hi,
in general my computer is running slower than usual, especially when i'm on the internet. about once a day windows updater and update.exe processes run and take up 100% of cpu and everything grinds to a halt.
i do have a windows install disc
i've used malware removal software in the past with some success the problem has returned almost right after running the programs
any help to fix and prevent this from happening again would be appreciated
thanks
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7601.17514
Run by Steve at 14:35:17 on 2015-05-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2047.1471 [GMT -7:00]
.
AV: Avira Antivirus *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\System32\ASDR.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\conhost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [ShadowPlay] c:\windows\system32\rundll32.exe c:\windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
mRun: [NvBackend] "c:\program files\nvidia corporation\update core\NvBackend.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Avira Systray] c:\program files\avira\my avira\Avira.OE.Systray.exe
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WMEtNQy1FOVZVVy1FVzBWQS1VVTNYTC1GRVc5Ny1PVTZF"&"inst=NzctNjMyMTEyNzM4LUZMMTArMS1MSUMrODgtU1AxKzEtU1AxVEIrMS1TUDFTMisxLVNVRCsxLVMxSSsxLVNVMysxLUREVCsw"&"prod=90"&"ver=10.0.1390
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{AC5167B4-4B68-43AA-B1AA-86599C95CDF9} : DHCPNameServer = 192.168.1.254
SSODL: WebCheck - <orphaned>
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\steve\appdata\roaming\mozilla\firefox\profiles\idsc0twh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin101772.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_17_0_0_169.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2015-1-20 37352]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2015-1-20 434424]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2015-1-20 434424]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2015-1-20 105864]
R2 Avira.OE.ServiceHost;Avira Service Host;c:\program files\avira\my avira\Avira.OE.ServiceHost.exe [2015-3-16 201008]
R2 avnetflt;avnetflt;c:\windows\system32\drivers\avnetflt.sys [2015-1-20 37896]
R2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\nvidia corporation\geforce experience service\GfExperienceService.exe [2015-2-21 915600]
R2 NvNetworkService;NVIDIA Network Service;c:\program files\nvidia corporation\netservice\NvNetworkService.exe [2014-1-7 1701520]
R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe [2013-11-20 18186896]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-11-11 414496]
R3 IOMap;IOMap;c:\windows\system32\drivers\IOMap.sys [2015-4-23 33280]
R3 NvStreamKms;NvStreamKms;c:\program files\nvidia corporation\nvstreamsrv\NvStreamKms.sys [2015-2-21 18576]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2015-2-21 32912]
S2 AntiVirMailService;Avira Mail Protection;c:\program files\avira\antivir desktop\avmailc7.exe [2015-4-24 815920]
S2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebg7.exe [2015-1-20 1004280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2015-2-18 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-5-22 1343400]
.
=============== Created Last 30 ================
.
2015-04-23 22:55:21 33280 ----a-w- c:\windows\system32\drivers\IOMap.sys
2015-04-23 21:51:19 -------- d-----w- C:\$RECYCLE.BIN
2015-04-23 10:00:19 -------- d-----w- c:\users\steve\appdata\local\temp
.
==================== Find3M ====================
.
2015-04-23 21:57:50 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-04-19 23:17:43 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-04-19 23:17:43 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-03-12 09:14:22 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-10 12:51:20 37896 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2015-03-10 12:51:18 105864 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-02-18 14:26:36 152576 ----a-w- c:\windows\system32\msclmd.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover
Windows 6.1.7601 Disk: WDC_WD64 rev.01.0 -> Harddisk0\DR0 -> \Device\00000064
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys
c:\windows\system32\drivers\nvstor.sys NVIDIA Corporation NVIDIA nForce(TM) SATA Driver
1 ntkrnlpa!IofCallDriver[0x82E7552F] -> \Device\Harddisk0\DR0[0x85559460]
3 CLASSPNP[0x8916B59E] -> ntkrnlpa!IofCallDriver[0x82E7552F] -> [0x85571120]
5 ACPI[0x88BB13D4] -> ntkrnlpa!IofCallDriver[0x82E7552F] -> \Device\00000062[0x859697D0]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
sectors 1250263726 (+255): user != kernel
.
