Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Directory Name is Invalid


  • This topic is locked This topic is locked
11 replies to this topic

#1 Sick_dude

Sick_dude

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 10 April 2017 - 06:44 PM

So I started a thread with this same name in External hardware because I thought I might have an issue with my computer not recognizing my SD card reader. I have since been told a moderator here that it might a malware issue. I will post my original description here and a link to that thread for posterity. 

 

"Hey guys,

 

I am running windows 10 as far as i know everything is up to date. My son was watching TV I believe on Kodi or Xfinity TV. When an error message popped up. "G:\ The directory name is invalid. And it has been doing it every 10-30 seconds ever since. 

 

The first thing I did was run CCleaner, malwarebytes, and then Norton scans. Then rebooted. It continued so I googled the error but most were about either a DVD player not wanting to play or a flash drive not reading after inserting. But neither of these were applicable to my situation. G:\ does not show up in windows explorer nor disk management. It does show up device manager under portables as e removable disk drive and under the properties/details i believe lists SM/xD-Picture. I tried updating driver (WpdFs.dll) it said it was up to date.  I tried deleting the drive information there in hopes windows would correct the situation with reboot. It did not. I do have two external drives that are always plugged in in drives E:\ and J:\ both are working fine but I unplugged both and did a hard reboot. I tried system restore, reset, and clean install from window and boot menu. All failed. I tried to assign drive G:\ in disk management but it keeps (not responding)."

 

https://www.bleepingcomputer.com/forums/t/642988/directory-name-is-invalid/

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:25 AM

Posted 12 April 2017 - 10:35 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove these programs in bold via the Control Panel > Programs > Programs and Features.
ShopAtHome.com Helper (HKU\S-1-5-21-3641304741-1366859747-2350207510-1001\...\ShopAtHome.com Helper) (Version: 7.10.6.17 - ShopAtHome.com) <==== ATTENTION
ShopAtHome.com Toolbar (HKU\S-1-5-21-3641304741-1366859747-2350207510-1001\...\ShopAtHome.com Toolbar) (Version: 7.10.6.17 - ShopAtHome.com) <==== ATTENTION


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:


HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
SearchScopes: HKU\S-1-5-21-3641304741-1366859747-2350207510-1001 -> {99526EAE-84C5-4771-A980-2001B8F02A2E} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=$hspart&hsimp=$hsimp&p={searchTerms}&type=tb_ie_chr-ctbs-tyc-sc
BHO: No Name -> {236FE2ED-19AA-4392-A880-DA19F61AE10C} -> No File
BHO-x32: No Name -> {236FE2ED-19AA-4392-A880-DA19F61AE10C} -> No File
FF user.js: detected! => C:\Users\Ros\AppData\Roaming\Mozilla\Firefox\Profiles\96g6uv9q.default\user.js [2015-11-27]
FF SearchPlugin: C:\Users\Ros\AppData\Roaming\Mozilla\Firefox\Profiles\96g6uv9q.default\searchplugins\safesearch.xml [2015-09-03]
CHR Extension: (Norton Security Toolbar) - C:\Users\Ros\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-02-23]
CHR Extension: (my way) - C:\Users\Ros\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgpiadehiianhcdmbdogphcolcajplfc [2015-12-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ros\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-15]
CHR Extension: (Chrome Media Router) - C:\Users\Ros\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-05]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.9.1.12\Exts\Chrome.crx [2017-03-24]
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.9.1.12\Exts\Chrome.crx [2017-03-24]
S3 scan; C:\Program Files (x86)\ParetoLogic\RegCure Pro\scan.dll [X]
S3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [452040 2016-01-19] (BitDefender S.R.L.)
S3 dbx; system32\DRIVERS\dbx.sys [X]
U3 WMPNetworkSvc; no ImagePath
Task: {021801B5-C1E6-460D-A8EC-88F038B31DCE} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
Task: {06989B49-01D1-466B-BD4A-64AABE64590D} - \Microsoft\Windows\WindowsUpdate\AUFirmwareInstall -> No File <==== ATTENTION
Task: {094CD275-5C71-4753-B57E-5566CA859498} - \Microsoft\Windows\SideShow\AutoWake -> No File <==== ATTENTION
Task: {0C38A4E9-DD68-4365-94AD-F29159E232D4} - \Microsoft\Windows\WindowsUpdate\AUSessionConnect -> No File <==== ATTENTION
Task: {0DD77704-84C5-445D-A1B8-FE398DF518C8} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {0F6DBBD1-1FA5-490B-A482-1F43FCC689E6} - \Microsoft\Windows\SideShow\SystemDataProviders -> No File <==== ATTENTION
Task: {13F010F4-4D19-45C6-A5F4-8436EFF916BC} - \Microsoft\Windows Live\SOXE\Extractor Definitions Update Task -> No File <==== ATTENTION
Task: {1A4230A2-E136-4936-9B22-DDF624BB8332} - \Microsoft\Windows\IME\SQM data sender -> No File <==== ATTENTION
Task: {2C11B69A-D97C-46B7-AC5C-5222E20C8B00} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {343069D2-C718-46BD-81D4-EC02AA2A7DB4} - \Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - \Microsoft\Windows\Workplace Join\Automatic-Workplace-Join -> No File <==== ATTENTION
Task: {3CEE608E-9B75-479A-9425-AE31F0A7FF7B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {3D53381B-46C0-49E7-9B0E-D7ED7599F745} - \PCDEventLauncherTask -> No File <==== ATTENTION
Task: {41385068-8884-4121-874E-E2F5E79A4C16} - \Microsoft\Windows\Shell\FamilySafetyUpload -> No File <==== ATTENTION
Task: {41D98FE3-FB85-4C2D-9E7D-D84C34C86023} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {41FCAAD2-3A7D-4BEB-AA5E-EB744B1D558C} - \{53D5E019-CC4C-497F-BFD8-F20E3B4D90DE} -> No File <==== ATTENTION
Task: {5415E553-2052-4876-BBB4-0F73FDD1F9C8} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {5469828C-8A3A-4A38-88F4-D2DCE7CDD5E3} - \{3212F6D3-305F-4980-B22D-08B0673222D1} -> No File <==== ATTENTION
Task: {5576B267-5DEA-4FF0-824B-DF4742CEAE52} - \{12B25297-3538-4D6D-B89C-276D53AAA65C} -> No File <==== ATTENTION
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - \Microsoft\Windows\Customer Experience Improvement Program\BthSQM -> No File <==== ATTENTION
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - \Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task -> No File <==== ATTENTION
Task: {77840CA7-9383-4731-B36E-E15A3ADD03E6} - \Apple\AppleSoftwareUpdate -> No File <==== ATTENTION
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - \Microsoft\Windows\SkyDrive\Routine Maintenance Task -> No File <==== ATTENTION
Task: {8B6759EE-1C08-4B8F-955C-774AB5A6544E} - \Microsoft\Windows\SideShow\SessionAgent -> No File <==== ATTENTION
Task: {8C16A731-0FF4-4213-B9AB-B32A6668F321} - \{B6B69B96-436A-444F-92B1-EF361A362E2D} -> No File <==== ATTENTION
Task: {905F310F-1647-46DA-A231-4C390391947D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {AAB61C81-36C5-4438-AD91-897A81F1413D} - \Microsoft\Windows\WindowsUpdate\AUScheduledInstall -> No File <==== ATTENTION
Task: {B098F0D1-43F3-4D36-AC41-AE9B38E1BAC8} - \Dell SupportAssistAgent AutoUpdate -> No File <==== ATTENTION
Task: {B322B23A-5204-4D6C-ADD9-4036CA254D64} - \Microsoft\Windows\WindowsUpdate\Scheduled Start With Network -> No File <==== ATTENTION
Task: {B732826D-0757-4D97-88DE-046BE839A874} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {BCCD159B-B8A4-483B-A25A-B3EBE43D4868} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {C16DBA78-D295-4D76-BAF5-629D769F7BE3} - \Adobe Acrobat Update Task -> No File <==== ATTENTION
Task: {C2B11F97-9EE7-4217-8CB9-9CCEB4230D87} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {C3CD0203-B5BA-469B-9B44-9506B4F2C053} - \ParetoLogic Registration3 -> No File <==== ATTENTION
Task: {C47FD6AE-449D-41BF-A129-B795FBE8156A} - \Optimize Start Menu Cache Files-S-1-5-21-3641304741-1366859747-2350207510-1001 -> No File <==== ATTENTION
Task: {C9DCF59E-6B97-4C0C-8641-B8261089C8CA} - \Microsoft\Windows\MobilePC\HotStart -> No File <==== ATTENTION
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor -> No File <==== ATTENTION
Task: {D2E617D3-EBD2-4E5C-9DEF-BDB68F5B133A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {D4675284-2DCA-4EB2-8F1F-D474CF288371} - \Microsoft\Windows\RemovalTools\MRT_HB -> No File <==== ATTENTION
Task: {D51754B1-9244-46D6-BC1C-2E119EFE7AA7} - \WPD\SqmUpload_S-1-5-21-3641304741-1366859747-2350207510-1001 -> No File <==== ATTENTION
Task: {DB21EF32-6BA9-4118-BBC1-BC4FF48961E5} - \Microsoft\Windows\SideShow\GadgetManager -> No File <==== ATTENTION
Task: {DE78463C-E5FB-4035-8F62-F6BCBD9A6059} - \PCDDataUploadTask -> No File <==== ATTENTION
Task: {DEEDE5D8-66D9-4B35-B986-62CF8822F72A} - \DropboxUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {E070B6E1-103C-4739-95ED-159EA659F9E7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {E5521C19-A3BB-4405-AB46-0B54E4DEFC82} - \{3B359CB4-E310-4B66-A88F-96EBA1CADE40} -> No File <==== ATTENTION
Task: {E6010D43-6AE7-4B59-8E67-EC78FD8E8E96} - \Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler -> No File <==== ATTENTION
Task: {ECD52435-1FBE-4EDF-B18B-CDCC0A0BE28F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F18A3F33-BC05-4A65-B1F1-BEDD84FA32EC} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {F2A3BF2D-C556-4836-90E5-77872E14E1E8} - \{49B28175-D34E-4707-92C3-7DA486ED0AAC} -> No File <==== ATTENTION
Task: {FFDB0082-AAA5-4615-B30D-5D56D371079B} - \DropboxUpdateTaskMachineCore -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\ParetoLogic Registration3.job => rundll32.exe   C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll <==== ATTENTION
C:\Program Files (x86)\Common Files\ParetoLogic
C:\WINDOWS\System32\DRIVERS\Trufos.sys

