Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware That Won't Die! I Think It's Vundo, But...


  • Please log in to reply
1 reply to this topic

#1 ZT-repairseek

ZT-repairseek

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 23 March 2007 - 09:34 AM

I am under the impression that the popups that have been appearing when my system is left alone for a fair while are vundo-related. however, AdAware, Spybot, NoAdware, and SUPERAntiSpyware aren't finding it. as my thread title says, I've run a couple vundo-fixing programs but to no avail. GMER, Catchme, and Blacklight are coming up clean. Sophos Anti-Rootkit isn't finding anything it considers a threat either. used a thing to fix SmitFraud, that didn't change anything. I'm adding AVG antispyware to the list... however it just popped up to tell me that a part of NoAdware is malware (which seems odd...). going to add spyware blaster as well. I'm going to re-run all the stuff that makes logs and add to this post when I get back from safemode, if I haven't a reply by then.

of note is that Comboscan(run in safe mode, which it didn't like) found five things it feels are proof of rootkits, but nothing else is finding them.
also important to note is that because my computer is working with very subpar amounts of ram and processor power, I can't keep a lot of stuff running in the background without degrading performance to unacceptable levels.

I have made a copy of hijackthis under the name "findthemalwarealready"; if asked for a scan with the copy, I'll provide, of course.


first logs:


Logfile of HijackThis v1.99.1
Scan saved at 9:51:55 AM, on 3/23/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avast\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\FreeRAMXP\FreeRAM XP Pro.exe
C:\Program Files\NoAdware4\NoAdware4.exe
C:\fixers\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\sysreset\mirc.exe
C:\Program Files\Sleipnir\bin\Sleipnir.exe
C:\fixers\AVGAnti-Spyware7.5\avgas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Stuff
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BCWipeTM Startup] "C:\Program Files\BCWipe\BCWipeTM.exe" startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\fixers\AVGAnti-Spyware7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\FreeRAMXP\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\AdAwareSEPro\Ad-Watch.exe"
O4 - HKCU\..\Run: [NoAdware4] "C:\Program Files\NoAdware4\NoAdware4.exe" :Scan:
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\fixers\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: {00001023-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter23 Class) - http://download.netmarble.com/web/nmstarter/NMStarter23.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/...ad/tgctlins.cab
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/control/KALogoutComponent.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\fixers\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\fixers\AVGAnti-Spyware7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SANDRA\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SANDRA\RpcSandraSrv.exe



GMER 1.0.12.12086 - http://www.gmer.net
Rootkit scan 2007-03-22 11:04:25

Windows 5.1.2600 Service Pack 2


---- Kernel code sections - GMER 1.0.12 ----

? C:\DOCUME~1\ZT01\LOCALS~1\Temp\mc21.tmp The system cannot find the file specified.

---- User code sections - GMER 1.0.12 ----

.text C:\fixers\gmer.exe[176] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\fixers\gmer.exe[176] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\fixers\gmer.exe[176] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\fixers\gmer.exe[176] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes [ BD, 55, 7F, E2 ]
.text C:\fixers\gmer.exe[176] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\csrss.exe[372] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\csrss.exe[372] KERNEL32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\csrss.exe[372] KERNEL32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\csrss.exe[372] KERNEL32.dll!WinExec 7C86114D 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\winlogon.exe[412] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\winlogon.exe[412] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\winlogon.exe[412] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\winlogon.exe[412] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\services.exe[456] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\services.exe[456] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\services.exe[456] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\services.exe[456] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\lsass.exe[468] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\lsass.exe[468] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\lsass.exe[468] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\lsass.exe[468] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\svchost.exe[696] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[696] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[696] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[696] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\spoolsv.exe[980] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\spoolsv.exe[980] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\spoolsv.exe[980] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\spoolsv.exe[980] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\Explorer.EXE[1292] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\Explorer.EXE[1292] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[1292] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\Explorer.EXE[1292] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F0D0F5A
.text C:\sysreset\mirc.exe[1488] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\sysreset\mirc.exe[1488] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\sysreset\mirc.exe[1488] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\sysreset\mirc.exe[1488] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes [ BD, 55, 7F, E2 ]
.text C:\sysreset\mirc.exe[1488] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\FreeRAMXP\FreeRAM XP Pro.exe[1496] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\FreeRAMXP\FreeRAM XP Pro.exe[1496] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\FreeRAMXP\FreeRAM XP Pro.exe[1496] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\FreeRAMXP\FreeRAM XP Pro.exe[1496] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\NoAdware4\NoAdware4.exe[1512] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\NoAdware4\NoAdware4.exe[1512] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\NoAdware4\NoAdware4.exe[1512] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\NoAdware4\NoAdware4.exe[1512] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F0D0F5A
.text C:\fixers\SUPERAntiSpyware\SUPERAntiSpyware.exe[1524] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\fixers\SUPERAntiSpyware\SUPERAntiSpyware.exe[1524] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\fixers\SUPERAntiSpyware\SUPERAntiSpyware.exe[1524] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\fixers\SUPERAntiSpyware\SUPERAntiSpyware.exe[1524] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F0D0F5A