============= FINISH: 14:36:04.32 ===============
in general my computer is running slower than usual, especially when i'm on the internet. about once a day windows updater and update.exe processes run and take up 100% of cpu and everything grinds to a halt.
i do have a windows install disc
i've used malware removal software in the past with some success the problem has returned almost right after running the programs
any help to fix and prevent this from happening again would be appreciated
thanks
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7601.17514
Run by Steve at 14:35:17 on 2015-05-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2047.1471 [GMT -7:00]
.
AV: Avira Antivirus *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\System32\ASDR.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\conhost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [ShadowPlay] c:\windows\system32\rundll32.exe c:\windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
mRun: [NvBackend] "c:\program files\nvidia corporation\update core\NvBackend.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Avira Systray] c:\program files\avira\my avira\Avira.OE.Systray.exe
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WMEtNQy1FOVZVVy1FVzBWQS1VVTNYTC1GRVc5Ny1PVTZF"&"inst=NzctNjMyMTEyNzM4LUZMMTArMS1MSUMrODgtU1AxKzEtU1AxVEIrMS1TUDFTMisxLVNVRCsxLVMxSSsxLVNVMysxLUREVCsw"&"prod=90"&"ver=10.0.1390
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{AC5167B4-4B68-43AA-B1AA-86599C95CDF9} : DHCPNameServer = 192.168.1.254
SSODL: WebCheck - <orphaned>
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\steve\appdata\roaming\mozilla\firefox\profiles\idsc0twh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin101772.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_17_0_0_169.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2015-1-20 37352]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2015-1-20 434424]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2015-1-20 434424]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2015-1-20 105864]
R2 Avira.OE.ServiceHost;Avira Service Host;c:\program files\avira\my avira\Avira.OE.ServiceHost.exe [2015-3-16 201008]
R2 avnetflt;avnetflt;c:\windows\system32\drivers\avnetflt.sys [2015-1-20 37896]
R2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\nvidia corporation\geforce experience service\GfExperienceService.exe [2015-2-21 915600]
R2 NvNetworkService;NVIDIA Network Service;c:\program files\nvidia corporation\netservice\NvNetworkService.exe [2014-1-7 1701520]
R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe [2013-11-20 18186896]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-11-11 414496]
R3 IOMap;IOMap;c:\windows\system32\drivers\IOMap.sys [2015-4-23 33280]
R3 NvStreamKms;NvStreamKms;c:\program files\nvidia corporation\nvstreamsrv\NvStreamKms.sys [2015-2-21 18576]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2015-2-21 32912]
S2 AntiVirMailService;Avira Mail Protection;c:\program files\avira\antivir desktop\avmailc7.exe [2015-4-24 815920]
S2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebg7.exe [2015-1-20 1004280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2015-2-18 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-5-22 1343400]
.
=============== Created Last 30 ================
.
2015-04-23 22:55:21 33280 ----a-w- c:\windows\system32\drivers\IOMap.sys
2015-04-23 21:51:19 -------- d-----w- C:\$RECYCLE.BIN
2015-04-23 10:00:19 -------- d-----w- c:\users\steve\appdata\local\temp
.
==================== Find3M ====================
.
2015-04-23 21:57:50 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-04-19 23:17:43 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-04-19 23:17:43 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-03-12 09:14:22 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-10 12:51:20 37896 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2015-03-10 12:51:18 105864 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-02-18 14:26:36 152576 ----a-w- c:\windows\system32\msclmd.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover
Windows 6.1.7601 Disk: WDC_WD64 rev.01.0 -> Harddisk0\DR0 -> \Device\00000064
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys
c:\windows\system32\drivers\nvstor.sys NVIDIA Corporation NVIDIA nForce(TM) SATA Driver
1 ntkrnlpa!IofCallDriver[0x82E7552F] -> \Device\Harddisk0\DR0[0x85559460]
3 CLASSPNP[0x8916B59E] -> ntkrnlpa!IofCallDriver[0x82E7552F] -> [0x85571120]
5 ACPI[0x88BB13D4] -> ntkrnlpa!IofCallDriver[0x82E7552F] -> \Device\00000062[0x859697D0]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
sectors 1250263726 (+255): user != kernel
.
============= FINISH: 14:36:04.32 ===============