RelativeJump 0x8050FC96-->8050FC9C [ntoskrnl.exe]
ntoskrnl.exe+0x00038CAC, Type: Inline - RelativeJump 0x8050FCAC-->8050FCB2 [ntoskrnl.exe]
ntoskrnl.exe+0x00038CB4, Type: Inline - RelativeJump 0x8050FCB4-->8050FCBA [ntoskrnl.exe]
ntoskrnl.exe+0x00038D3C, Type: Inline - RelativeJump 0x8050FD3C-->8050FD44 [ntoskrnl.exe]
ntoskrnl.exe+0x00038D94, Type: Inline - RelativeJump 0x8050FD94-->8050FD9A [ntoskrnl.exe]
ntoskrnl.exe+0x00038DE0, Type: Inline - RelativeJump 0x8050FDE0-->8050FDEA [ntoskrnl.exe]
ntoskrnl.exe+0x00038DFC, Type: Inline - RelativeJump 0x8050FDFC-->8050FE06 [ntoskrnl.exe]
ntoskrnl.exe+0x00038E44, Type: Inline - RelativeJump 0x8050FE44-->8050FE4A [ntoskrnl.exe]
ntoskrnl.exe+0x00038E58, Type: Inline - RelativeJump 0x8050FE58-->8050FE66 [ntoskrnl.exe]
ntoskrnl.exe+0x00038F16, Type: Inline - RelativeJump 0x8050FF16-->8050FF1C [ntoskrnl.exe]
ntoskrnl.exe+0x00038F26, Type: Inline - RelativeJump 0x8050FF26-->8050FF2C [ntoskrnl.exe]
ntoskrnl.exe+0x00038F4C, Type: Inline - RelativeJump 0x8050FF4C-->8050FF52 [ntoskrnl.exe]
ntoskrnl.exe+0x00038F6C, Type: Inline - RelativeJump 0x8050FF6C-->8050FF7A [ntoskrnl.exe]
ntoskrnl.exe+0x00038F7E, Type: Inline - RelativeJump 0x8050FF7E-->8050FF84 [ntoskrnl.exe]
ntoskrnl.exe+0x00038F9A, Type: Inline - RelativeJump 0x8050FF9A-->8050FFA0 [ntoskrnl.exe]
ntoskrnl.exe+0x00038FA2, Type: Inline - RelativeJump 0x8050FFA2-->8050FFB0 [ntoskrnl.exe]
ntoskrnl.exe+0x00038FAC, Type: Inline - RelativeJump 0x8050FFAC-->8050FFB2 [ntoskrnl.exe]
ntoskrnl.exe+0x00038FB4, Type: Inline - RelativeJump 0x8050FFB4-->8050FFBE [ntoskrnl.exe]
ntoskrnl.exe+0x00038FD2, Type: Inline - RelativeJump 0x8050FFD2-->8050FFD8 [ntoskrnl.exe]
ntoskrnl.exe+0x00038FE0, Type: Inline - RelativeJump 0x8050FFE0-->8050FFE6 [ntoskrnl.exe]
ntoskrnl.exe+0x00038FE8, Type: Inline - RelativeJump 0x8050FFE8-->8050FFEE [ntoskrnl.exe]
ntoskrnl.exe+0x00038FEC, Type: Inline - RelativeJump 0x8050FFEC-->8050FFF2 [ntoskrnl.exe]
ntoskrnl.exe+0x00038FF4, Type: Inline - RelativeJump 0x8050FFF4-->80510002 [ntoskrnl.exe]
ntoskrnl.exe+0x00039024, Type: Inline - RelativeJump 0x80510024-->8051002A [ntoskrnl.exe]
ntoskrnl.exe+0x00039036, Type: Inline - RelativeJump 0x80510036-->8051003C [ntoskrnl.exe]
ntoskrnl.exe+0x00039040, Type: Inline - RelativeJump 0x80510040-->8051004E [ntoskrnl.exe]
ntoskrnl.exe+0x00039054, Type: Inline - RelativeJump 0x80510054-->80510060 [ntoskrnl.exe]
ntoskrnl.exe+0x00039078, Type: Inline - RelativeJump 0x80510078-->80510084 [ntoskrnl.exe]
ntoskrnl.exe+0x00039094, Type: Inline - RelativeJump 0x80510094-->8051009A [ntoskrnl.exe]
ntoskrnl.exe+0x000390AA, Type: Inline - RelativeJump 0x805100AA-->805100BC [ntoskrnl.exe]
ntoskrnl.exe+0x000391CC, Type: Inline - RelativeJump 0x805101CC-->805101D4 [ntoskrnl.exe]
ntoskrnl.exe+0x000391E8, Type: Inline - RelativeJump 0x805101E8-->805101F2 [ntoskrnl.exe]
ntoskrnl.exe+0x00039226, Type: Inline - RelativeJump 0x80510226-->80510238 [ntoskrnl.exe]
ntoskrnl.exe+0x000392F2, Type: Inline - RelativeJump 0x805102F2-->80510300 [ntoskrnl.exe]
ntoskrnl.exe+0x0003939A, Type: Inline - RelativeJump 0x8051039A-->805103A0 [ntoskrnl.exe]
