-
Help please!
I followed the instructions post, but my PC will not finish the DDS, no reports are populated. Spybot stops halfway through but I can see 2 entries of Virtumonde and 4 for Fraud.antimalwareDoctor.
My computer was running fine, but we decided to do some system cleaning. In running the uninstall on a few things we don't use (one being an IE toolbar).. the constant pop ads have begin. Also worth noting, we ran S&Destroy prior to running the uninstalls and it found only one minor problem, removed it with no issue.
Please let me know how to proceed...
Thank you!
Ashley
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Ash at 7:19:16.09 on 27/04/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
.
============== Running Processes ===============
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Motorola Media Link\NServiceEntry.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\Subsonic\subsonic-service.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Documents and Settings\Ash\Application Data\C3B7CC607230956CA4AE70E68AFE1D84\tr700lqqcore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ash\Local Settings\Temporary Internet Files\Content.IE5\0S7E3OOC\dds[1].com
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 192.168.*.*
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [LClock] c:\program files\lclock\LClock.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Srixiku] rundll32.exe "c:\windows\mfig32.dll",Startup
uRun: [tr700lqqcore.exe] c:\documents and settings\ash\application data\c3b7cc607230956ca4ae70e68afe1d84\tr700lqqcore.exe
uRun: [AntiVirus AntiSpyware 2011] "c:\documents and settings\ash\application data\antivirus antispyware 2011\AntiVirus AntiSpyware.exe" /STARTUP
uRun: [AntiVirus AntiSpyware 2011 Security] c:\documents and settings\ash\application data\antivirus antispyware 2011\securitymanager.exe
uRunOnce: [SpybotDeletingB3939] command.com /c del "c:\documents and settings\ash\start menu\programs\antimalware doctor\Antimalware Doctor.lnk"
uRunOnce: [SpybotDeletingD1015] cmd.exe /c del "c:\documents and settings\ash\start menu\programs\antimalware doctor\Antimalware Doctor.lnk"
uRunOnce: [SpybotDeletingB9383] command.com /c del "c:\documents and settings\ash\start menu\programs\antimalware doctor\Uninstall.lnk"
uRunOnce: [SpybotDeletingD6863] cmd.exe /c del "c:\documents and settings\ash\start menu\programs\antimalware doctor\Uninstall.lnk"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [mumservice] c:\program files\motorola\software update\mumservice.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Dfemesiyo] rundll32.exe "c:\windows\oyavipej.dll",Startup
mRunOnce: [SpybotDeletingA1214] command.com /c del "c:\documents and settings\ash\start menu\programs\antimalware doctor\Antimalware Doctor.lnk"
mRunOnce: [SpybotDeletingC4549] cmd.exe /c del "c:\documents and settings\ash\start menu\programs\antimalware doctor\Antimalware Doctor.lnk"
mRunOnce: [SpybotDeletingA2593] command.com /c del "c:\documents and settings\ash\start menu\programs\antimalware doctor\Uninstall.lnk"
mRunOnce: [SpybotDeletingC830] cmd.exe /c del "c:\documents and settings\ash\start menu\programs\antimalware doctor\Uninstall.lnk"
mRunOnce: [Spybot - Search & Destroy] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [LClock] c:\program files\lclock\LClock.exe
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: Copy to Semagic - c:\program files\semagic\copy.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Semagic - c:\program files\semagic\link.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://139.142.250.200:2082/activex/AxisCamControl.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} - hxxps://www.plaxo.com/activex/plx_upldr-2k-xp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\ash\applic~1\mozilla\firefox\profiles\i2rvvuz7.default\
FF - prefs.js: browser.startup.homepage - google.ca
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\ash\application data\mozilla\firefox\profiles\i2rvvuz7.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin2.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin3.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin4.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin5.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin6.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin7.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R? BTCFilterService;USB Networking Driver Filter Service
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? motccgp;Motorola USB Composite Device Driver
R? motccgpfl;MotCcgpFlService
R? MotDev;Motorola Inc. USB Device
R? Motousbnet;Motorola USB Networking Driver Service
R? motusbdevice;Motorola USB Dev Driver
R? SwitchBoard;Adobe SwitchBoard
R? UsbGps;LGE CDMA USB GPS NMEA Port
R? vcdrom;Virtual CD-ROM Device Driver
S? DeviceMonitorService;DeviceMonitorService
S? MotoHelper;MotoHelper Service
S? ramdisk;Windows RAM Disk Driver
.
=============== Created Last 30 ================
.
2011-04-27 05:52:15 -------- d-----w- c:\windows\26-04-2011
2011-04-27 05:38:24 0 ----a-w- c:\windows\Ctofiwogijanile.bin
2011-04-27 05:38:22 -------- d-----w- c:\docume~1\ash\locals~1\applic~1\{8AE03E5F-CA8F-4A3D-85E4-863629FE246E}
2011-04-27 05:37:56 -------- d-----w- c:\docume~1\ash\applic~1\AntiVirus AntiSpyware 2011
2011-04-27 05:37:00 -------- d-----w- c:\docume~1\ash\applic~1\C3B7CC607230956CA4AE70E68AFE1D84
2011-04-15 02:56:35 361600 -c----w- c:\windows\system32\dllcache\tcpip.sys
2011-04-15 02:05:32 -------- d-----w- c:\docume~1\ash\applic~1\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-04-15 02:05:32 -------- d-----w- c:\docume~1\ash\applic~1\Adobe Mini Bridge CS5
2011-04-14 14:40:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\regid.1986-12.com.adobe
.
==================== Find3M ====================
.
2011-03-07 05:31:47 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:27:43 1866880 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 13:05:45 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-09 01:03:56 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Hitachi_HTS541612J9SA00 rev.SBDOC74P -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x85A06730]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x85a0ca10]; MOV EAX, [0x85a0ca8c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86547AB8]
3 CLASSPNP[0xF761DFD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000006e[0x8657D3B8]
5 ACPI[0xF7494620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8657BD98]
\Driver\atapi[0x862F4B10] -> IRP_MJ_CREATE -> 0x85A06730
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x85A0657B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 7:22:24.31 ===============
thanks in advance
Last edited by tashi; 2011-04-27 at 17:07.
Reason: Merged three posts
-
-
-
Hi! Thank you for the help, I will attempt this within the hour and update how it went. Just a note that I was unable to log into the pc yesterday, I will try this in safe mode with networking.
Tks again!!
Ash
-
That nasty Rootkit is most likely why you cant boot to normal windows. TDSSkiller may not work , if it fails we will use another method
-
Was unable to log in normally.. But safemode with networking allowed me to download and unzip tdss tool. Installation gets to 80÷ then windows encounters error and needs to abort installation. Rebooted in safe mode no networking, same thing. Is there anything we can do to get it running?
-
-
much thanks again, so appreciated. here is the requested log.
aswMBR version 0.9.5.232 Copyright(c) 2011 AVAST Software
Run date: 2011-05-01 16:08:45
-----------------------------
16:08:45.093 OS Version: Windows 5.1.2600 Service Pack 3
16:08:45.093 Number of processors: 2 586 0xE08
16:08:45.093 ComputerName: ASH-LAPTOP UserName: Ash
16:08:46.109 Initialize success
16:08:48.859 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:08:48.875 Disk 0 Vendor: Hitachi_HTS541612J9SA00 SBDOC74P Size: 114473MB BusType: 3
16:08:48.875 Device \Driver\atapi -> DriverStartIo 862c757b
16:08:50.890 Disk 0 MBR read successfully
16:08:50.890 Disk 0 MBR scan
16:08:50.906 Disk 0 TDL4@MBR code has been found
16:08:50.921 Disk 0 Windows XP default MBR code found via API
16:08:50.937 Disk 0 MBR hidden
16:08:50.953 Disk 0 MBR [TDL4] **ROOTKIT**
16:08:50.953 Disk 0 trace - called modules:
16:08:50.968 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x862c7730]<<
16:08:50.984 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8635eab8]
16:08:51.000 3 CLASSPNP.SYS[f766bfd7] -> nt!IofCallDriver -> \Device\0000006e[0x863189e8]
16:08:51.015 5 ACPI.sys[f75c2620] -> nt!IofCallDriver -> [0x86363940]
16:08:51.031 \Driver\atapi[0x8635b030] -> IRP_MJ_CREATE -> 0x862c7730
16:08:51.078 Scan finished successfully
16:09:23.640 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Ash\Desktop\MBR.dat"
16:09:23.656 The log file has been saved successfully to "C:\Documents and Settings\Ash\Desktop\aswMBR.txt"
-
Re-Run aswMBR
Click Scan
On completion of the scan
Click the Fix for TDL4
Save the log as before and post in your next reply
-
progress!
aswMBR version 0.9.5.232 Copyright(c) 2011 AVAST Software
Run date: 2011-05-01 20:28:38
-----------------------------
20:28:38.515 OS Version: Windows 5.1.2600 Service Pack 3
20:28:38.515 Number of processors: 2 586 0xE08
20:28:38.515 ComputerName: ASH-LAPTOP UserName: Ash
20:28:39.375 Initialize success
20:28:41.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:28:41.500 Disk 0 Vendor: Hitachi_HTS541612J9SA00 SBDOC74P Size: 114473MB BusType: 3
20:28:43.531 Disk 0 MBR read successfully
20:28:43.546 Disk 0 MBR scan
20:28:43.562 Disk 0 Windows XP default MBR code
20:28:45.562 Disk 0 scanning sectors +234436545
20:28:45.609 Disk 0 scanning C:\WINDOWS\system32\drivers
20:28:51.187 Service scanning
20:28:54.828 Disk 0 trace - called modules:
20:28:54.875 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
20:28:54.875 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86310ab8]
20:28:54.890 3 CLASSPNP.SYS[f766bfd7] -> nt!IofCallDriver -> \Device\0000006e[0x8636f968]
20:28:54.906 5 ACPI.sys[f75c2620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86317940]
20:28:54.921 Scan finished successfully
20:29:07.218 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Ash\Desktop\MBR.dat"
20:29:07.234 The log file has been saved successfully to "C:\Documents and Settings\Ash\Desktop\aswMBR.txt"
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules