Results 1 to 4 of 4

Thread: Folders appear hidden in external HDD. Please Help

  1. #1
    Junior Member
    Join Date
    Nov 2007
    Posts
    11

    Default Folders appear hidden in external HDD. Please Help

    Dear Expert,

    I am using a Lenovo All-in-One PC running Win XP SP3, 2 GB RAM.. I have a Seagate FreeAgent 1TB external HDD connected to this computer which has all the media files predominantely jpegs.

    Suddenly, the 1st level of folders and files inside my external HDD are hidden but all the other files and sub-folders are properly visible. Even after altering their hidden status through the command prompt command - "attrib....." once the computer gets restarted they become hidden again.

    Kindly help me to get out of this problem. I did the DDS log and aswmr logs and backed up the registry using ERUNT and finally also cleaned the system using Spybot Search & Destroy application which cleared quite a handful of issues, except some issues relating to Babylon Toolbar..

    Please find DDS Log below for your reference....

    DDS LOG....
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702
    Run by WORKS at 5:32:45 on 2013-09-01
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1304 [GMT -7:00]
    .
    AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
    FW: Symantec Endpoint Protection *Enabled*
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\system32\spoolsv.exe
    C:\Documents and Settings\WORKS\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Movies Toolbar\SafetyNut\SafetyNutManager.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\jmesoft\hotkey.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\Movies Toolbar\SafetyNut\safetynut.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    C:\WINDOWS\system32\svchost.exe -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k HPService
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://indiasearcher.in/r.asp#
    uDefault_Page_URL = hxxp://isearch.glarysoft.com/?src=iehome
    mStart Page = hxxp://indiasearcher.in/r.asp#
    mSearch Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
    mDefault_Page_URL = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
    mDefault_Search_URL = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
    uURLSearchHooks: UsProvider Class: {539F76FD-084E-4858-86D5-62F02F54AE86} - c:\program files\minibar\Minibar.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Movies Toolbar (Dist. by Somoto Ltd.): {3444c3c5-6c56-4a16-a453-832b05bf6ea4} - c:\program files\movies toolbar\safetynut\srtool~1\ie\searchresultsDx.dll
    BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\ips\IPSBHO.dll
    BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\documents and settings\works\application data\defaulttab\defaulttab\DefaultTabBHO.dll
    BHO: MinibarBHO: {AA74D58F-ACD0-450D-A85E-6C04B171C044} - c:\program files\minibar\Minibar.dll
    TB: Movies Toolbar (Dist. by Somoto Ltd.): {3444c3c5-6c56-4a16-a453-832b05bf6ea4} - c:\program files\movies toolbar\safetynut\srtool~1\ie\searchresultsDx.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Softonic for Windows] "h:\softonic\Softonic.exe" -minimize
    uRun: [51f3] c:\documents and settings\works\application data\47e\51f3.js
    uRun: [NTRedirect] c:\windows\system32\rundll32.exe "c:\documents and settings\works\application data\babsolution\shared\enhancedNT.dll",Run
    uRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [jmekey] c:\program files\jmesoft\hotkey.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Yahoo Messenger] <no file>
    StartupFolder: c:\documents and settings\works\start menu\programs\startup\07b.js
    StartupFolder: c:\documents and settings\all users\start menu\programs\startup\07b.js
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    uPolicies-Explorer: NoDriveAutoRun = dword:0
    uPolicies-Explorer: NoWindowsUpdate = 1
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - c:\program files\minibar\Minibar.dll
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1347200712011
    TCP: Interfaces\{3FDB8253-FDAF-49B7-B34C-D969FCBB237D} : NameServer = 192.168.1.100
    Notify: igfxcui - igfxdev.dll
    Notify: SDWinLogon - SDWinLogon.dll
    Notify: SEP - c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\WinLogoutNotifier.dll