ntoskrnl.exe+0x0003946B, Type: Inline - RelativeJump 0x8051046B-->80510474 [ntoskrnl.exe]
ntoskrnl.exe+0x00039533, Type: Inline - RelativeJump 0x80510533-->8051053C [ntoskrnl.exe]
ntoskrnl.exe+0x0003953C, Type: Inline - RelativeJump 0x8051053C-->80510548 [ntoskrnl.exe]
ntoskrnl.exe+0x0003959C, Type: Inline - RelativeJump 0x8051059C-->805105A8 [ntoskrnl.exe]
ntoskrnl.exe+0x0003961E, Type: Inline - RelativeJump 0x8051061E-->80510624 [ntoskrnl.exe]
ntoskrnl.exe+0x00039624, Type: Inline - RelativeJump 0x80510624-->8051062A [ntoskrnl.exe]
ntoskrnl.exe+0x0003962E, Type: Inline - RelativeJump 0x8051062E-->80510634 [ntoskrnl.exe]
ntoskrnl.exe+0x00039676, Type: Inline - RelativeJump 0x80510676-->8051067C [ntoskrnl.exe]
ntoskrnl.exe+0x000396B8, Type: Inline - RelativeJump 0x805106B8-->805106BE [ntoskrnl.exe]
ntoskrnl.exe+0x0003984F, Type: Inline - RelativeJump 0x8051084F-->8051085D [ntoskrnl.exe]
ntoskrnl.exe+0x00039867, Type: Inline - RelativeJump 0x80510867-->8051086F [ntoskrnl.exe]
ntoskrnl.exe+0x000399B1, Type: Inline - RelativeCall 0x805109B1-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x000399B7, Type: Inline - RelativeCall 0x805109B7-->805065F1 [ntoskrnl.exe]
ntoskrnl.exe+0x00039BF8, Type: Inline - RelativeJump 0x80510BF8-->8050E1DB [ntoskrnl.exe]
ntoskrnl.exe+0x00039C02, Type: Inline - RelativeJump 0x80510C02-->8052138B [ntoskrnl.exe]
ntoskrnl.exe+0x00039C07, Type: Inline - RelativeJump 0x80510C07-->80510B25 [ntoskrnl.exe]
ntoskrnl.exe+0x00039C0F, Type: Inline - RelativeJump 0x80510C0F-->80510B9A [ntoskrnl.exe]
ntoskrnl.exe+0x00039C79, Type: Inline - RelativeJump 0x80510C79-->80505FA5 [ntoskrnl.exe]
ntoskrnl.exe+0x00039DBB, Type: Inline - PushRet 0x80510DBB-->90900008 [unknown_code_page]
ntoskrnl.exe+0x00039ED3, Type: Inline - PushRet 0x80510ED3-->90900008 [unknown_code_page]
ntoskrnl.exe+0x0003A109, Type: Inline - RelativeJump 0x80511109-->804E2003 [ntoskrnl.exe]
ntoskrnl.exe+0x0003A276, Type: Inline - RelativeJump 0x80511276-->80527132 [ntoskrnl.exe]
ntoskrnl.exe+0x0003A282, Type: Inline - RelativeCall 0x80511282-->804E5DBB [ntoskrnl.exe]
ntoskrnl.exe+0x0003A287, Type: Inline - RelativeJump 0x80511287-->8051129C [ntoskrnl.exe]
ntoskrnl.exe+0x0003A444, Type: Inline - RelativeJump 0x80511444-->8052B99A [ntoskrnl.exe]
ntoskrnl.exe+0x0003A456, Type: Inline - RelativeJump 0x80511456-->8052B980 [ntoskrnl.exe]
ntoskrnl.exe+0x0003A4E9, Type: Inline - RelativeJump 0x805114E9-->805114C5 [ntoskrnl.exe]
ntoskrnl.exe+0x0003A55B, Type: Inline - RelativeJump 0x8051155B-->80511564 [ntoskrnl.exe]
ntoskrnl.exe+0x0003A638, Type: Inline - PushRet 0x80511638-->8B660008 [unknown_code_page]
ntoskrnl.exe+0x0003A6F1, Type: Inline - RelativeJump 0x805116F1-->8051170A [ntoskrnl.exe]
ntoskrnl.exe+0x0003A82A, Type: Inline - RelativeJump 0x8051182A-->8050D991 [ntoskrnl.exe]
ntoskrnl.exe+0x0003A840, Type: Inline - RelativeJump 0x80511840-->804FC8B5 [ntoskrnl.exe]
ntoskrnl.exe+0x0003AA54, Type: Inline - RelativeCall 0x80511A54-->805120C1 [ntoskrnl.exe]
ntoskrnl.exe+0x0003AA64, Type: Inline - RelativeJump 0x80511A64-->80511A75 [ntoskrnl.exe]
