Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hard drives are not showing in 'My Computer'


  • This topic is locked This topic is locked
36 replies to this topic

#1 Captain Meeeee

Captain Meeeee

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:56 PM

Posted 18 June 2010 - 10:15 PM

When I open up the My Computer folder, it only shows devices with removable storage (Floppy drive, CD/DVD drive, etc.). My C: drive and my external Western Digital 1 TB K: drive are not shown anywhere on my computer. I've already made another profile to see if they showed up there, but they don't. I already posted two other threads, and I was told to ask for help here. Also, when I tried to use the gmer.exe to scan my computer in the normal boot mode, I got a blue screen that said something like "Windows has encountered an error and is shutting down to avoid serious damage. This error is caused by the file pxtdqpob.sys." Then when I booted in safe mode to scan, the first three scans caused my computer to freeze. Finally on the last scan, there was only a few lines that showed in the ark.txt file. Well heres the DDS scan results:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Josh at 22:44:39.96 on Thu 06/17/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.906 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Uniblue\PowerSuite\powersuite.exe
C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Zune\Zune.exe
C:\Program Files\MySpace\Toolbar\1.0.72.0\MSTBCoreContainer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Josh\Local Settings\Temporary Internet Files\Content.IE5\3X7CTTKH\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mWinlogon: UIHost=c:\documents and settings\all users\application data\tuneup software\tuneup utilities\winstyler\tu_logonui.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: MySpace Toolbar: {28aed1af-b164-44cd-b435-cf04aa955015} - c:\program files\myspace\toolbar\1.0.72.0\MySpaceToolbar.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: MySpace Toolbar: {28aed1af-b164-44cd-b435-cf04aa955015} - c:\program files\myspace\toolbar\1.0.72.0\MySpaceToolbar.dll
uRun: [Uniblue SpyEraser] "c:\program files\uniblue\spyeraser\SpyEraser.exe" -m
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRunOnce: [PowerSuite] "c:\program files\uniblue\powersuite\launcher.exe" delay 20000 -m
mRun: [CTDVDDET] "c:\program files\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE"
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanel.exe" /r
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [Launch LgDeviceAgent] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"
mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [CTHelper] CTHELPER.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'
StartupFolder: c:\docume~1\josh\start menu\programs\startup\erunt autobackup.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\extend~1.lnk - c:\windows\ehome\RMSysTry.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmstatus.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
mPolicies-system: HideShutdownScripts = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199065077046
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - No File
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - Groove GFS Stub Execution Hook
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = hepotiza.dll vulivana.dll scecli
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 CopyHDDVDHlp;CopyHDDVDHlp Driver;c:\windows\system32\drivers\copyhddvdhlp.sys [2010-6-6 5632]
R1 DVDHlp;DVDHlp Driver;c:\windows\system32\drivers\dvdhlp.sys [2010-6-6 104512]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-2-3 214024]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-10-12 304464]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-25 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-2-3 359952]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [2010-6-6 66944]
R2 Uniblue DiskRescue;Uniblue DiskRescue;c:\program files\uniblue\diskrescue\UBDiskRescueSrv.exe [2008-9-10 229648]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-10-14 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2010-6-6 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2010-6-6 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2010-6-6 72728]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-7-14 19720]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-12-25 14856]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-10-12 20952]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-2-3 606736]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-2-3 40552]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-4-6 11520]
S2 gupdate1c98c0249ac59e8;Google Update Service (gupdate1c98c0249ac59e8);c:\program files\google\update\GoogleUpdate.exe [2009-2-10 133104]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-2-3 144704]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2010-3-21 25856]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2010-6-6 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2010-6-6 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2010-6-6 72728]
S3 ElbyCDI0;ElbyCDI0 Driver;c:\windows\system32\drivers\ElbyCDI0.sys [2010-6-6 29864]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys --> c:\windows\system32\drivers\ivusb.sys [?]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-2-3 79880]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-2-3 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-2-3 34216]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2010-3-21 19712]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2010-3-21 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2010-3-21 42752]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2010-3-21 23936]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]
S4 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2010-3-21 91392]