    AppInit_DLLs= c:\docume~1\alluse~1\applic~1\wincert\win32c~1.dll c:\progra~1\movies~1\safety~1\safety~2.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\sep\0c01029f\136b.105\x86\SymDS.sys [2011-6-17 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\sep\0c01029f\136b.105\x86\SymEFA.sys [2011-6-17 756856]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.671.4971.105\data\definitions\bashdefs\20130822.011\BHDrvx86.sys [2013-8-28 1002072]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\sep\0c01029f\136b.105\x86\Ironx86.sys [2011-6-17 136312]
    R2 DefaultTabUpdate;DefaultTabUpdate;c:\documents and settings\works\application data\defaulttab\defaulttab\DTUpdate.exe [2013-8-16 107520]
    R2 SafetyNutManager;SafetyNut Manager;c:\program files\movies toolbar\safetynut\SafetyNutManager.exe [2013-8-26 3394056]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-9-1 1817560]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-9-1 1033688]
    R2 SepMasterService;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\ccSvcHst.exe [2011-6-17 137224]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-8-28 108120]
    R3 FEIExpress;Intel(R) 10/100 Network Connection Driver;c:\windows\system32\drivers\fei5132.sys [2009-10-2 158408]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.671.4971.105\data\definitions\ipsdefs\20130830.001\IDSXpx86.sys [2013-8-31 373728]
    R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.671.4971.105\data\definitions\virusdefs\20130831.007\NAVENG.SYS [2013-8-31 93272]
    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.671.4971.105\data\definitions\virusdefs\20130831.007\NAVEX15.SYS [2013-8-31 1612376]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-9-1 171928]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-8-3 1691480]
    S3 SyDvCtrl;SyDvCtrl;c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\SyDvCtrl32.sys [2011-6-17 23984]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\drivers\ct_ztemt_u_usbser.sys --> c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [?]
    .
    =============== File Associations ===============
    .
    ShellExec: hpqpssp.exe: Open=c:\program files\hp\digital imaging\bin\hpqpssp.exe
    ShellExec: hpqpstp.exe: Open=c:\program files\hp\digital imaging\bin\hpqpstp.exe
    .
    =============== Created Last 30 ================
    .
    2013-09-01 11:31:52 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
    2013-09-01 11:31:34 15224 ----a-w- c:\windows\system32\sdnclean.exe
    2013-09-01 11:31:24 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
    2013-08-31 23:15:53 -------- d-sh--w- c:\documents and settings\works\IECompatCache
    2013-08-26 21:07:10 -------- d-----w- c:\documents and settings\works\AppData
    2013-08-26 20:38:30 -------- d-----w- c:\documents and settings\works\local settings\application data\AppsHat Mobile Apps
    2013-08-26 20:38:15 -------- d-----w- c:\program files\Minibar
    2013-08-26 20:38:14 -------- d-----w- c:\documents and settings\works\local settings\application data\Minibar
    2013-08-26 20:37:56 -------- d-----w- c:\documents and settings\all users\application data\Wincert
    2013-08-26 20:37:42 -------- d-----w- c:\documents and settings\works\application data\somotomoviestoolbar1
    2013-08-26 20:37:28 -------- d-----w- c:\program files\Movies Toolbar
    2013-08-26 20:37:27 -------- d-----w- c:\documents and settings\all users\application data\SafetyNut
    2013-08-24 22:58:37 -------- d-----w- C:\My Music
    2013-08-24 22:39:20 344064 ----a-w- c:\windows\system32\msvcr70.dll
    2013-08-24 22:39:20 -------- d-----w- c:\program files\Weeny Free Audio Cutter
    2013-08-22 19:28:07 -------- d-sh--w- c:\program files\58e
    2013-08-22 19:28:07 -------- d-sh--w- c:\documents and settings\works\application data\47e
    2013-08-22 19:28:07 -------- d-sh--w- C:\46f1
    2013-08-16 20:49:18 -------- d-----w- c:\documents and settings\works\local settings\application data\avgchrome
    2013-08-16 20:47:01 -------- d--h--w- c:\windows\system32\GroupPolicy
    2013-08-16 20:46:56 -------- d-----w- c:\documents and settings\works\application data\DefaultTab
    .
    ==================== Find3M ====================
    .
    2013-08-16 21:01:23 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2013-08-16 21:01:23 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2013-07-31 12:39:33 715038 ----a-w- c:\windows\unins000.exe
    .
    ============= FINISH: 5:33:28.35 ===============