ntoskrnl.exe+0x0003ABB5, Type: Inline - RelativeJump 0x80511BB5-->805216B9 [ntoskrnl.exe]
ntoskrnl.exe+0x0003AD8B, Type: Inline - RelativeCall 0x80511D8B-->8050D065 [ntoskrnl.exe]
ntoskrnl.exe+0x0003AD98, Type: Inline - PushRet 0x80511D98-->90909090 [unknown_code_page]
ntoskrnl.exe+0x0003ADB1, Type: Inline - RelativeJump 0x80511DB1-->80506A96 [ntoskrnl.exe]
ntoskrnl.exe+0x0003ADDB, Type: Inline - RelativeJump 0x80511DDB-->80511DC0 [ntoskrnl.exe]
ntoskrnl.exe+0x0003ADE4, Type: Inline - DirectCall 0x80511DE4-->804D812C [ntoskrnl.exe]
ntoskrnl.exe+0x0003B02C, Type: Inline - RelativeJump 0x8051202C-->80512042 [ntoskrnl.exe]
ntoskrnl.exe+0x0003B088, Type: Inline - RelativeJump 0x80512088-->805120C1 [ntoskrnl.exe]
ntoskrnl.exe+0x0003B345, Type: Inline - RelativeJump 0x80512345-->805071F8 [ntoskrnl.exe]
ntoskrnl.exe+0x0003B35E, Type: Inline - RelativeJump 0x8051235E-->805071F8 [ntoskrnl.exe]
ntoskrnl.exe+0x0003B370, Type: Inline - RelativeCall 0x80512370-->80507246 [ntoskrnl.exe]
ntoskrnl.exe+0x0003B377, Type: Inline - RelativeJump 0x80512377-->80507216 [ntoskrnl.exe]
ntoskrnl.exe+0x0003B37F, Type: Inline - RelativeCall 0x8051237F-->80507246 [ntoskrnl.exe]
ntoskrnl.exe+0x0003B388, Type: Inline - RelativeJump 0x80512388-->80507216 [ntoskrnl.exe]
ntoskrnl.exe+0x0003B391, Type: Inline - RelativeJump 0x80512391-->8051239C [ntoskrnl.exe]
ntoskrnl.exe+0x0003B60F, Type: Inline - RelativeJump 0x8051260F-->80512629 [ntoskrnl.exe]
ntoskrnl.exe+0x0003B65F, Type: Inline - RelativeCall 0x8051265F-->804E73BC [ntoskrnl.exe]
ntoskrnl.exe+0x0003B665, Type: Inline - RelativeJump 0x80512665-->805064B2 [ntoskrnl.exe]
ntoskrnl.exe+0x0003B745, Type: Inline - RelativeJump 0x80512745-->80512757 [ntoskrnl.exe]
ntoskrnl.exe+0x0003B945, Type: Inline - RelativeCall 0x80512945-->804E2EDE [ntoskrnl.exe]
ntoskrnl.exe+0x0003B94A, Type: Inline - PushRet 0x8051294A-->90900008 [unknown_code_page]
ntoskrnl.exe+0x0003B992, Type: Inline - RelativeJump 0x80512992-->805129A0 [ntoskrnl.exe]
ntoskrnl.exe+0x0003BA0B, Type: Inline - RelativeCall 0x80512A0B-->804E17CF [ntoskrnl.exe]
ntoskrnl.exe+0x0003BA19, Type: Inline - RelativeJump 0x80512A19-->80512A32 [ntoskrnl.exe]
ntoskrnl.exe+0x0003BDBC, Type: Inline - RelativeJump 0x80512DBC-->804EBA20 [ntoskrnl.exe]
ntoskrnl.exe+0x0003BDCB, Type: Inline - RelativeJump 0x80512DCB-->80512DAD [ntoskrnl.exe]
ntoskrnl.exe+0x0003BF78, Type: Inline - RelativeJump 0x80512F78-->80512FD4 [ntoskrnl.exe]
ntoskrnl.exe+0x0003BFB9, Type: Inline - RelativeJump 0x80512FB9-->80512A6C [ntoskrnl.exe]
ntoskrnl.exe+0x0003BFBF, Type: Inline - RelativeJump 0x80512FBF-->8051FBCE [ntoskrnl.exe]
ntoskrnl.exe+0x0003C2EB, Type: Inline - RelativeCall 0x805132EB-->80551005 [ntoskrnl.exe]
ntoskrnl.exe+0x0003C341, Type: Inline - RelativeCall 0x80513341-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0003C347, Type: Inline - RelativeJump 0x80513347-->804FB29D [ntoskrnl.exe]
ntoskrnl.exe+0x0003C34C, Type: Inline - RelativeJump 0x8051334C-->804EE0A9 [ntoskrnl.exe]
ntoskrnl.exe+0x0003C405, Type: Inline - RelativeJump 0x80513405-->804FFA56 [ntoskrnl.exe]
ntoskrnl.exe+0x0003C40A, Type: Inline - RelativeCall 0x8051340A-->804E7FC0 [ntoskrnl.exe]