=============== Created Last 30 ================

2010-06-18 05:36:18 0 ----a-w- c:\documents and settings\josh\defogger_reenable
2010-06-17 19:55:29 0 d-----w- c:\docume~1\josh\application data\ElevatedDiagnostics
2010-06-16 23:03:49 0 d-----w- c:\docume~1\josh\application data\SUPERAntiSpyware.com
2010-06-16 23:03:49 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-06-16 23:03:39 0 d-----w- c:\program files\SUPERAntiSpyware
2010-06-16 22:50:30 0 d-----w- c:\docume~1\josh\application data\BitTorrent
2010-06-16 22:50:21 0 d-----w- c:\program files\BitTorrent
2010-06-16 22:36:31 0 d-----w- c:\docume~1\josh\application data\Malwarebytes
2010-06-16 21:05:46 0 d-----w- c:\docume~1\josh\application data\OpenOffice.org
2010-06-16 21:01:11 0 d-----w- c:\program files\JRE
2010-06-16 21:01:03 0 d-----w- c:\program files\OpenOffice.org 3
2010-06-15 22:22:59 0 d-----w- c:\program files\Messenger
2010-06-15 22:20:37 0 d-----w- c:\windows\ServicePackFiles
2010-06-15 21:42:38 0 d-----w- c:\docume~1\josh\application data\Western Digital
2010-06-15 21:31:58 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2010-06-15 21:31:58 3967 ------w- c:\windows\system32\drivers\adv02nt5.dll
2010-06-15 21:31:58 3775 ------w- c:\windows\system32\drivers\adv11nt5.dll
2010-06-15 21:31:58 3711 ------w- c:\windows\system32\drivers\adv09nt5.dll
2010-06-15 21:31:58 3647 ------w- c:\windows\system32\drivers\adv07nt5.dll
2010-06-15 21:31:58 3615 ------w- c:\windows\system32\drivers\adv05nt5.dll
2010-06-15 21:31:58 3135 ------w- c:\windows\system32\drivers\adv08nt5.dll
2010-06-15 21:31:57 136192 ------w- c:\windows\system32\aaclient.dll
2010-06-14 09:00:24 266360 ----a-w- c:\windows\system32\TweakUI.exe
2010-06-14 09:00:24 160217 ----a-w- c:\windows\system32\PowerToysLicense.rtf
2010-06-13 08:26:37 0 d-----w- c:\program files\GiPo@Utilities
2010-06-13 08:26:37 0 d-----w- c:\program files\common files\Gibinsoft Shared
2010-06-13 02:03:55 61952 ----a-r- c:\windows\system32\CTHWIUT.DLL
2010-06-13 02:03:55 158208 ----a-r- c:\windows\system32\CT20XUT.DLL
2010-06-13 02:03:55 1160192 ----a-r- c:\windows\system32\CTEXFIFX.dll
2010-06-13 01:54:51 0 d-----w- c:\docume~1\josh\application data\TuneUp Software
2010-06-12 09:40:58 0 d-----w- c:\program files\OpenAL
2010-06-12 09:22:46 56509 ----a-w- c:\windows\system32\SET4BB.tmp
2010-06-12 09:22:46 321512 ----a-w- c:\windows\system32\SET4B8.tmp
2010-06-12 08:03:04 0 d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2010-06-12 08:02:48 0 d-----w- c:\program files\NVIDIA Corporation
2010-06-12 08:01:54 9046 ----a-w- c:\windows\system32\nvinfo.pb
2010-06-12 08:01:54 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-06-12 08:01:50 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-06-12 08:01:50 2030184 ----a-w- c:\windows\system32\nvcuvid.dll
2010-06-12 08:01:49 2183470 ----a-w- c:\windows\system32\nvdata.bin
2010-06-12 08:01:49 11647592 ----a-w- c:\windows\system32\nvcompiler.dll
2010-06-12 06:40:01 0 d-----w- c:\docume~1\josh\application data\System Tweaker
2010-06-12 06:36:23 0 d-----w- c:\docume~1\josh\application data\Uniblue
2010-06-12 06:24:26 0 d-sh--w- c:\documents and settings\josh\IECompatCache
2010-06-12 06:20:27 0 d-sh--w- c:\documents and settings\josh\PrivacIE
2010-06-12 06:20:18 0 d-----w- c:\docume~1\josh\application data\MySpace
2010-06-11 20:26:31 0 d-----w- c:\docume~1\josh\application data\SACore
2010-06-11 19:38:01 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-06-11 06:26:31 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-06-11 06:26:27 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-06-11 06:26:26 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-06-11 06:26:23 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-06-11 06:26:19 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-06-11 06:26:04 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2010-06-11 06:26:03 28288 ----a-w- c:\windows\system32\dllcache\xjis.nls
2010-06-11 06:26:00 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-06-11 06:24:59 19551 ----a-w- c:\windows\system32\dllcache\watv02nt.sys
2010-06-11 06:23:58 794399 ----a-w- c:\windows\system32\dllcache\usr1806v.sys
2010-06-11 06:22:57 525568 ----a-w- c:\windows\system32\dllcache\tridxp.dll
2010-06-11 06:21:56 30464 ----a-w- c:\windows\system32\dllcache\tbatm155.sys
2010-06-11 06:20:58 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll
2010-06-11 06:19:58 45568 ----a-w- c:\windows\system32\dllcache\smb3w.dll
2010-06-11 06:18:58 98080 ----a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2010-06-11 06:17:59 179264 ----a-w- c:\windows\system32\dllcache\s3sav3d.dll
2010-06-11 06:16:57 714762 ----a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2010-06-11 06:15:57 75776 ----a-w- c:\windows\system32\dllcache\philcam1.sys
2010-06-11 06:14:59 28032 ----a-w- c:\windows\system32\dllcache\ovcd.sys
2010-06-11 06:13:57 65278 ----a-w- c:\windows\system32\dllcache\netflx3.sys
2010-06-11 06:12:57 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys
2010-06-11 06:11:57 48768 ----a-w- c:\windows\system32\dllcache\maestro.sys
2010-06-11 06:10:59 8192 ----a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-06-11 06:09:57 20480 ----a-w- c:\windows\system32\dllcache\icam5ext.dll
2010-06-11 06:08:57 199711 ----a-w- c:\windows\system32\dllcache\hsf_faxx.sys
2010-06-11 06:07:59 59136 ----a-w- c:\windows\system32\dllcache\gckernel.sys
2010-06-11 06:06:58 43008 ----a-w- c:\windows\system32\dllcache\esucm.dll
2010-06-11 06:05:59 334208 ----a-w- c:\windows\system32\dllcache\ds1wdm.sys
2010-06-11 06:04:59 27648 ----a-w- c:\windows\system32\dllcache\cyyports.dll
2010-06-11 06:03:59 66082 ----a-w- c:\windows\system32\dllcache\c_20278.nls
2010-06-11 06:02:59 10880 ----a-w- c:\windows\system32\dllcache\admjoy.sys
2010-06-11 05:58:04 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll
2010-06-11 05:57:55 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-06-11 05:57:46 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe
2010-06-11 05:57:46 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll
2010-06-11 05:57:46 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll
2010-06-11 05:57:45 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll
2010-06-11 05:57:45 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe
2010-06-11 05:57:44 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2010-06-11 05:57:37 94720 ----a-w- c:\windows\system32\dllcache\certmap.ocx
2010-06-10 11:45:19 0 d-----w- c:\windows\system32\wbem\Repository
2010-06-10 01:57:47 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-07 04:53:35 66944 ----a-w- c:\windows\system32\drivers\thdudf.sys
2010-06-07 04:53:34 42496 ----a-w- c:\windows\system32\ElbyHlper.dll
2010-06-07 04:53:34 29864 ----a-w- c:\windows\system32\drivers\ElbyCDI0.sys
2010-06-07 04:53:33 90112 ----a-w- c:\windows\system32\ElbyCDI0.dll
2010-06-07 04:53:33 5632 ----a-w- c:\windows\system32\drivers\copyhddvdhlp.sys
2010-06-07 04:53:33 104512 ----a-w- c:\windows\system32\drivers\dvdhlp.sys
2010-06-07 04:53:32 0 d-----w- c:\program files\BDHDCopyHelper
2010-06-07 04:52:37 0 d-----w- c:\program files\Dvd-cloner
2010-06-07 04:24:06 86016 ----a-w- c:\windows\system32\SET1E5.tmp
2010-06-07 04:24:06 181248 ----a-w- c:\windows\system32\SET1E6.tmp
2010-06-07 04:24:05 56509 ----a-w- c:\windows\system32\SET18B.tmp
2010-06-07 04:24:05 321512 ----a-w- c:\windows\system32\SET18A.tmp
2010-06-07 04:18:26 0 d-----w- c:\docume~1\alluse~1\applic~1\Uniblue
2010-06-07 04:17:24 20232 ----a-w- c:\windows\system32\AntiSpyNative64.exe
2010-06-07 04:17:23 16648 ----a-w- c:\windows\system32\AntiSpyNative32.exe
2010-06-07 04:12:26 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{8A09CD83-59E1-4DB1-AAFC-E25174FC6706}
2010-06-06 23:03:02 8 ----a-w- c:\windows\system32\nvModes.dat
2010-06-06 22:13:38 0 d-----w- c:\documents and settings\all users\Uniblue
2010-05-27 05:15:48 0 d-----w- c:\program files\common files\CyberLink
2010-05-27 04:54:52 0 ----a-w- c:\windows\iPlayer.INI
2010-05-27 04:51:48 0 d-----w- c:\program files\Elaborate Bytes

