Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect malware. Logs included.


  • This topic is locked This topic is locked
3 replies to this topic

#1 Lillith

Lillith

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 15 August 2010 - 03:49 PM

So it seems as though I have some google redirect malware on my computer. I have Norton Anti-Virus and it was alerting me to a Trojan which I have been able to remove. I ran Kaspersky TDDSKiller but it did not pick up anything. Here I uploaded the logs from GMER


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-15 16:22:15
Windows 5.1.2600 Service Pack 3
Running: rnsw607o.exe; Driver: C:\DOCUME~1\LISAME~1\LOCALS~1\Temp\uxtdypog.sys


---- System - GMER 1.0.15 ----

SSDT 85F2A850 ZwAlertResumeThread
SSDT 85F2A930 ZwAlertThread
SSDT 85E38940 ZwAllocateVirtualMemory
SSDT 85E43008 ZwAssignProcessToJobObject
SSDT 85F0B998 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xEEC0A210]
SSDT 85F441D0 ZwCreateMutant
SSDT 85E43058 ZwCreateSymbolicLinkObject
SSDT 85E4A790 ZwCreateThread
SSDT 85EB0120 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xEEC0A490]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xEEC0A9F0]
SSDT 85E38CB0 ZwDuplicateObject
SSDT 85E9D750 ZwFreeVirtualMemory
SSDT 85F21878 ZwImpersonateAnonymousToken
SSDT 85F21958 ZwImpersonateThread
SSDT 85EE93E8 ZwLoadDriver
SSDT 85EAF7F0 ZwMapViewOfSection
SSDT 85F44110 ZwOpenEvent
SSDT 85F28900 ZwOpenProcess
SSDT 85E38A10 ZwOpenProcessToken
SSDT 85EB1138 ZwOpenSection
SSDT 85E38DA0 ZwOpenThread
SSDT 85E43148 ZwProtectVirtualMemory
SSDT 85E3DE30 ZwResumeThread
SSDT 85E46BB0 ZwSetContextThread
SSDT 85E46C90 ZwSetInformationProcess
SSDT 85EB01E0 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xEEC0AC40]
SSDT 85EB1008 ZwSuspendProcess
SSDT 85E3DF10 ZwSuspendThread
SSDT 86030C70 ZwTerminateProcess
SSDT 85E3DFD0 ZwTerminateThread
SSDT 85EAF730 ZwUnmapViewOfSection
SSDT 85E9D840 ZwWriteVirtualMemory
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAcceptConnectPort [0x805891F1]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheck [0x805792D1]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckAndAuditAlarm [0x8058C5E8]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByType [0x8058A52C]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeAndAuditAlarm [0x80590AA6]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeResultList [0x806383F2]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeResultListAndAuditAlarm [0x8063A583]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeResultListAndAuditAlarmByHandle [0x8063A5CC]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAddAtom [0x8057A8C4]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAddBootEntry [0x80649391]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAdjustGroupsToken [0x80637BAD]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAdjustPrivilegesToken [0x805900C4]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateLocallyUniqueId [0x80591876]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateUserPhysicalPages [0x80626C4D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateUuids [0x805DD479]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAreMappedFilesTheSame [0x805D9817]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCallbackReturn [0x804E2CC4]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCancelDeviceWakeupRequest [0x8062C4AE]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCancelIoFile [0x805C9BB6]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCancelTimer [0x804ECFBC]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwClearEvent [0x80569676]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwClose [0x805678CD]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCloseObjectAuditAlarm [0x80590532]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCompactKeys [0x8064EC88]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCompareTokens [0x8058BA4E]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCompleteConnectPort [0x80589F39]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCompressKey [0x8064EEF5]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwContinue [0x804E2006]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateDebugObject [0x8065A3C6]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateDirectoryObject [0x805A2905]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateEvent [0x8056D752]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateEventPair [0x80649484]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateFile [0x8056CF98]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateIoCompletion [0x8058A785]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateJobObject [0x805AB234]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateJobSet [0x8063019F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateMailslotFile [0x805D9708]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateNamedPipeFile [0x8058412B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreatePagingFile [0x805BBE63]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreatePort [0x80597609]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateProcess [0x805B14AC]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateProcessEx [0x8057FE4C]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateProfile [0x80649ABB]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateSection [0x805652B3]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateSemaphore [0x80572620]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateTimer [0x8059E63D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateToken [0x805A8BDA]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateWaitablePort [0x805DB1D4]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDebugContinue [0x8065B69B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDelayExecution [0x80566410]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteAtom [0x8058C4E9]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteFile [0x805D80BB]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteObjectAuditAlarm [0x8063A627]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDeviceIoControlFile [0x805883AA]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDisplayString [0x805BF031]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDuplicateToken [0x8057D1CB]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateKey [0x80570F41]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateSystemEnvironmentValuesEx [0x80648E1F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateValueKey [0x80589A67]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwExtendSection [0x80625A74]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFilterToken [0x805B0C90]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFindAtom [0x8058BCDE]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFlushBuffersFile [0x8058CB4D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFlushInstructionCache [0x80577873]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFlushKey [0x805DC640]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFlushVirtualMemory [0x8059AD24]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFlushWriteBuffer [0x806274AF]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFreeUserPhysicalPages [0x80627002]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFsControlFile [0x8057AC95]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwGetContextThread [0x805E04D3]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwGetDevicePowerState [0x8062C4DB]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwGetPlugPlayEvent [0x8059FE35]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwGetWriteWatch [0x8053B775]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwImpersonateClientOfPort [0x8058B4BA]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwInitializeRegistry [0x805A80E6]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwInitiatePowerAction [0x8062C293]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwIsProcessInJob [0x80630053]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwIsSystemResumeAutomatic [0x8062C4C1]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwListenPort [0x805AA775]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwLoadKey [0x805AEE7B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwLoadKey2 [0x805AECB8]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwLockFile [0x8058E224]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwLockProductActivationKeys [0x805B0E60]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwLockRegistryKey [0x805D0F87]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwLockVirtualMemory [0x805B02E2]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwMakePermanentObject [0x8059F9C2]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwMakeTemporaryObject [0x8059F93F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwMapUserPhysicalPages [0x80626139]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwMapUserPhysicalPagesScatter [0x8062660D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwNotifyChangeDirectoryFile [0x8059112F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwNotifyChangeKey [0x8058EA94]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwNotifyChangeMultipleKeys [0x8058EB5D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenDirectoryObject [0x80589E32]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenEventPair [0x80649577]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenFile [0x8056CF33]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenIoCompletion [0x80616ADF]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenJobObject [0x806303F7]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenKey [0x80568D48]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenMutant [0x805782C5]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenObjectAuditAlarm [0x80595401]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenProcessTokenEx [0x8056E2C6]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenSemaphore [0x8059F042]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenSymbolicLinkObject [0x80589CFE]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenThreadToken [0x8056DB6A]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenThreadTokenEx [0x8056DADB]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenTimer [0x806493AD]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwPlugPlayControl [0x805DB394]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwPowerInformation [0x8059CA1E]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwPrivilegeCheck [0x805DDA4E]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwPrivilegeObjectAuditAlarm [0x805DD2E8]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwPrivilegedServiceAuditAlarm [0x805AA8B8]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwPulseEvent [0x805DB12C]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryAttributesFile [0x80574692]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDebugFilterState [0x804F7E5D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDefaultLocale [0x80566B82]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDefaultUILanguage [0x8057EC87]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDirectoryFile [0x805722F6]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDirectoryObject [0x8058458D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryEaFile [0x80616D2C]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryEvent [0x80589EAF]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryFullAttributesFile [0x8057C9FA]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationAtom [0x805D7798]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationFile [0x80572E4F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationJobObject [0x80580A8D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationPort [0x80623543]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationProcess [0x8056DD08]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationThread [0x8056BC5D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationToken [0x8056E837]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInstallUILanguage [0x8057E00B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryIntervalProfile [0x80649F6B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryIoCompletion [0x80616BA0]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryKey [0x80570C4A]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryMultipleValueKey [0x8064E66B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryMutant [0x806498F0]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryObject [0x8057F694]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryOpenSubKeys [0x8064E875]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryPerformanceCounter [0x80567338]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryQuotaInformationFile [0x806175F3]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySection [0x8057D6B6]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySecurityObject [0x805DD8EE]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySemaphore [0x806486EB]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySymbolicLinkObject [0x80589B6F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySystemEnvironmentValue [0x80648E47]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySystemEnvironmentValueEx [0x80648E0C]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySystemInformation [0x8057BE20]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySystemTime [0x8058A5B6]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryTimer [0x805873F2]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryTimerResolution [0x805841F3]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryValueKey [0x8056A1F9]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryVirtualMemory [0x8056E3C4]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryVolumeInformationFile [0x8056D1DB]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueueApcThread [0x8058A487]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRaiseException [0x804E204E]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRaiseHardError [0x80648427]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReadFile [0x805742F7]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReadFileScatter [0x805DA8DF]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReadRequestData [0x8058B7FF]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReadVirtualMemory [0x8057E4B8]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRegisterThreadTerminatePort [0x80588189]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReleaseMutant [0x8056647B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReleaseSemaphore [0x8058BFFA]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRemoveIoCompletion [0x80566F99]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRemoveProcessDebug [0x8065B616]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRenameKey [0x8064EAEA]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReplaceKey [0x8064F446]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReplyPort [0x8057CEC4]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReplyWaitReceivePort [0x8056BA04]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReplyWaitReceivePortEx [0x8056B51C]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReplyWaitReplyPort [0x80623622]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRequestDeviceWakeup [0x8062C43B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRequestPort [0x805DD6A4]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRequestWaitReplyPort [0x80576EC6]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRequestWakeupLatency [0x8062C234]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwResetEvent [0x8059EC05]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwResetWriteWatch [0x8053BC0A]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRestoreKey [0x8064EFDD]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwResumeProcess [0x8062FC94]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSaveKey [0x8064F0DE]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSaveKeyEx [0x8064F1C9]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSaveMergedKeys [0x8064F2F6]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSecureConnectPort [0x805888DA]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetDebugFilterState [0x8065D15E]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetDefaultHardErrorPort [0x805D5707]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetDefaultLocale [0x805AE977]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetDefaultUILanguage [0x805AE91E]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetEaFile [0x8061727B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetEvent [0x805696C5]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetEventBoostPriority [0x80575B6E]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetHighEventPair [0x80649877]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetHighWaitLowEventPair [0x80649797]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationDebugObject [0x8065AFB7]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationFile [0x80574B2A]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationJobObject [0x805AB388]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationKey [0x8064E1CE]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationObject [0x8057DF3D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationThread [0x80575756]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationToken [0x805A8772]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetIntervalProfile [0x80649A97]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetIoCompletion [0x8056BEF1]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetLdtEntries [0x8062ED77]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetLowEventPair [0x8064980B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetLowWaitHighEventPair [0x80649723]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetQuotaInformationFile [0x806175C9]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetSecurityObject [0x8059B1F3]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemEnvironmentValue [0x806490E4]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemPowerState [0x80667A0B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemTime [0x80647D6F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetThreadExecutionState [0x805E0242]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetTimer [0x804E57AB]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetTimerResolution [0x805E08C8]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetUuidSeed [0x805AAA9F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetVolumeInformationFile [0x80617B0F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwShutdownSystem [0x806474BB]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSignalAndWaitForSingleObject [0x80517381]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwStartProfile [0x80649D02]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwStopProfile [0x80649EBB]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSystemDebugControl [0x8064A01B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwTerminateJobObject [0x8063056D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwTestAlert [0x80587B96]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwTraceEvent [0x80545B28]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwTranslateFilePath [0x80648E33]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwUnloadDriver [0x80619F32]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwUnloadKey [0x8064DD32]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwUnloadKeyEx [0x8064DF63]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwUnlockFile [0x8058E384]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwUnlockVirtualMemory [0x80627525]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwVdmControl [0x805B7B07]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForDebugEvent [0x8065AD00]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForMultipleObjects [0x805666C6]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForSingleObject [0x8056617C]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWaitHighEventPair [0x806496B7]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWaitLowEventPair [0x8064964B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWriteFile [0x80574DD5]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWriteFileGather [0x805DA515]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWriteRequestData [0x8058B9EC]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwYieldExecution [0x804F0EB6]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateKeyedEvent [0x805CBE3D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenKeyedEvent [0x80581818]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReleaseKeyedEvent [0x8064A48F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForKeyedEvent [0x8064A72A]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryPortInformationProcess [0x8062D835]

INT 0x00 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DF350
INT 0x01 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DF4CB
INT 0x03 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DF89D
INT 0x04 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DFA20
INT 0x05 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DFB81
INT 0x06 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DFD02
INT 0x07 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E036A
INT 0x09 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E078F
INT 0x0A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E08AC
INT 0x0B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E09E9
INT 0x0C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E0C42
INT 0x0D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E0F38
INT 0x0E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E1662
INT 0x0F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E198F
INT 0x10 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E1AAC
INT 0x11 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E1BE2
INT 0x12 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E198F
INT 0x13 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E1D48
INT 0x14 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E198F
INT 0x15 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E198F
INT 0x16 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E198F
INT 0x17 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E198F
INT 0x18 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E198F
INT 0x19 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E198F
INT 0x1A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E198F
INT 0x1B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E198F
INT 0x1C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E198F
INT 0x1D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E198F
INT 0x1E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E198F
INT 0x1F \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806EFFD0
INT 0x2A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DEB92
INT 0x2B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DEC95
INT 0x2C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DEE34
INT 0x2D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DF77C
INT 0x2E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE631
INT 0x2F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E198F
INT 0x30 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDCF0
INT 0x31 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDCFA
INT 0x32 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDD04
INT 0x33 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDD0E
INT 0x34 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDD18
INT 0x35 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDD22
INT 0x36 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDD2C
INT 0x37 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806EF728
INT 0x38 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDD40
INT 0x39 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDD4A
INT 0x3A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDD54
INT 0x3B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDD5E
INT 0x3C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDD68
INT 0x3D \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806F0B70
INT 0x3E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDD7C
INT 0x3F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDD86
INT 0x40 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDD90
INT 0x41 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806F09CC
INT 0x42 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDDA4
INT 0x43 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDDAE
INT 0x44 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDDB8
INT 0x45 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDDC2
INT 0x46 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDDCC
INT 0x47 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDDD6
INT 0x48 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDDE0
INT 0x49 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDDEA
INT 0x4A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDDF4
INT 0x4B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDDFE
INT 0x4C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDE08
INT 0x4D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDE12
INT 0x4E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDE1C
INT 0x4F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDE26
INT 0x50 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806EF800
INT 0x51 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDE3A
INT 0x52 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDE44
INT 0x53 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDE4E
INT 0x54 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDE58
INT 0x55 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDE62
INT 0x56 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDE6C
INT 0x57 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDE76
INT 0x58 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDE80
INT 0x59 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDE8A
INT 0x5A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDE94
INT 0x5B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDE9E
INT 0x5C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDEA8
INT 0x5D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDEB2
INT 0x5E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDEBC
INT 0x5F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDEC6
INT 0x60 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDED0
INT 0x61 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDEDA
INT 0x62 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) F74C867E
INT 0x63 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS (Video Port Driver/Microsoft Corporation) F718ACB8
INT 0x63 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) F717FE54
INT 0x63 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) F717FE54
INT 0x63 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS (Video Port Driver/Microsoft Corporation) F718ACB8
INT 0x64 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDEF8
INT 0x65 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDF02
INT 0x66 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDF0C
INT 0x67 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDF16
INT 0x68 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDF20
INT 0x69 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDF2A
INT 0x6A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDF34
INT 0x6B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDF3E
INT 0x6C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDF48
INT 0x6D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDF52
INT 0x6E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDF5C
INT 0x6F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDF66
INT 0x70 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDF70
INT 0x71 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDF7A
INT 0x72 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDF84
INT 0x73 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDF8E
INT 0x74 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDF98
INT 0x75 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDFA2
INT 0x76 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDFAC
INT 0x77 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDFB6
INT 0x78 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDFC0
INT 0x79 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDFCA
INT 0x7A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDFD4
INT 0x7B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDFDE
INT 0x7C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDFE8
INT 0x7D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDFF2
INT 0x7E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDFFC
INT 0x7F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE006
INT 0x80 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE010
INT 0x81 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE01A
INT 0x82 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) F74C867E
INT 0x83 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) F74C867E
INT 0x83 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) F74C867E
INT 0x83 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) F717FE54
INT 0x83 \SystemRoot\system32\drivers\portcls.sys (Port Class (Class Driver for Port/Miniport Devices)/Microsoft Corporation) F70FC954