ntoskrnl.exe+0x0003C558, Type: Inline - RelativeCall 0x80513558-->804E19F8 [ntoskrnl.exe]
ntoskrnl.exe+0x0003C562, Type: Inline - RelativeJump 0x80513562-->804F2B47 [ntoskrnl.exe]
ntoskrnl.exe+0x0003C75E, Type: Inline - RelativeJump 0x8051375E-->8051376C [ntoskrnl.exe]
ntoskrnl.exe+0x0003C921, Type: Inline - RelativeCall 0x80513921-->804E7FE8 [ntoskrnl.exe]
ntoskrnl.exe+0x0003D154, Type: Inline - RelativeJump 0x80514154-->804F78CD [ntoskrnl.exe]
ntoskrnl.exe+0x0003D15F, Type: Inline - RelativeJump 0x8051415F-->8051D324 [ntoskrnl.exe]
ntoskrnl.exe+0x0003D277, Type: Inline - DirectCall 0x80514277-->804D8130 [ntoskrnl.exe]
ntoskrnl.exe+0x0003D2E8, Type: Inline - RelativeCall 0x805142E8-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x0003D36C, Type: Inline - RelativeJump 0x8051436C-->804F1D79 [ntoskrnl.exe]
ntoskrnl.exe+0x0003D377, Type: Inline - RelativeJump 0x80514377-->8051E255 [ntoskrnl.exe]
ntoskrnl.exe+0x0003D3AE, Type: Inline - RelativeJump 0x805143AE-->805143CC [ntoskrnl.exe]
ntoskrnl.exe+0x0003D7A0, Type: Inline - RelativeCall 0x805147A0-->804F2FC1 [ntoskrnl.exe]
ntoskrnl.exe+0x0003D851, Type: Inline - RelativeJump 0x80514851-->805148C8 [ntoskrnl.exe]
ntoskrnl.exe+0x0003D866, Type: Inline - RelativeJump 0x80514866-->805148DC [ntoskrnl.exe]
ntoskrnl.exe+0x0003D88A, Type: Inline - RelativeJump 0x8051488A-->8051D080 [ntoskrnl.exe]
ntoskrnl.exe+0x0003D933, Type: Inline - RelativeJump 0x80514933-->804F79E7 [ntoskrnl.exe]
ntoskrnl.exe+0x0003D938, Type: Inline - RelativeJump 0x80514938-->8051AC51 [ntoskrnl.exe]
ntoskrnl.exe+0x0003D940, Type: Inline - RelativeJump 0x80514940-->8051AC39 [ntoskrnl.exe]
ntoskrnl.exe+0x0003D94B, Type: Inline - RelativeJump 0x8051494B-->804FD54A [ntoskrnl.exe]
ntoskrnl.exe+0x0003D9C3, Type: Inline - RelativeJump 0x805149C3-->80505A6A [ntoskrnl.exe]
ntoskrnl.exe+0x0003D9C9, Type: Inline - RelativeJump 0x805149C9-->805037C6 [ntoskrnl.exe]
ntoskrnl.exe+0x0003DAE2, Type: Inline - RelativeJump 0x80514AE2-->8051B4A2 [ntoskrnl.exe]
ntoskrnl.exe+0x0003DAED, Type: Inline - RelativeJump 0x80514AED-->804F8FF8 [ntoskrnl.exe]
ntoskrnl.exe+0x0003DAF5, Type: Inline - RelativeJump 0x80514AF5-->8051EB0A [ntoskrnl.exe]
ntoskrnl.exe+0x0003DB16, Type: Inline - RelativeJump 0x80514B16-->8051ED05 [ntoskrnl.exe]
ntoskrnl.exe+0x0003DE78, Type: Inline - RelativeCall 0x80514E78-->DD527283 [unknown_code_page]
ntoskrnl.exe+0x0003DE7F, Type: Inline - PushRet 0x80514E7F-->90900004 [unknown_code_page]
ntoskrnl.exe+0x0003DF11, Type: Inline - RelativeJump 0x80514F11-->FD805F92 [unknown_code_page]
ntoskrnl.exe+0x0003E0AA, Type: Inline - RelativeJump 0x805150AA-->805150CD [ntoskrnl.exe]
ntoskrnl.exe+0x0003E21C, Type: Inline - PushRet 0x8051521C-->E8553B08 [unknown_code_page]
ntoskrnl.exe+0x0003E21F, Type: Inline - RelativeCall 0x8051521F-->CC85D534 [unknown_code_page]
ntoskrnl.exe+0x0003E225, Type: Inline - RelativeJump 0x80515225-->804F2235 [ntoskrnl.exe]
ntoskrnl.exe+0x0003E788, Type: Inline - RelativeCall 0x80515788-->804DA3A4 [ntoskrnl.exe]
ntoskrnl.exe+0x0003E800, Type: Inline - RelativeJump 0x80515800-->8051585C [ntoskrnl.exe]