    aswMBR LOG.....
    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-09-01 05:33:43
    -----------------------------
    05:33:43.156 OS Version: Windows 5.1.2600 Service Pack 3
    05:33:43.156 Number of processors: 4 586 0x1C0A
    05:33:43.156 ComputerName: WORKS UserName: WORKS
    05:33:43.906 Initialize success
    05:33:51.515 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
    05:33:51.515 Disk 0 Vendor: ST9500325AS 0010LVM1 Size: 476940MB BusType: 3
    05:33:51.703 Disk 0 MBR read successfully
    05:33:51.703 Disk 0 MBR scan
    05:33:51.703 Disk 0 Windows XP default MBR code
    05:33:51.703 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 99998 MB offset 63
    05:33:51.703 Disk 0 Partition - 00 0F Extended LBA 376939 MB offset 204796620
    05:33:51.781 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 376939 MB offset 204796683
    05:33:51.812 Disk 0 scanning sectors +976768065
    05:33:52.000 Disk 0 scanning C:\WINDOWS\system32\drivers
    05:34:00.328 Service scanning
    05:34:11.375 Modules scanning
    05:34:16.875 Disk 0 trace - called modules:
    05:34:16.875 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    05:34:16.890 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6c8ab8]
    05:34:16.890 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000071[0x8a6f5930]
    05:34:16.890 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8a695940]
    05:34:16.890 Scan finished successfully
    05:34:23.218 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\WORKS\Desktop\MBR.dat"
    05:34:23.234 The log file has been saved successfully to "C:\Documents and Settings\WORKS\Desktop\aswMBR.txt"

    Hope I have given all the information to you as per your request to participate in this forum...Looking forward to your timely help.

    Thanks in advance....
    Sribashyam
    Attached Files Attached Files

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello sribashyam,

    I see you are running Symantec Endpoint Protection, leveled at business and corporate environments, please clarify thank you.

    Your last topic: http://forums.spybot.info/showthread...twork&p=325763

    Also, which edition of Spybot-Search & Destroy do you have installed? http://www.safer-networking.org/

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Junior Member
    Join Date
    Nov 2007
    Posts
    11

    Default

    Hello Tashi,

    We are a trying to solve the problem in our workplace for a long time...Ours is a small family run company so we don't have a formal IT executive to handle these issues and myself being one of the partners in this company am personally trying to sort these things out.

    Hope you can extend some help!?? I understand your policies for helping only individuals and not getting into company/corporate/govt. affairs. Since, we are small enterprise thought I could seek help from your team.

    Thanks anyways for advising me so for. Keep up your good work...

    Regards,
    Sribashyam..

    Quote Originally Posted by tashi View Post
    Hello sribashyam,

    I see you are running Symantec Endpoint Protection, leveled at business and corporate environments, please clarify thank you.

    Your last topic: http://forums.spybot.info/showthread...twork&p=325763

    Also, which edition of Spybot-Search & Destroy do you have installed? http://www.safer-networking.org/

    Best regards.

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello sribashyam,

    "We are a trying to solve the problem in our workplace for a long time...Ours is a small family run company so we don't have a formal IT executive to handle these issues and myself being one of the partners in this company am personally trying to sort these things out.

    Hope you can extend some help!?? I understand your policies for helping only individuals and not getting into company/corporate/govt. affairs. Since, we are small enterprise thought I could seek help from your team.

    Thanks anyways for advising me so for. Keep up your good work...

    Regards,
    Sribashyam.."

    please inform your IT Professional or Supervisor when a workplace computer has been infected. If neither are available please consider calling in a local technician who can see the machine/network in person.
    It's not that we don't want to help, but there are too many issues that could arise with company machines and/or servers that malware forum volunteers are not experienced in dealing with.

    Thank you for your understanding.
    http://forums.spybot.info/showthread...ll=1#post25712




    Quote Originally Posted by tashi View Post
    Also, which edition of Spybot-Search & Destroy do you have installed? http://www.safer-networking.org/
    Kind regards,
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •