Spitvip3r
Members-
Posts
2 -
Joined
-
Last visited
Reputation
0 Neutral-
PCEU UKash ransomware fix request
Spitvip3r replied to Spitvip3r's topic in Resolved Malware Removal Logs
Never mind you can close the thread as I managed to solve it with another bit of software (hitman pro for reference). But thanks anyway. -
Hi, One of our computers has recently become infected with the rather nastily updated version of the PCEU (UKash type) ransomware. I have been attempting to use the fix that is already on this forum but i need the fixlist.txt script in order to finish that initial stage of the process. Could a mod please help with this using the following log from farbar. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-06-2013 01 Ran by SYSTEM on 07-06-2013 10:17:33 Running from I:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11613288 2010-11-16] (Realtek Semiconductor) HKLM\...\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-10-07] () HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-05] (Adobe Systems Incorporated) HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.) HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2817872 2012-04-24] (ELAN Microelectronics Corp.) HKLM\...\RunOnce: [*Restore] C:\windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation) HKLM-x32\...\Winlogon: [userinit] c:\windows\syswow64\userinit.exe, [x] HKLM-x32\...\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [103720 2009-11-01] (CyberLink) HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [38768 2009-10-02] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [640376 2009-10-02] (Adobe Systems Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-10-02] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [935288 2009-09-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.) HKLM-x32\...\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun [139264 2011-04-20] (Brother Industries, Ltd.) HKLM-x32\...\Run: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN [2629632 2011-10-07] (Brother Industries, Ltd.) HKLM-x32\...\Run: [indexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe" [46368 2010-03-08] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe" [29984 2010-03-08] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini" [328992 2010-02-09] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.) HKU\Christine Kirby\...\Run: [AdobeBridge] "C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe" -stealth [11989960 2010-03-08] (Adobe Systems, Inc.) HKU\Christine Kirby\...\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-05] (Acresso Corporation) HKU\UpdatusUser\...\Run: [AdobeBridge] "C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe" -stealth [11989960 2010-03-08] (Adobe Systems, Inc.) HKU\UpdatusUser\...\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-05] (Acresso Corporation) AppInit_DLLs: C:\windows\system32\nvinitx.dll [226920 2011-01-17] (NVIDIA Corporation) Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ==================== Services (Whitelisted) ================= S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44768 2011-09-06] (AVAST Software) S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [246256 2010-08-24] (CyberLink) S2 Crypkey License; C:\Windows\SysWow64\crypserv.exe [52224 2000-06-29] (Kenonic Controls Ltd.) S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-05-31] (Symantec Corporation) S2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.) S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-11-30] () S2 szserver; C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe [67024 2011-09-28] (iS3, Inc.) ==================== Drivers (Whitelisted) ==================== S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [24408 2011-09-06] (AVAST Software) S2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [65368 2011-09-06] (AVAST Software) S1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [42328 2011-09-06] (AVAST Software) S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [601944 2011-09-06] (AVAST Software) S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [301912 2011-09-06] (AVAST Software) S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [58200 2011-09-06] (AVAST Software) S0 is3srv; C:\Windows\SysWow64\drivers\is3srv64.sys [74768 2011-06-02] (iS3 Inc.) S1 NetworkX; C:\Windows\SysWow64\ckldrv.sys [24608 2000-02-03] () S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-08-19] (Windows ® 2003 DDK 3790 provider) S0 szkg5; C:\Windows\SysWow64\DRIVERS\szkg64.sys [74768 2011-06-02] (iS3 Inc.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-07 10:17 - 2013-06-07 10:17 - 00000000 ____D C:\FRST 2013-06-07 00:25 - 2013-06-07 00:25 - 00003224 ____N C:\bootsqm.dat 2013-06-03 22:30 - 2013-06-03 22:30 - 00000288 ____A C:\Windows\System32\Drivers\kgpcpy.cfg 2013-05-28 07:42 - 2013-05-28 07:42 - 00188928 ____A C:\Users\Christine Kirby\Documents\Publication1.pub 2013-05-27 23:35 - 2013-05-27 23:35 - 00012896 ____A C:\Users\Christine Kirby\Downloads\MC900389934.WMF 2013-05-15 12:00 - 2013-04-04 22:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-05-15 12:00 - 2013-04-04 22:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-05-15 12:00 - 2013-04-04 22:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-05-15 12:00 - 2013-04-04 22:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-05-15 12:00 - 2013-04-04 22:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-05-15 12:00 - 2013-04-04 22:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-05-15 12:00 - 2013-04-04 22:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-05-15 12:00 - 2013-04-04 22:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-05-15 12:00 - 2013-04-04 22:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-05-15 12:00 - 2013-04-04 22:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-05-15 12:00 - 2013-04-04 22:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-05-15 12:00 - 2013-04-04 22:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-05-15 12:00 - 2013-04-04 22:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-05-15 12:00 - 2013-04-04 22:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-05-15 12:00 - 2013-04-04 21:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-05-15 12:00 - 2013-04-04 21:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-05-15 12:00 - 2013-04-04 21:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-05-15 12:00 - 2013-04-04 21:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-05-15 12:00 - 2013-04-04 21:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-05-15 12:00 - 2013-04-04 21:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-05-15 12:00 - 2013-04-04 21:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-05-15 12:00 - 2013-04-04 21:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-05-15 12:00 - 2013-04-04 21:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-05-15 12:00 - 2013-04-04 21:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-05-15 12:00 - 2013-04-04 21:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-05-15 12:00 - 2013-04-04 21:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-05-15 12:00 - 2013-04-04 21:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-05-15 12:00 - 2013-04-04 20:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-05-15 12:00 - 2013-04-04 20:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-05-15 12:00 - 2013-04-04 19:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-05-15 12:00 - 2013-04-04 19:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-05-15 02:18 - 2013-04-09 22:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys 2013-05-15 02:18 - 2013-04-09 22:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys 2013-05-15 02:18 - 2013-02-26 22:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe 2013-05-15 02:18 - 2013-02-26 21:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2013-05-15 02:18 - 2013-02-26 21:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll 2013-05-15 02:18 - 2013-02-26 21:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll 2013-05-15 02:18 - 2013-02-26 21:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll 2013-05-15 02:18 - 2013-02-26 20:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-05-15 02:18 - 2013-02-26 20:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-05-15 02:18 - 2013-02-26 20:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-05-15 02:18 - 2011-02-03 03:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll 2013-05-15 02:17 - 2013-04-09 19:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-05-15 02:17 - 2013-03-18 21:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll 2013-05-15 02:17 - 2013-03-18 21:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll ==================== One Month Modified Files and Folders ======= 2013-06-07 10:17 - 2013-06-07 10:17 - 00000000 ____D C:\FRST 2013-06-07 09:49 - 2012-01-22 12:30 - 00000000 ____D C:\ProgramData\FLEXnet 2013-06-07 09:49 - 2011-10-07 06:21 - 00000000 ____D C:\users\Christine Kirby 2013-06-07 09:49 - 2011-04-08 01:45 - 00000000 ____D C:\ProgramData\WinClon 2013-06-07 09:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF 2013-06-07 09:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration 2013-06-07 00:29 - 2011-10-07 06:57 - 00000000 ____D C:\ProgramData\STOPzilla! 2013-06-07 00:25 - 2013-06-07 00:25 - 00003224 ____N C:\bootsqm.dat 2013-06-03 22:36 - 2011-04-08 17:13 - 01433462 ____A C:\Windows\WindowsUpdate.log 2013-06-03 22:35 - 2009-07-13 20:45 - 00021200 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-06-03 22:35 - 2009-07-13 20:45 - 00021200 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-06-03 22:31 - 2011-10-07 06:53 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-06-03 22:30 - 2013-06-03 22:30 - 00000288 ____A C:\Windows\System32\Drivers\kgpcpy.cfg 2013-06-03 22:28 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-03 22:28 - 2009-07-13 20:51 - 00091948 ____A C:\Windows\setupact.log 2013-06-03 09:52 - 2011-10-07 06:53 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-06-01 04:50 - 2009-07-13 21:08 - 00032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-05-31 10:38 - 2012-03-02 09:11 - 00000016 ____A C:\Windows\System32\config\software.szfi 2013-05-30 09:10 - 2009-07-13 21:13 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-28 07:42 - 2013-05-28 07:42 - 00188928 ____A C:\Users\Christine Kirby\Documents\Publication1.pub 2013-05-27 23:35 - 2013-05-27 23:35 - 00012896 ____A C:\Users\Christine Kirby\Downloads\MC900389934.WMF 2013-05-24 03:53 - 2011-10-07 06:54 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk 2013-05-16 05:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2013-05-15 21:54 - 2009-07-13 20:45 - 05059552 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-15 12:06 - 2012-01-22 06:12 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-05-15 05:33 - 2013-03-11 00:14 - 00006815 ____A C:\Users\Christine Kirby\Documents\plot.log Files to move or delete: ==================== C:\Users\Christine Kirby\AppData\Roaming\skype.dat ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-05-15 11:59:48 Restore point made on: 2013-05-20 22:06:40 Restore point made on: 2013-05-23 22:46:20 Restore point made on: 2013-05-24 07:05:26 Restore point made on: 2013-05-27 22:37:48 Restore point made on: 2013-05-31 07:55:23 Restore point made on: 2013-05-31 12:59:20 Restore point made on: 2013-06-03 22:36:44 ==================== Memory info =========================== Percentage of memory in use: 11% Total physical RAM: 8103.12 MB Available physical RAM: 7193.54 MB Total Pagefile: 8101.32 MB Available Pagefile: 7204.19 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:419 GB) (Free:215.16 GB) NTFS (Disk=0 Partition=2) Drive d: (2ndHDD) (Fixed) (Total:465.76 GB) (Free:417.28 GB) NTFS (Disk=1 Partition=1) Drive e: () (Fixed) (Total:24 GB) (Free:23.88 GB) NTFS (Disk=0 Partition=4) Drive g: (SAMSUNG_REC) (Fixed) (Total:22.66 GB) (Free:0.94 GB) NTFS (Disk=0 Partition=3) ==>[system with boot components (obtained from reading drive)] Drive i: (Lexar) (Removable) (Total:14.61 GB) (Free:14.58 GB) FAT32 (Disk=2 Partition=1) Drive j: () (Removable) (Total:15.02 GB) (Free:14.8 GB) FAT32 (Disk=3 Partition=1) Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=1) ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: AD8CB770) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=419 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=24 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=23 GB) - (Type=27) ======================================================== Disk: 1 (Size: 466 GB) (Disk ID: 92CDA70E) Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=15 GB) - (Type=0C) ======================================================== Disk: 3 (Size: 15 GB) (Disk ID: 00000000) Partition 1: (Not Active) - (Size=15 GB) - (Type=0C) Last Boot: 2013-06-03 03:52 ==================== End Of Log ============================