ntoskrnl.exe+0x0003E90B, Type: Inline - RelativeJump 0x8051590B-->805159A0 [ntoskrnl.exe]
ntoskrnl.exe+0x0003EAE0, Type: Inline - RelativeJump 0x80515AE0-->80515B06 [ntoskrnl.exe]
ntoskrnl.exe+0x0003EAF7, Type: Inline - RelativeJump 0x80515AF7-->8051AE41 [ntoskrnl.exe]
ntoskrnl.exe+0x0003ECC4, Type: Inline - RelativeJump 0x80515CC4-->80515CD2 [ntoskrnl.exe]
ntoskrnl.exe+0x0003EF3F, Type: Inline - RelativeJump 0x80515F3F-->804F5813 [ntoskrnl.exe]
ntoskrnl.exe+0x0003EF44, Type: Inline - RelativeJump 0x80515F44-->804F57EF [ntoskrnl.exe]
ntoskrnl.exe+0x0003EF7A, Type: Inline - RelativeJump 0x80515F7A-->80515F8D [ntoskrnl.exe]
ntoskrnl.exe+0x0003EF90, Type: Inline - RelativeJump 0x80515F90-->80516353 [ntoskrnl.exe]
ntoskrnl.exe+0x0003EFF5, Type: Inline - RelativeJump 0x80515FF5-->8050322C [ntoskrnl.exe]
ntoskrnl.exe+0x0003F001, Type: Inline - RelativeJump 0x80516001-->8050322C [ntoskrnl.exe]
ntoskrnl.exe+0x0003F044, Type: Inline - RelativeJump 0x80516044-->8050243C [ntoskrnl.exe]
ntoskrnl.exe+0x0003F052, Type: Inline - RelativeCall 0x80516052-->80516167 [ntoskrnl.exe]
ntoskrnl.exe+0x0003F208, Type: Inline - RelativeJump 0x80516208-->8051622C [ntoskrnl.exe]
ntoskrnl.exe+0x0003F20D, Type: Inline - RelativeJump 0x8051620D-->8051622B [ntoskrnl.exe]
ntoskrnl.exe+0x0003F482, Type: Inline - RelativeJump 0x80516482-->80516475 [ntoskrnl.exe]
ntoskrnl.exe+0x0003F5D0, Type: Inline - DirectCall 0x805165D0-->804D8120 [ntoskrnl.exe]
ntoskrnl.exe+0x0003F7B5, Type: Inline - RelativeJump 0x805167B5-->80515DDF [ntoskrnl.exe]
ntoskrnl.exe+0x0003F7CB, Type: Inline - RelativeCall 0x805167CB-->804E9237 [ntoskrnl.exe]
ntoskrnl.exe+0x0003F8B2, Type: Inline - RelativeJump 0x805168B2-->80516A24 [ntoskrnl.exe]
ntoskrnl.exe+0x00040AD6, Type: Inline - RelativeJump 0x80517AD6-->80524003 [ntoskrnl.exe]
ntoskrnl.exe+0x00040CB2, Type: Inline - RelativeJump 0x80517CB2-->80517D15 [ntoskrnl.exe]
ntoskrnl.exe+0x00040CCB, Type: Inline - RelativeJump 0x80517CCB-->80517CE5 [ntoskrnl.exe]
ntoskrnl.exe+0x00040CD5, Type: Inline - RelativeCall 0x80517CD5-->804E81F3 [ntoskrnl.exe]
ntoskrnl.exe+0x00040CE2, Type: Inline - RelativeJump 0x80517CE2-->80517D15 [ntoskrnl.exe]
ntoskrnl.exe+0x00040D0B, Type: Inline - RelativeJump 0x80517D0B-->80517CBC [ntoskrnl.exe]
ntoskrnl.exe+0x00040DE4, Type: Inline - RelativeJump 0x80517DE4-->80517DAA [ntoskrnl.exe]
ntoskrnl.exe+0x00040F18, Type: Inline - RelativeJump 0x80517F18-->80526A98 [ntoskrnl.exe]
ntoskrnl.exe+0x00040F20, Type: Inline - DirectCall 0x80517F20-->804D8124 [ntoskrnl.exe]
ntoskrnl.exe+0x00040F29, Type: Inline - RelativeCall 0x80517F29-->805511E6 [ntoskrnl.exe]
ntoskrnl.exe+0x00040FC2, Type: Inline - RelativeJump 0x80517FC2-->80517FF7 [ntoskrnl.exe]
ntoskrnl.exe+0x000410CD, Type: Inline - RelativeJump 0x805180CD-->805180E3 [ntoskrnl.exe]
ntoskrnl.exe+0x00041196, Type: Inline - RelativeJump 0x80518196-->805181BA [ntoskrnl.exe]
ntoskrnl.exe+0x000412C8, Type: Inline - RelativeJump 0x805182C8-->804E1615 [ntoskrnl.exe]
ntoskrnl.exe+0x000413BE, Type: Inline - RelativeJump 0x805183BE-->805226DA [ntoskrnl.exe]
ntoskrnl.exe+0x000416FD, Type: Inline - DirectCall 0x805186FD-->804D802C [ntoskrnl.exe]
