# some software had got hold of my harddisk volume number..

hi everybody.

i want that nobody e.g a software vendor could be able to trace my system . i found out a file  tdd.EXE-04A112Ed.pf  in the directory c:\windows\prefetch .. i opened it up to find out some strange kinda language followed by  something as refering to hard disk volume number.  i am pasting  a  few lines  of that file to give u some idea .      …@  ‡   0  …@  ˆ   @  …@  ÿÿÿÿ P  …@  \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ N T D L L . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ K E R N E L 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ U N I C O D E . N L S   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ L O C A L E . N L S   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ S O R T T B L S . N L S   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ U S E R 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ G D I 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ A D V A P I 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ R P C R T 4 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ O L E A U T 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ M S V C R T . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ O L E 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ C O M C T L 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ I M M 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ W I N S P O O L . D R V   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ S H E L L 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ S H L W A P I . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ C O M D L G 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ W S O C K 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ W S 2 _ 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ W S 2 H E L P . D L L   \ D E V....
i wonder what does that mean..
is somebody able to keep track of me through hard disk serial number?? is there anyway or software  to change the volume or serial number of hard disk??  i would be grateful for any practical solution . this is a bit urgent so i hope honourable experts would look into my question. thank you.
roCker
###### Who is Participating?

Commented:
Windows XP's prefetch feature is new added feature which improves system performance. However, after a period of time, just like the registry, obsolete entries begin to build up.

You can safely clear these invalid files and regain system performance by deleting them.

As for what the executable (tdd.exe) I dont know the purpose of this one, but you can do a search on your system for tdd.exe to find out if it is elsewere on your system.

You might also want to run some spyware checker like Spybot: http://www.safer-networking.org/

0

Author Commented:
hi Snilson.
thanks a lot for ur advice . i did search for any more tdd.exe files but there  werebt any more files with    that name

i would appreciate if u tell me as how to change the serial number or volume number of my hard disk.

0

Commented:
Most say it aint possible, but I found this one

"It is possible to change the REAL serial number of a Hard Disk, not matter what who is its manufactor.
The serial number is recorded in a part of the Hard disk named System Area, you can access this area using an especific ATA command, each manufator has its own ATA command for each Hard Disk model and size. Your can learn more about ATA commands in www.t13.org "

I dont know why you would want to, just delete the folder contents and run the spyware program, make sure you have a good firewall, then there should be no problem.
0

Commented:
If you want to change the VOLUME ID, you can use volumeid.exe from www.sysinternals.com
0

IT ConsultantCommented:
Windows XP's prefetch feature
http://www.microsoft.com/whdc/hwdev/platform/performance/fastboot/BootVis.mspx

as for how to change the volumen number, if you want the solution for fat, i can give you a way to manually change it in a few steps. for ntfs, i think the principle is same, but i did not try before.
0

Commented:
skip the prefetch. it is more like a \backup directory that you do not have to manage

> is somebody able to keep track of me through hard disk serial number

yes, as well as through other info such as mobo & bios & NIC. DO, do remember that to get XP running in the first place, you must "agree" (OK, install) to let MS log ten HW numbers to identify the installation and get the activation code to operate it.

> is there anyway or software  to change the volume or serial number of hard disk?

Maybe. Do not count upon it helping you out much here.

>  i would be grateful for any practical solution

Step #1 is to install a firewall like ZoneAlarm that STOPS outgoing TCP packets in their tracks without your personal OK on each.  THis means, that the spywares that install can usually be blocked until they meet your level of approval. Most firewalls only stop the inbound invaders, not the stoolies that snuck onto your machine one day when you were less alert.

>  i found out a file  tdd.EXE

Do, of course, check the rest of your disk for same filename, be especially watchful of task manager, and all the files that can show up there.
0

Author Commented:

thanks everybody for the pains. i am obliged.

SNilson ----i surfed t13.org but its a very huge and enormous site having no search option . i tried to search and grab ATA commands as u stated but after quite much of hard work i couldnt find a clue.

bbao --  i really would be interesting in some easy steps to chnage the serial number. i would be very grateful if u tell me  .

and for a moment i thought i have got to the solution but it isnt doing what it says it does. i wonder y .i reallllllly wonder. so any more tips.?

and guys have u given a look at the code or material or watever i pasted at the top . i mean there was some mentioning of volume id like  this. i mean this kinda script.. . .      …@  ‡   0  …@  ˆ   @  …@  ÿÿÿÿ P  …@  \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ N T D L L . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ K E R N E L 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ U N I C O D E . N L S   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ L O C A L E . N L S   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ S O R T T B L S . N L S   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \
any idea what it is???
0

Author Commented:
oo i skipped one thing.
this  code that i have pasted  above was found in the file tdd.exe in my c:\ windows\prefetch directory that made me suspicious
thanks once again
0

IT ConsultantCommented:
i would suggest you use a professional disk binary editor to do it, or at least use debug.exe.
at here, for example, we access the drive C (FAT), with debug.exe

debug
l 1000 2 0 1      ; where 1000 is buffer, 2 is drive c, 0 is sector 0, 1 is numnber of sectors
d 1000             ; dump buffer at 1000h
e 1027 aa bb cc dd     ; where aa,bb,cc,dd are new serial number, in reverse order
d 1000             ; confirm the changes, from 1027h - 102ah
w                    ; write back to the disk

NOTE: it is a process to physically change content of sector, you should hold the risk by yourself and please be CAREFUL for every step!!

hope it helps,
bbao
0

Author Commented:
hi bbao.

well i couldnt follow up your instructions . do u mean that i start  debug.exe in dos prompt . and then type all tht u  have written above ?? am i right ?
and wht  is a professional disk binary editor?
and what does that 'risk' mean . do u mean there wud go something wrong to my harddisk during the process ?

okies i tried the debug 1000 2 0 1 in debug.exe but it gives a message like this   " ^Error " .

hope to hear from u soon
roCker
0

IT ConsultantCommented:
debug <RETURN>
L 1000 2 0 1 <RETURN>
D 1000 <RETURN>
E 1027 aa bb cc dd <RETURN>
D 1000 <RETURN>
W <RETURN>

0

IT ConsultantCommented:
hi, i would suggest you use the following lines to see the help for your reference. again, to write disk sector directly should be a high risk operation.

DEBUG <RETURN>
? <RETURN>
Q <RETURN>

sorry for i lost Q command for QUIT in my last post.
0

IT ConsultantCommented:
as for the tools, i use a very old program NORTON DISKEDIT.EXE.
0

Author Commented:
thanks .
what exactly can be the risk in doing the steps.. would u plzz elaborate  a little.

chicagoen...i installed volumeid.exe and it works. but in the end it says to add the  new address in the format xxxx-xxxx in hexadecimal  i do type a hexadecimal number like 9E014A2C but again it says that type in this way
xxxx-xxxx. can u please give some further suggestion over that??

0

IT ConsultantCommented:
the risk are, if you type wrong number, your boot sector or even other sector (if the sector numner is wrong) may be damaged, wich may even cause your system crashed.

just noticed the volumeid.exe, that sounds good, it is a safe way for you. it looks you know a little about disk structure and debug.exe, so you should use similar tools instead of doing it manually with so primitive debug.exe, although my method is simple and effective.
0

IT ConsultantCommented:
btw, your input should be 9E01-4A2C, there is a "-" at the center.
0

IT ConsultantCommented:
roCker, how is your case? do you need further help? :)
0

IT ConsultantCommented:
a lot of comments contributed by the experts, so i would like to suggest splitting the points.
0

EMEA Server EngineerCommented:
bbao,

The original question was little more than "I wonder what this all means?" which was mostly answered by SNilsson at http:#9796221
The second question was: "how to change the HDD serial number?", the most obvious responce would be: "Don't do it, if you're doing it for just finding a file at your system that states it, you're being paranoid." There is absolutely no need for changing the HDD serial number, period.

If I have to change my recommendation, I propose an award to SNilsson for his first comment.

Thanks,

LucF
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.