---- Devices - GMER 1.0.12 ----

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 81204D30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 81204D30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 81204D30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 81204D30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 81204D30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 81204D30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 81204D30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 81204D30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 81204D30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 81204D30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 81204D30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 81204D30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 81204D30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 81204D30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 81204D30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 81204D30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 81204D30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 81204D30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 81204D30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 81204D30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 81204D30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 81204D30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 81204D30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 81204D30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 81204D30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 81204D30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 81204D30
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 81204D30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 81204D30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 81204D30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 81204D30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 81204D30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 81204D30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 81204D30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 81204D30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 81204D30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 81204D30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 81204D30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 81204D30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 81204D30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 81204D30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 81204D30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 81204D30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 81204D30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 81204D30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 81204D30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 81204D30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 81204D30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 81204D30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 81204D30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 81204D30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 81204D30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 81204D30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 81204D30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 81204D30
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 81204D30
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE_NAMED_PIPE 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CLOSE 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_READ 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_WRITE 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_INFORMATION 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_INFORMATION 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_EA 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_EA 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_FLUSH_BUFFERS 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_VOLUME_INFORMATION 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_VOLUME_INFORMATION 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DIRECTORY_CONTROL 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_FILE_SYSTEM_CONTROL 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DEVICE_CONTROL 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_INTERNAL_DEVICE_CONTROL 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SHUTDOWN 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_LOCK_CONTROL 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CLEANUP 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE_MAILSLOT 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_SECURITY 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_SECURITY 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_POWER 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SYSTEM_CONTROL 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DEVICE_CHANGE 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_QUOTA 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_QUOTA 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_PNP 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_NAMED_PIPE 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_READ 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_WRITE 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_INFORMATION 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_INFORMATION 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_EA 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_EA 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FLUSH_BUFFERS 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_VOLUME_INFORMATION 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_VOLUME_INFORMATION 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DIRECTORY_CONTROL 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FILE_SYSTEM_CONTROL 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SHUTDOWN 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_LOCK_CONTROL 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLEANUP 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_MAILSLOT 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_SECURITY 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_SECURITY 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CHANGE 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_QUOTA 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_QUOTA 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 8126C2E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CREATE 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CREATE_NAMED_PIPE 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CLOSE 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_READ 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_WRITE 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_INFORMATION 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_INFORMATION 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_EA 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_EA 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_FLUSH_BUFFERS 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_VOLUME_INFORMATION 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_VOLUME_INFORMATION 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_DIRECTORY_CONTROL 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_FILE_SYSTEM_CONTROL 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_DEVICE_CONTROL 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_INTERNAL_DEVICE_CONTROL 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SHUTDOWN 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_LOCK_CONTROL 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CLEANUP 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CREATE_MAILSLOT 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_SECURITY 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_SECURITY 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_POWER 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SYSTEM_CONTROL 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_DEVICE_CHANGE 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_QUOTA 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_QUOTA 8126C2E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_PNP 8126C2E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 81204D30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 81204D30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 81204D30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 81204D30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 81204D30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 81204D30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 81204D30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 81204D30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 81204D30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 81204D30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 81204D30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 81204D30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 81204D30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 81204D30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 81204D30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 81204D30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 81204D30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 81204D30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 81204D30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 81204D30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 81204D30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 81204D30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 81204D30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 81204D30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 81204D30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 81204D30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 81204D30
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 81204D30
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_CREATE 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_CREATE_NAMED_PIPE 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_CLOSE 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_READ 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_WRITE 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_QUERY_INFORMATION 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_SET_INFORMATION 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_QUERY_EA 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_SET_EA 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_FLUSH_BUFFERS 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_QUERY_VOLUME_INFORMATION 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_SET_VOLUME_INFORMATION 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_DIRECTORY_CONTROL 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_FILE_SYSTEM_CONTROL 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_DEVICE_CONTROL 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_INTERNAL_DEVICE_CONTROL 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_SHUTDOWN 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_LOCK_CONTROL 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_CLEANUP 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_CREATE_MAILSLOT 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_QUERY_SECURITY 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_SET_SECURITY 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_POWER 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_SYSTEM_CONTROL 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_DEVICE_CHANGE 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_QUERY_QUOTA 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_SET_QUOTA 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_PNP 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_CREATE 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_CLOSE 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_READ 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_WRITE 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_SET_INFORMATION 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_QUERY_EA 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_SET_EA 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_SHUTDOWN 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_CLEANUP 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_SET_SECURITY 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_POWER 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_SET_QUOTA 81188BB8
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_PNP 81188BB8