ntoskrnl.exe+0x000418B9, Type: Inline - RelativeJump 0x805188B9-->804E5C5C [ntoskrnl.exe]
ntoskrnl.exe+0x000418BE, Type: Inline - DirectCall 0x805188BE-->804D8088 [ntoskrnl.exe]
ntoskrnl.exe+0x00041F58, Type: Inline - DirectJump 0x80518F58-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x0004207D, Type: Inline - RelativeJump 0x8051907D-->8050A7BA [ntoskrnl.exe]
ntoskrnl.exe+0x000420A0, Type: Inline - RelativeJump 0x805190A0-->805190AE [ntoskrnl.exe]
ntoskrnl.exe+0x00042116, Type: Inline - RelativeJump 0x80519116-->8050227D [ntoskrnl.exe]
ntoskrnl.exe+0x000421B0, Type: Inline - RelativeJump 0x805191B0-->8051506F [ntoskrnl.exe]
ntoskrnl.exe+0x000421B7, Type: Inline - RelativeJump 0x805191B7-->80515042 [ntoskrnl.exe]
ntoskrnl.exe+0x00042205, Type: Inline - RelativeJump 0x80519205-->80519223 [ntoskrnl.exe]
ntoskrnl.exe+0x00042209, Type: Inline - RelativeJump 0x80519209-->804FAA50 [ntoskrnl.exe]
ntoskrnl.exe+0x000422EF, Type: Inline - RelativeJump 0x805192EF-->8051934B [ntoskrnl.exe]
ntoskrnl.exe+0x00042432, Type: Inline - RelativeJump 0x80519432-->80519444 [ntoskrnl.exe]
ntoskrnl.exe+0x00042461, Type: Inline - RelativeJump 0x80519461-->8051EE76 [ntoskrnl.exe]
ntoskrnl.exe+0x00042471, Type: Inline - RelativeJump 0x80519471-->805033E7 [ntoskrnl.exe]
ntoskrnl.exe+0x000424C8, Type: Inline - RelativeJump 0x805194C8-->804F0732 [ntoskrnl.exe]
ntoskrnl.exe+0x0004252D, Type: Inline - PushRet 0x8051952D-->90900004 [unknown_code_page]
ntoskrnl.exe+0x0004294C, Type: Inline - RelativeJump 0x8051994C-->805199A7 [ntoskrnl.exe]
ntoskrnl.exe+0x00042AA8, Type: Inline - RelativeJump 0x80519AA8-->80519ABE [ntoskrnl.exe]
ntoskrnl.exe+0x00042AAF, Type: Inline - RelativeCall 0x80519AAF-->804E96F9 [ntoskrnl.exe]
ntoskrnl.exe+0x00042ABD, Type: Inline - RelativeJump 0x80519ABD-->804F11B8 [ntoskrnl.exe]
ntoskrnl.exe+0x00042AC4, Type: Inline - RelativeJump 0x80519AC4-->80519B01 [ntoskrnl.exe]
ntoskrnl.exe+0x00042AF0, Type: Inline - RelativeJump 0x80519AF0-->80519AC8 [ntoskrnl.exe]
ntoskrnl.exe+0x00042C35, Type: Inline - RelativeJump 0x80519C35-->80519C6A [ntoskrnl.exe]
ntoskrnl.exe+0x00042DB4, Type: Inline - RelativeJump 0x80519DB4-->80519DE7 [ntoskrnl.exe]
ntoskrnl.exe+0x00042DD5, Type: Inline - RelativeJump 0x80519DD5-->8051A0A3 [ntoskrnl.exe]
ntoskrnl.exe+0x00042DDE, Type: Inline - RelativeJump 0x80519DDE-->80519DBB [ntoskrnl.exe]
ntoskrnl.exe+0x00042DEE, Type: Inline - RelativeJump 0x80519DEE-->80519E04 [ntoskrnl.exe]
ntoskrnl.exe+0x00043071, Type: Inline - RelativeCall 0x8051A071-->804E9865 [ntoskrnl.exe]
ntoskrnl.exe+0x00043078, Type: Inline - DirectCall 0x8051A078-->804D8130 [ntoskrnl.exe]
ntoskrnl.exe+0x000430F8, Type: Inline - RelativeJump 0x8051A0F8-->8051A013 [ntoskrnl.exe]
ntoskrnl.exe+0x000430FD, Type: Inline - RelativeJump 0x8051A0FD-->8051A0DB [ntoskrnl.exe]
ntoskrnl.exe+0x00043296, Type: Inline - RelativeJump 0x8051A296-->8051A2A8 [ntoskrnl.exe]
ntoskrnl.exe+0x000432A9, Type: Inline - RelativeJump 0x8051A2A9-->8051A2A1 [ntoskrnl.exe]
ntoskrnl.exe+0x00043427, Type: Inline - RelativeJump 0x8051A427-->8052B8FA [ntoskrnl.exe]