INT 0x83 \SystemRoot\system32\drivers\portcls.sys (Port Class (Class Driver for Port/Miniport Devices)/Microsoft Corporation) F70FC954
INT 0x83 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) F74C867E
INT 0x84 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE038
INT 0x85 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE042
INT 0x86 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE04C
INT 0x87 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE056
INT 0x88 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE060
INT 0x89 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE06A
INT 0x8A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE074
INT 0x8B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE07E
INT 0x8C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE088
INT 0x8D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE092
INT 0x8E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE09C
INT 0x8F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE0A6
INT 0x90 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE0B0
INT 0x91 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE0BA
INT 0x92 \SystemRoot\system32\DRIVERS\serial.sys (Serial Device Driver/Microsoft Corporation) F76669C0
INT 0x93 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE0CE
INT 0x94 NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation) F7355E10
INT 0x95 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE0E2
INT 0x96 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE0EC
INT 0x97 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE0F6
INT 0x98 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE100
INT 0x99 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE10A
INT 0x9A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE114
INT 0x9B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE11E
INT 0x9C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE128
INT 0x9D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE132
INT 0x9E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE13C
INT 0x9F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE146
INT 0xA0 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE150
INT 0xA1 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE15A
INT 0xA2 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE164
INT 0xA3 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE16E
INT 0xA4 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) F717FE54
INT 0xA5 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE182
INT 0xA6 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE18C
INT 0xA7 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE196
INT 0xA8 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE1A0
INT 0xA9 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE1AA
INT 0xAA \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE1B4
INT 0xAB \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE1BE
INT 0xAC \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE1C8
INT 0xAD \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE1D2
INT 0xAE \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE1DC
INT 0xAF \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE1E6
INT 0xB0 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE1F0
INT 0xB1 ACPI.sys (ACPI Driver for NT/Microsoft Corporation) F759231E
INT 0xB2 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE204
INT 0xB3 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE20E
INT 0xB4 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) F717FE54
INT 0xB5 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE222
INT 0xB6 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE22C
INT 0xB7 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE236
INT 0xB8 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE240
INT 0xB9 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE24A
INT 0xBA \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE254
INT 0xBB \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE25E
INT 0xBC \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE268
INT 0xBD \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE272
INT 0xBE \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE27C
INT 0xBF \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE286
INT 0xC0 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE290
INT 0xC1 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806EF984
INT 0xC2 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE2A4
INT 0xC3 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE2AE
INT 0xC4 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE2B8
INT 0xC5 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE2C2
INT 0xC6 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE2CC
INT 0xC7 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE2D6
INT 0xC8 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE2E0
INT 0xC9 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE2EA
INT 0xCA \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE2F4
INT 0xCB \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE2FE
INT 0xCC \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE308
INT 0xCD \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE312
INT 0xCE \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE31C
INT 0xCF \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE326
INT 0xD0 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE330
INT 0xD1 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806EED34
INT 0xD2 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE344
INT 0xD3 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE34E
INT 0xD4 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE358
INT 0xD5 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE362
INT 0xD6 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE36C
INT 0xD7 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE376
INT 0xD8 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE380
INT 0xD9 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE38A
INT 0xDA \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE394
INT 0xDB \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE39E
INT 0xDC \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE3A8
INT 0xDD \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE3B2
INT 0xDE \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE3BC
INT 0xDF \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE3C6
INT 0xE0 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE3D0
INT 0xE1 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806EFF0C
INT 0xE2 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE3E4
INT 0xE3 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806EFC70
INT 0xE4 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE3F8
INT 0xE5 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE402
INT 0xE6 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE40C
INT 0xE7 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE416
INT 0xE8 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE420
INT 0xE9 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE42A
INT 0xEA \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE434
INT 0xEB \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE43E
INT 0xEC \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE448
INT 0xED \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE452
INT 0xEE \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE459
INT 0xEF \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE460
INT 0xF0 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE467
INT 0xF1 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE46E
INT 0xF2 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE475
INT 0xF3 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE47C
INT 0xF4 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE483
INT 0xF5 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE48A
INT 0xF6 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE491
INT 0xF7 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE498
INT 0xF8 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE49F
INT 0xF9 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE4A6
INT 0xFA \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE4AD
INT 0xFB \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE4B4
INT 0xFC \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE4BB
INT 0xFD \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806F0464
INT 0xFE \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806F0604
INT 0xFF \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE4D0

SYSENTER \WINDOWS\system32\ntoskrnl.exe 804DE6F0

---- EOF - GMER 1.0.15 ----

Edited by Lillith, 15 August 2010 - 03:53 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:09 AM

Posted 21 August 2010 - 06:19 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.
  1. Do not run any other tool untill instructed to do so!
  2. Please Do not Attach logs or put in code boxes.
  3. Tell me about any problems that have occurred during the fix.
  4. Tell me of any other symptoms you may be having as these can help also.
  5. Do not run anything while running a fix.
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:
    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.
Download DDS:
    Please download DDS by sUBs from one of the links below and save it to your desktop:


    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply
Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


MBRCheck

Please also download MBRCheck to your desktop
  • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • a report called MBRcheck will be on your desktop
  • open this report
  • Right click on the screen and select > Select All
  • Press Control+C
  • now please copy that report to this thread
information and logs:
    In your next post I need the following
      1.logs from DDS
      2.log from RKUnHooker
      3. report from MBRchecker
      4.let me know of any problems you may have had
Gringo



Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.
  1. Do not run any other tool untill instructed to do so!
  2. Please Do not Attach logs or put in code boxes.
  3. Tell me about any problems that have occurred during the fix.
  4. Tell me of any other symptoms you may be having as these can help also.
  5. Do not run anything while running a fix.
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:
    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.
Download DDS:
    Please download DDS by sUBs from one of the links below and save it to your desktop:


    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply
Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


MBRCheck

Please also download MBRCheck to your desktop
  • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • a report called MBRcheck will be on your desktop
  • open this report
  • Right click on the screen and select > Select All
  • Press Control+C
  • now please copy that report to this thread
information and logs:
    In your next post I need the following
      1.logs from DDS
      2.log from RKUnHooker
      3. report from MBRchecker
      4.let me know of any problems you may have had
Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:09 AM

Posted 24 August 2010 - 02:09 AM

Hello

three day bump

It has been Three days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:09 AM

Posted 27 August 2010 - 02:44 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

The fixes and advice in this thread are for this machine only.
Do not apply the instructions from this thread to your own machine.
Please start a new thread describing your issue and someone will be along to assist you.


With Regards,
Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users