---- Modules - GMER 1.0.12 ----

Module _________ F9186000

---- EOF - GMER 1.0.12 ----



*bloody hell, why didn't it tell me it would cut off?*

putting in the part from comboscan's supplementary log that caught my attention:

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\ZT01\Application Data
audesktop=C:\DOCUME~1\ALLUSE~1\DESKTOP
aufavorites=C:\DOCUME~1\ALLUSE~1\FAVORI~1
austartm=C:\DOCUME~1\ALLUSE~1\STARTM~1
austartprg=C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS
austartup=C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\STARTUP
ChoixMenu=2
ChoixRegistre=y
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=NEBULUSZEROONE
ComSpec=C:\WINDOWS\system32\cmd.exe
CurDir=C:\fixers\SmitfraudFix
desktop=C:\DOCUME~1\ZT01\Desktop
DoReboot=0
DoRestart=0
favorites=C:\DOCUME~1\ZT01\FAVORI~1
fixname=SmitFraudFix
fixvers=v2.148
FP_NO_HOST_CHECK=NO
FSType=FAT32
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\ZT01
huy32Mess=huy32 detected, use a Rootkit scanner
KDMess=detected !
lang=int
LOGONSERVER=\\NEBULUSZEROONE
lzx32Mess=lzx32 detected, use a Rootkit scanner
msguardMess=msguard detected, use a Rootkit scanner

NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\Common Files\Ulead Systems\MPEG
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
pe386Mess=pe386 detected, use a Rootkit scanner
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0806
ProgramFiles=C:\Program Files
PROMPT=$p$g
RKScan=use a Rootkit scanner
SAFEBOOT_OPTION=MINIMAL
SafeMDisp=Fix run in safe mode
SafeMWarn=Fix run in normal mode

I'll use attachments next time.

****attaching the most recent comboscan/HJT/McAffeeRootkitDetective/vundobegone log; no supplementary log from this run of comboscan. AVG's antispyware found a cluster of vile things, and got them... although running it in safemode made it hard to use because it's window can't get smaller and it's larger than the desktop resolution safemode uses... upon returning to windows(normal mode), noadware found a trojan... only thing I didn't run in safemode was my Avast antivirus, and that's because it's window is enough bigger than the safemode resolution that it's unusable. *sweat*

Edited by ZT-repairseek, 23 March 2007 - 03:43 PM.


BC AdBot (Login to Remove)

 


m

#2 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:29 PM

Posted 02 April 2007 - 01:54 PM

Hi ZT-repairseek, :flowers:

If you still need help plaese post a fresh HijackThis log and I'll be happy to look at it for you.

Thanks for your patience. :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users