ntoskrnl.exe+0x00043576, Type: Inline - RelativeJump 0x8051A576-->804ECD75 [ntoskrnl.exe]
ntoskrnl.exe+0x00043B31, Type: Inline - RelativeJump 0x8051AB31-->8051AB3C [ntoskrnl.exe]
ntoskrnl.exe+0x00043B9C, Type: Inline - RelativeJump 0x8051AB9C-->8051ABC3 [ntoskrnl.exe]
ntoskrnl.exe+0x00043C6B, Type: Inline - RelativeJump 0x8051AC6B-->80516ACE [ntoskrnl.exe]
ntoskrnl.exe+0x00043ECC, Type: Inline - RelativeJump 0x8051AECC-->8051AEDA [ntoskrnl.exe]
ntoskrnl.exe+0x00043FC2, Type: Inline - PushRet 0x8051AFC2-->8AFFFBEC [unknown_code_page]
ntoskrnl.exe+0x000442E7, Type: Inline - RelativeJump 0x8051B2E7-->80514B69 [ntoskrnl.exe]
ntoskrnl.exe+0x0004430A, Type: Inline - RelativeCall 0x8051B30A-->804E2468 [ntoskrnl.exe]
ntoskrnl.exe+0x00044313, Type: Inline - RelativeJump 0x8051B313-->80517918 [ntoskrnl.exe]
ntoskrnl.exe+0x00044388, Type: Inline - RelativeJump 0x8051B388-->8051790B [ntoskrnl.exe]
ntoskrnl.exe+0x00044473, Type: Inline - RelativeJump 0x8051B473-->804F7E83 [ntoskrnl.exe]
ntoskrnl.exe+0x0004447C, Type: Inline - RelativeJump 0x8051B47C-->80516732 [ntoskrnl.exe]
ntoskrnl.exe+0x00044481, Type: Inline - RelativeJump 0x8051B481-->8051678C [ntoskrnl.exe]
ntoskrnl.exe+0x00044629, Type: Inline - RelativeJump 0x8051B629-->8051B633 [ntoskrnl.exe]
ntoskrnl.exe+0x000446F4, Type: Inline - RelativeCall 0x8051B6F4-->804DC400 [ntoskrnl.exe]
ntoskrnl.exe+0x00044776, Type: Inline - RelativeJump 0x8051B776-->8051B5A2 [ntoskrnl.exe]
ntoskrnl.exe+0x00044A17, Type: Inline - RelativeCall 0x8051BA17-->804E2554 [ntoskrnl.exe]
ntoskrnl.exe+0x00044ADC, Type: Inline - RelativeJump 0x8051BADC-->8051A9A1 [ntoskrnl.exe]
ntoskrnl.exe+0x00044B05, Type: Inline - RelativeCall 0x8051BB05-->804E73BC [ntoskrnl.exe]
ntoskrnl.exe+0x00044BBC, Type: Inline - RelativeJump 0x8051BBBC-->804F4698 [ntoskrnl.exe]
ntoskrnl.exe+0x00044C24, Type: Inline - RelativeJump 0x8051BC24-->804E23A2 [ntoskrnl.exe]
ntoskrnl.exe+0x00044CF1, Type: Inline - RelativeCall 0x8051BCF1-->804F5B30 [ntoskrnl.exe]
ntoskrnl.exe+0x00044CFD, Type: Inline - RelativeJump 0x8051BCFD-->8051E317 [ntoskrnl.exe]
ntoskrnl.exe+0x00044DC5, Type: Inline - RelativeJump 0x8051BDC5-->8051BDD7 [ntoskrnl.exe]
ntoskrnl.exe+0x00044DCD, Type: Inline - PushRet 0x8051BDCD-->EB41000C [unknown_code_page]
ntoskrnl.exe+0x00044DD4, Type: Inline - RelativeJump 0x8051BDD4-->8051BDBA [ntoskrnl.exe]
ntoskrnl.exe+0x00044F9A, Type: Inline - RelativeJump 0x8051BF9A-->80526379 [ntoskrnl.exe]
ntoskrnl.exe+0x00044FAF, Type: Inline - RelativeJump 0x8051BFAF-->8055A09B [ntoskrnl.exe]
ntoskrnl.exe+0x00044FC6, Type: Inline - RelativeJump 0x8051BFC6-->8051C06D [ntoskrnl.exe]
ntoskrnl.exe+0x00045065, Type: Inline - RelativeJump 0x8051C065-->8051BE47 [ntoskrnl.exe]
ntoskrnl.exe+0x0004506D, Type: Inline - RelativeJump 0x8051C06D-->8051BFE8 [ntoskrnl.exe]
ntoskrnl.exe+0x0004507D, Type: Inline - RelativeJump 0x8051C07D-->8051C08F [ntoskrnl.exe]
ntoskrnl.exe+0x0004513A, Type: Inline - DirectCall 0x8051C13A-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x00045144, Type: Inline - RelativeCall 0x8051C144-->804E2427 [ntoskrnl.exe]