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Please post the logs and let me know what problem persists with this computer.

#3 Sick_dude

Sick_dude
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 13 April 2017 - 07:50 PM

So i did everything you requested. the adware cleaner file with S0 was before I cleaned and C0 was after I cleaned.

 

I still get the "The directory name is invalid" error.

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:25 AM

Posted 14 April 2017 - 08:23 AM

My searches lead me to this topic.
http://www.techsupportforum.com/forums/f269/error-1327-invalid-drive-g-442981.html

One solution was found by TheVindicator see if this also your issue.

Run Regedit.exe and look for the User sehll folders.
 

Thanks for your help. Actually, I had to go into regedit, HKEY_CURRENT_USER\Software\Microsoft\Windows| CurrentVersion\ Explorer\User Shell Folders where I found a reference to the G drive (G: mypictures) which I changed to the C drive. Error message gone.


Keep me posted.

#5 Sick_dude

Sick_dude
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 14 April 2017 - 10:18 PM

I found the she folders but under my pictures this is "value data" for My Pictures %USERPROFILE%\Pictures 

 

So how do i determine and change the associated drive? 



#6 Sick_dude

Sick_dude
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 14 April 2017 - 11:06 PM

So I searched G:\ in regedit under current user and the only thing that showed up was "Friendly Name" value data "G:\" this is under windows portable devices SMxD Picture but it will not let me change it. If I change it changes right back. 



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:25 AM

Posted 15 April 2017 - 08:10 AM

Can you Export that key and post the results.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:25 AM

Posted 15 April 2017 - 08:24 AM

One more thing. See my previous post.

I might be wrong but it may just be that you remove a USB, Flash card etc. without mounting it.
Have a look at these searches.

https://www.google.ca/search?q=SMxD+Picture&oq=SMxD+Picture&aqs=chrome..69i57&sourceid=chrome&ie=UTF-8

https://www.google.ca/search?q=windows+portable+devices+SMxD+Picture&tbm=isch&imgil=eVbruBUQDSKL3M%253A%253B_dOGZWkaE_MAXM%253Bhttp%25253A%25252F%25252Fforum.giga-byte.co.uk%25252Findex.php%25253Ftopic%2525253D16551.0&source=iu&pf=m&fir=eVbruBUQDSKL3M%253A%252C_dOGZWkaE_MAXM%252C_&usg=___lOd7nfBTXOBpzLVmCOHAOtc8nQ%3D&biw=1093&bih=510&ved=0ahUKEwiRzvGqxabTAhWr6oMKHfm3CnYQyjcIMg&ei=oRzyWNH5EqvVjwT576qwBw#imgrc=9pgpb1GLv9kwpM:

#9 Sick_dude

Sick_dude
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 19 April 2017 - 11:08 PM

oops I didn't see the previous post. I don't really know what I am supposed to be looking at in those google searches.

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Portable Devices\Devices\SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SM#XD-PICTURE&REV_1.02#058F63626476&2#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B}

 

Value name: FriendlyName

 

Value data: G:\



#10 Sick_dude

Sick_dude
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 20 April 2017 - 12:56 AM

Well, I saved the exported key to my documents but now it doesn't show up there. If I go to export it again its there already. I made sure hidden files was checked to show. Not sure why I can't see them. 

 

Also, I downloaded Driver Booster and it says it updated 14 drivers but I still have the same incessant error popping up every few seconds.  



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:25 AM

Posted 20 April 2017 - 07:32 AM


The exported key file will have a .reg extension
===

Lets see what we can find in the Registry.

Farbar Recovery Scan Tool (FRST) - Registry Search
Follow the instructions below to download and execute a Registry search on your system with FRST, and provide the log in your next reply.
  • Right-click on the executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • In the Search text area, copy and paste the following:
Friendly;G:\
  • Once done, click on the Search Registry button and wait for FRST to finish the search;
  • On completion, a log will open in Notepad. Copy and paste its content in your next reply;


#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:25 AM

Posted 26 April 2017 - 08:48 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users