==================== Find3M ====================

2010-06-12 09:40:58 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-06-12 09:22:46 72728 ----a-w- c:\windows\system32\drivers\CTHWIUT.sys
2010-06-12 09:22:46 171032 ----a-w- c:\windows\system32\drivers\CT20XUT.sys
2010-06-12 09:22:46 1324056 ----a-w- c:\windows\system32\drivers\CTEXFIFX.sys
2010-06-12 09:22:45 600217 ----a-w- c:\windows\system32\UDAAIM32.exe
2010-06-12 09:22:45 36864 ----a-w- c:\windows\system32\devreg.dll
2010-06-12 09:22:45 2560 ----a-w- c:\windows\system32\CtxfiRes.dll
2010-06-12 09:22:45 15360 ----a-w- c:\windows\system32\Ct20xspi.dll
2010-06-12 09:22:44 47104 ----a-w- c:\windows\system32\CTxfiReg.exe
2010-06-07 04:16:59 213544 ----a-w- c:\windows\system32\drivers\b57xp32.sys
2010-06-07 04:16:59 213544 ----a-w- c:\windows\system32\dllcache\b57xp32.sys
2010-06-07 04:13:55 86016 ----a-w- c:\windows\system32\SET140.tmp
2010-06-07 04:13:55 181248 ----a-w- c:\windows\system32\SET142.tmp
2010-06-07 04:13:54 56509 ----a-w- c:\windows\system32\SETC0.tmp
2010-06-07 04:13:54 321512 ----a-w- c:\windows\system32\SETBE.tmp
2010-06-07 04:13:53 74752 ----a-w- c:\windows\system32\SETDC.tmp
2010-06-07 04:13:53 68608 ----a-w- c:\windows\system32\SETE0.tmp
2010-06-07 04:13:53 53248 ----a-w- c:\windows\system32\SETE2.tmp
2010-06-07 04:13:53 39424 ----a-w- c:\windows\system32\SETF5.tmp
2010-06-07 04:13:53 25600 ----a-w- c:\windows\system32\SETFA.tmp
2010-06-07 04:13:53 1213440 ----a-w- c:\windows\system32\SETF8.tmp
2010-06-07 04:13:52 41472 ----a-w- c:\windows\system32\SETF3.tmp
2010-05-05 13:30:57 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
2010-04-29 22:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-23 01:22:18 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\dllcache\atmfd.dll
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd(2).dll
2010-04-06 11:52:46 2462720 ----a-w- c:\windows\system32\dllcache\wmvcore.dll
2010-04-04 02:23:18 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-04-04 02:23:16 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-04-04 02:23:16 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-04-04 02:23:16 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-04 02:23:16 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-04-04 02:22:54 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-04-03 22:55:31 6432128 ----a-w- c:\windows\system32\nv4_disp.dll
2010-04-03 22:55:31 600680 ----a-w- c:\windows\system32\nvudisp.exe
2010-04-03 22:55:31 4075520 ----a-w- c:\windows\system32\nvcuda.dll
2010-04-03 22:55:31 227944 ----a-w- c:\windows\system32\nvcodins.dll
2010-04-03 22:55:31 227944 ----a-w- c:\windows\system32\nvcod.dll
2010-04-03 22:55:31 14757888 ----a-w- c:\windows\system32\nvoglnt.dll
2010-04-03 22:55:31 1097728 ----a-w- c:\windows\system32\nvapi.dll
2010-04-03 22:55:31 10232128 ----a-w- c:\windows\system32\dllcache\nv4_mini.sys
2010-04-02 23:54:38 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2007-05-12 17:47:48 251 ----a-w- c:\program files\wt3d.ini
2007-08-14 02:33:10 80 --sh--r- c:\windows\system32\7A0D0A12C8.dll
2007-07-07 02:37:24 88 --sh--r- c:\windows\system32\C8120A0D7A.sys
2007-07-07 02:37:24 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 22:46:44.52 ===============


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:56 PM

Posted 22 June 2010 - 04:01 PM

Hi Captain Meeeee,

Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. In case of making changes I shall assume my assistance is not needed any more.

I see nothing suspicious on your log letting me thing this issue is malware related. Moreover, an infected machine should show other symptoms too. But we dig a little deeper.
  1. Run GMER, uncheck all boxes but let the box next to Sections and C drive remain checked. Click Scan.
    When it finished press Save to save the log and post it to your reply. It will not take more than a minute.

  2. Please download MBR.EXE by GMER. Save the file in your Windows directory (C:\Windows).

    Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:

    CODE
    @echo off
    if exist mbr.log del mbr.log
    mbr.exe -t
    ping 1.1.1.1 -n 1 -w 1000 >nul
    start mbr.log

    • Go to the File menu at the top of the Notepad and select Save as.
    • Select Save in: desktop
    • Fill in File name: look.bat
    • Save as type: All file types (*.*)
    • Click save.
    • Close the Notepad.
    • Locate look.bat on the desktop. It should look like this:
    • Double-click to run it.
    • A notepad opens, copy and paste the content (log.txt) to your reply.

  3. Please download OTL by OldTimer.
    • Save it to your desktop.
    • Double click on the OTL icon on your desktop.
    • Click the "Scan All Users" checkbox.
    • Under Output select "Standard Output" checkbox.
    • Set Services, Drivers and Standard Registry to All.
    • Click Run Scan button.
    • Two reports will open, attach them to your reply:
      • OTL.txt <-- Will be opened
      • Extra.txt <-- Will be minimized


#3 Captain Meeeee

Captain Meeeee
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:56 PM

Posted 22 June 2010 - 08:31 PM

I tried to run GMER like you said, with only Sections and the C: drive selected, but I was unable to. It was able to complete the scan, but when I tried to save the log it just caused my computer to use 100% CPU, then everything on my computer screen froze except my mouse, which was just an hour glass. Should I continue with the rest of what you said? Or keep trying to run GMER?

#4 Captain Meeeee

Captain Meeeee
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:56 PM

Posted 23 June 2010 - 12:05 AM

I decided to continue with what you told me to do in case it might help you. Here are the results from the mbr log and the OTL scan:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys nvatabus.sys hal.dll
kernel: MBR read successfully
user & kernel MBR OK



#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:56 PM

Posted 23 June 2010 - 02:46 AM

No need for GMER log as the mbr.exe log ruled out the presence of the rootkit. A quick look at OTL log doesn't show the presence of malware either.

Please give me some time to take a deeper look at the log and see if anything else causes the problem.

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:56 PM

Posted 23 June 2010 - 04:31 AM

Open a notepad (go to Start > Run and type in Notepad and click OK).
Copy/paste the following text inside the code box into a new notepad document.

CODE
@ECHO OFF
regedit /e look1.txt "HKEY_CLASSES_ROOT\Folder"
regedit /e look2.txt "HKEY_CLASSES_ROOT\Drive"
dir /a c:\autorun.inf >log.txt 2>&1
dir /a K:\autorun.inf >> log.txt 2>&1
Type look*.txt >>log.txt
start log.txt
del look1.txt look2.txt
del %0

  • Go to the File menu at the top of the Notepad and select Save as.
  • Select save in: desktop
  • Fill in File name: look.bat
  • Save as type: All file types (*.*)
  • Click save
  • Close the Notepad.
  • Locate look.bat on the desktop. It should look like this:
  • Double-click look.bat.
  • Notepad will open with some txt in it. Copy and paste the contents in your next reply.


#7 Captain Meeeee

Captain Meeeee
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:56 PM

Posted 23 June 2010 - 01:46 PM

I was able to run the GMER scan you requested so I will attach the log with the following results:

Volume in drive C has no label.
Volume Serial Number is 442A-7F61

Directory of c:\

File Not Found
Volume in drive K is My Book
Volume Serial Number is 6E62-134C

Directory of K:\

File Not Found
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\Folder]
@="Folder"
"EditFlags"=dword:000003d2
"TileInfo"="prop:Size"
"BrowserFlags"=dword:00000008

[HKEY_CLASSES_ROOT\Folder\DefaultIcon]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,\
65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,33,00,00,00

[HKEY_CLASSES_ROOT\Folder\shell]
@="open"

[HKEY_CLASSES_ROOT\Folder\shell\explore]
"BrowserFlags"=dword:00000022
"ExplorerFlags"=dword:00000021

[HKEY_CLASSES_ROOT\Folder\shell\explore\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,\
65,00,20,00,2f,00,65,00,2c,00,2f,00,69,00,64,00,6c,00,69,00,73,00,74,00,2c,\
00,25,00,49,00,2c,00,25,00,4c,00,00,00

[HKEY_CLASSES_ROOT\Folder\shell\explore\ddeexec]
@="[ExploreFolder(\"%l\", %I, %S)]"
"NoActivateHandler"=""

[HKEY_CLASSES_ROOT\Folder\shell\explore\ddeexec\application]
@="Folders"

[HKEY_CLASSES_ROOT\Folder\shell\explore\ddeexec\ifexec]
@="[]"

[HKEY_CLASSES_ROOT\Folder\shell\explore\ddeexec\topic]
@="AppProperties"

[HKEY_CLASSES_ROOT\Folder\shell\open]
"BrowserFlags"=dword:00000010
"ExplorerFlags"=dword:00000012

[HKEY_CLASSES_ROOT\Folder\shell\open\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,\
65,00,20,00,2f,00,69,00,64,00,6c,00,69,00,73,00,74,00,2c,00,25,00,49,00,2c,\
00,25,00,4c,00,00,00

[HKEY_CLASSES_ROOT\Folder\shell\open\ddeexec]
@="[ViewFolder(\"%l\", %I, %S)]"
"NoActivateHandler"=""

[HKEY_CLASSES_ROOT\Folder\shell\open\ddeexec\application]
@="Folders"

[HKEY_CLASSES_ROOT\Folder\shell\open\ddeexec\ifexec]
@="[]"

[HKEY_CLASSES_ROOT\Folder\shell\open\ddeexec\topic]
@="AppProperties"

[HKEY_CLASSES_ROOT\Folder\shellex]

[HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers]

[HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}]
@=""

[HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}]
@=""

[HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}]
@=""

[HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}]
@=""

[HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}]
@="OpenOffice.org Column Handler"

[HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}]
@="PDF Column Info"

[HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers]

[HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\jetAudio]
@="{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}"

[HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MagicISO]
@="{DB85C504-C730-49DD-BEC1-7B39C6103B7A}"

[HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt]
@="{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"

[HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\McCtxMenu]
@="{01576F39-90DE-4D6E-A068-5B20C22BAAEE}"

[HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\WinRAR]
@="{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

[HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX]
@="{6C467336-8281-4E60-8204-430CED96822D}"

[HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\{33F85093-44BB-4587-B25B-FFD05D5B9916}]
@=""

[HKEY_CLASSES_ROOT\Folder\shellex\DragDropHandlers]

[HKEY_CLASSES_ROOT\Folder\shellex\DragDropHandlers\HardLinkShlExt]
@="{DDF60F67-CD73-4148-BEAF-87D7F3EDFC9D}"

[HKEY_CLASSES_ROOT\Folder\shellex\DragDropHandlers\WinRAR]
@="{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

[HKEY_CLASSES_ROOT\Folder\shellex\DragDropHandlers\{BD472F60-27FA-11cf-B8B4-444553540000}]
@=""

[HKEY_CLASSES_ROOT\Folder\shellex\PropertySheetHandlers]

[HKEY_CLASSES_ROOT\Folder\shellex\PropertySheetHandlers\GiPoPPShellEx]
@="{C6701C93-823F-4BBC-B1D2-BFA74C54E415}"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\Drive]
@="Drive"
"EditFlags"=dword:000001d2
"BrowserFlags"=dword:00000008

[HKEY_CLASSES_ROOT\Drive\DefaultIcon]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,\
65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,38,00,00,00

[HKEY_CLASSES_ROOT\Drive\shell]
@=""

[HKEY_CLASSES_ROOT\Drive\shell\find]
"SuppressionPolicy"=dword:00000080

[HKEY_CLASSES_ROOT\Drive\shell\find\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,\
65,00,00,00

[HKEY_CLASSES_ROOT\Drive\shell\find\ddeexec]
@="[FindFolder(\"%l\", %I)]"
"NoActivateHandler"=""

[HKEY_CLASSES_ROOT\Drive\shell\find\ddeexec\application]
@="Folders"

[HKEY_CLASSES_ROOT\Drive\shell\find\ddeexec\topic]
@="AppProperties"

[HKEY_CLASSES_ROOT\Drive\shellex]

[HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers]

[HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\DriveLetterAccess]
@="{5CA3D70E-1895-11CF-8E15-001234567890}"

[HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\Offline Files]
@="{750fdf0e-2a26-11d1-a3ea-080036587f03}"

[HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\Sharing]
@="{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"

[HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\ShellExtension]

[HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\{33F85093-44BB-4587-B25B-FFD05D5B9916}]
@=""

[HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\{59099400-57FF-11CE-BD94-0020AF85B590}]

[HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}]
@="Portable Devices Menu"

[HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\{fbeb8a05-beee-4442-804e-409d6c4515e9}]
@=""

[HKEY_CLASSES_ROOT\Drive\shellex\DragDropHandlers]

[HKEY_CLASSES_ROOT\Drive\shellex\DragDropHandlers\HardLinkShlExt]
@="{DDF60F67-CD73-4148-BEAF-87D7F3EDFC9D}"

[HKEY_CLASSES_ROOT\Drive\shellex\DragDropHandlers\WinRAR]
@="{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

[HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions]

[HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}]
@=""
"DriveMask"=dword:00000020

[HKEY_CLASSES_ROOT\Drive\shellex\PropertySheetHandlers]

[HKEY_CLASSES_ROOT\Drive\shellex\PropertySheetHandlers\DriveLetterAccess]
@="{5CA3D70E-1895-11CF-8E15-001234567890}"

[HKEY_CLASSES_ROOT\Drive\shellex\PropertySheetHandlers\GiPoPPShellEx]
@="{C6701C93-823F-4BBC-B1D2-BFA74C54E415}"

[HKEY_CLASSES_ROOT\Drive\shellex\PropertySheetHandlers\Sharing]
@="{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"

[HKEY_CLASSES_ROOT\Drive\shellex\PropertySheetHandlers\{1F2E5C40-9550-11CE-99D2-00AA006E086C}]

[HKEY_CLASSES_ROOT\Drive\shellex\PropertySheetHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}]
@=""

[HKEY_CLASSES_ROOT\Drive\shellex\PropertySheetHandlers\{7988B573-EC89-11cf-9C00-00AA00A14F56}]
@=""

[HKEY_CLASSES_ROOT\Drive\shellex\PropertySheetHandlers\{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}]

[HKEY_CLASSES_ROOT\Drive\shellex\PropertySheetHandlers\{fbeb8a05-beee-4442-804e-409d6c4515e9}]
@=""



#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:56 PM

Posted 23 June 2010 - 02:41 PM

Please do this and tell me if there is any change.

Start in Safe Mode Using the F8 key:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
  • Log to your usual account.
  • Now reboot again to normal mode and open My computer to see if anything changes.


If it didn't help proceed with the next step.

Please download TweakUI to your desktop. Double-click on the downloaded file to install the program. Once the installation is complete, navigate to Start>All Programs>Powertoys for Windows XP and launch TweakUI.

Once the TweakUI window has appeared, click Repair in the left pane. Then, in the right pane select "Rebuild Icons" from the drop down menu and click the Repair Now button next to it. Afterwards, you may click OK at the bottom of the window to exit the program.

Does this fix the other issue you were having with the "My Computer" icon?



#9 Captain Meeeee

Captain Meeeee
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:56 PM

Posted 23 June 2010 - 03:23 PM

QUOTE(farbar @ Jun 23 2010, 12:41 PM) View Post
Does this fix the other issue you were having with the "My Computer" icon?

Neither did the trick. I'm not having problems with the 'My Computer' icon; I can see and access it just fine. The problem is when I open 'My Computer', my hard drives are not shown. So the only way I can access them is if I type in C: or K: in the explorer address bar. I also can't open or save anything to them from a program. This isn't a problem for the C: drive as much as it is for the K: drive, since I save things into it more often. For instance, when you told me to save the MBR.EXE file in C:\Windows, I had to save it to my desktop, then transfer it into C:\Windows. Another major problem is that I can't really access my external K: drive anymore. Whenever I open it, I get a pop-up that says "Windows Explorer has encountered a problem and needs to close. We are sorry for this inconvenience." If I click the option 'Don't Send' then my K: drive folder closes and the task bar disappears for a few seconds, then reappers. If I ignore the message, then I can access the folder until it force closes itself. I'll attach a picture of the 'My Computer' folder so you can see what I'm talking about.

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:56 PM

Posted 23 June 2010 - 04:17 PM

When you run the batch file was the external drive connected to the computer?

#11 Captain Meeeee

Captain Meeeee
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:56 PM

Posted 23 June 2010 - 04:33 PM

Yes, it has been connected the whole time you've been helping me.

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:56 PM

Posted 23 June 2010 - 04:47 PM

Please go to safe mode again and see if the problem is the same in safe mode.

#13 Captain Meeeee

Captain Meeeee
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:56 PM

Posted 23 June 2010 - 04:48 PM

The problem is still there in safe mode



#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:56 PM

Posted 23 June 2010 - 04:59 PM

Did you attached the OTL.txt to your reply. I thought I have seen it, but now I don't see any OTL.txt.

Let's check this one too.

Open a notepad (go to Start > Run and type in Notepad)
Copy/paste the following text inside the code box into a new notepad document.

CODE
regedit /e log.txt  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons"
start log.txt

  • Go to the File menu at the top of the Notepad and select Save as.
  • Select save in: desktop
  • Fill in File name: look.bat
  • Save as type: All file types (*.*)
  • Click save
  • Close the Notepad.
  • Locate look.bat on the desktop. It should look like this:
  • Double-click to run it.
  • A text file (log.txt) opens, if the log contains anything please attach of copy and paste the content to your reply.


#15 Captain Meeeee

Captain Meeeee
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:56 PM

Posted 23 June 2010 - 05:10 PM

I had it attached, but I had to delete it so I could upload the other files. Here are the results from the last look.bat file and the OTL scan again:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons]








0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users