ntoskrnl.exe+0x000451B6, Type: Inline - DirectCall 0x8051C1B6-->FFFFFFFF [unknown_code_page]
ntoskrnl.exe+0x000452FE, Type: Inline - RelativeJump 0x8051C2FE-->8051C330 [ntoskrnl.exe]
ntoskrnl.exe+0x0004532E, Type: Inline - RelativeJump 0x8051C32E-->805259EE [ntoskrnl.exe]
ntoskrnl.exe+0x0004543A, Type: Inline - RelativeJump 0x8051C43A-->8051C44D [ntoskrnl.exe]
ntoskrnl.exe+0x00045512, Type: Inline - RelativeCall 0x8051C512-->804E17CF [ntoskrnl.exe]
ntoskrnl.exe+0x0004551C, Type: Inline - RelativeJump 0x8051C51C-->8051541B [ntoskrnl.exe]
ntoskrnl.exe+0x00045529, Type: Inline - RelativeJump 0x8051C529-->80521B5E [ntoskrnl.exe]
ntoskrnl.exe+0x0004552E, Type: Inline - RelativeJump 0x8051C52E-->804E1B34 [ntoskrnl.exe]
ntoskrnl.exe+0x0004553D, Type: Inline - RelativeJump 0x8051C53D-->805169F0 [ntoskrnl.exe]
ntoskrnl.exe+0x00045549, Type: Inline - RelativeJump 0x8051C549-->8051660A [ntoskrnl.exe]
ntoskrnl.exe+0x0004554E, Type: Inline - RelativeJump 0x8051C54E-->8051ABBC [ntoskrnl.exe]
ntoskrnl.exe+0x0004589C, Type: Inline - RelativeJump 0x8051C89C-->804FAA10 [ntoskrnl.exe]
ntoskrnl.exe+0x000458AB, Type: Inline - RelativeJump 0x8051C8AB-->80524F02 [ntoskrnl.exe]
ntoskrnl.exe+0x00045959, Type: Inline - RelativeJump 0x8051C959-->8051C97D [ntoskrnl.exe]
ntoskrnl.exe+0x0004596D, Type: Inline - RelativeJump 0x8051C96D-->8051C97B [ntoskrnl.exe]
ntoskrnl.exe+0x00045A1B, Type: Inline - RelativeJump 0x8051CA1B-->8051CA2E [ntoskrnl.exe]
ntoskrnl.exe+0x00045A24, Type: Inline - RelativeJump 0x8051CA24-->8051CA07 [ntoskrnl.exe]
ntoskrnl.exe+0x00045B62, Type: Inline - RelativeJump 0x8051CB62-->8051CB57 [ntoskrnl.exe]
ntoskrnl.exe+0x00045B76, Type: Inline - RelativeCall 0x8051CB76-->8051CBDF [ntoskrnl.exe]
ntoskrnl.exe+0x00045B7F, Type: Inline - RelativeCall 0x8051CB7F-->8051CC25 [ntoskrnl.exe]
ntoskrnl.exe+0x00045C8A, Type: Inline - RelativeJump 0x8051CC8A-->8051CC47 [ntoskrnl.exe]
ntoskrnl.exe+0x00045E75, Type: Inline - PushRet 0x8051CE75-->FF7085C6 [unknown_code_page]
ntoskrnl.exe+0x00045FD9, Type: Inline - RelativeJump 0x8051CFD9-->8051CFFC [ntoskrnl.exe]
ntoskrnl.exe+0x00046018, Type: Inline - RelativeJump 0x8051D018-->8051B2A0 [ntoskrnl.exe]
ntoskrnl.exe+0x00046023, Type: Inline - RelativeJump 0x8051D023-->8051B2A0 [ntoskrnl.exe]
ntoskrnl.exe+0x00046101, Type: Inline - RelativeJump 0x8051D101-->8051D11C [ntoskrnl.exe]
ntoskrnl.exe+0x00046243, Type: Inline - RelativeJump 0x8051D243-->805154AF [ntoskrnl.exe]
ntoskrnl.exe+0x0004631F, Type: Inline - RelativeJump 0x8051D31F-->80514146 [ntoskrnl.exe]
ntoskrnl.exe+0x000463F4, Type: Inline - RelativeJump 0x8051D3F4-->8051D402 [ntoskrnl.exe]
ntoskrnl.exe+0x000466F3, Type: Inline - RelativeCall 0x8051D6F3-->804E31CC [ntoskrnl.exe]
ntoskrnl.exe+0x000466FB, Type: Inline - RelativeJump 0x8051D6FB-->804F858D [ntoskrnl.exe]
ntoskrnl.exe+0x00046732, Type: Inline - RelativeJump 0x8051D732-->8051D741 [ntoskrnl.exe]
ntoskrnl.exe+0x00046881, Type: Inline - RelativeJump 0x8051D881-->8051D863 [ntoskrnl.exe]
ntoskrnl.exe+0x0004699A, Type: Inline - RelativeJump 0x8051D99A-->804EEB50 [ntoskrnl.exe]
ntoskrnl.exe+0x00046A0D, Type: Inline - RelativeJump 0x8051DA0D-->8051DA34 [ntoskrnl.exe]