Madmick
Member
Here is some background info on the issue. Skip to the bottom if you want to get to just get straight to my concern over Roguekiller reporting IAT/EAT hooks, and its log file. Thank you.
411 ON INFECTION
My younger brother contracted a massive adware infection on his computer. I cleaned everything out, but this was the most difficult infection I've ever encountered (he believes this was contracted from an installation of something called "Bluestacks" software that he was trying to use to play Clash of Clans on his PC). It had "Conduit" and a bunch of the other usual crap, so I ran my routine process:
**************
Roguekiller: IAT/EAT Hooks a Threat?
As far as I can tell I've restored the PC to health, and nothing is detecting anything anymore except for the last of these: Rogue Killer. is telling me in the "Anti-Rootkit" section that Internet Explorer has an "IAT/EAT Hook". It only logs this, it won't delete the unknown/suspicious files, and it prompts this webpage:
http://www.adlice.com/userland-rootkits-part-1-iat-hooks/
Should I be worried about this? Here's the text from Rogue Killer's last log (it turned up some PUM's in the registry, so I said "delete", and it reported "replaced", but those aren't my concern here):
RogueKiller V10.1.0.0 (x64) [Dec 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : cam [Administrator]
Mode : Scan -- Date : 12/17/2014 06:48:47
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 4 ¤¤¤
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1066601281-2555237888-2350781341-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1066601281-2555237888-2350781341-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1066601281-2555237888-2350781341-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1066601281-2555237888-2350781341-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 30 (Driver: Loaded) ¤¤¤
[IAT:Inl] (explorer.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x7010a (jmp 0xffffffff8909d850|jmp 0xfffffffffffffe09|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x7010a (jmp 0xffffffff8909ed60|jmp 0xfffffffffffffc49|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtDuplicateObject : Unknown @ 0x7010a (jmp 0xffffffff8909ed20|jmp 0xfffffffffffffc69|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtCreateEvent : Unknown @ 0x7010a (jmp 0xffffffff8909eba0|jmp 0xfffffffffffffd29|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtNotifyChangeKey : Unknown @ 0x7010a (jmp 0xffffffff8909e300|jmp 0xfffffffffffffb69|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtTerminateProcess : Unknown @ 0x7010a (jmp 0xffffffff8909ee70|jmp 0xfffffffffffffc19|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtOpenEvent : Unknown @ 0x7010a (jmp 0xffffffff8909ec30|jmp 0xfffffffffffffd19|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtAssignProcessToJobObject : Unknown @ 0x7010a (jmp 0xffffffff8909e870|jmp 0xfffffffffffffc59|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtSetContextThread : Unknown @ 0x7010a (jmp 0xffffffff8909dc20|jmp 0xfffffffffffffbf9|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtCreateSection : Unknown @ 0x7010a (jmp 0xffffffff8909ebc0|jmp 0xfffffffffffffce9|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtOpenProcess : Unknown @ 0x7010a (jmp 0xffffffff8909ee60|jmp 0xfffffffffffffc89|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtNotifyChangeMultipleKeys : Unknown @ 0x7010a (jmp 0xffffffff8909e300|jmp 0xfffffffffffffb59|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtQueryObject : Unknown @ 0x7010a (jmp 0xffffffff8909f0a0|jmp 0xfffffffffffffba9|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtCreateIoCompletion : Unknown @ 0x7010a (jmp 0xffffffff8909e730|jmp 0xfffffffffffffca9|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtOpenSection : Unknown @ 0x7010a (jmp 0xffffffff8909ed00|jmp 0xfffffffffffffcd9|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtCreateSemaphore : Unknown @ 0x7010a (jmp 0xffffffff8909e5a0|jmp 0xfffffffffffffd49|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtOpenSemaphore : Unknown @ 0x7010a (jmp 0xffffffff8909e030|jmp 0xfffffffffffffd39|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtCreateMutant : Unknown @ 0x7010a (jmp 0xffffffff8909e610|jmp 0xfffffffffffffd69|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtOpenMutant : Unknown @ 0x7010a (jmp 0xffffffff8909e060|jmp 0xfffffffffffffd59|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtCreateTimer : Unknown @ 0x7010a (jmp 0xffffffff8909e5f0|jmp 0xfffffffffffffcc9|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtOpenTimer : Unknown @ 0x7010a (jmp 0xffffffff8909e070|jmp 0xfffffffffffffcb9|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0x7010a (jmp 0xffffffff8909e6a0|jmp 0xfffffffffffffc29|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtTerminateThread : Unknown @ 0x7010a (jmp 0xffffffff8909ec10|jmp 0xfffffffffffffc09|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtOpenThread : Unknown @ 0x7010a (jmp 0xffffffff8909e0c0|jmp 0xfffffffffffffc79|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtSuspendThread : Unknown @ 0x7010a (jmp 0xffffffff8909d9a0|jmp 0xfffffffffffffbc9|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x7010a (jmp 0xffffffff8909e980|jmp 0xfffffffffffffb79|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtQueueApcThreadEx : Unknown @ 0x7010a (jmp 0xffffffff8909de80|jmp 0xfffffffffffffbb9|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtVdmControl : Unknown @ 0x7010a (jmp 0xffffffff8909d700|jmp 0xfffffffffffffd79|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtOpenEventPair : Unknown @ 0x7010a (jmp 0xffffffff8909e130|jmp 0xfffffffffffffcf9|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtLoadDriver : Unknown @ 0x7010a (jmp 0xffffffff8909e140|jmp 0xfffffffffffffe19|jmp 0xfffffffffffffff0)
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3160815AS ATA Device +++++
--- User ---
[MBR] dca7feb20490b0e07318259c7ec9d67c
[BSP] 8f4f837cf063111c987661cb4b876d36 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 152525 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: External RAID USB Device +++++
--- User ---
[MBR] d7308c1808fa75b875c0ece1a0fb5d31
[BSP] 9ec8d7f9f2a94814218560fb90ae2ec0 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive2: WD Ext HDD 1021 USB Device +++++
--- User ---
[MBR] 757fa791272679656dbacffbb9a2caf8
[BSP] b06ff95033fab9ee31a079c6ed20a18f : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907724 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
============================================
RKreport_DEL_12162014_162432.log - RKreport_DEL_12162014_202123.log - RKreport_DEL_12162014_202149.log - RKreport_SCN_12162014_162337.log
RKreport_SCN_12162014_201416.log - RKreport_SCN_12162014_202453.log - RKreport_SCN_12162014_204703.log
411 ON INFECTION
My younger brother contracted a massive adware infection on his computer. I cleaned everything out, but this was the most difficult infection I've ever encountered (he believes this was contracted from an installation of something called "Bluestacks" software that he was trying to use to play Clash of Clans on his PC). It had "Conduit" and a bunch of the other usual crap, so I ran my routine process:
- Disabled and removed all suspicious extensions from his browsers, corrected search engines, home pages, cleared history/cache, and ultimately just reset all of them to their default settings.
- Used Revo Uninstaller Pro to uninstall the adware bundle and delete remaining registry keys & folders linked to those adware.
- Ran Malwarebytes and removed threats.
- Ran adwcleaner and removed threats with reboot.
- Ran Hitman Pro and removed all remaining traces of suspicious files.
- Update MSE, ran a full scan in both normal mode and in safe mode.
- Installed Avast and ran a full scan...then ran a boot scan.
- Ran disk cleaner and cleaned out everything but the Windows Error Reports.
- Scoured app data and other temp files for suspicious remaining folders and removed them with Revo Uninstaller Pro.
- Checked the startup processes and services. Those with unknown publishers I removed after first Googling to ensure that they weren't critical system functions. I often reference "Should I Remove It?" when unsure. If I'm not sure that I definitely want to remove it, then I don't.
- Removed a suspicious .exe file called "LFKingulatedneshelper.exe" that Avast flagged and blocked, and that I saw in the Task Manager. Oddly, even with hidden files set to show, this folder was still invisible, and when I tried to uninstall it, it said it couldn't be uninstalled because it said it was open in another program with the same name minus the "exe". Tried to remove that, and the same thing happened vice versa. I think I actually used the "Unlocker" program to unlock/remove this which it could only do upon a reboot. Weird.
- Downloaded and ran a bunch of anti-malware & health software I don't normally use: Spywarehunter, Combofix, MiniToolBox, Junk Removal Tool, and RogueKiller.
**************
Roguekiller: IAT/EAT Hooks a Threat?
As far as I can tell I've restored the PC to health, and nothing is detecting anything anymore except for the last of these: Rogue Killer. is telling me in the "Anti-Rootkit" section that Internet Explorer has an "IAT/EAT Hook". It only logs this, it won't delete the unknown/suspicious files, and it prompts this webpage:
http://www.adlice.com/userland-rootkits-part-1-iat-hooks/
Should I be worried about this? Here's the text from Rogue Killer's last log (it turned up some PUM's in the registry, so I said "delete", and it reported "replaced", but those aren't my concern here):
RogueKiller V10.1.0.0 (x64) [Dec 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : cam [Administrator]
Mode : Scan -- Date : 12/17/2014 06:48:47
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 4 ¤¤¤
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1066601281-2555237888-2350781341-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1066601281-2555237888-2350781341-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1066601281-2555237888-2350781341-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1066601281-2555237888-2350781341-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 30 (Driver: Loaded) ¤¤¤
[IAT:Inl] (explorer.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x7010a (jmp 0xffffffff8909d850|jmp 0xfffffffffffffe09|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x7010a (jmp 0xffffffff8909ed60|jmp 0xfffffffffffffc49|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtDuplicateObject : Unknown @ 0x7010a (jmp 0xffffffff8909ed20|jmp 0xfffffffffffffc69|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtCreateEvent : Unknown @ 0x7010a (jmp 0xffffffff8909eba0|jmp 0xfffffffffffffd29|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtNotifyChangeKey : Unknown @ 0x7010a (jmp 0xffffffff8909e300|jmp 0xfffffffffffffb69|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtTerminateProcess : Unknown @ 0x7010a (jmp 0xffffffff8909ee70|jmp 0xfffffffffffffc19|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtOpenEvent : Unknown @ 0x7010a (jmp 0xffffffff8909ec30|jmp 0xfffffffffffffd19|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtAssignProcessToJobObject : Unknown @ 0x7010a (jmp 0xffffffff8909e870|jmp 0xfffffffffffffc59|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtSetContextThread : Unknown @ 0x7010a (jmp 0xffffffff8909dc20|jmp 0xfffffffffffffbf9|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtCreateSection : Unknown @ 0x7010a (jmp 0xffffffff8909ebc0|jmp 0xfffffffffffffce9|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtOpenProcess : Unknown @ 0x7010a (jmp 0xffffffff8909ee60|jmp 0xfffffffffffffc89|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtNotifyChangeMultipleKeys : Unknown @ 0x7010a (jmp 0xffffffff8909e300|jmp 0xfffffffffffffb59|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtQueryObject : Unknown @ 0x7010a (jmp 0xffffffff8909f0a0|jmp 0xfffffffffffffba9|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtCreateIoCompletion : Unknown @ 0x7010a (jmp 0xffffffff8909e730|jmp 0xfffffffffffffca9|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtOpenSection : Unknown @ 0x7010a (jmp 0xffffffff8909ed00|jmp 0xfffffffffffffcd9|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtCreateSemaphore : Unknown @ 0x7010a (jmp 0xffffffff8909e5a0|jmp 0xfffffffffffffd49|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtOpenSemaphore : Unknown @ 0x7010a (jmp 0xffffffff8909e030|jmp 0xfffffffffffffd39|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtCreateMutant : Unknown @ 0x7010a (jmp 0xffffffff8909e610|jmp 0xfffffffffffffd69|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtOpenMutant : Unknown @ 0x7010a (jmp 0xffffffff8909e060|jmp 0xfffffffffffffd59|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtCreateTimer : Unknown @ 0x7010a (jmp 0xffffffff8909e5f0|jmp 0xfffffffffffffcc9|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtOpenTimer : Unknown @ 0x7010a (jmp 0xffffffff8909e070|jmp 0xfffffffffffffcb9|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0x7010a (jmp 0xffffffff8909e6a0|jmp 0xfffffffffffffc29|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtTerminateThread : Unknown @ 0x7010a (jmp 0xffffffff8909ec10|jmp 0xfffffffffffffc09|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtOpenThread : Unknown @ 0x7010a (jmp 0xffffffff8909e0c0|jmp 0xfffffffffffffc79|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtSuspendThread : Unknown @ 0x7010a (jmp 0xffffffff8909d9a0|jmp 0xfffffffffffffbc9|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x7010a (jmp 0xffffffff8909e980|jmp 0xfffffffffffffb79|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtQueueApcThreadEx : Unknown @ 0x7010a (jmp 0xffffffff8909de80|jmp 0xfffffffffffffbb9|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtVdmControl : Unknown @ 0x7010a (jmp 0xffffffff8909d700|jmp 0xfffffffffffffd79|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtOpenEventPair : Unknown @ 0x7010a (jmp 0xffffffff8909e130|jmp 0xfffffffffffffcf9|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtLoadDriver : Unknown @ 0x7010a (jmp 0xffffffff8909e140|jmp 0xfffffffffffffe19|jmp 0xfffffffffffffff0)
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3160815AS ATA Device +++++
--- User ---
[MBR] dca7feb20490b0e07318259c7ec9d67c
[BSP] 8f4f837cf063111c987661cb4b876d36 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 152525 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: External RAID USB Device +++++
--- User ---
[MBR] d7308c1808fa75b875c0ece1a0fb5d31
[BSP] 9ec8d7f9f2a94814218560fb90ae2ec0 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive2: WD Ext HDD 1021 USB Device +++++
--- User ---
[MBR] 757fa791272679656dbacffbb9a2caf8
[BSP] b06ff95033fab9ee31a079c6ed20a18f : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907724 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
============================================
RKreport_DEL_12162014_162432.log - RKreport_DEL_12162014_202123.log - RKreport_DEL_12162014_202149.log - RKreport_SCN_12162014_162337.log
RKreport_SCN_12162014_201416.log - RKreport_SCN_12162014_202453.log - RKreport_SCN_12162014_204703.log
